5G Core and NFVI Network Function Virtualization Infrastructure Penetration Testing: Simulating an Inside Cloud Attack
Translated title
5G Core and NFVI Network Function Virtualization Infrastructure Penetration Testing
Author
Altariqi, Bandar Ibrahim M
Term
4. term
Education
Publication year
2020
Submitted on
2020-06-14
Abstract
This master's thesis, developed with Keysight Technologies in Denmark, examines the security of the 5G core (NFVI) when attacks originate from inside the cloud. The 5G core is the central part of a mobile network, and NFVI (Network Functions Virtualization Infrastructure) is the hardware and software that run its virtual network functions. The study assumes an attacker has already compromised a virtual machine, maps targets using a scanning tool (nmap), and conducts controlled penetration tests. It evaluates whether common defenses—firewalls and intrusion detection systems (IDS)—can distinguish malicious traffic from legitimate activity. Tests were carried out on two cloud setups: a local development/sandbox cloud and a remote cloud hosting a near-production 5G core with stronger security. Results show that some critical components could still be disrupted, causing denial of service, even with a firewall/IDS in place. The thesis recommends adding a middleware layer that isolates infrastructure components from the rest of the cloud and deploying firewall/IDS with a load balancer to stop attacks before they reach critical services.
Dette speciale er udarbejdet i samarbejde med Keysight Technologies i Danmark og undersøger sikkerheden i 5G-kernen (NFVI), når angreb kommer indefra skyen. 5G-kernen er den centrale del af mobilnettet, og NFVI (Network Functions Virtualization Infrastructure) er den hardware og software, der driver de virtuelle netværksfunktioner. Studiet antager, at en angriber allerede har kompromitteret en virtuel maskine, kortlægger mål med et scanningsværktøj (nmap) og gennemfører kontrollerede penetrationstests. Det vurderer, om almindelige forsvar – firewalls og intrusion detection systems (IDS) – kan skelne mellem skadelig trafik og legitim aktivitet. Testene blev udført i to skyer: en lokal udviklings/sandbox-sky og en fjern sky, der hoster en 5G-kerne tæt på produktion og med stærkere sikkerhed. Resultaterne viser, at nogle kritiske komponenter stadig kunne forstyrres og bringes i en denial-of-service-tilstand, selv når firewall/IDS var til stede. Specialet anbefaler at indføre et middleware-lag, der isolerer infrastrukturens komponenter fra resten af skyen, og at kombinere firewall/IDS med en load balancer for at forhindre, at angreb når kritiske tjenester.
[This apstract has been rewritten with the help of AI based on the project's original abstract]