logo SBA

ETD

Archivio digitale delle tesi discusse presso l’Università di Pisa

Tesi etd-07012025-212552


Tipo di tesi
Tesi di laurea magistrale
Autore
DIODATO, VINCENZO
URN
etd-07012025-212552
Titolo
SCAScan-5G: An Automated Framework for Security and Compliance Assessment of 5G Core Networks
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
CYBERSECURITY
Relatori
relatore Prof. Garroppo, Rosario Giuseppe
correlatore Prof. Pagano, Michele
Parole chiave
  • 5g
  • Core Network
  • Framework
  • SCAS
Data inizio appello
23/07/2025
Consultabilità
Non consultabile
Data di rilascio
23/07/2028
Riassunto
5G networks bring advanced capabilities but also new security challenges that demand robust testing. To address this, 3GPP defined the Security Assurance Methodology (SECAM) and Security Assurance Specifications (SCAS) for verifying 5G Core security. This thesis introduces SCAScan-5G, an open-source, Python-based framework designed to automate selected SCAS test cases and assess the security of open-source 5G Core implementations like Free5GC, OpenAirInterface, and Open5GS. SCAScan-5G uses containerized network functions, a custom SCTP proxy for traffic manipulation, and a controller for orchestrating tests. Though not formally accredited, SCAScan-5G can integrate into CI/CD pipelines, supporting early detection of vulnerabilities and promoting secure development practices.
Testing showed Open5GS as the most robust, passing all implemented tests, while Free5GC and OpenAirInterface exhibited significant flaws. OpenAirInterface was vulnerable to NAS replay attacks. Both Free5GC and OpenAirInterface mishandled invalid UE security capabilities, risking connections without proper encryption or integrity. Free5GC further failed to properly align NAS and NGAP security contexts. Finally, both Free5GC and OpenAirInterface used predictable, incremental 5G-TMSI allocation, weakening user privacy. Future work aims to expand test coverage, adopt plugins for flexibility, and foster a community-driven evolution toward standardized 5G security assurance.
File