Signalling Security Analysis: Is HTTP/2 Secure in 5G Core Network?

The incoming 5G mobile network owns many advanced features. In the core network respect, 5G features Control and User Plane Separation (CUPS), Service Based Architecture (SBA), Network Slicing (NS) and Access Agnostic. To get all those new features realized, a new 5G system architecture and protocol stack have been designed. 5G adopts HTTP/2 as application layer protocol which means all the network entities in control plane will communicate with each using HTTP/2. However, HTTP/2 may cause new problems in the totally new designed Service-based Architecture (SBA). In this paper, we present a comprehensive study on HTTP/2 to be used in 5G core network and introduce the possible vulnerabilities and security problems. Firstly, based on the technology standards released by 3GPP, we give an overview of 5G architecture—Service based architecture; secondly, we introduce the new features of HTTP/2 protocol; thirdly, we evaluate the security problems that may occur in 5G core network.