| 摘要: |
| 以LTE、5G/NR为代表的移动蜂窝网络,促进了智能家居、无人驾驶、远程医疗等许多重要应用及服务的发展。蜂窝网络协议作为蜂窝网络的通讯基础,在协议栈实现及设计规范中存在各种可能导致严重安全问题的漏洞。相比DNS、TLS等传统网络协议,蜂窝网络协议由多个跨层的有状态子协议构成,协议的消息类型、状态及状态迁移更加复杂,这些特性给蜂窝协议的漏洞挖掘造成了诸多困难。本文对近10年间面向蜂窝协议的系统化漏洞挖掘方法进行综述。首先梳理了该领域所面临的挑战,根据现有技术着重解决的问题及关注的漏洞类型,将其分为协议设计规范的分析提取技术、面向蜂窝协议设计规范的漏洞挖掘技术以及面向蜂窝协议栈实现的漏洞挖掘技术三大类。通过统计分析上述技术在分析目标、漏洞类型支持、人工参与度以及领域知识需求等方面的不同,对比评估了各项技术的优势和不足。最后,在此基础上探讨了当前该领域存在的问题,并对未来的研究方向进行了展望。 |
| 关键词: 蜂窝网络 协议安全 漏洞挖掘 |
| DOI: |
| 投稿时间:2022-07-21修订日期:2022-10-18 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目) |
|
| A Survey of Cellular Protocol Vulnerability Discovery |
|
Liu Yiming, Li Feng, Huo Wei
|
| (Institute of Information Engineering,Chinese Academy of Sciences) |
| Abstract: |
| Mobile cellular networks, such as LTE and 5G/NR, have promoted the development of many important applications and services such as smart home, unmanned driving, telemedicine and so on. As the foundation of cellular network, there are various vulnerabilities in cellular protocol implementations and specifications, which may cause serious security problems. Compared with traditional network protocols such as DNS and TLS, cellular network protocols are composed of several sub-protocols across multiple layers that are inter-dependent and stateful in nature. The message type, state and state migration of the cellular protocol are more complex. These characteristics make it difficult to discovery the vulnerabilities of cellular protocol. This paper summarizes the systematic vulnerability discovery methods for cellular protocol in the past ten years.We first summarize the challenges in this field, then divide them into three categories: the analysis and extraction technology of protocol design knowledge, the vulnerability discovery technology for cellular protocol specification, and the vulnerability discovery technology for the cellular protocol stack implementation. Through statistical analysis of the differences of these technologies in analysis objectives, supported vulnerability types, manual participation and domain knowledge requirements, the advantages and disadvantages of each technology are compared and evaluated. Finally, the current problems in this field are discussed and the future research directions are prospected. |
| Key words: cellular network protocol security vulnerability discovery |
