The paper examines the feasibility and implications of Man-in-the-Middle (MitM) attacks on the Packet Forwarding Control Protocol (PFCP) within the 5G Core Network. The study demonstrates how PFCP control messages exchanged between the Session Management Function (SMF) and the User Plane Function (UPF) can be intercepted and modified, enabling an adversary to disrupt or manipulate PDU session establishment and maintenance. Practical implementations of such attacks are presented, illustrating the potential impact on network operation and user data flows. In addition, the paper investigates methods for detecting these threats using log-based analysis. Logs collected from SMF and UPF components were processed and examined to identify anomalies indicative of protocol misuse or unexpected module behaviour. The results highlight critical security vulnerabilities resulting from insufficient PFCP signalling protection and highlight the effectiveness of log-based monitoring techniques in identifying threats in 5G core networks.
Loading....