PACMAN Attack: A Mobility-Powered Attack in Private 5G-Enabled Industrial Automation System

TL;DR

This paper introduces PACMAN, a novel mobility-powered attack exploiting heterogeneous spectrum coexistence in private 5G industrial systems, demonstrating its effectiveness through analysis and simulations.

Contribution

It proposes a new mobility-enabled attack strategy and an MDP-based framework to optimize attacker movement, revealing vulnerabilities in 5G industrial environments.

Findings

PACMAN effectively identifies and exploits critical devices.

The attack's mobility makes it hard to detect with existing methods.

Simulations show significant security risks in 5G coexistence scenarios.

Abstract

3GPP has introduced Private 5G to support the next-generation industrial automation system (IAS) due to the versatility and flexibility of 5G architecture. Besides the 3.5GHz CBRS band, unlicensed spectrum bands, like 5GHz, are considered as an additional medium because of their free and abundant nature. However, while utilizing the unlicensed band, industrial equipment must coexist with incumbents, e.g., Wi-Fi, which could introduce new security threats and resuscitate old ones. In this paper, we propose a novel attack strategy conducted by a mobility-enabled malicious Wi-Fi access point (mmAP), namely \textit{PACMAN} attack, to exploit vulnerabilities introduced by heterogeneous coexistence. A mmAP is capable of moving around the physical surface to identify mission-critical devices, hopping through the frequency domain to detect the victim's operating channel, and launching traditional MAC layer-based attacks. The multi-dimensional mobility of the attacker makes it impervious to state-of-the-art detection techniques that assume static adversaries. In addition, we propose a novel Markov Decision Process (MDP) based framework to intelligently design an attacker's multi-dimensional mobility in space and frequency. Mathematical analysis and extensive simulation results exhibit the adverse effect of the proposed mobility-powered attack.