On Threats to the 5G Service Based Architecture

The 3GPP-based 5G System marks a clear departure form the previous generations. There is a new radio system and a complete overhaul of the core network design. The core network is redesigned both on the control plane parts and the transport plane. The control plane signalling within the core network is now largely based on the service based architecture (SBA) design, featuring Web-based technologies and the associated security solutions. In this paper we conduct a preliminary generic survey of threats to the SBA.

[1]  Stenio F. L. Fernandes,et al.  Integrated NFV/SDN Architectures , 2018, ArXiv.

[2]  Kyriakos C. Chatzidimitriou,et al.  From requirements to source code: a Model-Driven Engineering approach for RESTful web services , 2017, Automated Software Engineering.

[3]  Jörg Schwenk,et al.  On The (In-)Security Of JavaScript Object Signing And Encryption , 2017, ROOTS.

[4]  Konstantin Beznosov,et al.  The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems , 2012, CCS.

[5]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[6]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[7]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[8]  Roy Fielding,et al.  Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation , 2000 .

[9]  Ralf Küsters,et al.  A Comprehensive Formal Security Analysis of OAuth 2.0 , 2016, CCS.

[10]  Patrick Traynor,et al.  More Guidelines Than Rules: CSRF Vulnerabilities from Noncompliant OAuth 2.0 Implementations , 2015, DIMVA.

[11]  Victor Fajardo,et al.  Diameter Base Protocol , 2003, RFC.

[12]  Liming Zhu,et al.  Continuous Integration, Delivery and Deployment: A Systematic Review on Approaches, Tools, Challenges and Practices , 2017, IEEE Access.

[13]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[14]  André Janus Towards a common agile software development model (ASDM) , 2012, SOEN.

[15]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[16]  Tyler Moore,et al.  Signaling system 7 (SS7) network security , 2002, The 2002 45th Midwest Symposium on Circuits and Systems, 2002. MWSCAS-2002..

[17]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..