The LIAISON project targets the development and implementation of advanced security testing methodologies and adaptive security controls for software-defined telecommunications networks, with a focus on 5G core functions, standardized SCAS testing, protocol fuzzing, AI/ML integration, and application to edge computing and IoT infrastructures.
LIAISON is part of Spoke 8 – Intelligent and Autonomous Systems
Project PI: Giuseppe Bianchi
The main LIAISON project accomplishments so far (spring 2024) do include:
- The extension and integration of the ScasDK framework into Kubernetes environments, so that 3GPP security testing (SCAS) can be performed on cloud-native 5G Core Networks, based on container virtualization technologies.
- The execution of seven SCAS tests on three distinct open-source 5G core networks to assess the effectiveness of ScasDK and identify security vulnerabilities, leading to the recognition of the need for improved security in open-source 5G development.
- The development of a "5G Cell Reconnaissance Tool" (5Gmap) for in-depth analysis of 5G network operator configurations, including the use of Software Defined Radio (SDR) platforms and commercial SIM cards to assess the correctness of algorithms and protocols, and to identify potential vulnerabilities in 5G network security configurations by analyzing information exchanged between the network and the device.
- The initial development of the AMFuzz framework, a tool for fuzzing the NAS protocol against the AMF, the network function that constitutes the user's access point to the control plane of the Core Network. The framework enables security testing and vulnerability detection beyond known patterns, deepening the robustness of the implementation of one of the fundamental components of the Core Network.
- The initial security testing of non-3GPP accesses, so far focusing on an experimental study on the configuration security of ePDGs worldwide.
- Development of a monitoring tool customized for 5G network cores. The tool extends the open source Arkime platform with a number of customizations specific for 5G networks, including the development of a backend analytic module, parser tools dedicated to the analysis of 5G-specific protocols, improvements in packet capture, and improvements in usability via a brand new graphical user interface.
- Development of SDN components to facilitate secure and efficient quantum key distribution between network sites, enabling multiple clients and servers to acquire distinct key substreams from quantum-distributed keystreams.
- Design of solutions for verifying network policies’ compliance of encrypted traffic flows, focusing on Function-as-a-Service (FaaS) scenarios.
The four software tools being currently developed may have a significant impact and become of interest for telcos and other stakeholders already in medium terms. More specifically:
Papers:
F. Mancini and G. Bianchi. 2023. ScasDK - A Development Kit for Security Assurance test in Multi-Network-Function 5G. In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES '23). This paper presents the very first version of the ScasDK framework. Journal extension is in preparation.
R. Bassi, Q. Zhang, A. Gatto, M. Tornatore and G. Verticale, "Quantum Key Distribution with Trusted Relay using an ETSI-compliant Software-Defined Controller," 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN), Vilanova i la Geltru, Spain, 2023. This paper describes the SDN control of a multi-actor Quantum Network Infrastructure.
A. Paci, M. Chiacchia and G. Bianchi, "5GMap: User-Driven Audit of Access Security Configurations in Cellular Networks," 2024 19th Wireless On-Demand Network Systems and Services Conference (WONS), Chamonix, France, 2024 - this paper presents the first version of 5Gmap - extended journal version with additional features and a significantly extended assessment in the wild has been just submitted.
- ScasDK is devised to perform standard-based 3GPP Security Assurance (SCAS) tests over 5G virtualized core networks, and as such not only can be of practical interest for telcos but also for evaluation and certification agencies;
- 5Gmap permits an in-depth analysis of 5G network operator configurations, with special emphasis on the verification of which confidentiality and integrity mechanisms are currently deployed in each tested cell.
- AMFuzz is designed as a complementary tool to ScasDK. While the latter focuses on security evaluation based on known patterns, the former uses fuzzing to analyze AMF's reaction to anomalous interactions, providing a broader view on the robustness of the implementation.
- The monitoring tool customized for 5G network cores can be of strong interest for telcos and of course all the project activities have scientific interest.
Papers:
F. Mancini and G. Bianchi. 2023. ScasDK - A Development Kit for Security Assurance test in Multi-Network-Function 5G. In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES '23). This paper presents the very first version of the ScasDK framework. Journal extension is in preparation.
R. Bassi, Q. Zhang, A. Gatto, M. Tornatore and G. Verticale, "Quantum Key Distribution with Trusted Relay using an ETSI-compliant Software-Defined Controller," 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN), Vilanova i la Geltru, Spain, 2023. This paper describes the SDN control of a multi-actor Quantum Network Infrastructure.
A. Paci, M. Chiacchia and G. Bianchi, "5GMap: User-Driven Audit of Access Security Configurations in Cellular Networks," 2024 19th Wireless On-Demand Network Systems and Services Conference (WONS), Chamonix, France, 2024 - this paper presents the first version of 5Gmap - extended journal version with additional features and a significantly extended assessment in the wild has been just submitted.
Despite no industry partner is is explicitly participating to the project, concrete contacts and interactions have been set up with
- national operators
- the National Cybersecurity Agency
- Industry test companies and manufacturers.
Original partners from the development and research project RESTART:
- Università di Roma Tor Vergata
- Politecnico di Milano
- Consorzio Nazionale Interuniversitario per le Telecomunicazioni (CNIT)
Our project aims to empower users to understand and test the security of 4G and 5G networks, traditionally managed only by operators. By highlighting vulnerabilities and encouraging community involvement, we aim to enhance network security and privacy. Our tools call for a more open approach from mobile network manufacturers and standards organizations, leveraging cybersecurity expertise to improve the overall safety of cellular services. This initiative not only identifies potential issues but also drives a collaborative effort to secure our increasingly connected world.
1. Publications:
- I. Palamà, A. Paci, M. Ferri, L. Valeriani and G. Bianchi, "RAINSTORM: Reconnaissance SDR Platform," 2023 26th Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, France, March 2023.
- F. Mancini, L. Tamiano and G. Bianchi, "5GShell: a plug-and-play framework for automating the deployment of 5G cellular networks," 2023 26th Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, France, March 2023.
- Francesco Mancini and Giuseppe Bianchi. 2023. ScasDK - A Development Kit for Security Assurance test in Multi-Network-Function 5G. In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES '23). Association for Computing Machinery, New York, NY, USA.
- R. Bassi, Q. Zhang, A. Gatto, M. Tornatore and G. Verticale, "Quantum Key Distribution with Trusted Relay using an ETSI-compliant Software-Defined Controller," 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN), Vilanova i la Geltru, Spain, 2023
- F. Mancini, S. Da Canal and G. Bianchi, "AMFuzz: Black-Box Fuzzing of 5G Core Networks," 2024 19th Wireless On-Demand Network Systems and Services Conference (WONS), Chamonix, France, 2024
- A. Paci, M. Chiacchia and G. Bianchi, "5GMap: User-Driven Audit of Access Security Configurations in Cellular Networks," 2024 19th Wireless On-Demand Network Systems and Services Conference (WONS), Chamonix, France, 2024
- G. Bianchi, 5G implementation: Risks & mitigation strategies, March 29, 2023, talk in the cycle of seminars on cybersecurity in Italy organized by the MIMIT/INSTI (formerly Ministry of Telecommunication)
- G. Bianchi, F. Mancini, May 2023, presentation of ScasDK ideas and initial development at ACN (National Cybersecurity Agency)
- G. Bianchi, Challenge Panel: 5G and Security, April 17, 2024, panel during the 5G&Co. conference, Italy
Milestones:
- M1: First release of algorithms and tools - Submission of Deliverable D1 (due date: M12)
- M2: Second release of algorithms and tools - Submission of Deliverable D2 (due date: M24)
- M3: Third release of algorithms and tools - Submission of Deliverable D3 (due date: M36)
- D1: First report on technical and scientific activities, including demonstration of the project experimental framework based on open source 5G technologies and systems (due date: M12)
- D2: Second report on technical and scientific activities, including demonstration of specific solutions and tools developed in the project. (due date: M24)
- D3: Final report on technical and scientific activities, including final demonstration and report on the demo validation (due date: M36)
Researchers involved: about 40-60
Collaboration proposals
The LIAISON project is currently collaborating with the 5Gsec project in the EP 7 SERICS (EP specifically dedicated to security). The ScasDK platform is the result of a co-development with such project.
Furthermore, the LIAISON project is currently co-supervising with the National Cybersecurity Agency (ACN) three master’s theses on SCAS test development by leveraging the ScasDK platform.
For any proposal of collaboration within the project please contact the project PI.