Titulo Estágio
Fuzzer framework for security tests of 5G UE (User Equipment, component of the cellular network).
Local do Estágio
Keysight/DEI-FCTUC
Enquadramento
The 5G technology is considered very important for a connected world, and its usage is growing year after year. One of the targets of this technology is IoT devices that are bringing more 5G on their solutions while 4G is becoming an obsolete technology. Unfortunately, the lack of security on these devices leads to the creation of large-scale malware such as Mirai, LightAidra, and Kaiten. Besides the malware attacks in IoT applications, another possible vector of attacks can come from intentionally malformed packets for the cellular network protocols to exploit poor implementation of these protocols. However, cellular network attacks have been very limited due to the lack of proper tools.
Given this scenario, this proposal aims to implement a software framework to be used in the context of security tests using the fuzzing technique and considering 5G devices as targets. Furthermore, for the network emulation, an open-source implementation of 5G is indicated because it can provide access to the implementation, allowing modifications in the protocol stack.
Objetivo
The main objective is to build a proof-of-concept (PoC) to find security breaches in user equipment (5G) using a test technique called Fuzzing. For building this PoC, this project will leverage two main components: a base station emulator and a fuzzing tool. Also, this project will use a software-defined radio board with the 5G (gENB) Open-source implementation to connect devices for the network emulation. A Keysight proprietary solution, called Greyhound, should be used as a reference for the fuzzing implementation. This project will combine both tools to create a fake network and attack commercial devices and/or an emulated UE (5G), trying to find messages that crash the device and bypass the protocol security by searching for weak implementations at the device side.
The objectives can be listed as follows:
• Literature review and getting familiar with fuzzing techniques and 5G network protocols;
• Investigation and identification of the interception points in the base station emulator;
• Investigation and identification of mechanism for packet injection/duplication;
• Investigation and identification of mechanism to compose the target observability during the test execution;
• Architecture proposal;
• Implementation, validation, and solution documentation.
Plano de Trabalhos - Semestre 1
- Get familiar with the work, project, and latest research around the theme
- Setup preparation
- Identification of interception points in 5G stack protocol
- Proposal of mechanism to inject arbitrary packets or messages
Plano de Trabalhos - Semestre 2
- Proposal of mechanisms to improve the target observability during the test execution
- Architecture proposal for the fuzzer
- Fuzzer implementation
- Tests execution and result collection
- Documentation writing
Condições
The intern will participate in a multidisciplinary research team composed of software developers and telecommunication engineers. Also, the base station hardware will be provided for this work as well as a workstation.
Orientador
Paulo Simões e Tiago Cruz
psimoes@dei.uc.pt 📩