3GPP has introduced Private 5G to support the next-generation industrial automation system (IAS) due to the versatility and flexibility of 5G architecture. Besides the 3.5GHz CBRS band, unlicensed spectrum bands, like 5GHz, are considered as an additional medium because of their free and abundant nature. However, while utilizing the unlicensed band, industrial equipment must coexist with incumbents, e.g., Wi-Fi, which could introduce new security threats and resuscitate old ones. In this paper, we propose a novel attack strategy conducted by a mobility-enabled malicious Wi-Fi access point (mmAP), namely \textit{PACMAN} attack, to exploit vulnerabilities introduced by heterogeneous coexistence. A mmAP is capable of moving around the physical surface to identify mission-critical devices, hopping through the frequency domain to detect the victim's operating channel, and launching traditional MAC layer-based attacks. The multi-dimensional mobility of the attacker makes it impervious to state-of-the-art detection techniques that assume static adversaries. In addition, we propose a novel Markov Decision Process (MDP) based framework to intelligently design an attacker's multi-dimensional mobility in space and frequency. Mathematical analysis and extensive simulation results exhibit the adverse effect of the proposed mobility-powered attack.
翻译:3GPP 引入了私人5GG 支持下一代工业自动化系统(IAS ), 原因是5G结构的多功能性和灵活性。 除了3.5GHz CBRS 频段外, 5GHz等无许可证频段因其自由和丰富性质被视为额外的介质。 然而, 在使用无许可证频段的同时, 工业设备必须与任职者共存, 例如Wi-Fi, 这可能带来新的安全威胁和复苏旧的。 本文中, 我们提议了一个新的攻击战略, 由移动驱动的恶意无线接入点(mmAP), 即\ textit{PACMAN} 攻击, 来利用不同共存带来的弱点。 一个无许可证频频谱频带能够绕过物理表面发现任务关键装置, 通过频率域来探测受害人的操作频道, 并启动传统的MAC 层攻击。 攻击者的多维移动性使得它无法使用固定对敌的状态探测技术。 此外, 我们提议了一个新型的Markov 和以空间移动性模型为基础的空间移动性模型模型模型, 以及以智能式攻击性模型模型为基础的空间移动性分析。