面向5G NR L2协议安全的自动化模糊测试技术

摘要：5G协议的安全性直接影响到5G通信系统能否正常提供服务，新空口（NR）协议是其重要组成部分，因此对5G NR协议进行安全检测具有重要意义。提出一种基于模糊测试的5G NR协议漏洞检测自动化系统，针对媒体接入控制层（MAC）、无线链路控制层（RLC）和分组数据汇聚协议层（PDCP）的L2协议，分析协议特征设计高效的数据变异策略，提高测试用例的有效性，以及实现多种工作模式适配以提高漏洞挖掘效率。接着，基于5G基站和移动终端设备开发了一套原型系统用以评估本文所提方案的性能，实验数据显示数据包处理时间能够满足5G业务时延性能要求，同时能够发现MAC、RLC和PDCP协议的多种安全漏洞，验证了本文方案可以有效提升测试数据包的合法性和漏洞挖掘的有效性。

关键词：5G NR；网络协议；漏洞挖掘；模糊测试

Abstract: New radio (NR) is an important part of the 5G protocol, and its security directly affects whether the 5G communication system can provide services properly. Therefore, it is of great significance to perform security testing on the 5G NR protocol. In order to efficiently perform security detection on medium access control (MAC)、radio link control (RLC) and packet data convergence control (PDCP) of 5G NR L2 protocol, this paper proposes an automated system based on fuzzing technology. The proposed method designs efficient data mutation strategies by analyzing protocol characteristics to improve the effectiveness of test cases, and implements multiple working modes to improve the efficiency of vulnerability detection. Furthermore, in order to evaluate the performance of the proposed method, we implement a fuzzing prototype system based on 5G gNodeB and mobile terminal, and then conduct practical security detection on 5G NR protocol. Experimental results show that packet processing time of our proposed method can meet 5G latency requirements. In addition, various vulnerabilities in MAC, RLC, and PDCP are exposed in this paper which verifies that the proposed method can effectively improve the compliance of test data and the effectiveness of vulnerability detection.

Keywords: 5G NR; network protocol; vulnerability detection; fuzzing