A Layered Approach to Threat Modeling for 5G-Based Systems
Abstract
:1. Introduction
2. Related Work
3. 5G Layered Architecture and Enabling Technologies
3.1. Layered 5G Architecture
- Device layer This layer consists of the devices which may connect to the 5G network. These devices can range from mobile phones to drones, IoT devices to home appliances and autonomous vehicle to a network access point. The attack surface of these devices is extremely volatile with novel threats emerging regularly such as malware, worms, botnets and in some cases advanced persistent threats [32]. The consequence of a successful breach in this case can range from compromise of user privacy to a potential full-scale attack on the network infrastructure and services.
- Radio layer The 5G Radio Access Network (RAN) layer provides wireless connectivity to devices to connect to the 5G core network and services using 5G radio frequencies. Prominent use cases include cloud gaming, AR/VR, autonomous driving, and fixed wireless access. The radio access network consists of transmitters, antennas, base-band (RAN Compute), and RAN software to enable ultra-high speeds and mobility. The 5G network has introduced several improvements in RAN compared to 4G such as multiple antenna arrays, multiple input multiple output (MIMO) and centralized or Cloud RAN (C-RAN). However, these are susceptible to attacks targeting the RAN such as unauthorized access, traffic sniffing, signaling storms, flooding and jamming.
- Edge layer The introduction of an edge layer within 5G architecture is envisaged to facilitate use cases such as autonomous vehicles and remote surgery, which require ultra-low latency (1 ms) and are supported by bringing compute capabilities closer to the end-user. Edge computing can be included in WiFi hotspots, radio towers and network routers. As the edge layer uses NFV and SDN, threats and attacks to these enabling technologies are also applicable on the edge layer in a 5G network. Edge nodes are susceptible to Denial of Service attacks, side-channel attacks and VM-based attacks.
- Core layer The 5G core is designed as a cloud-native service-based architecture that uses NFV and SDN to provide advanced network functionalities. It has defined several interconnected virtual functions which provide services such as authentication, session management, mobility and security. These functions include Access and Mobility Management Function (AMF), User Plane Functions (UPF), Session Management Functions (SMF), Data Network (DN), Authentication Server Functions (AUSF), Network Slice Selection Function (SMF) and Unified Data Management (UDM). These functions are divided into the control and user plane and provide an interface to each other so that any function can request service from any other function. The 5G core design principles include Control and User-Plane Separation (CUPS), modular function design, minimizing dependencies between the RAN and Core network and concurrent access to local and centralized services. Several threats to the 5G core layer functions have been identified in [31,33], which need to be assessed while designing any 5G core network. Both control and user planes may be affected by these attacks, which include DoS and spoofing attacks on AMF, routing attacks on AUSF and UPF and SIP relay attacks on IMS AF.
- Service layer The service layer provides the application interface to the users. Service providers define the programmable interfaces (APIs), and the architecture of this layer is independent of the underlying 5G architecture. Security at this layer is typically the responsibility of the service provider, and the threats faced by the services have a significant overlap with the contemporary Internet-based applications. Proper security features need to be maintained including authentication, authorization, secrecy and non-repudiation.
3.2. Enabling Technologies
- Software-Defined Networking (SDN) is an emerging network architecture that allows decoupling of the control and data plane and adds programmability, making network control flexible. The benefits of SDN include enhanced configuration, improved performance, and innovation. SDN allows the configuration of network devices such as routers, switches, and firewalls automatically from a single point. It helps to add new network devices easily and makes automatic control through software possible. Network optimization using software helps solve challenges such as congestion control, routing, traffic scheduling and quality of service. The high configurability provided by SDN promises more innovative network solutions and use cases to be implemented by the network service providers and telecommunication operators. These benefits make SDN a palpable choice for 5G networks to provide innovative and optimized services to the customers. The use of SDN in 5G networks can lead to attacks such as DoS on the controller, TLS/SSL attacks on the control channel, and flow modification on the data channel [4]. Ref. [18] has identified several threats to SDN including data forging, traffic diversion, side channel attack, flooding attack, DoS attack, identity spoofing and traffic sniffing.
- Network Function Virtualization (NFV) NFV architecture was proposed by the European Telecommunications Standards Institute (ETSI), and that also defined the NFV implementation standards. NFV is a way to replace network services and proprietary network devices such as routers, switches, and firewalls with virtual network functions. NFV uses a virtual machine that runs on standard servers instead of proprietary hardware. It allows service providers to provide new on-demand applications and services without requiring specialized hardware. It allows multiple virtual functions to be executed on a single server and flexibility to move from one server to another. The NFV architecture consists of Virtual Network Functions (VNF), Network Functions Virtualization infrastructure (NFVi) and Management, Automation, and Network Orchestration (MANO). VNFs are the virtualized network functions that provide file sharing, network configuration and directory services. NFVi consists of the hypervisor that provides computing, storage, and networking. MANO provides automation support for new VNFs and control of the NFV infrastructure.Several threats to NFV and possible attacks have been identified in the literature. Ref. [4] lists security issues related to NFV architecture which include management and orchestration, virtual network functions, and virtual machines related attacks. Ref. [23] presented a three-dimensional threat taxonomy of NFV-based 5G networks by discussing its benefits, architecture, and design requirements.
- Multi-access Edge Computing (MEC) MEC brings computing, store, and networking services closer to the end user or data sources. It solves the latency, bandwidth, and reliability issues of the emerging use cases such as machine learning, AR/VR, IoT, and network functions that require service provisioning closer to users. Edge computing provides computing services at the network edge for real-time processing and cloud-based computing for the operations, which require more powerful computing capabilities. In the absence of edge computing, data processing would be carried out at the centralized cloud servers, resulting in higher latency and increased data transmission costs. With the help of edge computing, decisions can be made quickly near the user end for the emergency services requiring low ultra-low latency. MEC will help achieve 5G objectives such as supporting Enhanced Mobile Broadband (eMBB), Ultra-Reliable Low-Latency Communications (URLCC) and Massive Machine-Type Communications (mMTC). The use of enabling technologies such as virtualization, wireless network and distributed architecture within MEC makes it vulnerable to numerous attacks [34]. Mirai botnet attack is an example of a practical attack on IoT and edge devices were later used for DDoS attacks [35].
- Network Slicing The 5G network promises to provide ultra-low latency and an ultra-high data rate while supporting mainly three broad application scenarios including Ultra-Reliable and Low-Latency Communications (URLLC), Enhanced Mobile Broadband (eMBB), and Massive Machine-Type Communications (mMTC). These diverse scenarios require extremely dynamic and highly scalable network architecture from mobile operators and network service providers. Extreme (or enhanced) Mobile Broadband (eMBB) supports applications such as HD video streaming and AR/VR and generates huge data and requires really high bandwidth. Massive Machine-Type Communications (mMTC) is also known as the Internet of Things, and it supports billions of connected devices which may not require high bandwidth but need specialized services such as massive MIMO in order to support huge numbers of devices. Ultra-Reliable Low-Latency Communications (uRLC) facilitates use cases such as vehicle-to-X (v2x) communications or remote surgery, which requires ultra-low latency, and mobile network operators need to use mobile edge computing to provide it. Network slicing plays a key role in providing this extreme flexibility in the networks. As a result of recent advancements, network slicing has gained massive popularization in SDN and NFV, but it also gave rise to new inter-slice security threats such as privacy, secure communication, slice isolation, slice-specific authentication, and authorization, which need more research work and appropriate solutions [36,37]. Due to the virtual isolation rather than the physical isolation in 5G network slicing, a number of security attacks are possible. Among them, side channel attack is a very common attack for the slices which are sharing the same infrastructure and require a comprehensive analysis and protection mechanism [4,38].
4. Threat Vectors and Dimensions
- The device layer threat dimension encompasses all the potential attacks that can impact an asset within the end devices connected to the 5G networks.
- The RAN layer threat dimension is concerned with attacks that are initiated at the Radio Access layer in the 5G network.
- The edge layer domain threat dimension incorporates potential attacks which take advantage of any weakness in the edge layer devices.
- The core layer threat dimension covers potential attacks which can include the network functions providing authentication, session management, security of user data and credentials.
- The service/application layer threat dimension include all the threats which can affect the applications running on the cloud.
4.1. Security Threats
- Authentication abuse: Authentication abuse can result in unauthorized access to network services and can cause integrity violations. Affected services can be AMF, NSSF, AAA and other services. Hyperjacking is an example of such attacks in which a malicious VM performs privilege escalation to gain root access by exploiting the hypervisor’s vulnerabilities. It subsequently leads to the control over the host and eventually over all the existing VMs. Edge, core and service layers can all be affected by these types of attacks.
- Information Leakage: In case of unauthorized access to user plane or signaling data, sensitive information such as user data, cryptographic keys, monitoring logs and signaling data can be leaked. The core layer, cloud layer and edge layer can be affected. Attacks include security key theft, misuse of security audit tools and access to network traffic. In case of VM hopping attacks to core layer network functions and edge servers, side channels are used by the malicious VM to gain access to cryptographic keys or to establish illicit communication channels.
- Denial of Service: These attacks result in the service unavailability of the genuine network users. It may include a host-based DoS attack to target hosts to drain the CPU, memory and bandwidth resource usage. Flooding, jamming network radio and jamming network interface are other examples of DDoS attacks. A bandwidth saturation attack can exploit the bandwidth over-subscription. Overloading the edge node may cause edge routers/switches to become a bottleneck. The 5G network services and components which can be affected are SDN, NFV, RAN, MEC, cloud servers and the core network. The service-based architecture of the 5G core and their functions such as AMF, SMF and key management servers are also the possible targets. Table 3 shows the layers and services affected by the Denial of Service attack.
- Network Configuration Manipulation: A network configuration manipulation attack includes DNS and routing table manipulation, exploiting of misconfigured data and services and tampering of cryptographic keys and policies. These attacks can affect the security of 5G components such as SDN, NFV, MANO, and RAN. The layers affected are the radio, core, and edge, where the SDN controller, network functions such as PCF, AMF, network orchestrator, and DNS servers can be attacked.
- Malicious Software: Attacks that can be included in this category are injection attacks, worms, ransomware, malicious network functions and botnet. These attacks can cause service unavailability, information destruction and integrity violations at the device layer, MEC layer, core layer and service layer.
- Hardware Manipulation: Hardware attacks can be launched on the user and MEC equipment, and the radio unit can cause unavailability and information destruction.
- Signaling Threats: Malware or apps can launch signaling storms which in turn overload the signaling server, cell bandwidth and cloud servers and can also drain the mobile device battery [39]. It affects the device, core and cloud layers of the 5G architecture. Signaling frauds can also affect the integrity and confidentiality of the system.
- Eavesdropping: It is an attack in which the attacker stealthily listens to the network communication to gain access to the secret information such as the sensitive data, encryption keys and other personal information. Attacks include traffic sniffing, man in the middle attack, session hijacking, and device or user tracking. It affects data confidentiality and authentication.
4.2. Threat Actors
- Organized hackers: These are professional hackers whose goal is to attack systems for profit.
- Hacktivist: These are the individuals who use hacking to promote their political or social agenda by defacing websites or disabling services and interfaces.
- Cyber terrorist: These are expert individuals who are motivated by political or religious beliefs and use their wide-ranging skills to create fear of large-scale disruption of telecommunication services.
- Cyber warfare: They are employed by governments to infiltrate to damage the information system and gain the confidential information of other governments.
- Insider Mal-actors: These are threats that originate from people within the organization, such as disgruntled and terminated employees and under-trained staff.
- Script Kiddies: These are amateur hackers who run software and scripts developed by real hackers to compromise systems.
5. Analysis and Future Directions
Author Contributions
Funding
Conflicts of Interest
References
- Agyapong, P.K.; Iwamura, M.; Staehle, D.; Kiess, W.; Benjebbour, A. Design considerations for a 5G network architecture. IEEE Commun. Mag. 2014, 52, 65–75. [Google Scholar] [CrossRef]
- Ericsson. Harnessing the 5G Consumer Potential. 2021. Available online: https://www.ericsson.com/en/reports-and-papers/consumerlab/reports/harnessing-the-5g-consumer-potential (accessed on 17 January 2022).
- ETSI. Security Architecture and Procedures for 5G System. 2018. Available online: https://www.etsi.org/deliver/etsi_ts/133500_133599/133501/15.04.00_60/ts_133501v150400p.pdf (accessed on 6 January 2022).
- Khan, R.; Kumar, P.; Jayakody, D.N.K.; Liyanage, M. A survey on security and privacy of 5G technologies: Potential solutions, recent advancements, and future directions. IEEE Commun. Surv. Tutorials 2019, 22, 196–248. [Google Scholar] [CrossRef] [Green Version]
- Ahmad, I.; Shahabuddin, S.; Kumar, T.; Okwuibe, J.; Gurtov, A.; Ylianttila, M. Security for 5G and beyond. IEEE Commun. Surv. Tutorials 2019, 21, 3682–3722. [Google Scholar] [CrossRef]
- Ahmad, I.; Kumar, T.; Liyanage, M.; Okwuibe, J.; Ylianttila, M.; Gurtov, A. Overview of 5G security challenges and solutions. IEEE Commun. Stand. Mag. 2018, 2, 36–43. [Google Scholar] [CrossRef] [Green Version]
- Farooqui, M.N.I.; Arshad, J.; Khan, M.M. A bibliometric approach to quantitatively assess current research trends in 5G security. Libr. Hi Tech 2021, 39, 1097–1120. [Google Scholar] [CrossRef]
- Alshunaifi, S.Y.; Mishra, S.; AlShehri, M.A.R. Cyber-Attack Detection and Mitigation Using SVM for 5G Network. Intell. Autom. Soft Comput. 2022, 31, 13–28. [Google Scholar] [CrossRef]
- Testa, A.; Cinque, M.; Coronato, A.; De Pietro, G.; Augusto, J.C. Heuristic strategies for assessing wireless sensor network resiliency: An event-based formal approach. J. Heuristics 2015, 21, 145–175. [Google Scholar] [CrossRef] [Green Version]
- Park, S.; Kim, D.; Park, Y.; Cho, H.; Kim, D.; Kwon, S. 5G Security Threat Assessment in Real Networks. Sensors 2021, 21, 5524. [Google Scholar] [CrossRef]
- Hussain, S.R.; Echeverria, M.; Chowdhury, O.; Li, N.; Bertino, E. Privacy attacks to the 4G and 5G cellular paging protocols using side channel information. In Proceedings of the Network and Distributed Systems Security (NDSS) Symposium 2019, San Diego, CA, USA, 24–27 February 2019. [Google Scholar]
- Rupprecht, D.; Kohls, K.; Holz, T.; Pöpper, C. IMP4GT: IMPersonation Attacks in 4G NeTworks; NDSS: New York, NY, USA, 2020. [Google Scholar]
- Mathi, S.; Dharuman, L. Prevention of desynchronization attack in 4G LTE networks using double authentication scheme. Procedia Comput. Sci. 2016, 89, 170–179. [Google Scholar] [CrossRef] [Green Version]
- Mjølsnes, S.F.; Olimid, R.F. Easy 4G/LTE IMSI catchers for non-programmers. In International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security; Springer: Berlin/Heidelberg, Germany, 2017; pp. 235–246. [Google Scholar]
- Marback, A.; Do, H.; He, K.; Kondamarri, S.; Xu, D. A threat model-based approach to security testing. Softw. Pract. Exp. 2013, 43, 241–258. [Google Scholar] [CrossRef] [Green Version]
- Uzunov, A.V.; Fernandez, E.B. An extensible pattern-based library and taxonomy of security threats for distributed systems. Comput. Stand. Interfaces 2014, 36, 734–747. [Google Scholar] [CrossRef]
- Bedi, P.; Gandotra, V.; Singhal, A.; Narang, H.; Sharma, S. Threat-oriented security framework in risk management using multiagent system. Softw. Pract. Exp. 2013, 43, 1013–1038. [Google Scholar] [CrossRef]
- Belmonte Martin, A.; Marinos, L.; Rekleitis, E.; Spanoudakis, G.; Petroulakis, N. Threat Landscape and Good Practice Guide for Software Defined Networks/5G; European Union Agency for Network and Information Security: Athens, Greece, 2015. [Google Scholar]
- Hamad, M.; Prevelakis, V. SAVTA: A hybrid vehicular threat model: Overview and case study. Information 2020, 11, 273. [Google Scholar] [CrossRef]
- Baroos, M.L.; Marinos, L.; Patseas, L. ENISA Threat Landscape for 5G Networks; European Union Agency for Cybersecurity: Athens, Greece, 2020. [Google Scholar]
- Hernan, S.; Lambert, S.; Ostwad, T.; Shostack, A. Threat Modeling—Uncover Security Design Flaws Using The STRIDE Approach. MSDN Mag. 2006, 68–75. [Google Scholar]
- Køien, G.M. On Threats to the 5G Service Based Architecture. Wirel. Pers. Commun. 2021, 119, 97–116. [Google Scholar] [CrossRef]
- Madi, T.; Alameddine, H.A.; Pourzandi, M.; Boukhtouta, A. NFV security survey in 5G networks: A three-dimensional threat taxonomy. Comput. Netw. 2021, 197, 108288. [Google Scholar] [CrossRef]
- Lichtman, M.; Rao, R.; Marojevic, V.; Reed, J.; Jover, R.P. 5G NR jamming, spoofing, and sniffing: Threat assessment and mitigation. In Proceedings of the 2018 IEEE International Conference on Communications Workshops (ICC Workshops), Kansas City, MO, USA, 20–24 May 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 1–6. [Google Scholar]
- Nasralla, M.M.; García-Magariño, I.; Lloret, J. Defenses against perception-layer attacks on iot smart furniture for impaired people. IEEE Access 2020, 8, 119795–119805. [Google Scholar] [CrossRef]
- Khan, M.A.; Nasralla, M.M.; Umar, M.M.; Khan, S.; Choudhury, N. An Efficient Multilevel Probabilistic Model for Abnormal Traffic Detection in Wireless Sensor Networks. Sensors 2022, 22, 410. [Google Scholar] [CrossRef]
- Sattar, D.; Vasoukolaei, A.H.; Crysdale, P.; Matrawy, A. A STRIDE Threat Model for 5G Core Slicing. In Proceedings of the 2021 IEEE 4th 5G World Forum (5GWF), Montreal, QC, Canada, 13–15 October 2021. [Google Scholar]
- Shevchenko, N.; Chick, T.A.; O’Riordan, P.; Scanlon, T.P.; Woody, C. Threat Modeling: A Summary of Available Methods; Technical Report; Carnegie Mellon University Software Engineering Institute: Pittsburgh, PA, USA, 2018. [Google Scholar]
- Zografopoulos, I.; Ospina, J.; Liu, X.; Konstantinou, C. Cyber-physical energy systems security: Threat modeling, risk assessment, resources, metrics, and case studies. IEEE Access 2021, 9, 29775–29818. [Google Scholar] [CrossRef]
- Borgaonkar, R.; Hirschi, L.; Park, S.; Shaik, A. New privacy threat on 3G, 4G, and upcoming 5G AKA protocols. Proc. Priv. Enhancing Technol. 2019, 2019, 108–127. [Google Scholar] [CrossRef] [Green Version]
- Ahmad, I.; Suomalainen, J.; Huusko, J. 5 G-Core Network Security. In Wiley 5G Ref: The Essential 5G Reference Online; Wiley: Hoboken, NJ, USA, 2019; pp. 1–18. [Google Scholar]
- Wang, N.; Wang, P.; Alipour-Fanid, A.; Jiao, L.; Zeng, K. Physical-layer security of 5G wireless networks for IoT: Challenges and opportunities. IEEE Internet Things J. 2019, 6, 8169–8181. [Google Scholar] [CrossRef]
- Kim, H. 5G core network security issues and attack classification from network protocol perspective. J. Internet Serv. Inf. Secur. 2020, 10, 1–15. [Google Scholar]
- Roman, R.; Lopez, J.; Mambo, M. Mobile edge computing, fog et al.: A survey and analysis of security threats and challenges. Future Gener. Comput. Syst. 2018, 78, 680–698. [Google Scholar] [CrossRef] [Green Version]
- Antonakakis, M.; April, T.; Bailey, M.; Bernhard, M.; Bursztein, E.; Cochran, J.; Durumeric, Z.; Halderman, J.A.; Invernizzi, L.; Kallitsis, M.; et al. Understanding the mirai botnet. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, Canada, 16–18 August 2017; pp. 1093–1110. [Google Scholar]
- Li, X.; Samaka, M.; Chan, H.A.; Bhamare, D.; Gupta, L.; Guo, C.; Jain, R. Network slicing for 5G: Challenges and opportunities. IEEE Internet Comput. 2017, 21, 20–27. [Google Scholar] [CrossRef]
- Cunha, V.A.; da Silva, E.; de Carvalho, M.B.; Corujo, D.; Barraca, J.P.; Gomes, D.; Granville, L.Z.; Aguiar, R.L. Network slicing security: Challenges and directions. Internet Technol. Lett. 2019, 2, e125. [Google Scholar] [CrossRef] [Green Version]
- Zhang, H.; Liu, N.; Chu, X.; Long, K.; Aghvami, A.H.; Leung, V.C. Network slicing based 5G and future mobile networks: Mobility, resource management, and challenges. IEEE Commun. Mag. 2017, 55, 138–145. [Google Scholar] [CrossRef]
- Francois, F.; Abdelrahman, O.H.; Gelenbe, E. Towards assessment of energy consumption and latency of LTE UEs during signaling storms. In Information Sciences and Systems 2015; Springer: Berlin/Heidelberg, Germany, 2016; pp. 45–55. [Google Scholar]
- Ouziel, N. Top 10 Cyber Threats to Private 5G/LTE Networks. 2020. Available online: https://www.firstpoint-mg.com/blog/top-10-cyber-threats-to-private-5g-lte-networks/ (accessed on 13 January 2022).
Reference | Journal/ Conference | Year | Layered Architecture Coverage | Threat Actors | SDN | NFV | MEC | Network Slicing | Impact |
---|---|---|---|---|---|---|---|---|---|
[20] | ENISA | 2020 | X | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
[23] | Computer Networks | 2021 | X | ✓ | X | ✓ | X | X | X |
[24] | IEEE ICC Workshops | 2018 | ✓ | ✓ | X | X | X | X | X |
[30] | Proceedings on Privacy Enhancing Technologies | 2019 | ✓ | X | X | X | X | X | X |
[18] | ENISA | 2015 | X | X | ✓ | X | X | X | X |
[22] | Wireless Personal Communications | 2021 | X | X | X | X | X | ✓ | X |
This paper | - | - | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Attack Categories | Core Layer | Device Layer | Edge Layer | Radio Access Network Layer | Service Layer |
---|---|---|---|---|---|
Network Configuration Manipulation | Routing table manipulation Malicious network function registration Tampering of Cryptographic keys and policies | Exploitation of misconfigured data OS services tampering | Routing table manipulation Malicious network function registration | N/A | DNS manipulation Exploitation of misconfigured data Exploitation of misconfigured service Tampering of Cryptographic keys and policies OS services tampering |
Malicious Software | Malicious network functions | Worms Ransomware Botnet | Malicious network functions | N/A | Worms Ransomware Botnet Injection attacks |
Remote Access | N/A | VPN configuration exploitation | N/A | N/A | VPN configuration exploitation |
Hardware Manipulation | Side channel attacks | N/A | Side channel attacks | N/A | Side channel attacks |
Unauthorized Access | N/A | N/A | N/A | IMSI catching attacks | Port Knocking Brute force |
Information Leakage | Security keys theft Unauthorized access to user plane data Unauthorized access to signaling data | N/A | N/A | Network traffic Unauthorized access to signaling data | Misuse of security audit tools |
Authentication Abuse | Authentication service overload Abuse of AMF and key agreement protocol | N/A | N/A | N/A | Third party leakage/abuse |
Data Breach | Log tampering Customer data theft | File misuse Customer data theft | N/A | N/A | Log tampering File misuse Customer data theft |
Eavesdropping | N/A | Session hijacking Device/data identity tracking | N/A | Traffic sniffing Man in the middle attack Air interface eavesdropping | Session hijacking |
Physical Attacks | N/A | Theft | Sabotage of network hardware Terrorist attacks | Sabotage of network hardware Terrorist attacks Unauthorized physical access to base station | N/A |
Accidental | Human error | Human error Misconfigured systems/ network Unintentional deletion | N/A | N/A | Human error Unintentional deletion |
Network Slicing Specific | Template modification Configuration tampering Fake slice creation Deny access to slices Data breach Delete slices | N/A | Unauthorized access Misuse of resources and function Side channel | Misuse of resources and function Side-channel | Unauthorized access Misuse of resources and function Side channel |
Signaling Threats | Signaling storms Signaling frauds | N/A | N/A | Signaling Storms Signaling Frauds | N/A |
Threat Actors/Attack Categories | Cyber Criminal | Hacktivist | Cyber Terrorist | Cyber Warfare | Insider Mal-Actor | Script Kiddies |
---|---|---|---|---|---|---|
Network Configuration Manipulation | ✓ | X | ✓ | ✓ | ✓ | ✓ |
Hardware Manipulation | X | X | ✓ | ✓ | ✓ | X |
Unauthorized Access | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Authentication Abuse | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Data Breach/ Eavesdropping | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Physical Attacks | X | X | ✓ | ✓ | X | X |
Accidental | X | X | X | X | ✓ | ✓ |
Attack Categories | Attack Types | Impact | Affected Components | Affected Layer | Entry Point |
---|---|---|---|---|---|
Denial of Service Attacks | DDoS attacks Flooding, Jamming network radio, Jamming network interface, Overloaded edge node | Service Unavailability Outage | SDN, NFV, RAN, MEC, Cloud, Network services | Radio, Core | Servers/Virtual functions MEC Server, AMF, SMF |
Network Configuration Manipulation | Routing table manipulation, Malicious network function registration, DNS manipulation, Exploitation of misconfigured data, Tampering of cryptographic keys and policies, OS services tampering | Integrity violation information destruction Unavailability | SDN, NFV, MANO, RAN, Configuration data (System, Network, Security) | Radio, Core, MEC | SDN controller, Network functions, PCF, DNS servers, AMF, Network orchestrator |
Malicious Software | Injection attacks worms, Ransomware, Malicious network functions, Botnet | Service Unavailability Information Integrity Information destruction | Data Network, Applications, Cloud, Application data, services | Core, MEC | Database server, Network functions |
Remote Access | VPN configuration exploitation | Integrity, Confidentiality | SDN, NFV, Cloud | Core, Cloud | SDN Controller, Network functions, Cloud servers, Network Orchestrator |
Hardware Manipulation | Side channel attacks, False gateway, Compromised UE, Hardware manipulation | Unavailability Integrity Information Destruction | Cloud equipment, UE, Radio Unit SDN, NFV, RAN, Virtualization Network services, data | Radio, Transport | Virtual machines, Network functions, SDN controller, User device |
Unauthorized Access | IMSI catching attacks, Brute force, Port knocking | Information Integrity System Integrity | UE, Network Services Data services | Core, Radio | Virtual machines, Network functions, SDN controller, User device |
Information Leakage | Network traffic, Cloud computing, Misuse of security audit tools, Security keys theft, Unauthorized access to user plane data, Unauthorized access to signalling data | Confidentility Integrity Information Destruction | Data storage, User data, Cryptographic keys, Monitoring logs, Signaling data | Core, Cloud, MEC | Storage Area Network, SMF, Network servers, Databases |
Authentication Abuse | Authentication service overload, Third party leakage/abuse, Abuse of AMF and key agreement protocol | Integrity violation Unauthorized access | User data, Service data, Configuration profiles | Device, Edge, Core, Service | AMF, AAA servers |
Data Breach | Log tampering, File misuse, Customer data theft | Integrity, Authorization Confidentiality | Network equipment, User data, Configuration data, Cloud | Core, Cloud | Network servers, Databases |
Signaling Threats | Signaling storms, Signaling frauds | Unavailability Integrity, Confidentiality | Network services, Radio equipment, Signaling servers, Cloud servers | Radio | Servers, Network functions |
Eavesdropping | Traffic sniffing, Man in the middle attack, Session hijacking, Air interface eavesdropping, Device/data identity tracking | Confidentiality violation, Integrity violation | User data, Cryptographic keys, Profile data | Radio, Core | Radio interface, SMF |
Physical Attacks | Sabotage of network hardware theft, Terrorist Attacks, Unauthorized physical access to based station | Unavailability, Confidentiality violation | UE, Radio equipment, Edge devices | Radio, MEC | Network equipment |
Accidental | Misconfigured systems/network outdated systems, Human error, Unintentional deletion | Integrity violation, Service unavailability | Radio, Core | Network functions, Cloud Servers | |
Network Slicing Specific | Template modification, Configuration tampering, Fake slice creation, Deny access to slices, Data breach delete slices, Unauthorized access, Misuse of resources and functions, Side channel attacks | Integrity violation, Confidentiality violation, Service unavailability | Network slicing orchestrator, NFV, SDN, RAN, API | Core, Radio, Transport | NSSF, AMF, Slice orchestrator, SDN controller |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Farooqui, M.N.I.; Arshad, J.; Khan, M.M. A Layered Approach to Threat Modeling for 5G-Based Systems. Electronics 2022, 11, 1819. https://doi.org/10.3390/electronics11121819
Farooqui MNI, Arshad J, Khan MM. A Layered Approach to Threat Modeling for 5G-Based Systems. Electronics. 2022; 11(12):1819. https://doi.org/10.3390/electronics11121819
Chicago/Turabian StyleFarooqui, Muhammad Najmul Islam, Junaid Arshad, and Muhammad Mubashir Khan. 2022. "A Layered Approach to Threat Modeling for 5G-Based Systems" Electronics 11, no. 12: 1819. https://doi.org/10.3390/electronics11121819
APA StyleFarooqui, M. N. I., Arshad, J., & Khan, M. M. (2022). A Layered Approach to Threat Modeling for 5G-Based Systems. Electronics, 11(12), 1819. https://doi.org/10.3390/electronics11121819