Workshop on Security and Privacy of Next-Generation Networks (FutureG) 2026 Program

As 3GPP systems have strengthened security at the upper layers of the cellular stack, plaintext PHY and MAC layers have remained relatively understudied, though interest in them is growing. In this work, we explore lower-layer exploitation in modern 5G, where recent releases have increased the number of lower-layer control messages and procedures, creating new opportunities for practical attacks. We present two practical attacks and evaluate them in a controlled lab testbed. First, we reproduce a SIB1 spoofing attack to study manipulations of unprotected broadcast fields. By repeatedly changing a key parameter, the UE is forced to refresh and reacquire system information, keeping the radio interface active longer than necessary and increasing battery consumption. Second, we demonstrate a new Timing Advance (TA) manipulation attack during the random access procedure. By injecting an attacker-chosen TA offset in the random access response, the victim applies incorrect uplink timing, which leads to uplink desynchronization, radio link failures, and repeated reconnection loops that effectively cause denial of service. Our experiments use commercial smartphones and open-source 5G network software. Experimental results in our testbed demonstrate that TA offsets exceeding a small tolerance reliably trigger radio link failures in our testbed and can keep devices stuck in repeated re-establishment attempts as long as the rogue base station remains present. Overall, our findings highlight that compact lower-layer control messages can have a significant impact on availability and power, and they motivate placing defenses for initial access and broadcast procedures.

Unlike traditional IP and IP-based SDN networks, DNS in 5G and emerging 6G networks functions as a control-plane dependency, supporting telephony service discovery, SIP/IMS signaling (e.g., ENUM E.164 number mapping as a DNS application), and cross-slice traffic steering. Despite cloud-native, virtualized, and sliced architectures, DNS continues to rely on largely unchanged protocols and operational practices, leaving legacy vulnerabilities exposed. In this paper, we systematically analyze 84 documented DNS threats through an architecture-aware framework that evaluates their impact across six dimensions: service disruption, privacy leakage, amplification risk, traffic steering, slice impact, and misconfiguration risk. Our analysis highlights mobile-specific factors—including shared core functions, cross-slice resolvers, and DNS-mediated telephony control—that amplify the effects of protocol downgrades, incomplete DNSSEC deployment, and resolver sharing. In combination, these factors allow localized DNS failures to propagate across services, privacy boundaries, traffic steering, and slice isolation. We present a taxonomy that captures how DNS vulnerabilities manifest in next-generation mobile networks and map a subset of representative high-impact threats to architectural enforcement points, providing guidance for measurement, mitigation, and more robust 5G/6G design.

Within the past five years, countries globally have opened 6 GHz spectrum for Wi-Fi use to account for increased throughput demand. In order to safeguard incumbent services from interference, several countries have evaluated and adopted Automated Frequency Coordination (AFC) systems; such systems calculate and relay safe operating channels and power levels to devices based on their reported location. However, the recent design and deployment of these systems combined with the inherent trust relationships introduced (control over potentially hundreds of thousands of Wi-Fi device frequency/power decisions) points to a need to rigorously evaluate the security of AFC system design. In this work, we perform a holistic security analysis of the Wi-Fi Alliance AFC standards, comprising the AFC System Reference Model and the AFC System to AFC Device Interface Specification. We consider key security properties necessary for correct AFC operation in adversarial conditions, identify several gaps in specifications that undermine these properties, and point to vulnerabilities stemming from these specification weaknesses. Our analysis reveals five findings corresponding to seven vulnerabilities, including trivial authorization bypass weaknesses, practical resource exhaustion attacks and persistent poisoning of local AFC system data stores. Our discoveries underscore the need for spectrum-sharing systems to account for a variety of potentially malicious interactions in protocol design.

The rapid growth of 5G wireless technology has transformed connectivity, offering exceptional bandwidth, ultralow latency, and massive IoT device connectivity. However, as quantum computers are progressing, resistance against attacks from such computers becomes a mandatory requirement for all critical infrastructure, necessitating efficient post-quantum cryptography (PQC) implementations for 5G-based IoT devices with limited resources. For instance, User Equipment (UE) reauthentication due to frequent handovers and mobility events is a daily operation that already comes with some overhead, which is not attractive to be used for IoT UE devices. Incorporating heavier PQ solutions into these re-authentications will lead to even more additional communication and computation overhead that may hinder PQ deployment in next generation networks. As such, this paper introduces a novel, lightweight approach for integrating PQC in 5G IoT authentication by proposing a custom identity-based session resumption mechanism without compromising interoperability with existing protocols. This approach prevents replay attacks and ensures perfect forward secrecy (PFS) by utilizing customized identities that are dynamically generated based on device-specific parameters, combined with intelligent server-side caching of quantum-resistant cryptographic materials that eliminate the need for full PQC computations during subsequent re-authentications. We demonstrate through realistic 5G experimentation that the proposed solution significantly lowers authentication overhead while providing quantum-resistant security.

Large language models (LLMs) are increasingly being integrated into Open Radio Access Network (O-RAN) control loops to enable intent driven automation for resource management and network slicing. However, deploying LLMs within the Near-Real-Time RAN Intelligent Controller (Near- RT RIC) introduces a new control plane vulnerability. Because LLM driven xApps process untrusted telemetry and shared state information, adversaries can exploit prompt injection attacks to manipulate control logic, resulting in unauthorized resource allocation and slice isolation violations. This paper presents PROMPTGUARD, a Zero Trust (ZT) prompting framework for securing LLM driven O-RAN control. PROMPTGUARD is realized as a semantic verification xApp that enforces continuous intent validation on all LLM bound inputs by treating every prompt as potentially adversarial. We implement PROMPTGUARD on the OpenAI Cellular (OAIC) platform and evaluate its effectiveness against multiple prompt injection attacks under strict latency constraints. Results show that PROMPTGUARD mitigates adversarial prompts with high accuracy while preserving the O-RAN latency requirements, establishing ZT prompting as a foundational security primitive for AI-native RANs.

The emergence of the 5G Open Radio Access Network (O-RAN) architecture introduces increased flexibility and modularity to cellular networks, but its sudden shift toward software-centric and multi-vendor deployments also expands the software supply chain (SSC) attack surface, which is particularly concerning given the critical role of 5G infrastructure. SSC vulnerabilities can lead to severe consequences, including service disruption, unauthorized backdoors, and code injection. In this work, we systematically identify and analyze SSC vulnerabilities in O-RAN RAN Intelligent Controller, which performs latency-sensitive edge control and optimization in 5G networks. Using static analysis tools, we evaluate production-grade O-RAN components primarily implemented in Go and find 57 security-relevant issues after manual validation. We highlight key limitations of off-the-shelf analyzers, quantify false-positive results, and contextualize identified risks within O-RAN deployments. Our findings emphasize the need for improved SSC security practices tailored to O-RAN systems.

The current mobile network is migrating towards a programmable, interoperable, and cloud-native architecture, known as OpenRAN. This enables software-defined services to be integrated as modular applications (xApps and rApps) in a centralized RAN Intelligent Controller (RIC). While prior research has demonstrated a few xApps on OpenRAN for security, optimization, etc., a critical development challenge remains. We observe that a fundamental obstacle is the Telemetry Gap: an OpenRAN application has to acquire the necessary analytic telemetry which may not be supported by the corresponding RAN vendors. Unfortunately, the OpenRAN standard does not specify how to address this challenge, and current solutions are typically vendor lock-in, significantly limiting their portability. To bridge this gap, we present our preliminary work on TELERAN, a fully vendor-agnostic agent that enables protocol-level fine-grained visibility and seamless O-RAN integration for virtual RAN nodes at the edge by utilizing extended Berkeley Packet Filter (eBPF). It is driven by two synergistic cross-layer components: (1) an eBPF-based programmable filter that brings in universal and efficient cellular packet filtering at the OS kernel level, and (2) a user-space parser that reconstructs packet semantics based on ASN.1 specifications, enabling operators to customize and program various RAN telemetry. We have implemented a prototype of TELERAN, demonstrating that its seamless integration to two leading open-sourced RAN implementations, OpenAirInterface and srsRAN, with zero source code modification. We also show that TELERAN can be programmed for a wide range of telemetry types for both performance and security analytics, further supporting diverse xApp use cases on OpenRAN.

Powerful quantum computers in the future may be able to break the security used for communication between vehicles and other devices (Vehicle-to-Everything, or V2X). New security methods called post-quantum cryptography can help protect these systems, but they often require more computing power and can slow down communication, posing a challenge for fast 6G vehicle networks. In this paper, we propose an adaptive post-quantum cryptography (PQC) framework that predicts short-term mobility and channel variations and dynamically selects suitable lattice-, code-, or hash-based PQC configurations using a predictive multi-objective evolutionary algorithm (APMOEA) to meet vehicular latency and security constraints. However, frequent cryptographic reconfiguration in dynamic vehicular environments introduces new attack surfaces during algorithm transitions. A secure monotonic-upgrade protocol prevents downgrade, replay, and desynchronization attacks during transitions. Theoretical results show decision stability under bounded prediction error, latency boundedness under mobility drift, and correctness under small forecast noise. These results demonstrate a practical path toward quantum-safe cryptography in future 6G vehicular networks. Through extensive experiments based on realistic mobility (LuST), weather (ERA5), and NR-V2X channel traces, we show that the proposed framework reduces end-to-end latency by up to 27%, lowers communication overhead by up to 65%, and effectively stabilizes cryptographic switching behavior using reinforcement learning. Moreover, under the evaluated adversarial scenarios, the monotonic-upgrade protocol successfully prevents downgrade, replay, and desynchronization attacks.

Intent-based networking frameworks such as 3GPP TS 28.312 introduce utility-driven fulfilment, where producers map high-level intents to quantitative targets via utility formulas over KPIs, but the relationship between the KPIs declared in the intent expectation and the KPIs used in the utility is unconstrained. We address this Utility–Expectation gap with PICKLE (Patchable InCremental multiproof merKLE tree), a generic hash-only provenance layer for such settings. PICKLE commits an application’s state vector in an incremental Merkle tree and equips each verifier with a batch proof expressed purely in terms of node positions. A single global sibling map stores each required hash at most once, while per-verifier proofs reference this map without duplicating hashes. Leaf updates patch the global map along the affected paths, leaving proof structure unchanged. As a result, patch communication scales with the number of distinct touched siblings rather than with the number or size of verifier batches while preserving per-verifier isolation. We implement PICKLE and compare it to per-path proofs and per-verifier multiproofs on synthetic multi-verifier workloads. Across varied verifier numbers and tree sizes, PICKLE reduces patch communication cost and update time, while relying only on hash computations and simple table lookups.