The Security Overview and Analysis of 3GPP 5G MAC CE

TL;DR

This paper analyzes security vulnerabilities of 3GPP 5G MAC Control Elements (MAC CE), highlighting risks like interception and tampering, and discusses potential protection mechanisms to improve overall network security.

Contribution

It provides a comprehensive analysis of security threats to MAC CE beyond Layer 1/2, proposing insights for enhancing protocol security in 5G networks.

Findings

MAC CE is vulnerable to interception and tampering.

Security risks include privacy leaks and network attacks.

Protection mechanisms can mitigate identified vulnerabilities.

Abstract

To more effectively control and allocate network resources, MAC CE has been introduced into the network protocol, which is a type of control signaling located in the MAC layer. Since MAC CE lacks encryption and integrity protection mechanisms provided by PDCP, the control signaling carried by MAC CE is vulnerable to interception or tampering by attackers during resource scheduling and allocation. Currently, the 3GPP has analyzed the security risks of Layer 1/Layer 2 Triggered Mobility (LTM), where handover signaling sent to the UE via MAC CE by the network can lead to privacy leaks and network attacks. However, in addition to LTM, there may be other potential security vulnerabilities in other protocol procedures. Therefore, this paper explores the security threats to MAC CE and the corresponding protection mechanisms. The research is expected to support the 3GPP's study of MAC CE and be integrated with the security research of lower-layer protocols, thereby enhancing the security and reliability of the entire communication system.