Demo: 5G Core Security Validation - User Plane Data Protection over N3 interface
This demo shows one of the tests from Spirent’s Security Automation test pack for Landslide 5G Core validation, which is based on the 3GPP SCAS testing methodologies. The test is part of Spirent’s 5G Core Automation Platform, which can easily be included in a CI/CD/CT environment, and emulates a user plane replay attack where an attacker intercepts a message and later retransmits the message to the original destination.
The attacker doesn't have to be able to read the message in order to replay it. This type of attack is done to gain access to resources by replaying authentication messages or to confuse the destination host in a denial of service (DDOS) attack. The test demonstrates how you can use Spirent’s security automation tests to verify the UPF system under test (SUT) drops any replayed packets. The test implements the 3GPP test case TC-UP-Data replay UPF.
An emulated Radio Access Network (RAN) connects to the customer's 5G Core. A secure data connection is established between the RAN and the UPF SUT and the emulated RAN will duplicate packets. Some packets are replayed immediately, and some are replayed after a delay. The UPF is expected to ignore these replayed packets.
The Spirent security automation solution combines three of Spirent’s products:
- Velocity: responsible for orchestration - manages the test, topologies and the resources
- iTest: provides the automation framework - controls test execution, including repeated test iterations for goal seeking tests, and it performs the result analysis to determine the pass or fail
- Landslide: the execution platform - it is connected to the SUT and the home of the Automation Test pack libraries
The demo runs the tests through the user interface, but they can also run via an external API. Users simply select the replay attack test and assign a topology to define the resources needed and a parameter file to run with the test. The user has the option to customize these parameters if they wish.
Once complete, an execution report is produced, which shows the objective of the test with the 3GPP reference and test case name; the actual resources that have been assigned for the test run; a statistics section with date/time/duration of the test; a summary of the different types of messages that were seen; links to additional result files from the test; and then execution messages that show a step-by-step guide of what happened during the test.