5G cellular systems are slowly being deployed worldwide delivering the promised unprecedented levels of throughput and latency to hundreds of millions of users. At such scale security is crucial, and consequently, the 5G standard includes a new series of features to improve the security of its predecessors (i.e., 3G and 4G). In this work, we evaluate the actual deployment in practice of the promised 5G security features by analysing current commercial 5G networks from several European operators. By collecting 5G signalling traffic in the wild in several cities in Spain, we i) fact-check which 5G security enhancements are actually implemented in current deployments, ii) provide a rich overview of the implementation status of each 5G security feature in a wide range of 5G commercial networks in Europe and compare it with previous results in China, iii) analyse the implications of optional features not being deployed, and iv) discuss on the still remaining 4G-inherited vulnerabilities. Our results show that in European 5G commercial networks, the deployment of the 5G security features is still on the works. This is well aligned with results previously reported from China [16] and keeps these networks vulnerable to some 4G attacks, during their migration period from 4G to 5G.
翻译:5G蜂窝系统正在全球范围内逐步部署,为数亿用户提供承诺的前所未有的吞吐量和低延迟水平。在此规模下,安全性至关重要,因此5G标准包含一系列新特性,以提升其前代技术(即3G和4G)的安全性。本研究通过分析多家欧洲运营商的当前商用5G网络,评估了所承诺的5G安全特性在实际部署中的具体实现情况。通过在西班牙多个城市实地采集5G信令流量,我们:i)核实当前部署中实际实现了哪些5G安全增强功能;ii)全面概述欧洲多种商用5G网络中各项5G安全特性的实施现状,并与中国此前的研究结果进行对比;iii)分析未部署可选特性所带来的影响;iv)讨论仍遗留的4G继承性漏洞。结果表明,在欧洲商用5G网络中,5G安全特性的部署仍在进行中。这与先前中国报告的结果[16]高度一致,并表明在从4G向5G迁移期间,这些网络仍易受部分4G攻击。