2019 International Conference on Electrical, Computer and Communication Engineering (ECCE), 7-9 February, 2019
Security Study of 5G Heterogeneous Network:
Current Solutions, Limitations & Future Direction
Sarker Tanveer Ahmed Rumee2
Md. Amir Hasnat1
Computer Science & Engineering
Computer Science & Engineering
University of Dhaka
University of Dhaka
rumee@cse.du.ac.bd
amirhasnat@gmail.com
Md. Mamun-Or-Rashid4
Computer Science & Engineering
University of Dhaka
mamun@cse.univdhaka.edu
Abstract – Now-a-days security study of heterogeneous
systems within SDN based 5G Network is a highly prioritized
research discussion. Usually 5G heterogeneous network
manages all sorts of networks by using Software Defined
Intelligent Network System. Virtually the security system will
also be designed based on control unit. The objective of this
paper is to find the weaknesses of 5G heterogeneous network
along with different barriers and difficulties and their
corresponding countermeasures as well. This paper shortly
discusses the vulnerabilities of different types of cellular
networks integrated within 5G heterogeneous network along
with its weakness, possible attacks and countermeasures.
Finally, it also discusses a standardization method for the
detection of security attacks on 5G networks.
Keywords—Privacy & Security Attacks, Heterogeneous
Network, Software Define Network (SDN), Fifth Generation
Network (5G), Countermeasure Framework, Eavesdropping,
Jamming, Topology Poisoning, MITM, Man-in-the-middle.
I. INTRODUCTION
If we observe the last decades, the number of mobile
users are being increased depending on service demand and
quality assurance. In order to meet the user’s demand the 5th
generation revolutionary technology is heading towards our
future telecommunication system. The 5G services [19] will
be conveyed to the users as different QoS characteristics,
based on subscription for individual requirement. Each type
of QoS class will be assured by the Software Defined Virtual
Network in the manner of one-to-one communication. 5G
Network architecture is a true example of heterogeneous
network to ensure the user’s reliability and integrity. It
promises an unlimited wireless world interconnection by
committing higher speed data rate with lower latency in real
time access. The grooming of modern artificial intelligence
sketches the necessity of global architecture of 5G
heterogeneous network.
To provide a more user friendly environment 5G
heterogeneous network is facing different privacy & security
issues mentioned in Table-I, i.e. Eavesdropping, Jamming
Attack, DoS and DDoS Attack, Topology Poisoning Attack,
MITM Attack, Side Channel Attack, Man-in-the-middle
Attack and Stalking Attack etc. These issues are having
severe impact on before and after adoption of 5G
Heterogeneous Network.
To ensure the protection of 5G Network some
countermeasures have already been established partially or
fully. This paper also discusses about some countermeasures
978-1-5386-9111-3/19/$31.00 ©2019 IEEE
Md. Abdur Razzaque3
Computer Science & Engineering
University of Dhaka
razzaque@du.ac.bd
mentioned in Table-II, namely Avant Guard, Flood Guard,
Flood Defender, Topo Guard, Flow Keepers, EPS-AKA,
EAP-TLS, PPSS, SOAA, SOKA, HetNet, DSSS, FHSS and
Mutual Authentication between MB & BS etc. However
considerable amount of research is required in order to
establish a strong security algorithm for the proper
management of 5G heterogeneous network. The rest of the
paper is organized as follows:
The section-I of this paper shortly discusses about the 5G
heterogeneous network, Privacy & Security Attacks on 5G
Heterogeneous Network, Countermeasures of 5G
Heterogeneous Network and forecasting of future research
possibilities. The section-II discusses about Background,
consisting Different Types of Cellular Networks and
corresponding Privacy & Security Issues and separately
discusses about the Attacks on 5G Network. The section-III
discuss state of art security attacks on 5G network and
possible countermeasures of 5G Heterogeneous Network.
The section-IV concludes the survey on the state of art
security attacks on 5G network and their possible
countermeasures along with future research direction.
II. BACKGROUND
A. Cellular Network Communication
In the following this paper is trying give a short
description on existing cellular network communications.
The 1G (First Generation Wireless Telephone Technology)
was first introduced in 1980s. Its speed was up to 2.4 kbps.
This technology only allowed voice call analog signal. 2G
(GSM-Global System for Mobile Communications) [1]
introduced digital mobile communication for voice and text
transmission. It uses circuit switching scheduling method.
The GPRS (General Packet Radio Service) is the extension
of packet switching on the top of circuit switching
architecture. 3G (UMTS-Universal Mobile
Telecommunication System) [1] added new security features
such as mutual authentication and new encryption
algorithms. It uses packet switching method for voice, SMS
& distinct network services. 4G (LTE-Long Term Evolution)
[1] is an IP based packet switching architecture and promises
QoS classes. Facilitates IP bases voice, SMS services (SIP,
VoIP) on top of general purpose IP data network.
5G (5th Generation Heterogeneous Network) [11] is the
concept of virtualized logical network by using common
physical infrastructure with high speed data rate and lowest
latency.
 TABLE I. SURVEY - STATE OF ART SECURITY ATTACKS ON 5G NETWORK
Major Attacks on 5G Heterogeneous Network
Reference Paper Eavesdropping & Dos and
Jamming
Traffic Analysis DDos
[5] [7] [10]
√
[11] [12] [18]
[18] √ √
[6][18][19][20] √
[5]
[6]
There are two levels of virtualization, (i) is Node
Virtualization which means the fractioning of hardware
resources and (ii) Virtual Identification Mechanism which is
referred as packet leveling technology. Basic virtualization
model in 5G networks refers Software Defined Network
(SDN), which plays pivotal role for dynamic resource
allocation methods and virtualization in 5G networks, service
request handling within virtual 5G network, virtualization in
5G-priority, percent based resource allocation and
combination between priority and percent/fractioning based
resource allocation. The next section will give short briefs on
different significant attacks on 5G Heterogeneous Network.
B. Attacks on 5G Network
Eavesdropping [18] is a passive attack that captures
message from others. Detecting Eavesdropping attack is very
complex due to passive nature of network. Encryption of the
signals over the radio link is most commonly used against
this kind of attack.
Jamming attack [18] can completely disrupt the existing
communications between the authentic users. A malicious
node used to generate intentional interference to interrupt the
data communication. Jamming can also attack on authorized
users from accessing radio resources and can be used to
launch DoS attack.
In case of Dos attack [5, 18] on 5G network, attacker
uses several compromised hosts (botnet) to send massive
packet to an OpenFlow switch by randomly forging some
fields. DoS and DDoS attacks in 5G wireless network can
attack the access network via a very large number of
connected devices which is a serious threat for the operators.
The Topology Poisoning attacks [5] forge some control
packets (i.e. LLDP) in an OpenFlow network architecture to
poison the global information that collected by control plane
[13]. First an attacker monitors genuine LLDP packets and
records the corresponding LLDP syntax. Second the attacker
modifies some specific contents of the LLDP packets (e.g.
port number) to forge a controller.
In MITM attack [18], the attacker is hidden to take
control of communicating channels between two or more
parties and then intercepts, modify and replace the
communication message between authentic users.
In Side Channel attack [5] of OpenFlow network the
attacker compares responding times of the test stream and
baseline packets to learn network configurations such as size
of switches flow table [15], whether links contain aggregate
flows [16], host communication records [17], network access
control configuration [17] and network monitoring policies
[17].
Topology Side Man-in- Stalking
MITM
Poisoning Channel the-middle attacks
√ √
√ √
In Man-in-the-middle attack [6] the attacker acquires the
session key of service oriented IoT architecture of 5G
Network. In Stalking attack [6] the attacker traces the
locations of mobile users in service oriented IoT architecture
of 5G Network.
In this section few significant attacks on 5G
heterogeneous network have been described, those are
considerably important for the next consecutive research
works. In the next section the countermeasures of above
given attacks are being described.
III. SURVEY OF STATE OF ART SECURITY SOLUTIONS
Table-I summarizes the major privacy and security
attacks on 5G heterogeneous network and Table-II indicates
the countermeasures. Table-I the first column shows list of
articles those mapped on each attacks by inserting a symbolic
tick under each column of attack.
Fang et al. [18], Gao et al. [5] and Sharma et al. [7] are
briefly discussed on DoS and DDoS attacks. They also
mentioned these attacks would be a serious threat for all
kinds of operators. In 5G Network DoS attack can stop
providing services to a massive number of connected
devices. Some countermeasures are proposed in literature
e.g. Avant Guard, Flood Guard and Flood Defender to avoid
the serious DoS attacks. However still significant amount of
research & experimentation are required to mitigate DoS and
DDoS attack while implementing 5G heterogeneous
network.
Fang et al. [18] deeply discussed on three more major
attacks on 5G heterogeneous network.
1. Eavesdropping [18] and Traffic Analysis is such a
combination of attack, where eavesdropping attacker
tries to capture message from passive network and uses
Traffic Analysis passive attack to capture the encrypted
signals on to the radio links. The author proposed
HetNet could be a good example of solving
eavesdropping attack and opportunities of more
solutions in computing capability and data analysis.
2. Jamming [18] is another kind of serious threat for the
communication channels to interrupt the data
communication. On the other hand jamming is another
initiator of DoS attack. Jamming attacks basically
targets on physical layer of the network. Considering
that architecture the author proposed Direct Spread
Spectrum (DSSS) and Frequency Hopping Spread
Spectrum (FHSS) as widely used secured
communication method. In MITM attack the attacker
secretly controls the communication channel between
the legitimate parties.
 TABLE II. TYPES OF COUNTERMEASURE ON 5G HETEROGENEOUS NETWORK
Adopted Countermeasure
PPSS, HetNet DSSS Mutual
Reference Paper Avant Flood Flood Topo Flow EPS-AKA,
SOAA & & Authentication
Guard Guard Defender Guard Keepers EAP-TLS
SOKA FHSS between MB & BS
[5] √ √ √
[13] √
[9] √
[7] √
[6] √
[18] √ √ √

3. MITM is an active attack and can be launched in Based on the existing work to handle various threats on
different layers. This attack aims on confidentiality, the 5G heterogeneous network (discussed in section-III),
integrity and availability. False Base Station Attack is this section presents a novel countermeasure framework
one of the big example of MITM attack [18]. Mutual and describes it’s operation focusing on small testbed
authentication between mobile device and bases information. In next article this section will convey more
station along with lot of research opportunities could elaborated research output according to sufficient number
convey better solutions for this attack. of testbed information.
Gao et al. [5] briefly discussed about Topological This paper aimed to propose a generalize detection
Poisoning Attack where the author has found the main method for the standardization of finding, attack aim and
strategy of topological poisoning attack is sending LLDP releasing their proposed solutions. Step-1 detects an attack
packets through a host connected port. The author or error or weakness or vulnerability of the system. Step-2
proposed TopoGuard could be a good solution for this redirects the attack aim on to a specific area considering
attack along with having more research opportunities. privacy or integrity or availability or authentication. Step-3
Gao et al. [5] also discussed about Side-Channel Attack detects available countermeasures or the weakness of the
where the attacker uses processing time to control plane to system. After detecting the weakness of the
learn about network configuration. In this scenario the countermeasure or system it proposes a developed
author proposes FlowKeeper traffic agent to delay some solutions to resolve the detected weakness. Step-4 tests the
traffic and dismiss the responding time against the side- solution on to demo. If the solutions is resolved then the
channel attack. solution will be tested on live environment if the solution
is resolved then solution will be referred for release step. In
Ni et al. [6] shortly discussed about Eavesdropping both demo and live environment if the solution is
attack, Man-in-the-middle attacks and Stalking attacks. unresolved then need to execute from Step-2 again. The
And finally the author proposes three basic solution has to recheck again to reconfirm the attack aim as
countermeasures Privacy-Preserving Slice Selection an avoidance step of failure result. In real scenario some
(PPSS), Service-Oriented Anonymous Authentication attacks could have multiple attack aims. In other words
(SOAA) and Service-Oriented Key Agreement (SOKA). Step-2 is called dynamic think tank generator to find the
attack aims. The list of attack aims [1] could be changed
IV. PROPOSED COUNTERMEASURE FRAMEWORK according to international standards. Step-5 releases the
solution for the existing system along with necessary
release note to keep the standardization of the protocol.
Step-1: Strength of the solution along with measurable or probable
Attack/Error/Weakness/Vulnerability is detected
weakness are required to be mentioned in the release note
Step-2: in order mitigate the more advanced solutions.
Find the Attack Aim
Attacks against Attacks against Attacks against Attacks against Lot of other methods can be proposed besides this
privacy? integrity? availability? authentication? method. This paper observes and proposes this method for
Step-3:
Check for the available countermeasure
the best feed to the detection of attacks aims and their
proposed solutions as the standardization method of
Yes No
resolving security issues.
Look for the weakness of the Look for the weakness of the
countermeasure system
Propose Solution to resolve the Propose Solution to resolve the V. CONCLUSION
weakness of the countermeasure weakness of the system
Step-4: This paper discussed on the possible vulnerabilities and
Test the solution in the demo environment their countermeasures of 5G heterogeneous network. The
Resolved research objective of this paper is to find some indicators
Test the solution in the live Unresolved for designing algorithm with the aim of highly secured
environment Go to Step-2 visualized protocol. In that case security study was highly
Resolved Unresolved needed to maintain the policy significances. On the other
Go to Step-5 Go to Step-2
hand backhaul link utilization method is another big
Step-5:
The solution is fixed and released for the live environment along with challenge considering the present scenarios of security
appropriate release note architecture of 5G heterogeneous network. The Globally
Harmonized Spectrum will also be a valuable indicator
towards security analysis of 5G Network. Without [19] Badoi CI, Prasad N, Prasad R. Virtualization and Scheduling
Methods for 5G Cognitive Radio Based Wireless Networks.
security assurance a protocol cannot be a reliable solution Wireless Personal Communications. 2016 Jul 1;89(2):599-619.
for the end users. In that context the paper is proposing a
standardization method for detecting attack aims and their
releasing solutions. This is a generalize method besides
other methods. This paper objects to appreciate more
research works on 5G security issues.
REFERENCES
[1] Rupprecht D, Dabrowski A, Holz T, Weippl E, Popper C. On
security research towards future mobile network generations. IEEE
Communications Surveys & Tutorials. 2018 Apr 2.
[2] Ferrag MA, Maglaras L, Argyriou A, Kosmanos D, Janicke H.
Security for 4G and 5G cellular networks: A survey of existing
authentication and privacy-preserving schemes. Journal of Network
and Computer Applications. 2017 Nov 1.
[3] Panwar N, Sharma S, Singh AK. A survey on 5G: The next
generation of mobile communication. Physical Communication.
2016 Mar 31; 18:64-84
[4] Cao J, Ma M, Li H, Zhang Y, Luo Z. A survey on security aspects
for LTE and LTE-A networks. IEEE Communications Surveys &
Tutorials. 2014 Jan 1; 16(1):283-302.
[5] Gao S, Li Z, Xiao B, Wei G. Security Threats in the Data Plane of
Software-Defined Networks. IEEE Network. 2018 Feb 7.
[6] Ni J, Lin X, Shen XS. Efficient and Secure Service-Oriented
Authentication Supporting Network Slicing for 5G-Enabled IoT.
IEEE Journal on Selected Areas in Communications. 2018
Mar;36(3):644-57.
[7] Sharma V, You I, Leu FY, Atiquzzaman M. Secure and efficient
protocol for fast handover in 5G mobile Xhaul networks. Journal of
Network and Computer Applications. 2018 Jan 15;102:38-57.
[8] D’Cruze H, Wang P, Sbeit RO, Ray A. A Software-Defined
Networking (SDN) Approach to Mitigating DDoS Attacks.
InInformation Technology-New Generations 2018 (pp. 141-145).
Springer, Cham.
[9] Guan J, Wei Z, You I. GRBC-based Network Security Functions
placement scheme in SDS for 5G security. Journal of Network and
Computer Applications. 2018 Jul 15;114:48-56.
[10] S. Shin, V. Yegneswaran, P. Porras, and G. Gu, “AVANT-
GUARD: Scalable and Vigilant Switch Flow Management in
Software-Defined Networks,” in Proc. of the ACM Conference on
Computer & Communications Security (CCS), 2013.
[11] H. Wang, L. Xu, and G. Gu, “FloodGuard: A DoS Attack
Prevention Extension in Software-Defined Networks,” in Proc. of
the IEEE/IFIP Dependable Systems and Networks (DSN), 2015.
[12] S. Gao, Z. Peng, B. Xiao, A. Hu, and K. Ren, “FloodDefender:
Protecting Data and Control Plane Resources under SDN-aimed
DoS Attacks,” in Proc. of the IEEE International Conference on
Computer Communications (INFOCOM), 2017.
[13] S. Hong, L. Xu, H. Wang, and G. Gu, “Poisoning Network
Visibility in Software-Defined Networks: New Attacks and
Countermeasures,” in Proc. of the Network and Distributed System
Security (NDSS), 2015.
[14] S. Shin and G. Gu, “Attacking Software-Defined Networks: A First
Feasibility Study,” in Proc. of the ACM SIGCOMM workshop on
Hot topics in software defined networking, 2013.
[15] J. Leng, Y. Zhou, J. Zhang, and C. Hu, “An Inference Attack
Model for Flow Table Capacity and Usage: Exploiting the
Vulnerability of Flow Table Overflow in Software-defined
Network,” in arXiv preprint arXiv:1504.03095, 2015.
[16] R. Kloti, V. Kotronis, and P. Smith, “OpenFlow: A Security
Analysis,” in Proc. of the IEEE International Conference on
Network Protocols (ICNP), 2013.
[17] J. Sonchack, A. Dubey, A. J. Aviv, J. M. Smith, and E. Keller,
“Timingbased Reconnaissance and Defense in Software-defined
Networks,” in Proc. of the ACM Annual Conference on Computer
Security Applications (ACSAC), 2016.
[18] Fang D, Qian Y, Hu RQ. Security for 5G Mobile Wireless
Networks. IEEE Access. 2018;6:4850-74.