《破解5G堡垒:窥探5G的脆弱深渊.pdf》由会员分享,可在线阅读,更多相关《破解5G堡垒:窥探5G的脆弱深渊.pdf(44页珍藏版)》请在三个皮匠报告上搜索。
1、#BHUSA BlackHatEventsCracking the 5G Fortress:Peering Cracking the 5G Fortress:Peering Into 5Gs Vulnerability AbyssInto 5Gs Vulnerability AbyssSpeakers:Kai Tu,Yilu DongContributors:Abdullah Al Ishtiaq,Syed Md Mukit Rashid,Weixuan Wang,Tianwei Wu,Syed Rafiul Hussain#BHUSA BlackHatEventsWho We AreKai
2、TuPhD StudentMobile Network and Device Security,Automatic Vulnerability Discovery hellotkk.github.ioYilu DongPhD StudentCellular Networks,Applied Cryptography,and Software Testingyilud.me#BHUSA BlackHatEvents5G Network Roles and Applications#BHUSA BlackHatEvents Users will run into critical problems
3、 if basebands are not secure.Compromised 5G device may also affect other components in 5G network.Why is 5G Baseband Security Important?Source:https:/ BlackHatEventsHow secure are the 5G devices?Can we develop an automated way to test them?We are curious#BHUSA BlackHatEventsWhat we Are Going to Talk
4、 About Today 5G cellular network overview Workflow of our automated 5G baseband testing tool Summary of findings 5G AKA bypass end-to-end exploitations demos Impact and Status Takeaways#BHUSA BlackHatEvents5G Network ArchitectureAMF5G UEgNodeBUDMSMFUPF5G Core NetworkInternet#BHUSA BlackHatEvents5G C
5、ontrol PlaneRadio connectionSecurity Mode Control ProcedureAuthentication ProcedureAS Security ActivationRegistered to Core Network and ready to get servicesNASRRC#BHUSA BlackHatEventsOur ScopeAMFUEgNBUDMSMFUPF5G Core NetworkInternet#BHUSA BlackHatEventsWhy can protocol implementations in commercial
6、 basebands go wrong?Baseband Protocol Implementation-Easy Work?#BHUSA BlackHatEventsBaseband protocol is hard to ImplementHundreds of documentsDifficult to understandConflicts and underspecifications#BHUSA BlackHatEventsNon-compliant behavior may lead to Exploitable vulnerabilitiesInteroperability i