A new indigenous software technology solution has been developed to actively identify and prevent zero-day vulnerability attacks within 5G networks, consequently reducing network downtime. According to the Ministry of Science and Technology, this advancement can enhance nationwide communication, especially given the rapid expansion of 5G networks in the country.
Integration of Advanced Technologies
As 5G networks take centre stage in modern communication, around ninety percent of the technology's implementation relies on software integration, leveraging technologies such as NFV (Network Function Virtualization), SDN (Software-Defined Networking), and control plane/user plane segregation.
While these advancements have enhanced testing capabilities, they have also expanded the attack surface, making manual security management a challenge. The new solution aims to address this by automating the testing process and implementing continuous monitoring, ushering in a new era of network security, according to the Ministry of Science and Technology.
The current landscape often witnesses the identification of runtime zero-day vulnerabilities post-attack, resulting in irreparable damage to brands and exorbitant recovery costs.
The IITM Pravartak Technologies Foundation at IIT Madras, in collaboration with its incubated startup, is developing an indigenous security testing solution for 5G core network functions and Radio Access Network (RAN) software. This technology can preemptively identify zero-day vulnerabilities by leveraging advanced techniques such as fuzzing and test oracles, safeguarding networks from potential attacks.
According to the statement, the solution has been manually tested within the confines of the 5G security lab at IITM Pravartak. With its potential to anticipate attacks in advance, this solution can protect organizations against loss, preserving brand credibility.
The team is said to have used ethical hacking to find vulnerabilities in the system and examined functional issues within the network, crafting diverse attack scenarios based on topology, feature interaction, and node involvement - all aligned with the 5G standards defined by 3GPP.
Being Tested for interoperability
Notably, the team has delved into testing interoperability and security issues across multi-vendor products. The tests are said to be conducted at network packet, binary, and code levels, complemented by code vulnerability scanning. A combination of all these methods will help reducing zero-day attacks by pre-emption mechanism.
The reduction of zero-day vulnerabilities not only diminishes the attack surface area but also mitigates the need for ransom payments, subsequently minimizing network downtime - a critical factor in 5G networks that serve as the backbone of contemporary communication.
Reducing zero-day vulnerabilities will reduce attack surface area, which in turn will reduce the need to pay ransom and also decrease network downtime of 5G networks which are crucial for communication.