Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Demystifying Privacy in 5G Stand Alone Networks

Stavros Eleftherakis, Timothy Otim, Giuseppe Santaromita, Almudena Diaz Zayas, Domenico Giustiniano, Nicolas Kourtellis

TL;DR

This study provides the first head-to-head qualitative and experimental comparison of 5G Stand Alone (SA) and Non Stand Alone (NSA) networks in real operator deployments, focusing on privacy enhancements against eight top pre-5G attacks. It demonstrates that SA networks with SUCI support and strict GUTI update mechanisms offer superior identity privacy compared to NSA, while highlighting that ciphering remains optional in practice and that several privacy vulnerabilities persist. The authors also evaluate OpenAirInterface (OAI) in a lab SA setup, showing strong compliance overall but missing the GUTI update mechanism, and uncover two novel 5G privacy attacks related to GUTI reallocation and security-capabilities bidding-down. Overall, the work underscores the need for stricter standardization and more uniform deployment of protection mechanisms, guiding operators and researchers in strengthening 5G privacy and security.

Abstract

Ensuring user privacy remains critical in mobile networks, particularly with the rise of connected devices and denser 5G infrastructure. Privacy concerns have persisted across 2G, 3G, and 4G/LTE networks. Recognizing these concerns, the 3rd Generation Partnership Project (3GPP) has made privacy enhancements in 5G Release 15. However, the extent of operator adoption remains unclear, especially as most networks operate in 5G Non Stand Alone (NSA) mode, relying on 4G Core Networks. This study provides the first qualitative and experimental comparison between 5G NSA and Stand Alone (SA) in real operator networks, focusing on privacy enhancements addressing top eight pre-5G attacks based on recent academic literature. Additionally, it evaluates the privacy levels of OpenAirInterface (OAI), a leading open-source software for 5G, against real network deployments for the same attacks. The analysis reveals two new 5G privacy vulnerabilities, underscoring the need for further research and stricter standards.

Demystifying Privacy in 5G Stand Alone Networks

TL;DR

This study provides the first head-to-head qualitative and experimental comparison of 5G Stand Alone (SA) and Non Stand Alone (NSA) networks in real operator deployments, focusing on privacy enhancements against eight top pre-5G attacks. It demonstrates that SA networks with SUCI support and strict GUTI update mechanisms offer superior identity privacy compared to NSA, while highlighting that ciphering remains optional in practice and that several privacy vulnerabilities persist. The authors also evaluate OpenAirInterface (OAI) in a lab SA setup, showing strong compliance overall but missing the GUTI update mechanism, and uncover two novel 5G privacy attacks related to GUTI reallocation and security-capabilities bidding-down. Overall, the work underscores the need for stricter standardization and more uniform deployment of protection mechanisms, guiding operators and researchers in strengthening 5G privacy and security.

Abstract

Ensuring user privacy remains critical in mobile networks, particularly with the rise of connected devices and denser 5G infrastructure. Privacy concerns have persisted across 2G, 3G, and 4G/LTE networks. Recognizing these concerns, the 3rd Generation Partnership Project (3GPP) has made privacy enhancements in 5G Release 15. However, the extent of operator adoption remains unclear, especially as most networks operate in 5G Non Stand Alone (NSA) mode, relying on 4G Core Networks. This study provides the first qualitative and experimental comparison between 5G NSA and Stand Alone (SA) in real operator networks, focusing on privacy enhancements addressing top eight pre-5G attacks based on recent academic literature. Additionally, it evaluates the privacy levels of OpenAirInterface (OAI), a leading open-source software for 5G, against real network deployments for the same attacks. The analysis reveals two new 5G privacy vulnerabilities, underscoring the need for further research and stricter standards.
Paper Structure (32 sections, 6 figures, 1 table)

This paper contains 32 sections, 6 figures, 1 table.

Table of Contents

  1. Introduction
  2. Background
  3. 5G Cellular Network Architecture
  4. UE Identifiers
  5. UE Capabilities
  6. 5G Message Exchange Flow
  7. Paging Procedure
  8. Methodology
  9. User Identity Confidentiality
  10. Framework
  11. Experimental & Deployment Scenarios
  12. Operator's networks testbed:
  13. 5G SA in OpenAirInterface (OAI):
  14. Data Collection Approach
  15. Pre-5G Attacks & 5G Enhancement
  16. ...and 17 more sections

Figures (6)

  • Figure 1: High Level Representation of 5G messages exchange flow.
  • Figure 2: Framework followed to study pre-5G attacks in real 5G NSA & SA deployments, and an OAI testbed.
  • Figure 3: Identity Request in 5G NSA, SA and OAI networks.
  • Figure 4: Enhanced SMC Procedure between operator's implementation and OAI.
  • Figure 5: 5G-GUTI Reallocation Command in 5G SA operator's networks.
  • ...and 1 more figures