Tesi etd-03272026-114627 |
Link copiato negli appunti
Tipo di tesi
Tesi di laurea magistrale
Autore
TUCCI, JACOPO
URN
etd-03272026-114627
Titolo
5G pentesting: A UE-based state-aware fuzzer leveraging a Digital Twin FSM of NAS procedures
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
CYBERSECURITY
Relatori
relatore Prof. Garroppo, Rosario Giuseppe
co-supervisore Riedel, Richard
co-supervisore Köpsell, Stefan
co-supervisore Riedel, Richard
co-supervisore Köpsell, Stefan
Parole chiave
- 5G
- black-box testing
- digital twin
- NAS protocol
- stateful fuzzing
Data inizio appello
15/04/2026
Consultabilità
Non consultabile
Data di rilascio
15/04/2029
Riassunto (Inglese)
The growing complexity of 5G protocol procedures and the heterogeneity of the vendor landscape result in implementation-specific vulnerabilities that elude the scope of conventional conformance testing. This work presents a state-aware UE-based fuzzer for black-box security assessment of 5G Core Networks, developed as an extension of the open-source \textit{UE-based-5G-Pentesting-Framework}.
By intercepting and mutating NAS messages in real time during live UE-network procedures, the fuzzer evolves from a static payload injector into an adaptive engine synchronized with a Digital Twin of the UE's Finite State Machine.
Several advanced adaptive attack scenarios are evaluated against the major open-source 5G Core Network implementations, confirming the framework's ability to uncover a range of implementation flaws across all tested targets.
The results obtained by operating entirely from the UE side demonstrate the effectiveness of this black-box methodology, highlighting its potential for the security assessment of proprietary and commercial deployments.
By intercepting and mutating NAS messages in real time during live UE-network procedures, the fuzzer evolves from a static payload injector into an adaptive engine synchronized with a Digital Twin of the UE's Finite State Machine.
Several advanced adaptive attack scenarios are evaluated against the major open-source 5G Core Network implementations, confirming the framework's ability to uncover a range of implementation flaws across all tested targets.
The results obtained by operating entirely from the UE side demonstrate the effectiveness of this black-box methodology, highlighting its potential for the security assessment of proprietary and commercial deployments.
Riassunto (Italiano)
File
| Nome file | Dimensione |
|---|---|
La tesi non è consultabile. |
|