Security Vulnerabilities in 5G Non-Stand-Alone Networks: A Systematic Analysis and Attack Taxonomy-Reference-Cited by-同舟云学术

Security Vulnerabilities in 5G Non-Stand-Alone Networks: A Systematic Analysis and Attack Taxonomy

Published:2024-01-02 Issue:1 Volume:4 Page:23-40
ISSN:2624-800X
Container-title:Journal of Cybersecurity and Privacy
language:en
Short-container-title:JCP

Author:

Wani Mohamad Saalim¹^ORCID,Rademacher Michael²^ORCID,Horstmann Thorsten²,Kretschmer Mathias¹^ORCID

Affiliation:

1. Fraunhofer FIT, 53757 Sankt Augustin, Germany

2. Fraunhofer FKIE, 53177 Bonn, Germany

Abstract

5G networks, pivotal for our digital mobile societies, are transitioning from 4G to 5G Stand-Alone (SA) networks. However, during this transition, 5G Non-Stand-Alone (NSA) networks are widely used. This paper examines potential security vulnerabilities in 5G NSA networks. Through an extensive literature review, we identify known 4G attacks that can theoretically be applied to 5G NSA. We organize these attacks into a structured taxonomy. Our findings reveal that 5G NSA networks may offer a false sense of security, as most security and privacy improvements are concentrated in 5G SA networks. To underscore this concern, we implement three attacks with severe consequences and successfully validate them on various commercially available smartphones. Notably, one of these attacks, the IMSI Leak, consistently exposes user information with no apparent security mitigation in 5G NSA networks. This highlights the ease of tracking individuals on current 5G networks.

Funder

Federal Ministry for Digital and Transport of the Federal Republic of Germany

German Federal Office for Information Security of the Federal Republic of Germany

Publisher

MDPI AG

Subject

General Earth and Planetary Sciences,General Environmental Science

Link

https://www.mdpi.com/2624-800X/4/1/2/pdf

Reference44 articles.

1. Ericsson (2023). Ericsson Mobility Report, Ericsson. Technical Report EAB-22:010742 Uen Rev D.

2. Bundesnetzagentur (2023, November 30). Pressemitteilung—Bundesnetzagentur Aktualisiert Darstellung der Netzabdeckung mit 5G. Available online: https://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/Allgemeines/Presse/Pressemitteilungen/2022/20221123_5G.pdf?__blob=publicationFile&v=2.

3. Zhang, X., Kunz, A., and Schröder, S. (2017, January 18–20). Overview of 5G security in 3GPP. Proceedings of the 2017 IEEE Conference on Standards for Communications and Networking (CSCN), Helsinki, Finland.

4. A Survey on Security Aspects for 3GPP 5G Networks;Cao;IEEE Commun. Surv. Tutor.,2020

5. GSA (2023, November 30). 5G-Standalone November 2023 Summary. Available online: https://gsacom.com/paper/5g-market-snapshot-february-2023.