Vulnerability Analysis of eBPF-enabled Containerized Deployments of 5G Core Networks

TL;DR

This paper investigates security vulnerabilities in eBPF-enabled 5G core network deployments, demonstrating potential exploits and proposing mitigation techniques to enhance security in containerized environments.

Contribution

It provides a detailed vulnerability analysis of eBPF in 5G networks, including attack scenarios, experimental validation, and mitigation strategies.

Findings

Vulnerabilities in eBPF-enabled 5G deployments can be exploited by attackers.

Attack scenarios include tracing, DoS, information theft, and bash injection.

Mitigation techniques can reduce security risks in such deployments.

Abstract

The extended Berkeley Packet Filter (eBPF) is useful for faster packet processing and network monitoring in softwarized deployments. Similarly, softwarized deployments of 5G core network services adopted eBPF to meet the stringent latency and bandwidth requirements of underlying applications. While the existing studies focused on network performance, security concerns over eBPF-enabled platforms are overlooked. In this paper, we study the vulnerability analysis of 5G core network deployments that use eBPF for packet processing and traffic monitoring. In particular, we consider the following aspects: a) tracing, b) denial-of-service (DoS), c) stealing information, and d) bash injection. We present the detailed attack scenarios with step-by-step implementation of containerized and eBPF-enabled 5G network functions using Open5GS. The experiment results show that the aforementioned vulnerabilities are present in eBPF-enabled 5G deployments and can be exploited by attackers. Finally, we present some mitigation techniques useful for addressing the vulnerabilities. The source code and implementation details are made available at https://github.com/chimms1/5G-eBPF-exploits.