Collaborative Research: SaTC: CORE: Medium: Enabling Practically Secure Cellular Infrastructure

协作研究：SaTC：核心：中：实现切实安全的蜂窝基础设施

• 批准号: 2055014
• 负责人: Kevin Butler
• 金额: $ 59.8万
• 依托单位: University of Florida
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-01-01 至 2024-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2055014&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

The global cellular telecommunications system is critical infrastructure for billions of users, providing a ubiquitous platform for Internet connectivity that supports a wide range of use cases for both consumers and industry. We are now on the cusp of widespread adoption of 5G technology. While 5G is widely marketed for its gigabit per second rates and ultra-low latency, it also fundamentally changes the internal network architecture, providing dynamic provisioning of software-defined services that offer enhanced control to network tenants including virtual operators and enterprises. However, these major architectural changes expose 5G systems to new adversaries and threats, and the ability to reason about the many technical components that comprise these systems is critical. The goal of this work is to aid mobile network operators in deploying cellular systems that are assured to be secure, through the development of tools and techniques that extract, model, and analyze the security-sensitive logic of the source and binary code existing within the cellular network infrastructure.This project seeks to address the broad research challenge of translating security-critical requirements of cellular network infrastructure into program analysis tools to assess those requirements for a given implementation. Rather than strictly identifying traditional software flaws (e.g., memory safety), this project focuses on the discovery of logic vulnerabilities within three key aspects: cryptographic protocols, access control, and core functionality. Each aspect presents unique challenges and opportunities to advance the state-of-the-art. While prior work has studied the cellular cryptographic protocols themselves, vulnerabilities can emerge when developers fail to correctly implement assumptions made by formal proofs (e.g., secure randomness and verification of cryptographic values). Simultaneously, the disaggregation of traditional cellular system components into microservices running in cloud environments increases the attack surface for core functionality, particularly as the number and complexity of network tenants grows. As such, specification and enforcement of access control between 5G core network functions is critical to the security of the deployment. Finally, every computing system represents an ecosystem of software components and dependencies. Backdoors and logic bombs can have significant consequences when they exist within such critical infrastructure. This project will assess these considerations within a combination of open source and proprietary 5G implementations and generalize the knowledge for assessment of implementations deployed by cellular providers.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

全球蜂窝电信系统是数十亿用户的关键基础设施，为互联网连接提供了一个无处不在的平台，为消费者和行业提供了广泛的用例。我们现在正处于5G技术广泛采用的风口浪尖。虽然5G以其每秒千兆比特的速率和超低延迟而被广泛推广，但它也从根本上改变了内部网络架构，提供软件定义服务的动态配置，为包括虚拟运营商和企业在内的网络租户提供增强的控制。然而，这些重大的架构变化使5G系统面临新的对手和威胁，因此对构成这些系统的许多技术组件进行推理的能力至关重要。这项工作的目标是帮助移动的网络运营商部署蜂窝系统，保证是安全的，通过开发的工具和技术，提取，建模，并分析蜂窝网络基础设施中存在的源代码和二进制代码的安全敏感逻辑。该项目旨在解决将安全性转换为安全性的广泛研究挑战。将蜂窝网络基础设施的关键需求转化为程序分析工具，以评估给定实现的那些需求。而不是严格地识别传统的软件缺陷（例如，内存安全），该项目侧重于发现三个关键方面的逻辑漏洞：加密协议，访问控制和核心功能。每个方面都提出了独特的挑战和机遇，以推进最先进的技术。虽然先前的工作已经研究了蜂窝密码协议本身，但当开发人员未能正确实现正式证明（例如，加密值的安全随机性和验证）。与此同时，传统蜂窝系统组件分解为在云环境中运行的微服务，增加了核心功能的攻击面，特别是随着网络租户数量和复杂性的增长。因此，5G核心网络功能之间的访问控制的规范和实施对于部署的安全性至关重要。最后，每个计算系统都代表了软件组件和依赖关系的生态系统。后门和逻辑炸弹如果存在于这样的关键基础设施中，可能会产生重大后果。该项目将在开源和专有5G实施的组合中评估这些考虑因素，并概括用于评估蜂窝提供商部署的实施的知识。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。