2G To 5G Core Networks, The Legacy Signaling Protocols That Should be Avoided
In telecommunications, signaling protocols are critical in routing mobile network-related traffic. These protocols are efficient and scalable, however they come with their security issues. Mobile operators still support the legacy versions of these protocols, and if they are kept in mobile networks. They contribute to great security risk and widen the attack surface.
These articles will highlight the problems of legacy signaling protocols and propose solutions to replace them and provide better security in 2G,3G,4G, IMS, and 5G.
GPRS Tunneling Protocol Control(GTP-C)
It is a protocol used within the mobile network infrastructure to establish communication between data network nodes such as SGSN, GGN, PGW, and SGW. The protocol has 3 versions: GTP-C version 0, 1, and 2. The legacy version zero is only used for 2G and 3G mobile networks via the GGSN and SGSN.
Problem
The GTP-C version zero has inherited a security flaw because it fails to randomize TID. In short, the TID is generated predictably and cybercriminals can guess or brute force it easily.
Solution
Replace GTP-C version zero with GTP-C version 1 for 2G and 3G networks, moreover filter all the GTPC-C traffic via GTP aware firewall.
Session Initiation Protocol(SIP)
It is a protocol used widely for initiating, managing, and terminating voice and video calling sessions. It is used in the IP Multimedia Subsystems(IMS) in the mobile network. Moreover, SIP is the adopted protocol for Voice over LTE, Voice over WIFI, and Voice over 5G. The protocols have two versions, SIP version 1 and version 2(found in their corresponding RFCs, 2543 and 3261).
Problem
SIP version one lacks multiple key security controls that makes it vulnerable and highly desirable by cybercriminals, which are:
Solution
Replace SIP version one with version two, enable encryption over TLS or DTLS to ensure that only right party have access the information exchanged via SIP.
Hypertext Transfer Protocol(HTTP)
Hypertext Transfer Protocol is a protocol used to fetch resources such as HTML documents. It is widely used on the web, and it is a client-server protocol. This protocol has been used as the signaling protocol for the 5G core since the 5G SA is based on service-based architecture. There are three versions of the HTTP protocol: HTTP 1, HTTP 2, and HTTP 3.
Problem
HTTP version 1.0, 1.1 ,2 and 3 are clear text based protocol, which means they lack encryption. TLS has to be used to ensure that all the contexts in the HTTP traffic is encrypted and protected again interception and modification.
Solution
Make use of HTTP version 1.1 or even better HTTP 2 or 3, HTTP3 mandates encryptions by default using TLS 1.3 . It is also advisable to use TLS 1.3 and TLS 1.2 should be a fallback option and used if it is really needed.
Bring it all together
Disabling these legacy protocols in the mobile networks will provide additional security enhancement, and decrease the attack surfaces. The removal of these protocols should not be confused as the only security measure but as an additional control on top of patching, hardening, secure deployments of perimeter network functions or network elements, and conducting interconnection security assessments periodically.
References
RFC 3261: SIP Core RFC 3580: Secure Real-time Transport Protocol (SRTP)
RFC 2828: HTTP Over TLS RFC 4072: Digest Access Authentication
RFC 8446 TLS 1.3 TS 23.501: GPRS Tunneling Protocol (GTP)
TS 24.008: Mobile Network Signaling
TS 25.413: Radio Interface Protocol Architecture
There is no such thing as luck but persistence, consistency, discipline, suffering, and dedication because God has blessed us with the gift of life. — Josue Martins
Source (and credits): 