簡易檢索 / 詳目顯示
| 研究生: |
李亞修 Ya-Siou Li |
|---|---|
| 論文名稱: |
具資安能力的MEC之設計:檢查資安相關的控制信令 Design of Security-Enabled MEC: InspectingSecurity-Related Control Messages |
| 指導教授: |
鄭欣明
Shin-Ming Cheng |
| 口試委員: |
黃俊穎
Chun-Ying Huang 蕭旭君 Hsu-Chun Hsiao 沈上翔 Shan-Hsiang Shen |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電資學院 - 資訊工程系 Department of Computer Science and Information Engineering |
| 論文出版年: | 2020 |
| 畢業學年度: | 108 |
| 語文別: | 中文 |
| 論文頁數: | 28 |
| 中文關鍵詞: | 行動邊緣運算 、認證和密鑰協商協議 、4G 長期演進技術 |
| 外文關鍵詞: | MEC, AKA, 4G LTE |
| 相關次數: | 點閱:271 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著5G 網路的到來,無線網路所能提供的服務越來越多種,其中央系統的安全
性及穩定性將變得重要。本論文利用軟體定義無線電、電信開源軟體srsLTE 與
容器虛擬化技術建置一個4G 電信網路實驗平台,並且設置一個行動邊緣運算的
節點Mobile Edge Computing (MEC),在上面實現一個可產生測試核心網路控制
信令之元件。當我們需要去測試一個位於電信系統中的核心網路時,MEC 可以透
過竄改來自手機端的控制信令來達到測試核心網路的效果。透過實驗,我們針對
核心網路系統的安全性及穩定性進行測試,觀察系統在對未經保護的控制信令及
例外訊息是否有進行處理。在測試上,分別用更改信令中的認證參數,來測試其
安全性; 以及改變信令結構的標頭型態或信令長度,來測試系統對於例外處理是
否完善。我們針對3 種電信開源軟體進行測試,在結果上,我們發現一道竄改的
訊息會導致其中一個系統溢位。並透過分析系統的處理信令流程,找出系統對於
例外訊息的防禦手段,並如何去兼顧信令安全及維持系統穩定。
On future 5G networks, the services provided by wire less network is more than
before. There are important that the security and stability of wireless networks. In
this paper, we used software-defined radio, open source LTE software-srsLTE and
container virtualization technology to implement a 4G telecommunications network
experimental platform. In this platform, we set up a mobile edge computing router
(MEC), which can make the malformed control signaling. When we need to test the
core network whether handling various control signaling or not, MEC can be the
Man-in-the-Middle to modify the control signaling between the core network and
the mobile phone. In experiments, we changed message type or length of signaling
testing the core network handling exception or not.On the other hand, we change
message authentication code testing the security on the core network. The results
show that a malformed message caused system crashed.
[1] M. Agiwal, A. Roy, and N. Saxena, “Next generation 5G wireless networks: A
comprehensive survey,” IEEE COMMUN SURV TUT 2016, vol. 18, no. 3, pp.
1617–1655, 2016.
[2] S. E. Elayoubi, S. B. Jemaa, Z. Altman, and A. Galindo-Serrano, “5g ran slicing
for verticals: Enablers and challenges,” IEEE Communications Magazine,
vol. 57, no. 1, pp. 28–34, jan 2019.
[3] S. Hussain, O. Chowdhury, S. Mehnaz, and E. Bertino, “LTEInspector: A systematic
approach for adversarial testing of 4G LTE,” in NDSS 2018, feb 2018.
[4] H. Kim, J. Lee, E. Lee, and Y. Kim, “Touching the untouchables: Dynamic
security analysis of the LTE control plane,” in IEEE S& P ’19. IEEE, may
2019, p. 0.
[5] , “ZeroMQ,” https://zeromq.org/, 2020.
[6] 3GPP, “LTE;Evolved Universal Terrestrial Radio Access Network (E-UTRAN);
S1 Application Protocol (S1AP),” 3rd Generation Partnership Project
(3GPP), Technical Specification (TS) 36.413, Jun 2018, version 15.3.0. [Online].
Available: https://www.etsi.org/deliver/etsi_ts/136400_136499/136413/
15.02.00_60/ts_136413v150200p.pdf
[7] ——, “Universal Mobile Telecommunications System (UMTS); LTE;5G;Non-
Access-Stratum (NAS) protocolfor Evolved Packet System (EPS);Stage 3,” 3rd
Generation Partnership Project (3GPP), Technical Specification (TS) 24.301,
Jun 2018, version 15.3.0. [Online]. Available: https://www.etsi.org/deliver/
etsi_ts/124300_124399/124301/15.03.00_60/ts_124301v150300p.pdf
[8] C.-Y. Li, H.-Y. Liu, P.-H. Huang, H.-T. Chien, G.-H. Tu, P.-Y. Hong, and Y.-D.
Lin, “Mobile Edge Computing platform deployment in 4G LTE networks: A
middlebox approach,” in Proc. USENIX Workshop 2018, 2018.
[9] H. Hui, C. Zhou, X. An, and F. Lin, “A new resource allocation mechanism for
security of mobile edge computing system,” IEEE Access, vol. 7, pp. 116 886–
116 899, Aug. 2019.
全文公開日期 2025/08/25 (校內網路)全文公開日期 2025/08/25 (校外網路)
全文公開日期 2025/08/25 (國家圖書館:臺灣博碩士論文系統)