The LIAISON project targets the development and implementation of advanced security testing methodologies and adaptive security controls for software-defined telecommunications networks, with a focus on 5G core functions, standardized SCAS testing, protocol fuzzing, AI/ML integration, and application to edge computing and IoT infrastructures.
LIAISON is part of Spoke 8 – Intelligent and Autonomous Systems
Project PI: Giuseppe Bianchi
Innovative 5G Security Assessment Methodologies
The LIAISON project has significantly advanced methodologies for 5G security assessment and testing. Key accomplishments by the end of 2024 include:
- Enhancing 3GPP SCAS Testing in Cloud-Native Environments: The ScasDK framework was extended and integrated into Kubernetes environments, enabling 3GPP SCAS security testing on containerized 5G Core Networks. Seven SCAS tests were executed on three distinct open-source 5G core networks, identifying vulnerabilities and highlighting the need for stronger security in open-source 5G development.
- 5G Network Reconnaissance and Vulnerability Analysis: A "5G Cell Reconnaissance Tool" (5Gmap) was developed for analyzing operator configurations using SDR platforms and commercial SIM cards. This tool identifies potential vulnerabilities by examining exchanged information and validating the correctness of algorithms and protocols.
- Advanced Fuzzing for 5G Core Network Security: The AMFuzz framework was introduced to fuzz the NAS protocol against the Access and Mobility Function (AMF). By uncovering security flaws beyond known patterns, this tool bolsters the robustness of core network components.
- Experimental Studies on Non-3GPP Accesses: Security testing focused on ePDG configurations, contributing insights into the security posture of non-3GPP access systems.
- Monitoring and Analysis for 5G Network Cores: A customized monitoring tool was developed by extending the open-source Arkime platform. Enhancements include a backend analytic module, protocol-specific parsers, improved packet capture, and a new GUI tailored to 5G network cores.
- Quantum Key Distribution and Network Policy Compliance: SDN components were developed to enable secure, efficient quantum key distribution between network sites, supporting multiple clients and servers. Additionally, solutions were designed to verify network policy compliance for encrypted traffic flows in Function-as-a-Service (FaaS) scenarios.
- Threat Demonstrations and Localization Attacks: A full-frame meaconing demonstration illustrated threats against 5G localization, showcasing potential vulnerabilities in location-based services.
- Enhancing MEC Security with Data Processing Units (DPUs): A novel DDoS mitigation framework leveraging NVIDIA BlueField SmartNICs was developed, enabling real-time mitigation of TCP SYN flood attacks at wire-speed (100 Gbps). Early results show DPUs reduce core CPU load while maintaining service availability under high-traffic attack scenarios.
- SIEM Integration in 5G and MEC Environments: A reference architecture for Security Information and Event Management (SIEM) was designed for Kubernetes-based MEC deployments, enabling anomaly detection across IT and mobile networks. Integration with O-RAN is underway, using xApps for real-time event forwarding to enhance detection of jamming and DDoS attacks.
- Decentralized Attack Detection Framework: Advanced social learning algorithms were applied for decentralized DDoS detection, where nodes exchange local observations to reach consensus on network threats. This approach strengthens resiliency against attacks by enabling cooperation among network nodes in decentralized architectures.
The four software tools being currently developed may have a significant impact and become of interest for telcos and other stakeholders already in medium terms. More specifically:
Papers:
F. Mancini and G. Bianchi. 2023. ScasDK - A Development Kit for Security Assurance test in Multi-Network-Function 5G. In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES '23). This paper presents the very first version of the ScasDK framework. Journal extension is in preparation.
D. Andreotti and G. Verticale, "Detection of Anomalous e2e Encrypted Function Invocation in FaaS using Zero-Knowledge Proofs," 2024 IEEE 10th International Conference on Network Softwarization (NetSoft), Saint Louis, MO, USA, 2024, pp. 175-179, doi: 10.1109/NetSoft60951.2024.10588930.
A. Paci, M. Chiacchia and G. Bianchi, "5GMap: User-Driven Audit of Access Security Configurations in Cellular Networks," 2024 19th Wireless On-Demand Network Systems and Services Conference (WONS), Chamonix, France, 2024 - this paper presents the first version of 5Gmap - extended journal version with additional features and a significantly extended assessment in the wild has been just submitted.
- ScasDK is devised to perform standard-based 3GPP Security Assurance (SCAS) tests over 5G virtualized core networks, and as such not only can be of practical interest for telcos but also for evaluation and certification agencies;
- 5Gmap permits an in-depth analysis of 5G network operator configurations, with special emphasis on the verification of which confidentiality and integrity mechanisms are currently deployed in each tested cell.
- AMFuzz is designed as a complementary tool to ScasDK. While the latter focuses on security evaluation based on known patterns, the former uses fuzzing to analyze AMF's reaction to anomalous interactions, providing a broader view on the robustness of the implementation.
- The monitoring tool customized for 5G network cores can be of strong interest for telcos and of course all the project activities have scientific interest.
Papers:
F. Mancini and G. Bianchi. 2023. ScasDK - A Development Kit for Security Assurance test in Multi-Network-Function 5G. In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES '23). This paper presents the very first version of the ScasDK framework. Journal extension is in preparation.
D. Andreotti and G. Verticale, "Detection of Anomalous e2e Encrypted Function Invocation in FaaS using Zero-Knowledge Proofs," 2024 IEEE 10th International Conference on Network Softwarization (NetSoft), Saint Louis, MO, USA, 2024, pp. 175-179, doi: 10.1109/NetSoft60951.2024.10588930.
A. Paci, M. Chiacchia and G. Bianchi, "5GMap: User-Driven Audit of Access Security Configurations in Cellular Networks," 2024 19th Wireless On-Demand Network Systems and Services Conference (WONS), Chamonix, France, 2024 - this paper presents the first version of 5Gmap - extended journal version with additional features and a significantly extended assessment in the wild has been just submitted.
Despite no industry partner is is explicitly participating to the project, concrete contacts and interactions have been set up with
- national operators
- the National Cybersecurity Agency
- Industry test companies and manufacturers.
Original partners from the development and research project RESTART:
- Università di Roma Tor Vergata
- Politecnico di Milano
- Consorzio Nazionale Interuniversitario per le Telecomunicazioni (CNIT)
Our project aims to empower users to understand and test the security of 4G and 5G networks, traditionally managed only by operators. By highlighting vulnerabilities and encouraging community involvement, we aim to enhance network security and privacy. Our tools call for a more open approach from mobile network manufacturers and standards organizations, leveraging cybersecurity expertise to improve the overall safety of cellular services. This initiative not only identifies potential issues but also drives a collaborative effort to secure our increasingly connected world.
Publications:
- in the range 10-20, in line with expectations
- mainly CNIT-UNIRM2
- in the range 5-10, above expectations
- 4 tools, well above expectations
- small project, mainly P2P interactions, in line with expectations
- no patents (not planned)
- to be decided yet if tools will be provided as open source or exploited in alternative ways.
- not planned.
Milestones:
- M1: First release of algorithms and tools - Submission of Deliverable D1 (due date: M12)
- M2: Second release of algorithms and tools - Submission of Deliverable D2 (due date: M24)
- M3: Third release of algorithms and tools - Submission of Deliverable D3 (due date: M36)
- D1: First report on technical and scientific activities, including demonstration of the project experimental framework based on open source 5G technologies and systems (due date: M12)
- D2: Second report on technical and scientific activities, including demonstration of specific solutions and tools developed in the project. (due date: M24)
- D3: Final report on technical and scientific activities, including final demonstration and report on the demo validation (due date: M36)
Researchers involved: about 40-60
Collaboration proposals
The LIAISON project is currently collaborating with the 5Gsec project in the EP 7 SERICS (EP specifically dedicated to security). The ScasDK platform is the result of a co-development with such project.
Furthermore, the LIAISON project is currently co-supervising with the National Cybersecurity Agency (ACN) three master’s theses on SCAS test development by leveraging the ScasDK platform.
For any proposal of collaboration within the project please contact the project PI.