/indianstartupnews/media/agency_attachments/s1FnhAYONODoxNkoC8xA.png)
Follow Us/indianstartupnews/media/media_files/1At02Pfp9LX892X6sJOt.jpg)
IITM Pravartak Technologies Foundation at IIT Madras, along with its incubated startup, is developing an indigenous security testing solution for 5G core network functions and Radio Access Network (RAN) software to automatically identify zero-day vulnerabilities in the network in advance by using techniques such as fuzzing and test oracles.
Currently, the majority of the run time zero-day vulnerabilities are identified post-attack, which increases the cost of recovery.
According to the press statement, The solution will help in reducing network downtime.
Around 90% of the 5G technology is implemented into software by integrating several latest technologies (NFV, SDN, control plane/user plane segregation), which enable testing the technology easily. But attack surface area is increased multifold in this process and is impossible to manage manually. Automating the whole testing process and continuous monitoring is the only sustainable solution, the statement said.
The statement further said that the solution has been manually tested in the 5G security lab of IITM Pravartak.
The team used ethical hacking to find vulnerabilities in the system. They tested the functionality issue in the network, created various attack scenarios based on topology, feature interaction, and the number of nodes involved by following the defined 5G standards of 3GPP.
The team is testing interoperability and security issues with multi-vendor products. Tests are conducted at the network packet level, the binary level, the code level and also using the code vulnerability scanners. A combination of all these methods will help reducing zero-day attacks by pre-emption mechanism, the statement said.
Reducing zero-day vulnerabilities will reduce attack surface area, which in turn will reduce the need to pay ransom and also decrease network downtime of 5G networks which are crucial for communication.
Also Read: