Automated Verification Of Internet Data-paths for 5G
We propose a system—Automated Verification Of Internet Data-paths (AVOID)—that creates this unprecedented capability through two deliverables that tackle the two highest risk attack vectors for 5G communications.
Principal Investigators: Alexander Marder Erik KlineKa Pui Mokkc claffyKyle Jamieson
Funding source: OAC-2326928 Period of performance: September 1, 2023 - August 31, 2025.
DOD use of commercial 5G networks entails unprecedented reliance on untrusted third-party communications infrastructure, including the 5G base stations that connect directly to 5G devices and the Internet infrastructure that underlies 5G communications. The core problem when operating through non-cooperative commercial 5G infrastructure is that the unknown infrastructure potentially exposes communications to an adversary. Traversing adversary-controlled infrastructure allows DOD’s adversaries to recognize, disrupt, or extract intelligence even from encrypted communications. Increasingly complex obfuscation techniques have created an arms race against network intelligence techniques to detect the obfuscation. With each new obfuscation, DOD can never know if it fools the adversary, or if the adversary is simply lulling DOD into a false sense of security.
We predict the next great capability leap for operating through 5G networks will be sophisticated analytics that provide situational awareness of threats within the communications infrastructure, and an implementation that dynamically routes communications along benign paths. We are not only predicting this future – we are inventing it. Our original team brought nearly a century of combined research experience in revealing and identifying unknown network infrastructure. In Phase 1, we expanded our team across disciplines and sectors to accelerate convergence on a new DOD 5G defense: restructuring communication paths to avoid adversary-controlled base stations, networks, and locations, keeping DOD communications unobservable by the adversary.
We split the AVOID project into two deliverables, each of which transforms DOD’s ability to operate through unknown communication infrastructure, and which in combination form an end-to-end adversary avoidance routing system.
The first deliverable (AVOID-Vendor) includes a passive classifier for 4G and 5G base station vendors and an external modem that connects to specifically selected 5G base stations, protecting DOD personnel and devices from the threats posed by Huawei, ZTE, and custom surveillance base stations.
Deliverable 2 (AVOID-Path) operationalizes path analytics that illuminate the Internet infrastructure DOD’s 5G communications rely on, distinguishing paths that traverse adversary ISPs and territory from less risky communication paths. The outcome is a zero-trust-compatible communication routing system that allows 5G devices to exchange information with DOD systems, devices, and personnel without exposing those communications to nation-state adversaries.
186Task 1: Base Station Vendor Classifier
|1.1||Phase 1 Classifier Prototype|
|1.2||Phase 2 Applied Research Tasks|
|1.3||Testing and Evaluation|
|1.4||Future Plans for Classifying Base Stations Beyond Phase 2|
303Task 2: End-to-End Secure Communications Routing System
|2.1||Design Changes Based on Phase 1 Interviews with DOD Personnel|
|2.2||Phase 2 Applied Research Tasks|
|2.3||Testing and Evaluation|
|2.4||Looking Beyond Phase 2|
Acknowledgment of awarding agency’s support
This material is based on research sponsored by the National Science Foundation (NSF) grant OAC-2326928. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of NSF.