SBIR/STTR Award attributes
The USMC, as a forward deployed force of the Navy, will act in areas with 5G networks in places like complex urban and industrial environments. In order to establish full superiority in the electromagnetic spectrum, including 5G networks, the USMC requires a solution to: Determine the detailed, dynamic topology of the 5G network Assess vulnerabilities of the 5G network infrastructure and the connected User Equipment (UE) Assess quality properties, including security Monitor network activities Blacklist system functionality Disrupt network operations We propose a solution, Char5G, characterizing 5G networks at the PHY and MAC layers. Char5G will be implemented as a device meeting the operational requirements of the USMC based on a state-of-the-art Software Defined Radio and a Radio Frequency System on a Chip (RFSoC). It will support: Determination of the initial 5G network topology Device/architecture identification fingerprinting Passive anomalies detection Active anomalies detection and monitoring Active vulnerabilities scanning Continuous topology and risk monitoring For the development of the Char5G concepts and initial proof of concept, we will start from an open-source implementation of the 5G stack. We will add in-depth debugging and monitoring functionality. This has to cover not only standard 5G functionality, such as cell search, but also a fine-grained analysis of side channel properties such as frequency, timing and jitter, which are useful for device fingerprinting and type identification. It also covers a detailed analysis of the observed data, e.g., for standard compliance. The monitoring functionality is separated into data collection components and data analysis components. We will use rule-based analysis, e.g., for compliance to standards, algorithmic and statistical analysis, e.g., to identify specific timing properties, and AI/ML analysis, e.g., to detect anomalies. We will add advanced fuzzing functionality at all layers, covering both the user and the control plane, and application data and header data, from the PHY/waveform up to the MAC layer, as we have already done for other network protocols. All functionality will be implemented as reusable and flexible microservices, partly integrated into the 5G implementation. For orchestration, we will use our Agile Risk Assessment and Testing (ARAT) system. ARAT supports a fully agile GUI and visualization as well as automated testing capabilities based on scripting (as Smalltalk programs) and AI/ML. In the proposed project, our objective is not to “boil the ocean”, but to keep future developments and requirements in mind. The proposed work is focused at the PHY and MAC layers and does not cover upper layers. We will address other aspects of 5G security in our parallel work with the goal to integrate all threads into an overall 5G security solution, covering the entire 5G system, including UE and infrastructure security.
