Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Physical Layer Message Prediction for 5G Radio Access Network Protocols

Jonathan Ebert, Peter Rost

Abstract

Protocol reverse engineering stands as the cutting-edge approach in security research. This paper presents a framework capable of reverse engineering the communications within a mobile communication system. Our focus is on systems released by the 3GPP, with an emphasis on 5G NR. Our approach leverages the available context and syntax of the 5G standard to predict subsequent messages. This approach relies on a Transformer model and is trained based on an open-source 5G system implementation, emulating a base station and several user equipments. The prediction targets messages at the physical layer.

Physical Layer Message Prediction for 5G Radio Access Network Protocols

Abstract

Protocol reverse engineering stands as the cutting-edge approach in security research. This paper presents a framework capable of reverse engineering the communications within a mobile communication system. Our focus is on systems released by the 3GPP, with an emphasis on 5G NR. Our approach leverages the available context and syntax of the 5G standard to predict subsequent messages. This approach relies on a Transformer model and is trained based on an open-source 5G system implementation, emulating a base station and several user equipments. The prediction targets messages at the physical layer.
Paper Structure (17 sections, 4 equations, 7 figures, 3 tables)

This paper contains 17 sections, 4 equations, 7 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Problem Description
  3. Related Work
  4. Contribution
  5. Preliminaries
  6. 5G Messages and Physical Channels
  7. Transformer
  8. System Setup
  9. Environment
  10. Data Preprocessing and Tokenization
  11. Message Predictor
  12. Syntax Checker
  13. Validation Metrics - Levenshtein distance
  14. Validation Metrics - Precision
  15. Results
  16. ...and 2 more sections

Figures (7)

  • Figure 1: Exemplary system setup with one gNB and multiple UEs. The SSB is the first signal detected and allows for synchronization with the base station signal. PDCCH carries control information for the individual terminals, and the PDSCH carries data signals. Each system frame is divided into 10 slots, in this configuration, each of 1ms.
  • Figure 2: The message predictor has approximately 10 slots as input and predicts the following slot. The number of slots in the input depends on the number of tokens per slot. The maximum number of input tokens is 1024. Sampling is repeated until the separator token is sampled.
  • Figure 3: Two example sequences with the Levenshtein distance of three.
  • Figure 4: Three different sequences with the same \ref{['RL:first']} distance of 1.
  • Figure 5: For each sample, the output probabilities of the Transformer are shown. The original input contains 10 slots, and the 11th is predicted. There are 30 tokens drawn until the end token is sampled in the last step.
  • ...and 2 more figures

Theorems & Definitions (1)

  • Definition 1: Relative Levenshtein