SlideShare a Scribd company logo

SecurityGen GTP Vulnerabilities.pptx

Download as PPTX, PDF
SecurityGen
SecurityGen

In this presentation, we delve into the world of GTP (GPRS Tunneling Protocol) security, peeling back the layers to reveal potential risks and their far-reaching impact on the ever-evolving 5G landscape. Key Highlights: -️ Understanding GTP: Get to the core of GTP and its critical role in mobile networks. - The 5G Nexus: Explore the complex relationship between 5G, 4G, and legacy networks. - Uncovering Vulnerabilities: Examine the common thread of GTP vulnerabilities spanning generations. - Securing the Future: Discover how knowledge of GTP vulnerabilities can empower mobile operators to fortify their networks and safeguard user data.

Technology
1 of 20
GTP Vulnerabilities: A cause for concern in 5G and LTE networks Pavel Novikov Pavel.Novikov@security-gen.com Kirill Puzankov Kirill.Puzankov@security-gen.com
Pavel Novikov Pavel.Novikov@security-gen.com Presenters • 10 years in telecom security, • co-author of GSMA FS.20 GPRS Tunneling Protocol (GTP) Security document • Head of telecom security research in SecurityGen • Focused on telecom vulnerabilities: RAN, VoLTE, VoWiFi, GTP, Diameter, 5G SA and NSA. • Conducting telecom security assessments for mobile operators for many years. Kirill.Puzankov Kirill.Puzankov@security-gen.com Confidential. Copyright © 2023 SecurityGen. All rights reserved. • 10 years in telecom security • Product manager in SecurityGen • Exploring telco threats and vulnerabilities starting from SS7 up to 5G • Growing solutions for protection of mobile core networks as well as for providing visibility of the network security posture
GPRS Tunnelling Protocol (GTP) - a group of IP-based communications protocols used to carry general packet radio service (GPRS) within GSM, UMTS, LTE and 5G networks. GTP GTP-C GTP-U GTP’ 3GPP 29.281 Packet Radio System (GPRS) Tunnelling Protocol User Plane (GTPv1-U) 3GPP 29.060 General Packet Radio Service (GPRS); GPRS Tunnelling Protocol (GTP) across the Gn and Gp interface 3GPP 29.274 Evolved Packet System (EPS); Evolved General Packet Radio Service (GPRS) Tunnelling Protocol for Control plane (GTPv2-C) 3GPP 32.295 Telecommunication management; Charging management; Charging Data Record (CDR) transfer What is GTP? Confidential. Copyright © 2023 SecurityGen. All rights reserved.
SGW E-UTRAN eNb Internet PGW GTP-U GTP-C UE S5 interface - 4G Network, GTPv2 S1-U interface MME MME S10 interface S11 interface Where is GTP? Confidential. Copyright © 2023 SecurityGen. All rights reserved.
… L1 L2 IP UDP GTP-C Information element Information element GTP header Information element Group Information element (v2 only) Information element GTP protocol stack Confidential. Copyright © 2023 SecurityGen. All rights reserved.
GTP Security, why it is important? • Widespread • Lack built-in security mechanisms • Roaming connection • Fraud • Interception • DoS • etc Confidential. Copyright © 2023 SecurityGen. All rights reserved.
SGW UTRAN eNb Internet PGW GTP-U UE 1 - 4G Network, GTPv2 SGW UTRAN eNb Internet PGW GTP-C UE 2 S8 interface Network 1 Network 2 GRX Roaming in GTP Confidential. Copyright © 2023 SecurityGen. All rights reserved.
- 4G Network, GTPv2 SGW UTRAN eNb Internet PGW S8 interface Network 1 Attacker GRX Where is GTP? Attacker UE 1 Confidential. Copyright © 2023 SecurityGen. All rights reserved.
Analytics Attack scenarios • Data interception via Create PDP Context request • Fraud via Create Session request with a non-existent subscriber • Impersonation via Create Session request • Data disclosure via SGSN Context request • Network DoS via Create Session request • Subscriber DoS via Update PDP Context request Methodology 150 + Telecom security assessments 2022 39 MNOs 24 countries SEA, LATAM, MEA Confidential. Copyright © 2023 SecurityGen. All rights reserved.
Level of protection Confidential. Copyright © 2023 SecurityGen. All rights reserved.
Attacks and impact Confidential. Copyright © 2023 SecurityGen. All rights reserved. 85% of networks are vulnerable to subscriber DoS attacks via different techniques: • Fake session on behalf of the subscriber • Illegitimate change of PGW node, cause redirecting subscriber traffic • Deletion of subscriber session
Attacks and impact Confidential. Copyright © 2023 SecurityGen. All rights reserved. 71% of networks are vulnerable to information disclosure attacks via: • Obtaining TEID, which needed to carry out other attacks • Also, it is possible to obtain IMEI, radio encryption keys, internal IP addresses
Attacks and impact Confidential. Copyright © 2023 SecurityGen. All rights reserved. 69% of networks are vulnerable to user traffic interception: • The intruder can change the actual nodes that process user traffic, thus all incoming traffic is handled by intruder
Attacks and impact Confidential. Copyright © 2023 SecurityGen. All rights reserved. 62% of networks are vulnerable to fraud: • The intruder can establish connection on behalf of non-existed subscriber
Attacks and impact Confidential. Copyright © 2023 SecurityGen. All rights reserved. 46% of networks are vulnerable to Network DoS: • By sending numerous requests to open new connections, which may lead to occupation of whole DHCP server pool, or GTP tunnels pool
Possible protection measures Filtering incoming traffic based on IP addresses of Roaming partners. Implementing GSMA-recommended security measures. Combination of the approaches mentioned above 1 2 3 Confidential. Copyright © 2023 SecurityGen. All rights reserved.
Confidential. Copyright © 2023 SecurityGen. All rights reserved. 17 Often requires no additional equipment for filtering incoming traffic, effectively blocking "wild" GTP hackers connected to a rogue provider. • Attacker may gain access to the trusted MNO. • Partners may lease their IP ranges and parts of their infrastructures for 3rd parties. Based on GSMA FS.20 GTP Security recommendations. • Requires GTP-Firewall with cross-protocol checks • Implement monitoring Combines the advantages of the first two, offering the highest level of security. Possible protection measures Filtering incoming traffic based on IP addresses of Roaming partners. 1 Implementing GSMA-recommended security measures. 2 Combination of the approaches mentioned above 3
Current real security measures Implemented protection measures IP filtering of roaming partners Configuration not directly connected to security No Security measures 77% 8% 15% Confidential. Copyright © 2023 SecurityGen. All rights reserved.
Our solution: TSG Protection Suite Confidential. Copyright © 2023 SecurityGen. All rights reserved.
- Stay Tuned. Confidential. Copyright © 2023 SecurityGen. All rights reserved. About SecurityGen Founded in 2022, SecurityGen is a global start-up focused on telecom security. We deliver a solid security foundation to drive secure Telco digital transformations and ensure safe and robust network operations. Connect With Us Email: contact@secgen.com Website: www.secgen.com

Recommended

20210805 以5 g與邊緣運算技術佈署物聯網
20210805 以5 g與邊緣運算技術佈署物聯網20210805 以5 g與邊緣運算技術佈署物聯網
20210805 以5 g與邊緣運算技術佈署物聯網
Dr. Chang Jung Lee
 
Advanced: Private Networks & 5G Non-Public Networks
Advanced: Private Networks & 5G Non-Public NetworksAdvanced: Private Networks & 5G Non-Public Networks
Advanced: Private Networks & 5G Non-Public Networks
3G4G
 
Mastering GTP Protocols: Your Roadmap to Success
Mastering GTP Protocols: Your Roadmap to SuccessMastering GTP Protocols: Your Roadmap to Success
Mastering GTP Protocols: Your Roadmap to Success
SecurityGen1
 
Unraveling GTP: Threads of Efficient Communication
Unraveling GTP: Threads of Efficient CommunicationUnraveling GTP: Threads of Efficient Communication
Unraveling GTP: Threads of Efficient Communication
SecurityGen1
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislation
PositiveTechnologies
 
Shield Your Network: Prevent DDoS Attacks with SecurityGen
Shield Your Network: Prevent DDoS Attacks with SecurityGenShield Your Network: Prevent DDoS Attacks with SecurityGen
Shield Your Network: Prevent DDoS Attacks with SecurityGen
Security Gen
 
5G Security Briefing
5G Security Briefing5G Security Briefing
5G Security Briefing
3G4G
 
A Review: Evolution of 5G, Security and Multiple Access schemes in Mobile Com...
A Review: Evolution of 5G, Security and Multiple Access schemes in Mobile Com...A Review: Evolution of 5G, Security and Multiple Access schemes in Mobile Com...
A Review: Evolution of 5G, Security and Multiple Access schemes in Mobile Com...
IRJET Journal
 

Recommended

20210805 以5 g與邊緣運算技術佈署物聯網
20210805 以5 g與邊緣運算技術佈署物聯網20210805 以5 g與邊緣運算技術佈署物聯網
20210805 以5 g與邊緣運算技術佈署物聯網
Dr. Chang Jung Lee
 
Advanced: Private Networks & 5G Non-Public Networks
Advanced: Private Networks & 5G Non-Public NetworksAdvanced: Private Networks & 5G Non-Public Networks
Advanced: Private Networks & 5G Non-Public Networks
3G4G
 
Mastering GTP Protocols: Your Roadmap to Success
Mastering GTP Protocols: Your Roadmap to SuccessMastering GTP Protocols: Your Roadmap to Success
Mastering GTP Protocols: Your Roadmap to Success
SecurityGen1
 
Unraveling GTP: Threads of Efficient Communication
Unraveling GTP: Threads of Efficient CommunicationUnraveling GTP: Threads of Efficient Communication
Unraveling GTP: Threads of Efficient Communication
SecurityGen1
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislation
PositiveTechnologies
 
Shield Your Network: Prevent DDoS Attacks with SecurityGen
Shield Your Network: Prevent DDoS Attacks with SecurityGenShield Your Network: Prevent DDoS Attacks with SecurityGen
Shield Your Network: Prevent DDoS Attacks with SecurityGen
Security Gen
 
5G Security Briefing
5G Security Briefing5G Security Briefing
5G Security Briefing
3G4G
 
A Review: Evolution of 5G, Security and Multiple Access schemes in Mobile Com...
A Review: Evolution of 5G, Security and Multiple Access schemes in Mobile Com...A Review: Evolution of 5G, Security and Multiple Access schemes in Mobile Com...
A Review: Evolution of 5G, Security and Multiple Access schemes in Mobile Com...
IRJET Journal
 
A Survey on Key Technology Trends for 5G Networks
A Survey on Key Technology Trends for 5G NetworksA Survey on Key Technology Trends for 5G Networks
A Survey on Key Technology Trends for 5G NetworksCPqD
 
5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problem5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problem
PositiveTechnologies
 
5G: A 2020 Vision
5G: A 2020 Vision5G: A 2020 Vision
5G: A 2020 Vision
eXplanoTech
 
5Gofdmmm-presentation-20190319-v1.3.pptx
5Gofdmmm-presentation-20190319-v1.3.pptx5Gofdmmm-presentation-20190319-v1.3.pptx
5Gofdmmm-presentation-20190319-v1.3.pptx
Ali Ahmed
 
5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah
5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah
5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah
Mastel Indonesia
 
Realizing mission-critical industrial automation with 5G
Realizing mission-critical industrial automation with 5GRealizing mission-critical industrial automation with 5G
Realizing mission-critical industrial automation with 5G
Qualcomm Research
 
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
Bryan Len
 
Future tech trend for public safety proximity-based service
Future tech trend for public safety proximity-based serviceFuture tech trend for public safety proximity-based service
Future tech trend for public safety proximity-based service
Yi-Hsueh Tsai
 
Security Gen Ensures Robust Telecom Security with Comprehensive Assessments
Security Gen Ensures Robust Telecom Security with Comprehensive AssessmentsSecurity Gen Ensures Robust Telecom Security with Comprehensive Assessments
Security Gen Ensures Robust Telecom Security with Comprehensive Assessments
SecurityGen1
 
Unlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone SolutionsUnlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone Solutions
Security Gen
 
5 gppt
5 gppt5 gppt
5 gppt
Samir Mohanty
 
LTE :Mobile Network Security
LTE :Mobile Network SecurityLTE :Mobile Network Security
LTE :Mobile Network Security
Satish Chavan
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and Virtualization
Dr. Edwin Hernandez
 
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G VulnerabilitiesNavigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
SecurityGen1
 
Unveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security ServicesUnveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security Services
SecurityGen1
 
Address 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert SolutionAddress 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert Solution
Security Gen
 
Impact of security breach on the upstream delay performance of next generatio...
Impact of security breach on the upstream delay performance of next generatio...Impact of security breach on the upstream delay performance of next generatio...
Impact of security breach on the upstream delay performance of next generatio...
journalBEEI
 
Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0
liemgpc2
 
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
PositiveTechnologies
 
5G TECHNALOGY FOR MOBILE NETWORK
5G TECHNALOGY FOR MOBILE NETWORK5G TECHNALOGY FOR MOBILE NETWORK
5G TECHNALOGY FOR MOBILE NETWORK
IRJET Journal
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 

More Related Content

Similar to SecurityGen GTP Vulnerabilities.pptx

A Survey on Key Technology Trends for 5G Networks
A Survey on Key Technology Trends for 5G NetworksA Survey on Key Technology Trends for 5G Networks
A Survey on Key Technology Trends for 5G NetworksCPqD
 
5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problem5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problem
PositiveTechnologies
 
5G: A 2020 Vision
5G: A 2020 Vision5G: A 2020 Vision
5G: A 2020 Vision
eXplanoTech
 
5Gofdmmm-presentation-20190319-v1.3.pptx
5Gofdmmm-presentation-20190319-v1.3.pptx5Gofdmmm-presentation-20190319-v1.3.pptx
5Gofdmmm-presentation-20190319-v1.3.pptx
Ali Ahmed
 
5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah
5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah
5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah
Mastel Indonesia
 
Realizing mission-critical industrial automation with 5G
Realizing mission-critical industrial automation with 5GRealizing mission-critical industrial automation with 5G
Realizing mission-critical industrial automation with 5G
Qualcomm Research
 
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
Bryan Len
 
Future tech trend for public safety proximity-based service
Future tech trend for public safety proximity-based serviceFuture tech trend for public safety proximity-based service
Future tech trend for public safety proximity-based service
Yi-Hsueh Tsai
 
Security Gen Ensures Robust Telecom Security with Comprehensive Assessments
Security Gen Ensures Robust Telecom Security with Comprehensive AssessmentsSecurity Gen Ensures Robust Telecom Security with Comprehensive Assessments
Security Gen Ensures Robust Telecom Security with Comprehensive Assessments
SecurityGen1
 
Unlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone SolutionsUnlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone Solutions
Security Gen
 
LTE :Mobile Network Security
LTE :Mobile Network SecurityLTE :Mobile Network Security
LTE :Mobile Network Security
Satish Chavan
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and Virtualization
Dr. Edwin Hernandez
 
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G VulnerabilitiesNavigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
SecurityGen1
 
Unveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security ServicesUnveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security Services
SecurityGen1
 
Address 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert SolutionAddress 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert Solution
Security Gen
 
Impact of security breach on the upstream delay performance of next generatio...
Impact of security breach on the upstream delay performance of next generatio...Impact of security breach on the upstream delay performance of next generatio...
Impact of security breach on the upstream delay performance of next generatio...
journalBEEI
 
Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0
liemgpc2
 
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
PositiveTechnologies
 
5G TECHNALOGY FOR MOBILE NETWORK
5G TECHNALOGY FOR MOBILE NETWORK5G TECHNALOGY FOR MOBILE NETWORK
5G TECHNALOGY FOR MOBILE NETWORK
IRJET Journal
 

Similar to SecurityGen GTP Vulnerabilities.pptx (20)

A Survey on Key Technology Trends for 5G Networks
A Survey on Key Technology Trends for 5G NetworksA Survey on Key Technology Trends for 5G Networks
A Survey on Key Technology Trends for 5G Networks
 
5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problem5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problem
 
5G: A 2020 Vision
5G: A 2020 Vision5G: A 2020 Vision
5G: A 2020 Vision
 
5Gofdmmm-presentation-20190319-v1.3.pptx
5Gofdmmm-presentation-20190319-v1.3.pptx5Gofdmmm-presentation-20190319-v1.3.pptx
5Gofdmmm-presentation-20190319-v1.3.pptx
 
5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah
5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah
5G Emergence and Regulatory Challenges - DG PPI - Prof. Kalamullah
 
Realizing mission-critical industrial automation with 5G
Realizing mission-critical industrial automation with 5GRealizing mission-critical industrial automation with 5G
Realizing mission-critical industrial automation with 5G
 
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
5G Cybersecurity Bootcamp - 3GPP Version - Tonex Training
 
Future tech trend for public safety proximity-based service
Future tech trend for public safety proximity-based serviceFuture tech trend for public safety proximity-based service
Future tech trend for public safety proximity-based service
 
Security Gen Ensures Robust Telecom Security with Comprehensive Assessments
Security Gen Ensures Robust Telecom Security with Comprehensive AssessmentsSecurity Gen Ensures Robust Telecom Security with Comprehensive Assessments
Security Gen Ensures Robust Telecom Security with Comprehensive Assessments
 
Unlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone SolutionsUnlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone Solutions
 
5 gppt
5 gppt5 gppt
5 gppt
 
LTE :Mobile Network Security
LTE :Mobile Network SecurityLTE :Mobile Network Security
LTE :Mobile Network Security
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and Virtualization
 
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G VulnerabilitiesNavigating the Unseen Risks: Exploring 5G Vulnerabilities
Navigating the Unseen Risks: Exploring 5G Vulnerabilities
 
Unveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security ServicesUnveiling SecurityGen's Advanced 5G Security Services
Unveiling SecurityGen's Advanced 5G Security Services
 
Address 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert SolutionAddress 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert Solution
 
Impact of security breach on the upstream delay performance of next generatio...
Impact of security breach on the upstream delay performance of next generatio...Impact of security breach on the upstream delay performance of next generatio...
Impact of security breach on the upstream delay performance of next generatio...
 
Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0Cisco vnp workshop 16-17 april v1-0
Cisco vnp workshop 16-17 april v1-0
 
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
 
5G TECHNALOGY FOR MOBILE NETWORK
5G TECHNALOGY FOR MOBILE NETWORK5G TECHNALOGY FOR MOBILE NETWORK
5G TECHNALOGY FOR MOBILE NETWORK
 

Recently uploaded

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 

Recently uploaded (20)

Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 

SecurityGen GTP Vulnerabilities.pptx

  • 1. GTP Vulnerabilities: A cause for concern in 5G and LTE networks Pavel Novikov Pavel.Novikov@security-gen.com Kirill Puzankov Kirill.Puzankov@security-gen.com
  • 2. Pavel Novikov Pavel.Novikov@security-gen.com Presenters • 10 years in telecom security, • co-author of GSMA FS.20 GPRS Tunneling Protocol (GTP) Security document • Head of telecom security research in SecurityGen • Focused on telecom vulnerabilities: RAN, VoLTE, VoWiFi, GTP, Diameter, 5G SA and NSA. • Conducting telecom security assessments for mobile operators for many years. Kirill.Puzankov Kirill.Puzankov@security-gen.com Confidential. Copyright © 2023 SecurityGen. All rights reserved. • 10 years in telecom security • Product manager in SecurityGen • Exploring telco threats and vulnerabilities starting from SS7 up to 5G • Growing solutions for protection of mobile core networks as well as for providing visibility of the network security posture
  • 3. GPRS Tunnelling Protocol (GTP) - a group of IP-based communications protocols used to carry general packet radio service (GPRS) within GSM, UMTS, LTE and 5G networks. GTP GTP-C GTP-U GTP’ 3GPP 29.281 Packet Radio System (GPRS) Tunnelling Protocol User Plane (GTPv1-U) 3GPP 29.060 General Packet Radio Service (GPRS); GPRS Tunnelling Protocol (GTP) across the Gn and Gp interface 3GPP 29.274 Evolved Packet System (EPS); Evolved General Packet Radio Service (GPRS) Tunnelling Protocol for Control plane (GTPv2-C) 3GPP 32.295 Telecommunication management; Charging management; Charging Data Record (CDR) transfer What is GTP? Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 4. SGW E-UTRAN eNb Internet PGW GTP-U GTP-C UE S5 interface - 4G Network, GTPv2 S1-U interface MME MME S10 interface S11 interface Where is GTP? Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 5. … L1 L2 IP UDP GTP-C Information element Information element GTP header Information element Group Information element (v2 only) Information element GTP protocol stack Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 6. GTP Security, why it is important? • Widespread • Lack built-in security mechanisms • Roaming connection • Fraud • Interception • DoS • etc Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 7. SGW UTRAN eNb Internet PGW GTP-U UE 1 - 4G Network, GTPv2 SGW UTRAN eNb Internet PGW GTP-C UE 2 S8 interface Network 1 Network 2 GRX Roaming in GTP Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 8. - 4G Network, GTPv2 SGW UTRAN eNb Internet PGW S8 interface Network 1 Attacker GRX Where is GTP? Attacker UE 1 Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 9. Analytics Attack scenarios • Data interception via Create PDP Context request • Fraud via Create Session request with a non-existent subscriber • Impersonation via Create Session request • Data disclosure via SGSN Context request • Network DoS via Create Session request • Subscriber DoS via Update PDP Context request Methodology 150 + Telecom security assessments 2022 39 MNOs 24 countries SEA, LATAM, MEA Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 10. Level of protection Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 11. Attacks and impact Confidential. Copyright © 2023 SecurityGen. All rights reserved. 85% of networks are vulnerable to subscriber DoS attacks via different techniques: • Fake session on behalf of the subscriber • Illegitimate change of PGW node, cause redirecting subscriber traffic • Deletion of subscriber session
  • 12. Attacks and impact Confidential. Copyright © 2023 SecurityGen. All rights reserved. 71% of networks are vulnerable to information disclosure attacks via: • Obtaining TEID, which needed to carry out other attacks • Also, it is possible to obtain IMEI, radio encryption keys, internal IP addresses
  • 13. Attacks and impact Confidential. Copyright © 2023 SecurityGen. All rights reserved. 69% of networks are vulnerable to user traffic interception: • The intruder can change the actual nodes that process user traffic, thus all incoming traffic is handled by intruder
  • 14. Attacks and impact Confidential. Copyright © 2023 SecurityGen. All rights reserved. 62% of networks are vulnerable to fraud: • The intruder can establish connection on behalf of non-existed subscriber
  • 15. Attacks and impact Confidential. Copyright © 2023 SecurityGen. All rights reserved. 46% of networks are vulnerable to Network DoS: • By sending numerous requests to open new connections, which may lead to occupation of whole DHCP server pool, or GTP tunnels pool
  • 16. Possible protection measures Filtering incoming traffic based on IP addresses of Roaming partners. Implementing GSMA-recommended security measures. Combination of the approaches mentioned above 1 2 3 Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 17. Confidential. Copyright © 2023 SecurityGen. All rights reserved. 17 Often requires no additional equipment for filtering incoming traffic, effectively blocking "wild" GTP hackers connected to a rogue provider. • Attacker may gain access to the trusted MNO. • Partners may lease their IP ranges and parts of their infrastructures for 3rd parties. Based on GSMA FS.20 GTP Security recommendations. • Requires GTP-Firewall with cross-protocol checks • Implement monitoring Combines the advantages of the first two, offering the highest level of security. Possible protection measures Filtering incoming traffic based on IP addresses of Roaming partners. 1 Implementing GSMA-recommended security measures. 2 Combination of the approaches mentioned above 3
  • 18. Current real security measures Implemented protection measures IP filtering of roaming partners Configuration not directly connected to security No Security measures 77% 8% 15% Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 19. Our solution: TSG Protection Suite Confidential. Copyright © 2023 SecurityGen. All rights reserved.
  • 20. - Stay Tuned. Confidential. Copyright © 2023 SecurityGen. All rights reserved. About SecurityGen Founded in 2022, SecurityGen is a global start-up focused on telecom security. We deliver a solid security foundation to drive secure Telco digital transformations and ensure safe and robust network operations. Connect With Us Email: contact@secgen.com Website: www.secgen.com