การโจมตีและการป้องกันความปลอดภัยบนโครงข่ายโทรศัพท์เคลื่อนที่ยุคที่ 5

Saowaphak Sasanus

Authors

Saowaphak Sasanus National Telecom of Thailand

Keywords:

5G technology, network architecture, security threats, software defined network

Abstract

This article studies network architecture, covering security system equipment and functions in various generations of mobile network. It also studies different types of security attacks and protection methods as well as the benefits of 5G mobile network development, along with the recommendations for safe installation and use. Through document research method, academic articles, journals, and newspapers were studied. It was found that there was not a lot of equipment for security protection in 1G to 4G wireless cellular network architecture. For the 5G network, functions for security protection were developed and installed in one single device of which the internal functions were separated through virtualization. There were many forms of network attack, e.g. spoofing attack and Denial of Service (DoS). Security breaches can be prevented by installing all security features and always updating them. The 5G network architecture was more secure because data transmission was encrypted end-to-end, making it difficult to be hacked. Resources were subdivided into smaller pieces on each device, allowing the separation of data leakage crisis at a sub-level. Moreover, being a centralized management makes updating software easier and detecting attacks faster. However, when any function was compromised, other functions were also at risk. In addition, there would be a risk from having a large number of Internet of Things (IoT) to attack. In the case of misconfiguration, it might put every sub-resource at risk as well.

References

บีบีซี. (2566, 31 มีนาคม). 9near: จับกุม จ่าสิบโท แฮกเกอร์ที่อ้างมีข้อมูลคนไทย 55 ล้านคนได้แล้ว. BBC Thai.https://www.bbc.com/thai/articles/cq5z3w5lwdxo

สำนักงาน กสทช. (2564, 28 ตุลาคม). สำนักงาน กสทช. ยกระดับมาตรการจัดการปัญหา SMS หลอกลวง เข้มลงโทษทางปกครองกับผู้ให้บริการเนื้อหาที่ปล่อยให้มี SMS หลวกลวงส่งไปยังประชาชน พร้อมส่งเรื่องให้ บช. สอท. ดำเนินคดีตามกฎหมายกับมิจฉาชีพ ส่วน ก. ดีอีเอส จะดำเนินการเอาผิดกับมิจฉาชีพตาม พ.ร.บ.คอมพิวเตอร์ฯ. https://www.nbtc.go.th/News/Information/51123.aspx

Angelo Bjerre, S., Wøidemann Klæbel Blomsterberg, M., & Andersen, B. (2023). 5G Attacks and Countermeasures. Proceedings of 25th International Symposium on Wireless Personal Multimedia Communications. WPMC (pp. 285-290). Herning: Denmark. IEEE. https://doi.org/10.1109/WPMC55625.2022.10014962

Banach, Z. (2019, August 22). What Is Session Hijacking: Your Quick Guide to Session Hijacking Attacks. Invicti. https://www.invicti.com/blog/web-security/session-hijacking/

Broth, J. (2023, April 18). The Role of Next Gen SIEM in the Era of IoT and 5G. ITBriefcase. https://www.itbriefcase.net/the-role-of-next-gen-siem-in-the-era-of-IoT-and-5g

CableFree. (n.d.). LTE Interfaces. Explaining the Interfaces in LTE. https://www.cablefree.net/wirelesstechnology/4glte/lte-interfaces/

Cloudflare. (n.d.). What is DNS cache poisoning? | DNS spoofing. https://www.cloudflare.com/learning/dns/dns-cache-poisoning/

Condoluci, M. & Mahmoodi, T. (2018, December 9). Softwarization and virtualization in 5G mobile networks: Benefits, trends and challenges. Computer Networks, 146, 65-84. https://doi.org/10.1016/j.comnet.2018.09.005

Cowley, S. (2019, July 22). Equifax to Pay at Least $650 Million in Largest-Ever Data Breach Settlement. The New York Times.https://www.nytimes.com/2019/07/22/ business/equifax-settlement.html

Gamaarachchi, H., & Ganegoda, H. (2018, January 3). Power Analysis Based Side Channel Attack. [Unpublished manuscript]. arXiv. https://doi.org/10.48550/arXiv.1801.00932

Ghadialy, Z. (2018, February 9). Tutorial: Service Based Architecture (SBA) for 5G Core (5GC). The 3G4G Blog. https://blog.3g4g.co.uk/2018/02/tutorial-service-based-architecture-sba.html

Henda, N. B., Wifvesson, M., & Jost, C. (2019, July 17). An Overview of the 3GPP 5G Security Standard. Ericsson. https://www.ericsson.com/en/blog/2019/7/3gpp-5g-security-overview

Holmes, D. (n.d.). What is a Data Breach?. Fortinet. https://www.fortinet.com/resources/cyberglossary/data-breach

Hossain, M. S., Paul, A., Hasan, H. I., & Atiquzzaman, M. (2018). Survey of the Protection Mechanisms to the SSL-based Session Hijacking Attacks. Network Protocols and Algorithms, 10(1), 83. https://doi.org/10.5296/npa.v10i1.12478

Hussain, S. R., Echeverria, M., Chowdhury, O., Li, N., & Bertino, E. (2019, February 24-27). Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information. The 26th Network and Distributed System Security Symposium 2019. NDSS 2019. San Diego, CA: USA. SyNSec Lab. https://synsec-den.github.io/publications/privacy-attacks-to-the-4g-and-5g-cellular-paging-protocols-using-side-channel-information/

Khandelwal, S. (2020, August 13). New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls. The Hacker News. https://thehackernews.com/2020/08/a-team-of-academic-researcherswho.html

Lavaud, C., Gerzaguet, R., Gautier, M., Berder, O., Nogues, E., & Molton, S. (2021). Whispering Devices: A survey on how side-channels lead to compromised information. Journal of Hardware and Systems Security, 5(2), 143-168. https://doi.org/10.1007/s41635-021-00112-6

Liyanage, M., Ahmad, I., Okwuibe, J., Ylianttila, M., Kabir, H., Santos, J. L., Kantola, R., Perez, O. L., Itzazelaia, M. U., & Montes De Oca, E. (2017). Enhancing Security of Software Defined Mobile Networks. IEEE Access, 5, 9422–9438. https://doi.org/10.1109/ACCESS.2017.2701416

McDaid, C. (2019, August 19). Understanding and Detecting IMSI catcher around the world. ENEA. https://www.enea.com/insights/adaptive-mobile-imsi-catchers/

Neto, N. N., Madnick, S. E., Moraes G. de Paula, A., & Malara Borges, N. (2020, January 1). A Case Study of the Capital One Data Breach [Unpublished manuscript]. SSRN. http://dx.doi.org/10.2139/ssrn.3542567

Powell, O. (2022, November 29). Meta fined US$275 million following enquiry into April 2021 data leak. Cyber Security Hub. https://www.cshub.com/data/news/meta-fined-us275-million-following-enquiry-into-april-2021-data-leak

Reichert, C. (2023, May 1). T-Mobile Announces Another Data Breach. CNET. https://www.cnet.com/tech/mobile/t-mobile-announces-another-data-breach/

Singla, A., Hussain, S. R., Chowdhury, O., Bertino, E., & Li, N. (2020). Protecting the 4G and 5G Cellular Paging Protocols against Security and Privacy Attacks. Proceedings on Privacy Enhancing Technologies, 2020(1), 126-142. https://doi.org/10.2478/popets-2020-0008

Stempel, J. (2019, April 10). Yahoo strikes $117.5 million data breach settlement after earlier accord rejected. Reuters. https://www.reuters.com/article/idUSKCN1RL1GX/ #:~:text=Yahoo%20strikes%20%24117.5%20million%20data%20breach%20settlement%20after%20earlier%20accord%20rejected,By%20Jonathan%20Stempel&text=(Reuters)%20%2D%20Yahoo%20has%20struck,largest%20data%20breach%20in%20history

Vicente, V. (2023, May 16). 7 Types of Information Security Incidents and How to Respond. AuditBoard. https://www.auditboard.com/blog/types-of-information-security-incidents/

VMWare. (n.d.). What is Intrusion Prevention System?. https://www.vmware.com/topics/glossary/content/intrusion-prevention-system.html#:~:text=An%20intrusion%20prevention%20system%20(IPS,it%2C%20when%20it%20does%20occur

Vreman, N., Pates, R., Krüger, K., Fohler, G., & Maggio, M. (2019). Minimizing Side-Channel Attack Vulnerability via Schedule Randomization. 2019 IEEE 58th Conference on Decision and Control (CDC) (pp. 2928-2933). Nice: France. IEEE https://doi.org/10.1109/CDC40024.2019.9030144.

Zialcita, P. (2019, October 30). Facebook Pays $643,000 Fine For Role In Cambridge Analytica Scandal. npr. https://www.npr.org/2019/10/30/774749376/facebook-pays-643-000-fine-for-role-in-cambridge-analytica-scandal