Machine Learning Assisted Security Analysis of 5G-Network-Connected Systems

08/07/2021 ∙ by Tanujay Saha, et al. ∙ 0

The core network architecture of telecommunication systems has undergone a paradigm shift in the fifth-generation (5G)networks. 5G networks have transitioned to software-defined infrastructures, thereby reducing their dependence on hardware-based network functions. New technologies, like network function virtualization and software-defined networking, have been incorporated in the 5G core network (5GCN) architecture to enable this transition. This has resulted in significant improvements in efficiency, performance, and robustness of the networks. However, this has also made the core network more vulnerable, as software systems are generally easier to compromise than hardware systems. In this article, we present a comprehensive security analysis framework for the 5GCN. The novelty of this approach lies in the creation and analysis of attack graphs of the software-defined and virtualized 5GCN through machine learning. This analysis points to 119 novel possible exploits in the 5GCN. We demonstrate that these possible exploits of 5GCN vulnerabilities generate five novel attacks on the 5G Authentication and Key Agreement protocol. We combine the attacks at the network, protocol, and the application layers to generate complex attack vectors. In a case study, we use these attack vectors to find four novel security loopholes in WhatsApp running on a 5G network.



There are no comments yet.


page 3

page 4

page 17

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Fifth-generation (5G) networks hold promise for realizing the vision of universal connectivity. They enable various verticals like Internet-of-Things (IoT), autonomous vehicles, smart cities, and telemedicine. These applications require high-bandwidth, robust, flexible, dynamic, and fault-tolerant network architectures.

5G networks represent a huge leap, both qualitatively and quantitatively, from previous-generation telecommunication networks. The network core architecture has undergone a paradigm shift from its predecessor, the Evolved Packet Core. Previously, network functions were implemented on commodity hardware. In 5G networks, the network functions are mostly implemented in software. Moreover, with the advent of cloud computing, many network operations are now virtualized. This allows multiple operators to use the same underlying hardware resources to provide network services. This technology is broadly known as network function virtualization (NFV). 5G networks also separate the communication on the data plane from that on the control plane. This involves the use of a controller that observes the entire network before making routing decisions. This technology, broadly referred to as software-defined networking (SDN), has been shown to reduce both the operational expenditure (OPEX) and capital expenditure (CAPEX) of the network. Many of these transitions have become possible due to the utilization of an mm-wave technology in 5G. Incorporation of these new technologies results in significant improvements in efficiency, reliability, and flexibility of wireless networks.

The confluence of the new technologies makes the 5G core network (5GCN) an intricate system comprising SDN, NFV, distributed systems, and cloud computing. The 5GCN has a service-based architecture that dynamically modifies itself according to the requirements of the operators and users. However, introduction of new technologies into the 5GCN also expands its attack surface [35], as it now inherits the vulnerabilities of all these individual technologies.

Prior work in 5G security has referred to broad categories of attacks that the 5GCN may be vulnerable to [18, 3, 36]. In this article, we address far-reaching implications of these threats and how they may interact with each other to give rise to complex attacks that were infeasible in previous generations of telecommunication networks. The sequences of operations that are executed to implement an attack, also referred to as attack vectors, can be combined into an attack graph for a concise representation. We combine the various attack vectors pertaining to SDN, NFV, and 5G protocols into attack graphs. We analyze these graphs to generate 119 novel possible exploits that are exclusive to 5G networks. They are possible exploits in a specific system. The numerous vulnerabilities arising due to implementation errors are generally system-specific. We show how these possible exploits can compromise the 5G Authentication and Key Agreement (AKA) protocol. We discover five new attack vectors in the 5G-AKA protocol that can be triggered by 5GCN vulnerabilities. We demonstrate how various attacks at the network and protocol levels can be combined to remotely hack targeted end-user applications. In a case study, we demonstrate the hacking of the WhatsApp account of an end user. We chose WhatsApp as our target application because it is the most widely used instant messaging (IM) platform and possesses some of the most advanced security features [37]. We discovered four security loopholes that may be triggered in WhatsApp in the absence of appropriate 5GCN security measures. We show how our framework can scale to larger infrastructures through the use of machine learning (ML) and a constraint satisfaction problem (CSP) formulation. We use ML and CSP formulation at the system level to predict possible vulnerability exploits when a new node is added to the attack graphs. A new node may be added when a new vulnerability is discovered or when a new vulnerable component is introduced in the 5GCN. Utilization of ML at the system level is inspired by the SHARKS framework [31], where ML was used to discover novel possible exploits in an IoT system. SHARKS is an acronym for Smart Hacking Approaches for RisK Scanning. Although SHARKS was originally targeted at IoT and cyber-physical systems, it is also applicable to the 5GCN architecture.

The new contributions of this article include:

  1. Representation of 113 documented SDN and NFV attack vectors in the form of concise attack graphs.

  2. Analysis of attack graphs to obtain 119 novel possible exploits of SDN, NFV, and malicious peripheral vulnerabilities in the 5GCN.

  3. Analysis of the consequences of network infrastructure threats and their interactions on the 5G-AKA protocol, resulting in the discovery of five novel possible attack vectors that are triggered by 5GCN vulnerabilities.

  4. Combination of threats across the hardware, software, network, and protocol layers to compromise end-user applications.

  5. Application of ML and CSP models to the attack graphs to make the framework scalable to larger infrastructures.

The article is organized as follows. Section 2 provides a summary of the work that has been done on 5G security. Section 3 discusses background material. Section 4 gives details of our methodology. Section 5 describes the impact of system vulnerabilities on the implementation of the 5G-AKA protocol. Section 6 describes the application of our approach to exploitation of network-level vulnerabilities to compromise end-user applications. Section  7 includes a discussion on the applications and limitations of our framework. Section 8 concludes the article.

2 Related Work

Security and privacy of users are of prime importance in 5G networks. The Third Generation Partnership Project (3GPP) has been working continuously to define the security standards of 5G communication systems. Multiple versions of security standards have been published to date. Recent surveys and articles list the potential vulnerabilities of various 5G-enabling technologies like cloud radio access networks, SDN, NFV, network slicing, cloud computing, and multi-edge computing [2, 3, 32].

There are many vulnerabilities that exist in the SDN ecosystem [11]

. Multiple implementation vulnerabilities exist in various open-source SDN controllers and network operating systems (NOSs) like OpenFlow, POX, and OpenDaylight 

[40]. Similarly, network slicing and NFV have their own vulnerabilities [21, 13]. NFV inherits many of its vulnerabilities from traditional virtualization technologies. However, prior research does not report on the specific attack vectors that can exploit these vulnerabilities in the 5G framework and lacks detailed analyses of the impact of these vulnerabilities on the end-user. To the best of our knowledge, no prior work explores interactions among vulnerabilities of different technologies, like SDN and NFV, to generate complex attack vectors.

We use attack graphs to analyze 5GCN security. Attack graphs have found extensive use in network security, software, and electronic systems. Various vulnerability assessment tools have been developed to analyze the security of software systems and networks using attack graphs. Some of the popular ones are MulVal and A2G2V [29, 5]. However, these tools do not address discovery of unique vulnerability exploits in a software-defined and virtualized network. We target this problem in this article. ML-based attack graphs have been used previously to analyze the security of IoT and cyber-physical systems [31, 9]. We use ML on the attack graphs to enable our framework to scale to larger networks.

The 5G ecosystem consists of multiple protocols executing at different layers. Many vulnerabilities have been detected in various 5G protocols like cellular paging protocols, multiple control layer protocols [16], and cellular access network protocols [8]. The 5G-AKA protocol claims to provide higher security than its predecessors because it provides enhanced user identity protection, more sophisticated key derivation, and an increased influence of the home network in authentication. However, the increased complexity of the 5G-AKA protocol leads to new vulnerabilities [14]. Most of these vulnerabilities have been detected using formal verification methods [7, 12]. In this article, we investigate how SDN, NFV, and other infrastructure vulnerabilities can facilitate the execution of protocol-level attacks.

In a case study, we analyze the impact of 5G network-level vulnerabilities on the implementation of WhatsApp on a client device. WhatsApp is one of the most widely used instant messaging platforms with one of the most secure platforms. Due to its high popularity and highly secure platform, we choose to examine its security features through the lens of a vulnerable network. Although WhatsApp is highly secure, it is still vulnerable to attacks like media file jacking, non-blocking behavior exploitation, voicemail-based verification exploits [38], and key hijacking attacks. We demonstrate that the execution of these attacks becomes easier when we have a compromised 5G network.

3 Background

We analyze the vulnerabilities of various disruptive technologies like NFV, SDN, and network slicing. In this section, we provide an introduction to these concepts. We also introduce some of the techniques we use to analyze system security.

3.1 Nfv

A network comprises various network functions (NFs) like gateways, load balancers, and firewalls. In traditional networks, these NFs are implemented on proprietary hardware systems. Such systems are not flexible and incur high maintenance costs because they are vendor-proprietary. Moreover, they often remain underutilized. These issues prevent network operators from improving their average revenue per user (ARPU). NFV provides a way to increase ARPU by reducing network CAPEX and OPEX.

NFV abstracts out lower-level NF details by implementing NFs on virtual machines (VMs). This facilitates easier adoption of NFs by various applications. In addition, the virtual network functions (VNFs) provide higher flexibility and higher resource utilization.

The NFV architecture is shown in Fig. 1. In this figure, every layer interacts only with the layers directly above and below it. The rest of the infrastructure is abstracted out. For example, the VNFs interact only with OSS/BSS above and virtual resources below. They do not need to interact directly with any other layer.

Fig. 1: NFV reference architecture provided by the European Telecommunications Standards Institute (ETSI)

The various components of the NFV architecture are as follows:

  • Operations Support System (OSS): This is responsible for various network management and operations functions like service provisioning and fault tolerance.

  • Network functions virtualization infrastructure (NFVI): This is a distributed system of resources designed to provide a common platform to the VNFs. As shown in Fig. 1, the NFVI can be categorized into three classes: virtual resources, virtualization layer, and physical resources.

  • NFV orchestrator: This is part of the NFV management and network orchestration (MANO) unit. It plays an important role in instantiating the network.

  • VNF manager: This is responsible for instantiating the VNFs. It manages various attributes of the VNFs like their creation, migration, resource allocation, and termination.

  • Virtual Infrastructure Manager (VIM): This is responsible for management and virtualization of the physical compute, storage, and network resources.

All the components described above are provided by third-party vendors, unlike pre-5G networks where all components are proprietary. This makes these components inherently untrustworthy. Moreover, third-party software systems cannot be protected by hardware-based fingerprinting mechanisms like hardware root-of-trust and physical unclonable functions [34]. In this article, we study various methods for compromising the virtualization components and the consequences of doing so.

3.2 Sdn

Traditionally, network devices have their functionalities hard-coded into the devices. This hinders flexibility and innovation in networks. SDNs ameliorate these issues, make virtualization of networks easier, and have the potential to increase the ARPU of network operators.

The primary objective of software-defined networking is decoupling the control and data planes. SDNs have centralized controllers that make forwarding decisions for the switches. The controllers have a broad overview of the entire network, hence can make better decisions than localized switches.

Fig. 2: The SDN architecture

The SDN architecture is shown in Fig. 2. The logically centralized controllers receive application requirements through the northbound interface. They are responsible for translating the application requirements into efficient flow rules. These rules are relayed to the data plane devices via the southbound interface. The data plane mainly consists of forwarding devices like routers and switches. The data plane devices communicate periodically with the controllers, updating them with the current situation in the data plane. This gives the controllers a global view of the network, thus enabling them to make efficient forwarding decisions.

Various components of the SDN architecture, namely the control plane, data plane, and northbound and southbound interfaces, are prone to vulnerabilities. We analyze the consequences of these vulnerabilities on a 5G-enabled system.

3.3 Network Slicing for 5G Networks with SDN/NFV

Network slicing is a method of sharing virtual network resources among multiple verticals. A network slice refers to an independent, end-to-end network composed of virtual resources. Network slicing enables the network operators to meet their ambitious goals, like scalability and low latency, by providing better network isolation and increased statistical multiplexing. The network slicing architecture for the 5GCN is depicted in Fig. 3.

Fig. 3: Network slicing for 5G networks with SDN/NFV and its attack surface

There are two kinds of resources available for sharing: NFs and the physical infrastructure [28]. The NFs are provided to the operators by the tenants and the infrastructure by the infrastructure provider (InP). Virtualization and SDN are utilized at both the tenant and InP levels. The SDN controller at the tenant and InP levels are referred to as the tenant controller (TC) and the infrastructure controller (IC), respectively. A simplified example of the implementation of network slicing is depicted in Fig. 3. Every network slice has a network services orchestrator (NSO) that communicates with the resource orchestrator (RO) of the tenant. A tenant provides multiple slices to the operators. In the simplified example depicted in Fig. 3, the tenant is dependent on a single InP for its resources. In reality, the tenant may be dependent on multiple InPs.

The network slicing architecture demonstrates how SDN and NFV are used together in the 5GCN. We use this framework while analyzing 5G system security.

3.4 Regular Expression

Regular expression is a concise representation of a set of strings. We use regular expressions to represent an attack vector. The set of all permissible characters in a regular expression is called its alphabet, denoted by . The operations in regular expressions that we use in this article are described in Table I.

Operation Definition Example
Set Union (+) Set union of two regular expressions
Concatenation (.) Concatenation of strings of two regular expressions
TABLE I: The basic operations in our regular expressions

Regular expressions are generally used to denote system-level operations that are incomprehensible to humans. In this article, we define the characters of the regular expression at a higher granularity for the sake of generality. The alphabet () of our regular expressions comprises human-understandable system-level operations. For example, {’Install malicious switch,’ ’Insert malware in hypervisor,’ …}. This is done to ensure that application of our approach is independent of the application, OS or the compiler employed by the 5GCN.

4 Methodology

This section describes our methodology and its impact. We analyze the security of the software-defined and virtualized 5GCN using ML and CSP formulation. Section 4.1 describes our threat model. Section 4.2 describes the method of representing attack vectors with attack graphs. Section 4.3 gives details of analyzing 5GCN security with attack graphs. Section 4.4 describes the methods for exploiting ML and CSP formulation to improve the scalability of the proposed methodology.

4.1 Attack Surface

An attack surface of a system refers to the set of various entry points that can be exploited. The various components that compose the attack surface of the 5GCN are depicted in Fig. 3. They are as follows:

  1. User applications

  2. Northbound interface of SDN controller

  3. SDN controller

  4. Control channel of SDN

  5. VNFs

  6. Tenant

  7. Network slice

  8. NFV MANO unit

  9. Management network between tenant and InP

  10. Hypervisor

  11. InP peripheral attacks; Attacks on physical infrastructure

The attack vectors for exploiting vulnerabilities of these components are discussed in detail in the subsequent sections.

4.2 Attack Vector Representation

We use regular expressions and attack graphs to represent various attacks on the 5G system. We use regular expressions because they allow us to represent the sequence of exploits in an exploit chain. We use attack graphs because they enable efficient modeling of the interactions between different threats. In this section, we describe the process of constructing the attack graphs from various attacks. First, every attack is decomposed into a sequence of system-level operations. We represent this sequence using a regular expression. Then, we convert this regular expression into an attack graph. For example, let us consider an attack in which a target switch is disconnected from its SDN controller by poisoning the Address Resolution Protocol (ARP). This attack can be executed by the following sequence of system-level operations:

  1. Install a malicious VM in the system.

  2. Launch an ARP poisoning attack to alter the MAC address of the controller on the target switch.

  3. In the target switch memory, replace the MAC address of the original controller with that of the malicious VM.

  4. The target switch is now disconnected from the controller.

  5. Send malicious flow rules to the switch from the malicious VM. This disrupts network functionalities.

Let denote a character from the alphabet of our regular expressions. Then, the regular expression of the attack vector described above can be represented as: (Install malicious VM). (ARP poisoning). (Impersonate controller in switch). (Disconnect switch from controller). (Crash network). This regular expression can be converted into an execution graph, as shown in Fig. 4.

Fig. 4: Turning a regular expression into an execution graph

We combine the execution graphs of multiple attacks to obtain the aggregated attack graphs.

4.3 5GCN Vulnerability Analysis

In this section, we describe the vulnerabilities of NFV, SDN, and peripheral devices, and the threats that arise from them. For each of these domains, we use regular expressions and attack graphs to conduct a complete security analysis of the system.

4.3.1 SDN Vulnerability Analysis

SDN is one of the most disruptive technologies that is deployed in 5G systems. SDN implementation contains multiple vulnerabilities and is prone to exploits of varying complexity, including topology poisoning attacks, controller hijacking attacks, man-in-the-middle (MiTM) attacks, and denial-of-service (DoS) attacks, to name a few [4, 20, 33, 11]. Moreover, popular open-source NOSs for the SDN controller, namely OpenFlow, OpenDaylight, and POX, have been shown to be vulnerable to multiple attacks [40].

SDN vulnerabilities can be broadly divided into two categories: control plane and data plane attacks. Control plane attacks involve compromising the NOS or the control channel that is used to send the control messages to the data plane devices [10]. The communication in the control channel is generally unencrypted to enhance performance. This is a potential security loophole. An adversary with access to the control channel can possibly eavesdrop on the control messages to infer the network topology. Knowledge of the network topology can lead to a variety of attacks [6, 24]. Moreover, an adversary can compromise the integrity of the control messages without being detected. This can cause malicious network reconfiguration and DoS attacks. The data plane is also vulnerable to various attacks. The data plane attacks generally target individual switches and forwarding devices. We represent all SDN attack vectors as regular expressions and then convert them into attack graphs. The regular expressions of various SDN attacks are shown in Table II. These attack vectors in the SDN control plane (SDN-CP) and the SDN data plane (SDN-DP) are then concisely represented as the attack graphs shown in Fig. 5 and Fig. 6, respectively. In an attack graph, every path from a head node to a tail node is a unique attack vector. The graph in Fig. 5 has 14 unique SDN-CP attack vectors and the graph in Fig. 6 has 25 unique SDN-DP attack vectors.

Application layer Entry point of attack Regular expression
Abuse of privileges
and authority
Malicious third party apps
(install malicious app). (gain control over tenant controller VM).
{(disconnect sensitive apps) + (shutdown sensitive apps)}.
{(crash network) + (degrade network performance)}
Service disruption Malware
(install malicious app). (gain control over tenant controller VM).
[{(drop control messages to VNFs) + (subvert order in which app
handlers access control packets) + (interfere in service chain)}.
(disrupt control packet forwarding) + (eavesdrop on control messages).
(derive topology of network). (execute topology based attacks)].
{(crash network) + (degrade network performance)}
Application shutdown Vulnerable northbound API
(exploit vulnerability in northbound API). {(issue system command).
(terminate victim app) + (eavesdrop on messages between controller and app)}
Control layer
Dynamic flow rule
Malware & vulnerable
(install malicious app). (instruct conflicting/overlapping flow rules).
(bypass sensitive VNFs like firewall/Intrusion Detection Systems (IDS)).
{(degrade performance) + (crash network) + (DoS attack)}
Controller poisoning
(Poisoned network view)
Malware & vulnerable
network services and
(gain access to controller VM).
{(send crafted LLDP packets). (poison network topology in controller
by adding fake connections). (drop packets in data plane). (degrade
performance) + (poison controller host profile reservoir). (install malicious
VM). (redirect data packets to malicious VM). (MiTM attack in data plane)}
NOS misuse Vulnerable controller
{(malicious apps running at Application layer) + (rogue switch VM)}.
(multiple attacks that are denoted in cells below)
(execute system commands). (terminate controller).
(degrade network performance)
(access sensitive network information). (execute deviant actions)
(modify flow rules). {(eavesdrop on data plane packets) + (redirect
data packets)}. {(degrade network performance) + (MiTM attack in
data plane) + (bypass security functions like firewalls/IDS)}
(install rootkits)
(hijack network policy database)
(input invalid input data). (send controller in an invalid state).
(degrade network performance)
Packet-in flooding
Faulty controller or
compromised switch VMs
{(malicious app) + (malicious switch VM)}. (send massive amounts of
malformed packets). (switch-table misses of switch VM). (massive
amount of packet-in messages sent to controller VM). (DoS attack on
controller). (degrade network performace)
Switch table flooding
Faulty controller or
compromised switch VMs
{(malicious app) + (malicious switch VM)}. (send massive amount of
’features-reply’ messages to controller). (fill controller switch table with
fake switches). (DoS attack on controller). (degrade network performance)
Legitimate switch
id hijacking
(malicious switch VM installed). (connect malicious VM to controller using
DPID of target VM). (legitimate VM gets disconnected). {(network crash) +
(degrade network performance)}
Spanning tree poisoning
(send crafted LLDP packets to controller VM). (poison spanning tree
protocol with targetted fake links). (disconnect targetted links).
{(network crash) + (degrade network performance)}
Control Channel (CC)
Passive MiTM Unencrypted messages
(absence of crypto in CC). (sniff packets on CC). {(eavesdrop on
control messages) + (eavesdrop on topology information) +
(eavesdrop on management info)}
Active MiTM
Compromised southound
interface or vulnerable
data links
(absence of crypto in CC). (ARP poisoning). (insert intruder host
between controller and data plane)
Infrastructure layer
DoS leveraging
ARP poisoning
(ARP poisoning). (impersonate controller VM). (connect fake
controller to target switch). (disconnect target switch VM from network).
(degrade network performance)
Flow-rule flushing/
{(malicious app) + (install malware on controller VM) + (gain access to
controller VM)}. (send incorrect control messages to switches).
{(modify switch flow rules) + (flush switch flow rules)}. (degrade
network performance)
Flow-rule flooding Side-channel attack (SCA)
(record round-trip time of packets; SCA). (detect
VM that has an almost full switch-table). (detect types of packets causing
table misses). (send such packets repeatedly). (flood switch table of VM).
(degrade network performance)
TABLE II: Regular Expressions for SDN attacks [11, 4, 20, 33, 10, 6, 24]

Fig. 5: Aggregated attack graph of SDN control plane vulnerabilities

Fig. 6: Aggregated attack graph of SDN data plane vulnerabilities

4.3.2 NFV Vulnerability Analysis

NFV provides a dynamic and loosely-coupled infrastructure that caters to a large diversity of user requirements. However, NFV inherits multiple implementation vulnerabilities and exploits thereof. Prior to NFV, when a proprietary function was introduced in the network, there existed an established trust between the developer and the operator. This trust is absent in an NFV-enabled network architecture because third-party VNFs are usually susceptible to a variety of threats [27]:

  1. Generic networking threats.

  2. Generic virtualization threats.

  3. Emerging threats due to a combination of networking and virtualization.

Due to multi-tenancy and Infrastructure-as-a-Service paradigms of virtualization, access to the core network is easier than before. This makes the 5GCN vulnerable to different kinds of attackers, some of whom may be end customers of retail networks, retail network operators, wholesale network operators, hypervisor operators, infrastructure sharers and operators, and facility managers. Hence, security monitoring should be an integral part of the 5GCN ecosystem.

The regular expressions of the NFV threats and vulnerabilities are described in Table III and are concisely represented in the attack graph shown in Fig. 7. The attack graph has 25 unique NFV attack vectors. These attack vectors have been constructed from the ETSI NFV security problem statement [27].

Topology-based attacks Regular expression
Adding unauthorized connection in VNF (modify VNF instantiation). (add unauthorized connection in VNF). (exploit weak crypto implementations). {(eavesdrop on packets) + (add a loop in network). (orchestrator creates new instances of VMs (to handle excess load). (DoS on NFV infrastructure)}
Modifying firewall/IDS instantiation (modify VNF instantiation). (modify rules in firewall virtual storage). (connect to malicious website) + (modify IDS rules). {(flood network with incoming malicious traffic). (orchestrator creates new instances of VMs (to handle excess load)). (DoS on NFV infrastructure) + (flood network with incoming DNS queries). (orchestrator creates new virtual DNS). (amplified DNS query request - DoS attack on victim)}
Passive MiTM {(modify VNF instantiation). (add a link to malicious VM) + (physical access of interfaces)}. (eavesdrop on the messages being sent). (infer topology of network)
Active MiTM (physical access to interface). (exploit weak crypto implementations). (modify packets in-transit). (crash the system) + (replay packets). (orchestrator creates new instances of VMs (to handle excess load)). (DoS on NFV infrastructure)
Exploiting Lights out Management (LOM)
DoS attack on management network (identify network port(s) having access to LOM). (flood the port with requests). (DoS attack on LOM port(s))
Exploiting LOM network {(SQL injection attack on virtual storage) + (SCA by physical access) + (cache poisoning attack) + (download unwhitelisted software). (gain control over hypervisor) + (dynamic memory overflow of hypervisor). (overwrite frame pointer of hypervisor). (code injection in hypervisor)}. (read secret LOM credentials).{(crash the system) + (modify critical files on virtual storage) + (modify critical code on virtual compute)}
Exploiting hypervisor dependency on VNF (1) (network fails). (hypervisor starts to boot). (hypervisor requests network configuration from VM running on top of it). {(VM crashed; depends on hypervisor2 which has also crashed) + (crashed VM depends on hypervisor)}. (VM fails to boot). (DoS on hypervisor)
Exploiting hypervisor dependency on VNF (2) (network failure). (virtual forwarding function1 (VFF1) starts to boot). (requests access to VFF2). (VFF2 is crashed). (VFF2 requests access to VFF1). (deadlock arises, DoS on VFF1). (DoS on VFF2)
Exploiting insecure boot (absence of secured boot authentication). (steal secret keys) + (rootkit injection) + (reset configuration). (hypervisor compromise) + (VM compromise) + (orchestrator compromise) + (VM manager compromise)
Insecure Crash
Compromising sensitive data (VM/VNF crashes). {(local memory not cleared by hypervisor) + (remote memory not cleared by hypervisor)}. (new VM gets assigned same memory addresses as crashed VM). (new VM gets access to sensitive data) + (new VM gets access to keys). (new VM implements privilege escalation)
Exploiting absence of safety measures (application within VM crashes but VM is still functional). (hypervisor resets/changes existing authorizations). (VM is restricted from performing required functions). (network crashes)
Privilege escalation ( crashes). (memory and authorizations are not cleared by hypervisor). ( gets assigned the same memory location as crashed instance of ). ( gets same privileges as )
Authentication, Authorization, Accounting (AAA) attacks (1) (weak authentication on NFVI manager). (access to hypervisor). (access to physical storage, compute and network). {(get secret keys) + (MiTM attacks) + (replay attacks) + (eavesdrop on communication) + (modify packets in-transit) + (assign low memory to VMs). (DoS on VMs) + (give unauthorized privileges to malicious actors) + (download unwhitelisted malware) + (add unauthorized connections)}
AAA attacks (2) (weak auth. of hypervisor) + (weak auth. of orchestrator) + (weak auth. of VM) + (weak auth. of VNF managers)
Exploiting backdoors meant for testing (virtualized switch in promiscuous mode). {(eavesdrop on VNF traffic with test process) + ( adversary sends malicious traffic through test backdoor) + (shared memory access to test process)}.{(eavesdrop on sensitive data/secret keys) + (modify sensitive data of VNF in test/monitoring mode)}
Flooding attacks (physical access to shared network resources). {(flood shared network with requests) + (flood shared network with high-priority messages)}. (DoS attack on target VM)
Eavesdropping on shared resources {(virtual sharing of same network slice) + (physical sharing of same network component)}. (eavesdrop on shared resources). (absence of crypto on control plane). (reverse engineer the packets sent by target VM). (spoof target VM). {(send modified packets with target VM id) + (request access to other VMs with target VM’s id). (target VM is disconnected from these VMs in the virtual network). (replay packets received by target VM)}.{(crash the system)+(launch DoS attack on another VM through target VM)}
SCA/Cache poisoning (SCA analysis) + (cache poisoning). (extract crypto keys)
Resources of virtual infrastructure
Local storage attacks (install malware at hypervisor level). (force hypervisor to fill up local storage with logs). (local storage insufficient for VMs). {(degrade network performance) + (DoS attack on VMs)}
Remote attacks (install malware at hypervisor level). {(force hypervisor to fill up remote storage with logs). (remote storage insufficient for VMs) + (remote control channel degradation)}. {(degrade network performance) + (DoS attack on VMs)}
Memory pressure attacks (install malware at hypervisor level). (consume kernel memory). {(degrade network performance) + (crash the system)}
CPU attacks (install malware at hypervisor level). (cause scheduler unfairness). {(degrade network performance) + (crash the system)}
OS resource exhaustion (install malware at hypervisor level). {(consume file handles) + (consume event channels)}. (insufficient resources for OS). {(degrade network performance) + (crash the system)}
TABLE III: Regular expressions of NFV threat vectors mentioned in the standards document ETSI_GS_NFV-SEC_001_v1.1.1 [27]

Fig. 7: Aggregated attack graph of NFV vulnerabilities

4.3.3 Malicious Peripherals

The 5GCN is vulnerable to malicious peripheral devices that can potentially compromise the virtualization infrastructure. Input/Output (IO) attacks involve malicious peripherals that make root-level read and write accesses to the DRAM or to the memory embedded in other peripherals. Various attacks involve corrupting the Peripheral Component Interconnect (PCI) to install rootkits [26], exploiting Message Signal Interrupts (MSI) and VGA driver vulnerabilities for privilege escalation on hypervisors, and overwriting root-table entries to gain kernel privileges. A concise representation of these attacks is shown in the attack graph in Fig. 8. This attack graph consists of 49 attack vectors introduced by malicious peripherals and attacks on physical infrastructure of InP.

The vulnerabilities mentioned in this section require physical access to the infrastructure. Hence, they are less likely to be exploited than NFV and SDN vulnerabilities. However, such attacks are quite common and their impact is often catastrophic. Thus, it is necessary to take precautions against such attacks while designing the system.

Fig. 8: Aggregated attack graph of malicious peripheral based attacks

4.3.4 Graph Analysis

The attack vectors in the graphs are constructed from SDN vulnerabilities pointed out in existing literature [11, 10, 24], NFV vulnerabilities [27, 21], and IO vulnerabilities [26, 25, 23]. We find that there are 113 attack vectors in all in the four aggregated attack graphs. This is summarized in Table IV.

Graph Number of attack vectors
NFV 25
Malicious peripheral 49
Total 113
TABLE IV: Summary of attacks in the graphs

After constructing the attack graphs based on previous literature, we observe that many of the unconnected nodes in these graphs can be linked together to generate new possible exploits. In this section, we analyze the feasibility of connections among the unconnected nodes. A link or a branch is deemed to be feasible if the control/data flow represented by that branch is feasible in a real-world system. For example, nodes ’Exploit test backdoors’ and ’Access sensitive information’ can be connected because sensitive credentials of a resource can be accessed through backdoors. On the other hand, nodes ’Compromise hypervisor’ and ’Flood management ports’ cannot be connected because there is a lack of a direct causal relationship between the two.

Connecting a pair of nodes leads to a new directed branch in the graph. A new branch is interpreted as a novel possible exploit of an existing vulnerability. There are two categories of novel possible exploits in this analysis:

  • Intra-graph: These possible exploits are restricted to one of the four domains, namely SDN-CP, SDN-DP, NFV, and malicious peripherals. For example, when we connect two nodes in Fig. 5, we get a novel possible exploit in the SDN-CP.

  • Inter-graph: These possible exploits involve the combination of vulnerabilities of multiple attack graphs. For example, when we connect a node in Fig. 6 to a node in Fig. 7, it leads to a novel possible exploit that combines vulnerabilities of the SDN-DP with that of the NFV infrastructure.

We demonstrate some of our novel possible exploits in Table V. We state the number of novel possible exploits per category in Table VI.

Category Novel possible exploit
SDN-CP Drop control messages to VNFs Disconnect targeted links in the network
SDN-DP Gain control of tenant controller VM Hijack network policy database
NFV Install a malicious switch Modify critical files on virtual storage or virtual compute
SDN-CP, SDN-DP Hijack northbound API Input invalid data to tenant controller, forcing it to go to an invalid state
NFV, SDN-CP Exploit backdoors for testing Poison tenant controller host profile reservoir
SDN-DP, NFV Flood the switch table of target virtual switch Exploit the insecure crash recovery of NFV to shut down new VNFs assigned the same memory as the crashed VNF
Malicious peripheral, SDN-DP Compromise NFV-MANO unit Issue system command to terminate controller
Malicious peripheral, NFV Connect malicious peripheral and exploit MSI vulnerabilities Gain hypervisor privilege
TABLE V: Category-wise examples of novel possible exploits
Category Number of novel possible exploits
NFV 36
Malicious peripheral 0
Inter-graph 24
Total 119
TABLE VI: Number of novel possible exploits per category

4.4 ML Analysis

When the number of components in the 5GCN increases, the size of the attack graphs increases significantly. To add a new node to these graphs, every possible connection between the new node and the existing nodes has to be analyzed manually. This is a tedious process that hinders scalability of this framework. To overcome this obstacle, we employ ML and CSP formulation to predict the possible connections of a new node in the graphs.

4.4.1 Feature Engineering

Feature engineering is a necessary pre-processing step for using an ML or CSP model. Every possible branch in the graphs has to be represented by a feature vector for it to be processed by the ML or CSP model. We generate the feature vectors of a branch by implementing the following sequence of steps:

  1. Assign feature values for individual nodes.

  2. Combine the feature vectors of the constituent nodes of a branch.

We assign various attributes (features) to the nodes of the attack graph(s) depending on the layer(s) at which it is executed, the type of impact the attack would have on the system and network, and its position in the graph(s). The exhaustive set of features that we used comprises the following: application layer, controller, application-controller interface, VNF, network infrastructure, management layer, hypervisor, flooding (DoS), access control, data plane, side-channel analysis (SCA), control channel, sensitive information, SDN-CP, SDN-DP, NFV, malicious peripheral, head, and tail. We assign to the features that are related to the node and to the others. For example, we demonstrate the features of nodes ’Install malicious apps’ and ’Assign low memory to VM’ in Table VII. We can observe that the feature vectors of these two nodes are and .

Feature Install malicious apps Assign low memory to VM
Application layer 1 0
Controller 0 0
Application-controller interface 0 0
VNF 0 1
Network infrastructure 0 1
Management layer 0 1
Hypervisor 0 1
Flooding 0 1
Access control 0 0
Data plane 0 0
SCA 0 0
Control channel 0 0
Sensitive information 0 0
SDN-CP 1 0
SDN-DP 1 0
NFV 0 1
Malicious peripheral 0 0
Head 1 0
Tail 0 0
TABLE VII: Node features

We represent a branch of the graph with an ordered pair of the source and destination nodes, i.e., (source, destination). We obtain the feature vector of a branch by the ordered concatenation of the feature vectors of the source and destination nodes, as shown in Fig. 

9. This feature vector constitutes a datapoint for our ML/CSP model. We assign a positive label (equal to ) or a negative label (equal to ) to this datapoint if the branch is feasible or infeasible, respectively.

Fig. 9: Constructing a feature vector and label for a plausible branch

We classify all plausible branches into positive and negative examples. The positive examples also include the existing branches in the attack graphs. We split the dataset for each graph into a training set and a test set. The training set is used to train the model and the test set is used to evaluate it. The training set has 85% of the data while the test set has the remaining. Table 

VIII shows the number of instances in the training and test sets for each of the graphs.

Graph Training set Test set
SDN-CP 552 98
SDN-DP 898 159
NFV 510 90
Malicious peripherals 690 122
Inter-graph connections 6548 1156
Total 9198 1625
TABLE VIII: Number of datapoints per graph

4.4.2 Analysis with a CSP Formulation

A CSP formulation requires creating a set of constraints on the features of the data instances, such that any feature that satisfies all the constraints represents a feasible exploit.

To obtain a CSP formulation based on our dataset, we generate a set that contains the feature vectors of all the positive examples in the training set. For prediction, we check if the feature vector of the test instance belongs to . If it does, we assign a positive label to it; else, a negative one.

4.4.3 ML models

We train multiple ML models on our data and choose the best-performing ones for our final ensemble model. The performance of these models is reported in Section 4.4.4. In this section, we briefly describe the various ML models that we experiment with.

  • Naive Bayes:Naive Bayes is a probabilistic ML algorithm based on Bayes theorem. The Naive Bayes model assumes that features are independent of each other, given the label. Let the class label be denoted by and the input features by

    . Assuming feature independence, the probability of label

    can be calculated as


    The class label with the highest conditional probability is assigned to a test instance, i.e., . The probabilities , , and

    can be obtained by constructing a frequency table of the features from the training data. In our experiments, we used the Gaussian Naive Bayes classifier, where the likelihood of the features is assumed to be a Gaussian distribution.

  • Decision Tree:

    A decision tree classifier uses a decision tree to assign class labels. A decision tree can be expressed as a logical expression composed of ’AND’ and ’OR’ boolean operators. The leaf nodes of the tree represent the class labels. The other nodes represent conditional tests on the data attributes. Edges between two nodes represent control flow transition that depends on the outcome of the conditional test at the source node.

  • k-Nearest Neighbors (k-NN): The k-NN algorithm assigns a datapoint to the most popular class label among its () nearest neighbors. We experimented with . We observed that the performance on our data initially increased with an increase in till . Then, it either stopped increasing or started decreasing. Hence, we chose .

  • Support Vector Machine (SVM): For an -dimensional dataset, SVM constructs an

    -dimensional separating hyperplane that serves as the decision boundary. SVM can generate nonlinear decision boundaries with the help of kernel transformations based on a quadratic optimization algorithm.

    We experimented with various parameters of the SVM model. We observed that the most effective kernel for our data was the radial basis function. The class imbalance effects are mitigated through data preprocessing (see Section 4.4.4 for details).

  • Artificial Neural Network (ANN):

    ANNs are loosely modeled after the biological neurons in the brain. We use an ANN variant called the multi-layer perceptron (MLP). The neurons in a MLP model are arranged in multiple layers. Every neuron receives signals from all the neurons in its previous layer. All these signals are weighted by their corresponding edge weights and their weighted sum is passed through a nonlinear activation function. This output is then propagated to all the neurons in the next layer. The training process involves updating the edge weights so that the prediction error is minimized.

    In our experiments, two-layer MLPs with the ReLU activation function yield the best results.

4.4.4 Performance Results

In this section, we compare the performance of various ML algorithms on our data. We use the Negative Predictive Value (NPV) to evaluate the ML models. NPV is defined as the fraction of correct negative predictions, as shown in the equation below. We combine the models with highest NPVs to obtain our final ensemble model. We evaluate the ensemble model with additional metrics like precision, recall, F1 score, Matthew’s correlation coefficient (MCC), and classification accuracy.


We design our framework in such a way that the security analyst, who uses our framework, can trust the negative predictions of our model with high confidence to be infeasible exploits. Then, the analyst only needs to manually examine the positive predictions for possible exploits. This significantly reduces the amount of manual effort needed. The NPVs of our models are shown in Table IX.

We use stratified three-fold cross validation for evaluation of our models. Stratified cross validation ensures that each fold has an equal ratio of positive and negative labels.

Our dataset is quite imbalanced with a much higher fraction of negative examples. To mitigate its impact, we resample the positive examples times, where the value of changes for different algorithms. The value of varies between and . We observe that this is highly effective for all the ML models, except k-NN.

Algorithm SDN-CP SDN-DP NFV Malicious peripherals Inter-graph
Naive Bayes 94.44 94.91 89.8 97.44 100
Decision tree 90.7 94.63 89.02 98.26 99.74
k-NN (k=3) 87.76 93.67 87.64 97.54 100
SVM 93.33 95.65 91.38 98.86 99.74
Neural network 95.0 96.9 91.67 98.98 99.82
CSP 94.38 96.69 95.12 98.35 99.65
TABLE IX: NPV (in %) of ML/CSP models

We select the models with the highest NPVs in Table IX and combine them into an ensemble model. For the inter-graph dataset, although the Naive Bayes and k-NN () models have perfect NPV values, we do not select these models. This is because Naive Bayes and k-NN have very low precision values of and , respectively, on this dataset. This overshadows their perfect NPV scores. The final ensemble model is shown in Table X. The numbers in the parentheses indicate the number of neurons in the two hidden MLP layers.

Graph Algorithm
SDN-CP MLP (6,2)
SDN-DP MLP (8,2)
Malicious peripherals MLP (5,2)
Inter-graph MLP (5,2)
TABLE X: The final ensemble model

In Table XI

, we show the confusion matrix of the final ensemble model shown in Table 

X. The confusion matrix reports the true positives (TP), false positives (FP), false negatives (FN), and true negatives (TN).

Actual = True Actual = False
Predicted = True 26 67 93

Predicted = False
15 1517 1532
41 1584 1625
TABLE XI: Confusion matrix of final ensemble model on the test set

In Table XI, we observe that there are 93 positive predictions. Our framework reduces the search space of manual analysis to 93 instances from the original search space of 1625 instances. This is a 94.3% reduction in manual effort. Manual examination of these 93 instances leads to the discovery of the 26 true positives as novel possible exploits. The drawback of using the ML/CSP approximation is that we fail to include the 15 false negatives in our search space, thus missing the detection of 15 novel possible exploits.

We evaluate our final ensemble model with the following metrics:

  • Precision: Precision is defined as


    A higher precision implies a lower FP. This implies that smaller manual effort is devoted to manually examining infeasible exploits, thus resulting in higher automation efficiency.

  • Recall: Recall of a model is defined as


    A high recall value enables the user of our framework to discard the negative predictions from the manual examination set with high confidence. This requires our model to have a minimal FN.

  • F1 score:

    F1 score is the harmonic mean of precision and recall and is defined as


    F1 score aims to strike a balance between precision and recall. It is a useful metric when there is an uneven class distribution.

  • MCC: MCC is a measure of quality of a binary prediction algorithm. It performs well even for imbalanced classes. It returns a value between and . corresponds to a complete disagreement between observation and prediction, corresponds to random guessing, and corresponds to a perfect prediction system. It is defined as

  • Accuracy: Accuracy portrays the overall performance of the framework. It is defined as


We present the various performance metrics of our final ensemble model in Table XII. We obtain a high NPV and accuracy. However, our precision, recall and F1 scores are not as impressive as the NPV and accuracy. Our experiments show that there is a trade-off among the various metrics. If we choose to construct our final ensemble model with a high F1 score, then the NPV suffers. This is a trade-off that has to be made by the security analyst. Since we prioritize NPV, our precision and F1 scores suffer.

Metric Value
NPV 0.99



F1 score



TABLE XII: Performance metrics of final ensemble model on the test set

5 Case Study I: 5G-AKA

The novel possible exploits of the 5GCN reported in the previous sections can lead to novel attacks at the higher layers of the network or increase the ease of execution of existing attacks in the protocol and application layers. In this section, we demonstrate the impact of 5GCN vulnerabilities on the protocol layer.

AKA is used in telecommunication networks to establish a secure and authenticated connection between the subscribers and service providers. It enables sharing of a secret key between the user and service provider that is used to secure all further communication.

The AKA protocols have evolved through generations of telecommunication networks. Today, the most widely used authentication mechanism in such networks is the 4G-AKA. The 3GPP Consortium has designed 5G-AKA to provide superior privacy and security guarantees than 4G-AKA. However, it has been shown that multiple 4G-AKA vulnerabilities still persist in 5G-AKA [19]. 5G-AKA is also vulnerable to novel attacks that were not possible in previous generations of networks [7, 12, 15]. The 5G-AKA protocol can be easily compromised if the 5GCN is vulnerable. In this section, we analyze the implications of our novel possible exploits on 5G-AKA security.

5.1 5G-AKA protocol

The 5G-AKA protocol authenticates a user equipment (UE), a serving network (SN), and a home network (HN) to each other. It is a challenge-response based protocol where the UE is authenticated as a legitimate user only if it succeeds in providing the expected response to a challenge provided by the HN. Unlike previous networks, the identity of the UE, called subscriber permanent identifier (SUPI) in 5G networks, is not sent directly. In 5G networks, the UE sends a subscriber concealed identifier (SUCI) that prevents international mobile subscriber identity catcher attacks [19].

Often, the SN and HN are the same network. However, sometimes they are different. For example, when a UE is roaming, its SN is different from its HN. In our analysis, we consider a separate SN and HN because this scenario is more prone to attacks. The primary network functions involved in 5G-AKA are the Authentication Server Function (AUSF), Authentication Credential Repository and Processing Function (ARPF), and Security Anchor Function (SEAF). A simplified outline of the 5G-AKA protocol is shown in Fig. 10. The details of the messages are abstracted for simplicity. AV denotes the authentication vector, XRES denotes the expected response from the UE, and HXRES denotes a hash of XRES.

Fig. 10: 5G-AKA protocol flow. The dashed lines represent secure channels.

5.2 Threat Model

Most of the security analysis of the 5G-AKA protocol so far has considered a threat model where the adversary has access to the UE and the communication channels between different networks. The core network infrastructure is considered to be inaccessible to the adversary. From Fig. 10, we see that the AUSF and ARPF communicate over a secure network because they belong to the same network (HN). However, we have shown in Section 4 that the internal components of the 5GCN can be compromised. To overturn the assumption of having an impenetrable 5GCN, we expand the attack surface of the 5G-AKA protocol in our analysis. In our threat model, an adversary can compromise the network’s private channels and the network functions as well. In Section 4, we demonstrated how VNFs and other network components can be compromised by exploiting vulnerabilities of SDN, NFV, and IO peripherals.

5.3 5G-AKA Security Analysis

In this section, we analyze the implications of a compromised 5GCN on the security properties of the 5G-AKA protocol. A compromised 5GCN leads to unique exploits and also facilitates exploits that were unrealistic before. Section 5.3.1 describes the novel attack vectors that become possible using our analysis framework to compromise the 5GCN. Section 5.3.2 analyzes the various 5G-AKA security properties that are violated in the presence of a compromised 5GCN.

5.3.1 Novel Attacks

The vulnerabilities of NFV, SDN, and IO peripherals have a variety of potential consequences at the network level. These consequences include flooding (DoS) attacks, termination of sensitive VNFs, passive MiTM attacks (like eavesdropping), hijacking of VNFs, and active MiTM attacks (like modification of in-flight traffic). In this section, we analyze how these consequences can be exploited to compromise the 5G-AKA protocol.

  • Flooding attacks: The 5G-AKA protocol is vulnerable to session confusion attacks triggered by a race condition in the AUSF-ARPF channel [12]. We demonstrate this attack in Fig. 11. When the ARPF receives multiple authentication requests in parallel, it sends the AVs for all the requests to the AUSF at the same time. This leads to a race condition in which the AUSF is unable to distinguish which AV belongs to which UE. Thus, there is a high probability that the AUSF sends the wrong credentials to the users. This is a probabilistic attack whose success rate can be increased with more parallel authentication requests from the adversary.

    Fig. 11: The 5G-AKA session confusion attack flow

    In the threat model of this attack, the adversary can hijack the VNFs on the SN but not the VNFs on the HN. He can hijack the SEAF on the SN and use it to bombard the AUSF with multiple network packets of SUCI(Attkr) simultaneously. The AUSF generates authentication requests, Auth. info. request (Attkr), for all of these packets and sends them to the ARPF. When the ARPF receives all these packets simultaneously, along with Auth. info. request (Victim), it leads to a race condition. According to the 5G-AKA protocol specifications, the response of the ARPF does not include the identity of the UE. Thus, the simultaneous reception of multiple (AV, XRES) pairs by the AUSF causes a session confusion. It is probable that the AUSF forwards the AV of the victim to the adversary as a result of this confusion. Now, the adversary can authenticate himself as the victim.

    The probability of success of this attack is , where depicts the total number of simultaneous authentication requests received by the ARPF. In Fig. 11, the value of is ; thus the probability of attack success is 0.5. Increasing the number of simultaneous authentication requests from the adversary’s UEs (by replay/flooding attacks from a compromised SEAF) will increase , thus increasing the probability of attack success. The node “Flood VNF with requests/high priority requests” of the NFV attack graph in Fig. 7 can be implemented via multiple possible exploits discovered by our framework to execute this attack.

  • Termination of sensitive VNFs: NFV and IO vulnerabilities can be exploited to forcibly terminate targeted VNFs. This can be achieved by executing one of the following nodes in Fig. 7: “Shutdown sensitive VNFs,” “VNF crash,” “DoS on target VNF.” Our analysis framework predicts multiple possible exploits for implementing these nodes in a vulnerable 5GCN. Untimely termination of SEAF, AUSF or ARPF disrupts the 5G-AKA protocol. Although the adverse effects of such attacks can be mitigated by a fault-tolerant implementation of these functions [22], all ongoing authentication information is lost. This forces the UEs to restart the 5G-AKA protocol.

  • Passive MiTM: Passive MiTM can be executed on the AUSF-ARPF channel. Since this channel is considered to be secure by the 5G-AKA designers, it is not required to be encrypted. Operators would also prefer having no encryption to boost performance. In our analysis of attack graphs in Section 4, we generated multiple attack vectors for launching privilege escalation attacks that give access to 5GCN resources. An adversary with access to the 5GCN infrastructure can eavesdrop on the secure channels. This leads to the disclosure of private information like AV, XRES, SUPI, and the secret keys of AUSF and SEAF to the adversary. The adversary can exploit the knowledge of XRES and SUPI to authenticate himself on behalf of a legitimate UE. The secret key of AUSF can be exploited to authenticate a fake base-station, thereby launching active MiTM attacks on UEs.

  • Hijacking of VNFs: Hijacking of sensitive VNFs like the SEAF, AUSF or ARPF can cause the 5G-AKA protocol to prevent authentication of legitimate UEs or authenticate adversaries with the credentials of a legitimate UE. Our methodology in Section 4 demonstrates multiple access control and privilege escalation attacks in the graphs that can be exploited to hijack VNFs.

  • Active MiTM: Active MiTM attacks involve modifying the packets during transit. This compromises the integrity of network packets. Since the connections in the same network are assumed to be secure in the original 5G-AKA threat model, the operators are not required to have integrity checks on intra-network messages. The adversary can get access to the internal network by exploiting certain infrastructure vulnerabilities and modify the packets in transit. Our methodology in Section 4 demonstrates multiple attack vectors for launching active MiTM attacks. The attack graphs in Fig. 5, 6, and 8 demonstrate that there are multiple openings for MiTM attacks in a vulnerable 5GCN. The adversary can exploit them to modify the AV, XRES, AUSF secret key or SUPI in the AUSF-ARPF channel without being detected. Modifying the SUPI or XRES will enable the adversary to authenticate himself on behalf of a legitimate UE. Modifying the AUSF secret key enables the user to launch a fake base station.

5.3.2 5G-AKA Property Violations

The 3GPP Consortium has detailed the security requirements of 5G system components in TS 33.501 v0.7.0 [1]. The security requirements that are related to the 5G-AKA protocol can be expressed concisely through two secrecy properties and seven authentication properties [12]. Every vulnerability of the 5G-AKA protocol, including the ones mentioned in Section 5.3.1, violates at least one of these security properties. Hence, analyzing these properties may provide insights into what kinds of attacks are possible.

The secrecy properties of 5G-AKA are:

  • S1. The long-term secret key of the UE should be unknown to the adversary.

  • S2. The adversary should not have access to the secret keys of AUSF and SEAF.

The authentication properties of 5G-AKA are:

  • A1. SN and UE must agree on the identity of UE.

  • A2. UE and SN must agree on the identity of SN.

  • A3. HN and SN must agree on the identity of UE.

  • A4. UE and HN must agree on the identity of HN.

  • A5. UE and HN must agree on the identity of SN.

  • A6. UE, HN, and SN must agree on the anchor key of SEAF, .

  • A7. UE, HN, and SN must agree that an anchor key instance is not used more than once.

The security of the 5G-AKA protocol is compromised if any of the aforementioned properties is violated. It has been shown that the compromise of participating components of the 5G-AKA protocol leads to the violation of these properties [12]. We demonstrate the consequences of compromising the 5GCN on the 5G-AKA properties in Table XIII.

Compromised element S1 S2 A1 A2 A3 A4 A5 A6 A7
AUSF-ARPF channel; passive MiTM
AUSF-ARPF channel; active MiTM

TABLE XIII: Property satisfaction under compromised channels and components

We see that 5GCN vulnerabilities and threats lead to the violation of many of the security properties of the 5G-AKA protocol. This demonstrates that 5GCN vulnerabilities also make the 5G-AKA protocol vulnerable.

6 Case Study II: WhatsApp Security in 5G Networks

In this section, we analyze how various existing and novel possible exploits of a vulnerable 5GCN can lead to targeted attacks in the application layer of the network. We chose the WhatsApp application for our security analysis.

WhatsApp is the most widely used IM application in the world, with over 1.5 billion users [17]. It is also one of the most secure IM applications, where all communications are end-to-end (E2E) encrypted. In this section, we demonstrate that even WhatsApp can be compromised through network and protocol vulnerability exploits. Various WhatsApp attack vectors that are facilitated by our methodology include the following.

  • Impersonation of the victim via 5G-AKA: As described in Section 5.3.1, the adversary can authenticate himself as the victim during 5G-AKA protocol execution by exploiting any of the following attacks: flooding, passive MiTM, hijacking of VNFs, and active MiTM. Then, the adversary can use the victim’s identity to impersonate him on WhatsApp.

  • Assisting WhatsApp impersonation through voicemail cracking: During registration of a WhatsApp account, the user can choose to be authenticated by a text message or a call. If the user chooses to be authenticated by a call and fails to receive the authentication call, then the one-time password voice message is saved in voicemail. It has been shown that voicemails can be easily hacked using brute-force attacks [38]. This attack has a low probability of being successful in a real-world situation because it requires the victim to either be offline or ignore the authentication call. This obstacle for the adversary can be bypassed by launching a DoS attack on the victim’s network infrastructure. The framework discussed in Section 4 generates multiple novel possible exploits to launch a DoS attack on various components of the 5GCN. Fig. 5, 6, 7, and 8 show that DoS attacks can be launched on VNFs, VMs, switches, and SDN controllers. A DoS attack on the network infrastructure will terminate the victim’s connection to the 5GCN, thus ensuring that he is offline. Now, the voicemail attack has a much higher probability of being successful.

  • Compromising encryption keys: E2E security of WhatsApp can be readily compromised if the adversary gets access to the WhatsApp encryption keys on the device. The WhatsApp keys are stored in a sandbox memory on the smartphone that is only accessible by the WhatsApp application. If an adversary has root privileges on the phone, he can access the WhatsApp encryption keys. Rootkits can be installed on the UE by combining MiTM attacks in our attack graphs with baseband attacks [39]. Attack vectors that exploit rootkit injection attacks are described in Fig. 6.

  • Lack of certificate pinning: WhatsApp does not implement certificate pinning on the UE [30]. This makes the WhatsApp clients vulnerable to MiTM attacks through certificate proxying. We demonstrated the possible exploits for launching an MiTM attack at the network level in Section 4. These attacks can be executed in the absence of certificate pinning.

7 Discussion

The attack graphs depicted in Fig. 58 are designed to be as exhaustive as possible. We have attempted to include all possible attack classes applicable to SDN, NFV, and malicious peripherals in a 5GCN in these graphs. For application of our framework to a specific 5GCN implementation, we have to derive 5GCN-specific graphs from the generalized graphs that we have presented. For a given 5GCN architecture, the relevant nodes from the generalized graphs are extracted to form the architecture-specific graphs. For example, if a 5GCN does not use LLDP to establish network topology, we will eliminate the LLDP-specific nodes from Fig. 5 for this 5GCN. If a 5GCN has a feature that warrants addition of new nodes to the graphs, we can use ML to predict the connections of the new nodes to the existing nodes. Thus, we can add new nodes to the graphs and create a 5GCN-specific attack graph for further analysis.

Probabilistic attack graphs, more popularly known as Bayesian attack graphs, have been extensively used to assess the security risk of networks. The framework proposed here can be extended to Bayesian attack graphs with minimal modifications. In a traditional Bayesian attack graph, each node represents a state of the system. An edge from state A to state B exists if an exploit of a vulnerability at state A takes the system to state B. The weight of this edge is equal to the probability of execution of the aforementioned exploit. Hence, the graphs presented in our article can be transformed into equivalent Bayesian attack graphs if the edges have weights corresponding to their probability of execution. These probabilities can be obtained for specific systems from the CVE databases. However, our framework is more useful than Bayesian attack graphs because it can also discover novel possible exploits in a system.

8 Conclusion

5G communication systems have a huge potential for revolutionizing the way we live. This is made possible by the integration of new technologies like NFV and SDN into the 5GCN. This gives rise to new vulnerabilities in the 5G system. In this article, we analyzed how various vulnerabilities of NFV, SDN, and malicious IO peripherals can interact with each other to compromise the security of the 5GCN. We discovered 119 novel possible exploits by analyzing the underlying patterns in the 113 existing attack vectors in SDN, NFV, and IO peripherals. We showed that a compromised 5GCN may have devastating consequences on the end user. A compromised 5GCN was shown to trigger five unique types of attacks in the 5G-AKA protocol. These attacks can be further combined with infrastructure vulnerabilities to compromise targeted users at the application layer. We demonstrated this by analyzing four potential security loopholes in the WhatsApp IM application.


  • [1] 3. G. P. P. (3GPP) (2017) TS 33.501: Security Architecture and Procedures for 5G System. Technical Specification Group Services and System Aspects (SA3). Cited by: §5.3.2.
  • [2] I. Ahmad, T. Kumar, M. Liyanage, J. Okwuibe, M. Ylianttila, and A. Gurtov (2017) 5G security: Analysis of threats and solutions. In Proc. IEEE Conf. on Standards for Communications and Networking, pp. 193–199. Cited by: §2.
  • [3] I. Ahmad, T. Kumar, M. Liyanage, J. Okwuibe, M. Ylianttila, and A. Gurtov (2018) Overview of 5G security challenges and solutions. IEEE Communications Standards Magazine 2 (1), pp. 36–43. Cited by: §1, §2.
  • [4] I. Ahmad, S. Namal, M. Ylianttila, and A. Gurtov (2015) Security in software defined networks: a survey. IEEE Communications Surveys & Tutorials 17 (4), pp. 2317–2346. Cited by: §4.3.1, TABLE II.
  • [5] A. T. Al Ghazo, M. Ibrahim, H. Ren, and R. Kumar (2019) A2G2V: automatic attack graph generation and visualization and its applications to computer and SCADA networks. IEEE Trans. Systems, Man, and Cybernetics: Systems 50, pp. 1–11. Cited by: §2.
  • [6] T. Alharbi, M. Portmann, and F. Pakzad (2015) The (in)security of topology discovery in software defined networks. In Proc. IEEE Conf. on Local Computer Networks, pp. 502–505. Cited by: §4.3.1, TABLE II.
  • [7] D. Basin, J. Dreier, L. Hirschi, S. Radomirovic, R. Sasse, and V. Stettler (2018) A formal analysis of 5G authentication. In Proc. ACM SIGSAC Conf. on Computer and Communications Security, pp. 1383–1396. Cited by: §2, §5.
  • [8] R. Borgaonkar, L. Hirschi, S. Park, and A. Shaik (2019) New privacy threat on 3G, 4G, and upcoming 5G AKA protocols. In Proc. Privacy Enhancing Technologies, pp. 108–127. Cited by: §2.
  • [9] J. Brown, T. Saha, and N. K. Jha (2020) GRAVITAS: Graphical reticulated attack vectors for Internet-of-Things aggregate security. Under review in IEEE Trans. Emerging Topics in Computing , pp. . Cited by: §2.
  • [10] J. Cao, Q. Li, R. Xie, K. Sun, G. Gu, M. Xu, and Y. Yang (2019) The crosspath attack: disrupting the SDN control channel via shared links. In Proc. USENIX Security Symp., pp. 19–36. Cited by: §4.3.1, §4.3.4, TABLE II.
  • [11] J. C. C. Chica, J. C. Imbachi, and J. F. Botero (2020) Security in SDN: a comprehensive survey. J. Network and Computer Applications, pp. 102595. Cited by: §2, §4.3.1, §4.3.4, TABLE II.
  • [12] C. Cremers and M. Dehnel-Wild (2019) Component-based formal analysis of 5G-AKA: Channel assumptions and session confusion. In Proc. Symp. Network and Distributed Systems Security, Cited by: §2, 1st item, §5.3.2, §5.3.2, §5.
  • [13] V. A. Cunha, E. da Silva, M. B. de Carvalho, D. Corujo, J. P. Barraca, D. Gomes, L. Z. Granville, and R. L. Aguiar (2019) Network slicing security: challenges and directions. Internet Technology Letters 2 (5), pp. e125. Cited by: §2.
  • [14] M. Dehnel-Wild and C. Cremers (2018) Security vulnerability in 5G-AKA draft. Department of Computer Science, University of Oxford, Tech. Rep., pp. 14–37. Cited by: §2.
  • [15] E. K. K. Edris, M. Aiash, and J. K. Loo (2020) Formal verification and analysis of primary authentication based on 5G-AKA protocol. In Proc. Int. Conf. on Software Defined Systems, pp. 256–261. Cited by: §5.
  • [16] S. R. Hussain, M. Echeverria, I. Karim, O. Chowdhury, and E. Bertino (2019) 5GReasoner: A property-directed security and privacy analysis framework for 5G cellular network protocol. In Proc. ACM SIGSAC Conf. on Computer and Communications Security, pp. 669–684. Cited by: §2.
  • [17] M. Iqbal WhatsApp revenue and usage statistics (2020). Note: Cited by: §6.
  • [18] R. P. Jover and V. Marojevic (2019) Security and protocol exploit analysis of the 5G specifications. IEEE Access 7, pp. 24956–24963. Cited by: §1.
  • [19] A. Koutsos (2018) The 5G-AKA authentication protocol privacy (technical report). arXiv: 1811.06922 v1. Cited by: §5.1, §5.
  • [20] D. Kreutz, F. M. V. Ramos, and P. Verissimo (2013) Towards secure and dependable software-defined networks. In Proc. ACM SIGCOMM Wkshp. Hot Topics in Software Defined Networking, pp. 55–60. Cited by: §4.3.1, TABLE II.
  • [21] S. Lal, T. Taleb, and A. Dutta (2017) NFV: Security threats and best practices. IEEE Communications Magazine 55 (8), pp. 211–217. Cited by: §2, §4.3.4.
  • [22] F. Leu, K. Tsai, H. Susanto, C. Gu, and I. You (2020) A fault tolerant mechanism for UE authentication in 5G networks. Mobile Networks and Applications, pp. 1–18. Cited by: 2nd item.
  • [23] S. Li, J. S. Koh, and J. Nieh (2019) Protecting cloud virtual machines from hypervisor and host operating system exploits. In Proc. USENIX Security Symp., pp. 1357–1374. Cited by: §4.3.4.
  • [24] E. Marin, N. Bucciol, and M. Conti (2019) An in-depth look into SDN topology discovery mechanisms: novel attacks and practical countermeasures. In Proc. ACM SIGSAC Conf. on Computer and Communications Security, pp. 1101–1114. Cited by: §4.3.1, §4.3.4, TABLE II.
  • [25] T. Markettos, C. Rothwell, B. F. Gutstein, A. Pearce, P. G. Neumann, S. Moore, and R. Watson (2019) Thunderclap: exploring vulnerabilities in operating system IOMMU protection via DMA from untrustworthy peripherals. In Proc. Symp. Network and Distributed Systems Security, Cited by: §4.3.4.
  • [26] B. Morgan, É. Alata, V. Nicomette, and M. Kaâniche (2018) IOMMU protection against I/O attacks: A vulnerability and a proof of concept. J. The Brazilian Computer Society 24 (1), pp. 2. Cited by: §4.3.3, §4.3.4.
  • [27] NFV-ETSI-ISG ETSI GS NFV-SEC 001 v1. 1.1 (2014-10). Note: Cited by: §4.3.2, §4.3.2, §4.3.4, TABLE III.
  • [28] J. Ordonez-Lucena, P. Ameigeiras, D. Lopez, J. J. Ramos-Munoz, J. Lorca, and J. Folgueira (2017) Network slicing for 5G with SDN/NFV: Concepts, architectures, and challenges. IEEE Communications Magazine 55 (5), pp. 80–87. Cited by: §3.3.
  • [29] X. Ou, S. Govindavajhala, and A. W. Appel (2005) MulVAL: a logic-based network security analyzer. In Proc. USENIX Security Symp., Vol. 8, pp. 113–128. Cited by: §2.
  • [30] P. Paganini WhatsApp lack enforcing certificate pinning, users exposed to MITM. Note: Cited by: 4th item.
  • [31] T. Saha, N. Aaraj, N. Ajjarapu, and N. K. Jha (2021) SHARKS: Smart hacking approaches for risk scanning in Internet-of-Things and cyber-physical systems based on machine learning. IEEE Trans. Emerging Topics in Computing , pp. . Cited by: §1, §2.
  • [32] P. Schneider and G. Horn (2015) Towards 5G security. In Proc. IEEE Trustcom/BigDataSE/ISPA, Vol. 1, pp. 1165–1170. Cited by: §2.
  • [33] S. Scott-Hayward, S. Natarajan, and S. Sezer (2015) A survey of security in software defined networks. IEEE Communications Surveys & Tutorials 18 (1), pp. 623–654. Cited by: §4.3.1, TABLE II.
  • [34] V. Sehwag and T. Saha (2016) TV-PUF: A fast lightweight analog physical unclonable function. In Proc. IEEE Int. Symp. Nanoelectronic and Information Systems, pp. 182–186. Cited by: §3.1.
  • [35] R. Sens (2018) Be ready to fight new 5G vulnerabilities. Network Security 2018 (10), pp. 6–7. Cited by: §1.
  • [36] P. P. Sriram, H. Wang, H. G. Jami, and K. Srinivasan (2019) 5G security: Concepts and challenges. In 5G Enabled Secure Wireless Networks, pp. 1–43. Cited by: §1.
  • [37] T. Sutikno, L. Handayani, D. Stiawan, M. A. Riyadi, and I. M. I. Subroto (2016) WhatsApp, Viber and Telegram: Which is the best for instant messaging?. Int. J. Electrical & Computer Engineering 6 (3). Cited by: §1.
  • [38] M. Vigo Compromising Online Accounts by Cracking Voicemail Systems. Note: Cited by: §2, 2nd item.
  • [39] C. Xenakis and C. Ntantogian (2015) Attacking the baseband modem of mobile phones to breach the users’ privacy and network security. In Proc. Int. Conf. on Cyber Conflict: Architectures in Cyberspace, pp. 231–244. Cited by: 3rd item.
  • [40] C. Yoon, S. Lee, H. Kang, T. Park, S. Shin, V. Yegneswaran, P. Porras, and G. Gu (2017) Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Trans. on Networking 25 (6), pp. 3514–3530. Cited by: §2, §4.3.1.