Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Vulnerability Analysis of eBPF-enabled Containerized Deployments of 5G Core Networks

Yash Deshpande, Samaresh Bera

Abstract

The extended Berkeley Packet Filter (eBPF) is useful for faster packet processing and network monitoring in softwarized deployments. Similarly, softwarized deployments of 5G core network services adopted eBPF to meet the stringent latency and bandwidth requirements of underlying applications. While the existing studies focused on network performance, security concerns over eBPF-enabled platforms are overlooked. In this paper, we study the vulnerability analysis of 5G core network deployments that use eBPF for packet processing and traffic monitoring. In particular, we consider the following aspects: a) tracing, b) denial-of-service (DoS), c) stealing information, and d) bash injection. We present the detailed attack scenarios with step-by-step implementation of containerized and eBPF-enabled 5G network functions using Open5GS. The experiment results show that the aforementioned vulnerabilities are present in eBPF-enabled 5G deployments and can be exploited by attackers. Finally, we present some mitigation techniques useful for addressing the vulnerabilities. The source code and implementation details are made available at https://github.com/chimms1/5G-eBPF-exploits.

Vulnerability Analysis of eBPF-enabled Containerized Deployments of 5G Core Networks

Abstract

The extended Berkeley Packet Filter (eBPF) is useful for faster packet processing and network monitoring in softwarized deployments. Similarly, softwarized deployments of 5G core network services adopted eBPF to meet the stringent latency and bandwidth requirements of underlying applications. While the existing studies focused on network performance, security concerns over eBPF-enabled platforms are overlooked. In this paper, we study the vulnerability analysis of 5G core network deployments that use eBPF for packet processing and traffic monitoring. In particular, we consider the following aspects: a) tracing, b) denial-of-service (DoS), c) stealing information, and d) bash injection. We present the detailed attack scenarios with step-by-step implementation of containerized and eBPF-enabled 5G network functions using Open5GS. The experiment results show that the aforementioned vulnerabilities are present in eBPF-enabled 5G deployments and can be exploited by attackers. Finally, we present some mitigation techniques useful for addressing the vulnerabilities. The source code and implementation details are made available at https://github.com/chimms1/5G-eBPF-exploits.
Paper Structure (14 sections, 8 figures)

This paper contains 14 sections, 8 figures.

Table of Contents

  1. Introduction
  2. System Architecture
  3. Threat Model and Experimental Setup
  4. Vulnerability Analysis
  5. Attack Scenario 1: Tracing
  6. Attack Scenario 2: Denial of Service (DoS)
  7. Attack Scenario 3: Information Theft
  8. Attack Scenario 4: Bash Injection
  9. Possible Mitigations
  10. Isolation via Virtualization
  11. Capability and Feature Restriction
  12. Fine-Grained Permission Models (LSM)
  13. Supply Chain Considerations
  14. Conclusion

Figures (8)

  • Figure 1: 5G service based architecture with eUPFs and XDP-based packet processing
  • Figure 2: Output of the tracing program
  • Figure 3: Sample execution of DoS attack
  • Figure 4: Working principles of information theft
  • Figure 5: Output of the information theft attack, which shows compromised ssh keys
  • ...and 3 more figures