The mobile security sector has uncovered numerous vulnerabilities within link and session-establishment protocols. These vulnerabilities can be exploited using software-defined radios (SDRs) to interfere with, impersonate, or flood layer-3 (L3) messages, compromising security and privacy. These risks persist even within the latest 5G mobile network standard. With affordable SDRs and open-source cellular software stacks readily accessible, the economic and technical obstacles to practical cellular attacks are relatively minimal. In this work, we would like to investigate the resource depletion and Denial-of-Service (DoS) attacks, that are well known in LTE [1], within 5G RAN. The main focus will be regarding the RRC and NAS protocol vulnerabilities that are mentioned in [1]. The expected results would be to recreate these attacks experimentally in our 5G RAN with srsRAN [2]. If time allows, further tests can be performed over campus network with commercial 5G RAN.

[1] H. Kim, J. Lee, E. Lee and Y. Kim, "Touching the Untouchables: Dynamic Security Analysis of the LTE Control Plane," 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2019, pp. 1153-1168, doi: 10.1109/SP.2019.00038.

[2] I. Gomez-Miguelez et al., “Srslte: An open-source platform for lte evolution and experimentation,” in Proc. of ACM WiNTECH, 2016.

- C/C++ experience

- SDR experience is a plus

- 5G knowledge is a plus