Skip to main content

On the Criticality of Integrity Protection in 5G Fronthaul Networks

Publication ,  Conference
Xing, J; Yoo, S; Foukas, X; Kim, D; Reiter, MK
Published in: Proceedings of the 33rd USENIX Security Symposium
January 1, 2024

The modern 5G fronthaul, which connects the base stations to radio units in cellular networks, is designed to deliver microsecond-level performance guarantees using Ethernet-based protocols. Unfortunately, due to potential performance overheads, as well as misconceptions about the low risk and impact of possible attacks, integrity protection is not considered a mandatory feature in the 5G fronthaul standards. In this work, we show how vulnerabilities from the lack of protection can be exploited, making attacks easier and more powerful than ever. We present a novel class of powerful attacks and a set of traditional attacks, which can both be fully launched from software over open packet-based interfaces, to cause performance degradation or denial of service to users over large geographical regions. Our attacks do not require a physical radio presence or signal-based attack mechanisms, do not affect the network's operation (e.g., not crashing the radios), and are highly severe (e.g., impacting multiple cells). We demonstrate the impact of our attacks in an end-to-end manner on a commercial-grade, multi-cell 5G testbed, showing that adversaries can degrade performance of connected users by more than 80%, completely block a selected subset of users from ever attaching to the cell, or even generate signaling storm attacks of more than 2500 signaling messages per minute, with just two compromised cells and four mobile users. We also present an analysis of countermeasures that meet the strict performance requirements of the fronthaul.

Duke Scholars

Published In

Proceedings of the 33rd USENIX Security Symposium

Publication Date

January 1, 2024

Start / End Page

4463 / 4479
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Xing, J., Yoo, S., Foukas, X., Kim, D., & Reiter, M. K. (2024). On the Criticality of Integrity Protection in 5G Fronthaul Networks. In Proceedings of the 33rd USENIX Security Symposium (pp. 4463–4479).
Xing, J., S. Yoo, X. Foukas, D. Kim, and M. K. Reiter. “On the Criticality of Integrity Protection in 5G Fronthaul Networks.” In Proceedings of the 33rd USENIX Security Symposium, 4463–79, 2024.
Xing J, Yoo S, Foukas X, Kim D, Reiter MK. On the Criticality of Integrity Protection in 5G Fronthaul Networks. In: Proceedings of the 33rd USENIX Security Symposium. 2024. p. 4463–79.
Xing, J., et al. “On the Criticality of Integrity Protection in 5G Fronthaul Networks.” Proceedings of the 33rd USENIX Security Symposium, 2024, pp. 4463–79.
Xing J, Yoo S, Foukas X, Kim D, Reiter MK. On the Criticality of Integrity Protection in 5G Fronthaul Networks. Proceedings of the 33rd USENIX Security Symposium. 2024. p. 4463–4479.

Published In

Proceedings of the 33rd USENIX Security Symposium

Publication Date

January 1, 2024

Start / End Page

4463 / 4479