Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Poster: Towards an Automated Security Testing Framework for Industrial UEs

Sotiris Michaelides, Daniel Eguiguren Chavez, Martin Henze

TL;DR

This paper addresses the lack of a unified, automated security testing approach for industrial UEs in 5G by proposing an integrated framework that tests both 5G control-plane protocols and upper-layer security like TLS. It combines existing tools (for CP NAS/RRC, TLS, and evaluation of NAS/RRC) into a single automated pipeline with unified reporting and TLS configuration checks aligned with security recommendations. The authors report a proof-of-concept deployment with a real-world hardware/software stack, achieving around 30 minutes to run tests and discovering a RRC-layer vulnerability prior to security activation. The work offers a practical tool for operators to verify security posture before deployment and lays groundwork for expanding coverage to IPsec and OPC UA in future work.

Abstract

With the ongoing adoption of 5G for communication in industrial systems and critical infrastructure, the security of industrial UEs such as 5G-enabled industrial robots becomes an increasingly important topic. Most notably, to meet the stringent security requirements of industrial deployments, industrial UEs not only have to fully comply with the 5G specifications but also implement and use correctly secure communication protocols such as TLS. To ensure the security of industrial UEs, operators of industrial 5G networks rely on security testing before deploying new devices to their production networks. However, currently only isolated tests for individual security aspects of industrial UEs exist, severely hindering comprehensive testing. In this paper, we report on our ongoing efforts to alleviate this situation by creating an automated security testing framework for industrial UEs to comprehensively evaluate their security posture before deployment. With this framework, we aim to provide stakeholders with a fully automated-method to verify that higher-layer security protocols are correctly implemented, while simultaneously ensuring that the UE's protocol stack adheres to 3GPP specifications.

Poster: Towards an Automated Security Testing Framework for Industrial UEs

TL;DR

This paper addresses the lack of a unified, automated security testing approach for industrial UEs in 5G by proposing an integrated framework that tests both 5G control-plane protocols and upper-layer security like TLS. It combines existing tools (for CP NAS/RRC, TLS, and evaluation of NAS/RRC) into a single automated pipeline with unified reporting and TLS configuration checks aligned with security recommendations. The authors report a proof-of-concept deployment with a real-world hardware/software stack, achieving around 30 minutes to run tests and discovering a RRC-layer vulnerability prior to security activation. The work offers a practical tool for operators to verify security posture before deployment and lays groundwork for expanding coverage to IPsec and OPC UA in future work.

Abstract

With the ongoing adoption of 5G for communication in industrial systems and critical infrastructure, the security of industrial UEs such as 5G-enabled industrial robots becomes an increasingly important topic. Most notably, to meet the stringent security requirements of industrial deployments, industrial UEs not only have to fully comply with the 5G specifications but also implement and use correctly secure communication protocols such as TLS. To ensure the security of industrial UEs, operators of industrial 5G networks rely on security testing before deploying new devices to their production networks. However, currently only isolated tests for individual security aspects of industrial UEs exist, severely hindering comprehensive testing. In this paper, we report on our ongoing efforts to alleviate this situation by creating an automated security testing framework for industrial UEs to comprehensively evaluate their security posture before deployment. With this framework, we aim to provide stakeholders with a fully automated-method to verify that higher-layer security protocols are correctly implemented, while simultaneously ensuring that the UE's protocol stack adheres to 3GPP specifications.

Paper Structure

This paper contains 5 sections, 4 figures.

Table of Contents

  1. Introduction
  2. Technical Background & Related Work
  3. Automated Security Testing Framework
  4. Preliminary Results
  5. Conclusion & Future Work

Figures (4)

  • Figure 1: High-level architecture of an industrial 5G network showing the industrial UE, RAN, and 5GC with associated planes and security controls.
  • Figure 2: Overview of our framework concept. Its modular design enables the integration of additional test cases and new upper layer protocols.
  • Figure 3: Our framework consolidates all security testing results in one unified, reader-friendly report.
  • Figure 4: Our setup used to gather preliminary results.