Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Attacking Slicing Network via Side-channel Reinforcement Learning Attack

Wei Shao, Chandra Thapa, Rayne Holland, Sarah Ali Siddiqui, Seyit Camtepe

TL;DR

The paper investigates security risks arising from shared hardware resources in network slicing, focusing on cache-based side-channel vulnerabilities. It proposes a reinforcement learning–based attack framework that models the cache-timing attack as a guessing game, using PPO with Transformer encoders to learn attack strategies and identify victim data locations. The authors demonstrate, via a cache-simulation environment, that the approach can discover both known and novel attack sequences and achieve high success rates (approximately 95–98%), while reducing the attack sequence length through training. The work highlights the need for stronger cache isolation and multi-tenant security measures in 5G/6G networks and lays groundwork for automated, RL-driven assessment of cache-based vulnerabilities in network slices.

Abstract

Network slicing in 5G and the future 6G networks will enable the creation of multiple virtualized networks on a shared physical infrastructure. This innovative approach enables the provision of tailored networks to accommodate specific business types or industry users, thus delivering more customized and efficient services. However, the shared memory and cache in network slicing introduce security vulnerabilities that have yet to be fully addressed. In this paper, we introduce a reinforcement learning-based side-channel cache attack framework specifically designed for network slicing environments. Unlike traditional cache attack methods, our framework leverages reinforcement learning to dynamically identify and exploit cache locations storing sensitive information, such as authentication keys and user registration data. We assume that one slice network is compromised and demonstrate how the attacker can induce another shared slice to send registration requests, thereby estimating the cache locations of critical data. By formulating the cache timing channel attack as a reinforcement learning-driven guessing game between the attack slice and the victim slice, our model efficiently explores possible actions to pinpoint memory blocks containing sensitive information. Experimental results showcase the superiority of our approach, achieving a success rate of approximately 95\% to 98\% in accurately identifying the storage locations of sensitive data. This high level of accuracy underscores the potential risks in shared network slicing environments and highlights the need for robust security measures to safeguard against such advanced side-channel attacks.

Attacking Slicing Network via Side-channel Reinforcement Learning Attack

TL;DR

The paper investigates security risks arising from shared hardware resources in network slicing, focusing on cache-based side-channel vulnerabilities. It proposes a reinforcement learning–based attack framework that models the cache-timing attack as a guessing game, using PPO with Transformer encoders to learn attack strategies and identify victim data locations. The authors demonstrate, via a cache-simulation environment, that the approach can discover both known and novel attack sequences and achieve high success rates (approximately 95–98%), while reducing the attack sequence length through training. The work highlights the need for stronger cache isolation and multi-tenant security measures in 5G/6G networks and lays groundwork for automated, RL-driven assessment of cache-based vulnerabilities in network slices.

Abstract

Network slicing in 5G and the future 6G networks will enable the creation of multiple virtualized networks on a shared physical infrastructure. This innovative approach enables the provision of tailored networks to accommodate specific business types or industry users, thus delivering more customized and efficient services. However, the shared memory and cache in network slicing introduce security vulnerabilities that have yet to be fully addressed. In this paper, we introduce a reinforcement learning-based side-channel cache attack framework specifically designed for network slicing environments. Unlike traditional cache attack methods, our framework leverages reinforcement learning to dynamically identify and exploit cache locations storing sensitive information, such as authentication keys and user registration data. We assume that one slice network is compromised and demonstrate how the attacker can induce another shared slice to send registration requests, thereby estimating the cache locations of critical data. By formulating the cache timing channel attack as a reinforcement learning-driven guessing game between the attack slice and the victim slice, our model efficiently explores possible actions to pinpoint memory blocks containing sensitive information. Experimental results showcase the superiority of our approach, achieving a success rate of approximately 95\% to 98\% in accurately identifying the storage locations of sensitive data. This high level of accuracy underscores the potential risks in shared network slicing environments and highlights the need for robust security measures to safeguard against such advanced side-channel attacks.
Paper Structure (28 sections, 3 equations, 4 figures, 1 table)

This paper contains 28 sections, 3 equations, 4 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related works
  3. Side-channel Attack
  4. Network Slicing Security
  5. Preliminary Study
  6. Network Slicing
  7. Authentication Process
  8. Cache-based side-channel attack
  9. Defense mechanisms against Cache-Timing attacks.
  10. Methodology
  11. Framework Overview
  12. Guessing Game Formulation
  13. RL problem
  14. Episode
  15. Rewards
  16. ...and 13 more sections

Figures (4)

  • Figure 1: Ways to Cache Attacks-Prime+Probe. Different colours indicate different states of the memory block. After steps 1, 2, and 3, the attacker successfully populated the data so that they could re-access them next time.
  • Figure 2: RL-based network slicing attack method. The left part of the figure shows the overall framework of the slicing network attack generation method. The right part illustrates how the cache guessing game can be formulated as an RL problem.
  • Figure 3: Environment for RL-based slicing network attack.The attack slice can execute cache read/write/flush operations and see the latency of its own accesses
  • Figure 4: Training episode length. The line graph shows the average length of the episodes in every 100 episodes