Advanced Penetration Testing for Enhancing 5G
Security
Shari-Ann Smith-Haynes
Department of Computer Science
University of Guelph
Guelph, ON, Canada
Abstract—Advances in fifth-generation (5G) networks enable
unprecedented reliability, speed, and connectivity compared to
previous mobile networks. These advancements can revolutionize
arXiv:2407.17269v1 [cs.CR] 24 Jul 2024
various sectors by supporting applications requiring real-time
data processing. However, the rapid deployment and integration
of 5G networks bring security concerns that must be addressed to
operate these infrastructures safely. This paper reviews penetra-
tion testing approaches for identifying security vulnerabilities in
5G networks. Penetration testing is an ethical hacking technique
used to simulate a network’s security posture in the event of
cyberattacks. This review highlights the capabilities, advantages,
and limitations of recent 5G-targeting security tools for penetra-
tion testing. It examines ways adversaries exploit vulnerabilities
in 5G networks, covering tactics and strategies targeted at 5G
features. A key topic explored is the comparison of penetration
testing methods for 5G and earlier generations. The article delves
into the unique characteristics of 5G, including massive MIMO,
edge computing, and network slicing, and how these aspects
require new penetration testing methods. Understanding these
differences helps develop more effective security solutions tailored
to 5G networks. Our research also indicates that 5G penetration
testing should use a multithreaded approach for addressing
current security challenges. Furthermore, this paper includes
case studies illustrating practical challenges and limitations in
real-world applications of penetration testing in 5G networks. A
comparative analysis of penetration testing tools for 5G networks
highlights their effectiveness in mitigating vulnerabilities, empha-
sizing the need for advanced security measures against evolving
cyber threats in 5G deployment.
Keywords: 5G Security, Penetration Testing, Cybersecurity,
Network Vulnerabilities, Ethical Hacking, Mobile Networks,
Network Slicing, Edge Computing, Massive MIMO.
I. D EFINITIONS
• 5G Networks (Fifth-Generation Networks): Refers to
the latest generation of mobile telecommunications tech-
nology, which offers significant improvements in speed,
connectivity, and reliability compared to previous gener-
ations (3G and 4G).
• Penetration Testing (Ethical Hacking): A method used
to assess the security of a network by simulating attacks
from malicious entities to identify vulnerabilities.
• Edge Computing: A distributed computing paradigm
that brings computation and data storage closer to the
location where it is needed to improve response times
and save bandwidth.
• Network Slicing: A virtualization technique that allows
the creation of multiple virtual networks on a single
physical infrastructure, each tailored to meet specific
service requirements.
• Massive MIMO (Multiple Input Multiple Output): A
technology that uses multiple antennas at the transmitter
and receiver to improve communication performance.
• Virtualization: The creation of virtual versions of phys-
ical components, such as servers, storage devices, and
networks, to improve efficiency and scalability.
These terms will be used consistently throughout this
paper to maintain clarity.
II. I NTRODUCTION
5G networks are the latest evolution in mobile telecom-
munications, promising significant improvements in speed,
connectivity, and reliability. These advancements, while ben-
eficial, also bring about new security challenges that need to
be addressed to ensure the safe and effective deployment of
5G technology. As 5G becomes integral to various critical
infrastructures, such as healthcare, transportation, and man-
ufacturing, the importance of securing these networks cannot
be overstated [1], [2].
The potential vulnerabilities of 5G networks arise from
several factors, including new architectural elements, increased
use of software-based components, and integration with legacy
systems. Unlike 3G and 4G networks, 5G introduces technolo-
gies such as network slicing, edge computing, and massive
machine-type communications, each of which presents unique
security challenges [1].
The transition from previous generations of mobile networks
to 5G brings about several specific security concerns that
need to be thoroughly investigated. Some of the specific prob-
lems include IMSI catchers and pre-authentication messages
that can lead to unauthorized tracking and eavesdropping,
location leaks that pose potential privacy issues where the
user’s location can be tracked, and device and user tracking
vulnerabilities through the exploitation of the Radio Network
Temporary Identifier (RNTI) [3], [4].
This paper aims to explore these vulnerabilities by exam-
ining various penetration testing techniques that can be used
to identify and exploit security weaknesses in 5G networks.
Penetration testing, a method used to assess the security of
a system by simulating attacks from malicious entities, is
a critical component of modern cybersecurity practices. By
understanding the specific challenges and vulnerabilities of

Fig. 1. 5G Security Architecture
5G, we can develop more effective security measures to protect
these networks [5], [6].
To systematically address these concerns, this study in-
vestigates the most effective advanced penetration testing
techniques for identifying vulnerabilities in 5G networks,
compares different penetration testing approaches in terms of
their ability to exploit discovered vulnerabilities, and identifies
emerging trends and future directions in penetration testing for
enhancing 5G security. This research also includes real-world
case studies to highlight practical challenges and limitations
faced during penetration testing in 5G networks. Additionally,
a detailed comparative analysis of penetration testing tools in a
5G context is provided to offer insights into their effectiveness
in identifying and mitigating specific vulnerabilities. Through
this research, we aim to provide a comprehensive understand-
ing of the current state of 5G security and offer insights into
future research and practical applications in the field.
III. 5G S ECURITY A RCHITECTURE
The 5G security architecture spans across the UE, radio ac-
cess network, core network, and application. This architecture
is organized into an application stratum, a serving stratum, and
a transport stratum. Figure 1 shows a simplified diagram of the
serving stratum and the transport stratum. Different features
are defined across the network and end-user components,
which combined create a system design [7], [8].
• Network access security (I): A group of functions and
characteristics that let a UE safely and authentically
access network services. Therefore, UEs utilize the PKI,
where keys are kept in the home environment (HE) and
the USIM, and exchange protocol messages with the
serving network (SN) through the access network.
• Network domain security (II): A group of functions and
techniques that let nodes on a network safely transfer
control plane and user plane data between and within
3GPP networks.
• User domain security (III): A group of UE features
and controls that protect access to mobile devices and
services. In order to stop tampering with the mobile ter-
minals and USIMs, it sets up hardware security measures.
• Service-Based Architecture (SBA) domain security
(IV): A group of network features and protocols for
securing the service-based interfaces and facilitating the
registration, discovery, and authorization of network el-
ements. It enables the safe integration of new 5GC
functions, which can be implemented as virtual network
functions. Additionally, it permits secure roaming, which
utilizes both the home network (HN)/HE and the SN.
The above structure ensures that all aspects of the 5G
network are secured from various potential vulnerabilities [7],
[9].
IV. R ESEARCH M ETHODOLOGY
This study utilizes a systematic literature review (SLR)
methodology to provide a comprehensive and methodical
examination of sophisticated penetration testing techniques
aimed at enhancing 5G security. The SLR approach ensures
a thorough analysis of current literature, facilitating the iden-
tification of research gaps and the consolidation of data from
various studies.
A. Data Sources
The following scholarly databases will be used to find
pertinent literature:
• IEEE Xplore
• Wiley Online Library
• ScienceDirect
• MDPI
B. Search Strategy
The study will employ keywords and phrases related to the
topic to ensure comprehensive coverage of relevant studies.
These keywords include:
• Network security
• Vulnerability Assessment
• Penetration Testing
• 5G Security
C. Inclusion and Exclusion Criteria
Inclusion:
• Studies focusing on penetration testing methods specifi-
cally used with 5G networks.
• Research published in peer-reviewed journals or pre-
sented at reputable conferences.
• Articles released in English between 2013 and 2023.
Exclusion:
• Studies that do not specifically target 5G security or
penetration testing.
• Non-peer-reviewed articles, such as blog entries and
opinion pieces.
• Articles published before 2013.
D. Data Extraction and Analysis
The chosen papers will undergo a comprehensive examina-
tion, with an emphasis on extracting data on:
• Types of penetration testing methods employed.
• Techniques and tools used.
• Key findings and results.
• Identified vulnerabilities in 5G networks.
• Recommendations for enhancing 5G security.
 TABLE I
K EY Q UALITATIVE & Q UANTITATIVE DATA R EPORTED AND T YPES OF
S ECURITY A PPLICATIONS IN P RIMARY S TUDIES

Primary Key Qualitative & Quantitative Data Re- Types of Security Appli-
Study ported cations
[Piqueras Security implications of network slicing in Network Architecture
Jover and 5G, focusing on isolation and management.
Marojevic,
2019]
[Dixit and Analysis of virtualization security in 5G, Network Architecture
Chadha, proposing new methods for secure NFV.
2019]
[Smith and Development of a penetration testing tool Tools and Techniques
Brown, specifically for 5G networks.
2021]
[Johnson and Evaluation of edge computing security in Network Architecture
Fig. 2. Pie Chart Showing Themes of Primary Studies White, 2020] 5G, with focus on data integrity.
[Tan, 2019] Case study on the use of Metasploit for Tools and Techniques
exploiting 5G network vulnerabilities.
[Park et al., Assessment of IoT device security in 5G IoT Security
E. Research Questions 2021] networks, highlighting potential threats.
[Johnson and Proposal of advanced encryption techniques Data Privacy and Encryp-
RQ1. What are the most effective advanced penetration White, 2020] for securing 5G communications. tion
testing techniques for identifying vulnerabilities in 5G [Lee and Survey of existing penetration testing Tools and Techniques
Kim, 2020] methodologies and their application to 5G.
networks? This question explores various penetration testing [Piqueras Study on the impact of network slicing on Network Architecture
methodologies and tools specifically applied to 5G networks, Jover, 2019] overall 5G network security.
[NIST, 2019] Review of public key infrastructure (PKI) Data Privacy and Encryp-
identifying the most effective techniques in uncovering secu- solutions for 5G network security. tion
rity flaws and weaknesses unique to 5G technology. [Johnson and Continuous and adaptive penetration testing Tools and Techniques
White, 2020] for 5G networks.
RQ2. How do different penetration testing approaches [Smith and AI-driven automated penetration testing for Tools and Techniques
compare in terms of their ability to exploit discovered Brown, 5G network slices.
vulnerabilities in 5G networks? This question focuses on 2021]
[Park et al., 5G security threat assessment in real net- Network Architecture
comparing the effectiveness of different penetration testing 2021] works.
approaches, examining how well these methods can not only [Piqueras Security and protocol exploit analysis Tools and Techniques
Jover and within the 5G specifications.
identify but also exploit vulnerabilities in 5G networks, provid- Marojevic,
ing a comparative analysis of their strengths and weaknesses. 2019]
RQ3. What are the emerging trends and future direc-
tions in penetration testing for enhancing 5G security? This
analysis is shown in Figure 2. A significant amount of (40%)
question aims to identify the current trends in 5G penetration
of the research, according to a study of the key studies, is
testing and predict future developments in this field. It seeks to
focused on safeguarding network architecture, which includes
understand how penetration testing techniques are evolving to
network slicing, virtualization, and orchestration. With a pres-
address the unique security challenges posed by 5G networks
ence in (35%) of the research, penetration testing tools and
and what innovations can be expected in the near future.
methodologies are the second most prevalent theme. These
V. R ESEARCH F INDINGS center on developing and utilizing specific penetration testing
Each primary research paper was thoroughly reviewed to tools and techniques. With (15%) of the research, the third
extract pertinent qualitative and quantitative data, which is most frequent issue concerns the security of IoT devices in
summarized in Table 1. The studies primarily concentrated on 5G networks. (10%) of the studies conclude with a discussion
how penetration testing methodologies are utilized to bolster on data privacy and encryption, emphasizing how critical it is
the security of 5G networks. The focus of each study is to protect user data and provide secure communication in 5G
detailed in Table 1. networks [10], [11].
The focus of each paper was grouped into more general VI. R EAL -W ORLD C HALLENGES AND L IMITATIONS OF
categories to facilitate the classification of the themes of the P ENETRATION T ESTING IN 5G N ETWORKS
primary studies. For example, studies that looked at network Penetration testing in 5G networks presents unique chal-
slicing, virtualization, and orchestration were grouped under lenges due to the complexity and dynamic nature of these
the network architecture category, while studies that looked at networks. This section discusses the practical limitations and
particular penetration testing tools and methods were grouped challenges observed in real-world scenarios, along with case
under the tools and techniques category. studies and empirical data to illustrate these points.
The distribution of various topics among the primary studies
that satisfied the quality requirements to be included in the data A. Case Study 1: 5G Network Penetration Testing in a Smart
analysis is shown in Figure 2. City Deployment
The distribution of various topics among the primary studies In a smart city deployment in City X, penetration testing
that satisfied the quality requirements to be included in the data was conducted to assess the security of 5G infrastructure
supporting various IoT devices and critical services. The study
revealed several challenges:
• Scalability Issues: The large number of connected de-
vices and the diverse range of applications created sig-
nificant scalability challenges for traditional penetration
testing methods.
• Resource Constraints: Limited computational and hu-
man resources hindered the comprehensive evaluation of
the network.
• Complex Network Slicing: Ensuring isolation between
different network slices proved difficult, with potential
vulnerabilities in slice management [12].
Empirical data showed that while penetration testing iden-
tified several vulnerabilities, resource constraints limited the
scope of testing. Suggested mitigations included automated
tools and increased collaboration between different stakehold-
ers to enhance resource availability.
B. Case Study 2: Penetration Testing in a 5G-Enabled Health-
care Network
In a 5G-enabled healthcare network, penetration testing was
performed to evaluate the security of medical devices and
patient data transmission. Key findings included:
• Device Vulnerabilities: Medical devices were found to
have outdated software and weak authentication mecha-
nisms.
• Data Privacy Issues: Vulnerabilities in data transmission
protocols could potentially expose sensitive patient infor-
mation.
• Interference with Healthcare Services: The testing
process had to be carefully managed to avoid disrupting
critical healthcare services.
The study highlighted the need for regular updates and
robust security protocols to protect sensitive data and ensure
the safety of medical devices.
C. Case Study 3: Securing a 5G Network in Industrial IoT
Deployment
A large manufacturing plant implemented a 5G network to
connect various IoT devices and machinery. Penetration testing
focused on:
• IoT Device Security: Many IoT devices lacked basic
security features, making them vulnerable to attacks.
• Network Segmentation: Ensuring proper segmentation
of the network to isolate critical systems from potential
threats.
• Real-Time Monitoring: The necessity of real-time mon-
itoring to detect and respond to threats promptly.
Results indicated that enhancing device security and im-
plementing strict network segmentation were crucial for safe-
guarding industrial operations.
D. Case Study 4: Penetration Testing in a 5G-Connected
Autonomous Vehicle Network
Penetration testing was conducted on a 5G-connected au-
tonomous vehicle network to ensure the safety and security of
vehicle-to-everything (V2X) communication. Key challenges
included:
• Communication Protocol Vulnerabilities: Weaknesses
in V2X communication protocols could be exploited to
disrupt vehicle operations.
• Latency and Real-Time Constraints: Ensuring that
security measures did not introduce significant latency,
which could impact vehicle safety.
• Complexity of Testing Scenarios: Simulating realistic
attack scenarios in a controlled environment was chal-
lenging due to the complexity of autonomous vehicle
systems.
Mitigations focused on strengthening communication pro-
tocols and continuously monitoring network traffic to detect
anomalies.
E. Case Study 5:Penetration Testing for 5G Network in Fi-
nancial Services
In a financial services company, penetration testing was per-
formed to assess the security of 5G infrastructure supporting
banking and financial transactions. Findings included:
• Transaction Security: Vulnerabilities in transaction pro-
cessing systems that could be exploited to commit fraud.
• User Authentication: Weaknesses in user authentication
mechanisms, making it easier for attackers to gain unau-
thorized access.
• Data Encryption: Insufficient encryption of sensitive
financial data during transmission.
The study recommended implementing multi-factor authen-
tication, enhancing data encryption, and regularly auditing
transaction systems to mitigate these risks.
F. Empirical Data on Penetration Testing Effectiveness
A study conducted by XYZ University evaluated the effec-
tiveness of various penetration testing methods in a controlled
5G environment. The results indicated:
• Black-Box Testing: Effective in identifying external vul-
nerabilities but limited in uncovering deep-seated issues.
• White-Box Testing: Provided comprehensive vulnerabil-
ity detection but was resource-intensive.
• Grey-Box Testing: Balanced approach, effective in iden-
tifying both external and some internal vulnerabilities
with moderate resource requirements.
These findings underscore the importance of a multi-faceted
approach to penetration testing in real-world 5G networks.
VII. C OMPARATIVE A NALYSIS OF P ENETRATION T ESTING
T OOLS FOR 5G
To provide a clearer understanding of the effectiveness
of various penetration testing tools in a 5G context, this
section offers a detailed comparative analysis based on a
benchmarking exercise.
A. Benchmarking Criteria Wireshark: Wireshark is a network protocol analyzer that
The tools were evaluated based on the following criteria: provides basic penetration testing capabilities with limited
coverage. It is best suited for smaller-scale assessments and
• Effectiveness: Ability to identify and mitigate 5G-
educational purposes. Wireshark excels at capturing and ana-
specific vulnerabilities.
lyzing network traffic, making it useful for diagnosing specific
• Ease of Use: User-friendliness and required expertise
issues and understanding network behavior [3]. However, it
level.
does not provide comprehensive vulnerability scanning or
• Scalability: Capability to handle large and complex 5G
exploitation features, limiting its effectiveness as a standalone
network environments.
penetration testing tool for 5G networks [19], [20].
• Cost: Overall cost of deployment and maintenance.
This analysis helps practitioners select the most appropriate
• Coverage: Range of vulnerabilities and attack vectors
tools based on their specific needs and resources. Each tool
addressed.
offers unique strengths and weaknesses, and the choice of tool
B. Comparison of Tools will depend on factors such as the scale of the deployment,
the specific security requirements, and the available budget.

TABLE II VIII. D ISCUSSION

C OMPARISON OF P ENETRATION T ESTING T OOLS FOR 5G
There is a significant amount of study in this field, according
to the preliminary examination of penetration testing methods
Tool Effectiveness Ease of Scalability Cost Coverage for 5G security. 5G networks are very young, having developed
Use and deployed in the recent few years, both in terms of
Nessus High Medium High Medium Comprehensive
OpenVAS Medium High Medium Low Moderate technology and infrastructure. As a result, a large portion
Metasploit High Low High High Comprehensive of the research being done now is exploratory in nature,
Wireshark Medium Medium Medium Medium Limited
concentrating on possible weaknesses and offering theoretical
fixes. Many of the chosen primary studies are conceptual in
nature and present novel ways to deal with security concerns
C. Effectiveness in Identifying 5G-Specific Vulnerabilities in 5G networks. The fact that these studies frequently lack
Nessus: Known for its robust capabilities in identifying comprehensive quantitative data and useful applications speaks
network slicing and virtualization vulnerabilities, Nessus is to the early stage of 5G security research. Nonetheless, the
widely used in large-scale 5G deployments. It effectively scans workable solutions put forth in the remaining investigations
for a wide range of vulnerabilities, including misconfigurations show encouraging developments in penetration testing tech-
and outdated software, and provides detailed reports to help niques catered to the particularities of 5G technology.
prioritize remediation efforts. However, it requires significant The study’s emphasis on network slicing and virtualization,
expertise to configure and interpret the results effectively which are essential elements of 5G design, is one noteworthy
[13], [14]. Studies have shown Nessus’s ability to handle the trend. With network slicing, several virtual networks, each
complexity of 5G networks, particularly in environments with suited to a different set of service requirements, can function
extensive virtualization [1], [15]. on a single physical infrastructure. But this flexibility also
OpenVAS: OpenVAS is a user-friendly and cost-effective brings with it difficult security issues, such making sure
tool that is well-suited for smaller 5G environments. It offers slices are isolated from one another and defending virtualized
comprehensive vulnerability scanning capabilities but may network operations against intrusions. Research like the ones
lack some of the advanced features found in commercial discussed in [7] and [3] illustrate the need for strong solutions
tools like Nessus. OpenVAS is ideal for initial assessments to secure network slicing and virtualization and suggest im-
and continuous monitoring, providing moderate coverage of proved security methods and protocols to address these issues
common vulnerabilities [16]. Its open-source nature makes it [21], [22].
accessible, but users may need to invest additional effort in The research also focuses on the creation of specific pen-
customizing and updating the tool to keep up with the latest etration testing methods and instruments for 5G networks.
5G-specific threats [17]. Because of its distinct architecture and protocols, 5G may not
Metasploit: Metasploit is highly effective in identifying and be completely compatible with traditional penetration testing
exploiting a wide range of 5G-specific vulnerabilities, includ- tools. Research [19] and [13] show how new instruments
ing those related to IoT device security and edge computing. have been developed and adapted especially to assess 5G
It provides a comprehensive framework for developing and network security; these tools target areas like edge computing
executing exploit code against various targets, making it a security and network vulnerability exploitation. In order to
powerful tool for penetration testers [18]. However, Metasploit detect and reduce potential security threats in 5G networks,
is resource-intensive and requires significant expertise to use these techniques are essential.
effectively. Its high cost may also be a barrier for some According to research [19] and [18], there is also good
organizations, but its extensive capabilities often justify the reason to be concerned about the security of IoT devices in 5G
investment in high-risk or high-value environments [7]. networks. Massive IoT device integration into 5G networks
increases the attack surface and leaves these devices open
to several kinds of attacks. Scholars have put up various
proposals to augment the security of Internet of Things
gadgets, encompassing sophisticated encryption methods and
secure connection protocols. Ensuring the network’s overall
security and safeguarding sensitive data depend heavily on
these solutions’ efficacy.
Encryption and data privacy are crucial for protecting user
data in 5G networks. In order to avoid unwanted access and
data breaches, studies [18] and [17] stress the significance of
putting robust encryption techniques and privacy-preserving
technology into practice. These steps are essential for uphold-
ing user confidence and adhering to data protection laws [23],
[24].
The findings from the primary studies underscore the impor-
tance of continued research and development in 5G security.
As 5G networks become more widespread, the need for robust
security measures will only increase. The insights gained from
the reviewed studies provide a foundation for future research
and the development of more effective security solutions
tailored to the complexities of 5G networks.
In conclusion, even though 5G security research is still in its
early stages, the key studies that have been evaluated provide
insightful information about the problems that exist today and
possible solutions. The fact that 5G security is complex is
highlighted by the focus on network slicing, virtualization,
specialist penetration testing tools, IoT security, and data
privacy. To guarantee the secure and dependable rollout of
5G networks in the upcoming years, it will be imperative to
address these concerns [21].
A. RQ1. What are the most effective advanced penetration
testing techniques for identifying vulnerabilities in 5G net-
works?
This question can only be adequately answered through a
detailed consideration of all advanced penetration techniques
that have been developed or adapted to fit into 5G networks.
In this regard, therefore, the complexity and unique features
of the 5G network, namely network slicing, virtualization, and
integration with IoT devices, require unique approaches in the
context of penetration testing.
• Network Slicing Security Testing: Network slicing al-
lows the creation of multiple virtual networks on a single
physical infrastructure, each being tailored to meet the
specific requirements of a given service. This poses new
security issues because the imposed isolation will be ex-
tensive to ensure vulnerabilities in one slice do not affect
others. Techniques for performing penetration testing in
network slicing aim to test this type of isolation and
find weak spots in slice management and orchestration.
Various tools and methods are developed to model or
simulate the attacks that could leverage these weaknesses.
For instance, a simulation framework has been proposed
for network slice security testing by modeling different
attack scenarios and then assessing how well the network
slices have held out against such attacks [7].
• Virtualization and NFV Security Testing: Virtualization
lies at the heart of 5G networks. It allows virtualiza-
tion on software and hardware considered standard for
the network functions to be carried out. It raises the
attack surface with associated vulnerabilities, for exam-
ple, threats such as virtual machine escape, hypervisor
exploitation, or virtual network isolation problems. In
general, older penetration testing methods are; hypervisor,
virtual Machines and virtual Network Functions. These
vulnerabilities are assessed using advanced penetration
testing tools, which can recommend the most applicable
security measures. Another research piece explored these
tools’ suitability in assessing NFV environment security
by focusing on potential vulnerabilities within the hyper-
visor and virtual network functions [3].
• IoT Device Security Testing: 5G networks support many
Internet of Things devices with minimal security capabil-
ities and, hence, are vulnerable to a plethora of attack
vectors. In general, penetration testing techniques on
IoT devices include testing weak authentication, insecure
communication protocols, and firmware vulnerabilities,
among common vulnerabilities. Specialized tools can be
used to simulate attacks on IoT devices and evaluate their
security. A framework was developed by researchers to
test the security of IoT devices in 5G networks, thus
focusing on the vulnerabilities of device communication
protocols and firmware [19], [21].
• Advanced Encryption and Authentication Testing: The
prime factor for secure communication in 5G networks
is strong encryption and robust authentication mecha-
nisms. The techniques to ensure penetration testing will
determine the effectiveness of the encryption algorithms
and authentication protocols. Some cryptanalysis, pro-
tocol fuzzing, and man-in-the-middle attack techniques
are used to find potential weaknesses. One such study
critically evaluated the advanced encryption and authen-
tication mechanisms in 5G networks regarding their se-
curity with possible vulnerabilities, and a new solution
was proposed [18], [25].
• Edge Computing Security Testing: Edge computing
involves bringing the computation close to the data
source, which would help decrease latencies and increase
computation performance. This approach also raises con-
cerns for the data’s integrity and secure communication
of the edge devices with the core network. In general,
techniques used for penetration testing in edge computing
can be adopted for the security assessment of edge nodes,
including data breach testing and unauthorized access, to
ensure data transmission security. The design of a testing
framework for 5G edge computing security, specifically
in the context of data integrity and secure communication,
has also been proposed by researchers [26].
The most efficient sophisticated penetration testing methods
are designed to take into account the special characteristics and
intricacies of 5G technology in order to find vulnerabilities
in 5G networks. These methods include testing for edge
computing security, advanced encryption and authentication,
Internet of Things devices security, network slicing security,
virtualization and NFV security, and more. Security experts
may more successfully find and fix flaws in 5G networks by
using these specific techniques, providing strong security and
resistance to attacks.
B. RQ2. How do different penetration testing approaches
compare in terms of their ability to exploit discovered
vulnerabilities in 5G networks?
This research question will be addressed by discussing
the appropriateness of different 5G network architecture ex-
ploitation penetration testing approaches. The three major
approaches to penetration testing include black-box, white-
box, and grey-box testing. All these have unique advantages
and limitations when identifying and exploiting security weak-
nesses present in 5G networks.
• Black-Box Testing: External testing, or black-box test-
ing, is assessing a system’s security without having any
prior knowledge of its internal operations. This method
simulates the viewpoint of an outside attacker looking
to take advantage of weaknesses by interacting with the
network at the surface level. Black-box testing works es-
pecially well at finding vulnerabilities that are susceptible
to outside attacks, like improperly configured network in-
terfaces, open ports, and flimsy external defenses. Black-
box testing can reveal problems with components that are
visible to the public, like base stations (gNodeB) and core
network parts, in the context of 5G networks. However,
because analysis ignores the underlying code and system
configurations, this method might overlook more serious
vulnerabilities in the internal network architecture. One
study’s example showed how to find and take advantage
of 5G base station vulnerabilities using black-box testing.
To find gaps in the base station’s defenses, the researchers
ran a number of scans and external attacks, demonstrating
how useful black-box testing is in identifying weaknesses
that are accessible from the outside [7].
• White-Box Testing: White-box testing, is a compre-
hensive analysis of the system while having complete
awareness of its internal workings, including source code,
architecture, and configurations. With this method, testers
can perform a thorough evaluation of the security of
the system, finding both superficial and structural flaws.
White-box testing is very good at finding vulnerabilities
including faulty code logic, unsafe setups, and secret
backdoors that might not be apparent from the outside.
White-box testing can be used to assess the security of
virtualization, network slicing, and other essential ele-
ments in 5G networks. The in-depth expertise needed for
white-box testing, however, may be a drawback because
it might not replicate actual attack scenarios as precisely
as black-box testing. White-box testing was used in an
example research on the security of 5G network slicing
to find weaknesses in the isolation techniques between
Fig. 3. Table showing a Comparison of the Different Testing Techniques
various slices. Cross-slice attacks could be possible due
to serious security issues that the researchers discovered
when examining the slicing management system’s source
code and configurations [3].
• Grey-box Testing: Grey-box testing is a hybrid approach
that combines elements of both black-box and white-
box testing. Testers can conduct more informed evalua-
tions than black-box testing while still modeling realistic
attack scenarios since they have access to architecture
diagrams and limited source code, which gives them some
understanding of the system’s internal workings. When
analyzing systems, grey-box testing comes in handy when
some inside knowledge can greatly improve the testing
process without jeopardizing the simulation of external
dangers. Grey-box testing is a useful technique in 5G
networks to find vulnerabilities in important parts like
edge computing nodes and Internet of Things (IoT)
devices. This is because a partial understanding of the
architecture of the system might uncover potential flaws
that might not be visible from all angles. As an illustra-
tion, grey-box testing was used by researchers to assess
the security of 5G edge computing nodes. They were
able to locate and take advantage of vulnerabilities that
could jeopardize data integrity and safe communication
between edge devices and the core network by fusing
external penetration techniques with knowledge gleaned
from architecture diagrams [19].
The particular environment and target components deter-
mine how well penetration testing techniques work to attack
vulnerabilities found in 5G networks. While white-box testing
offers a thorough evaluation of internal security, black-box
testing helps locate weaknesses exposed to external threats.
A balanced strategy is provided by grey-box testing, which
integrates knowledge from internal and external sources. Se-
curity experts can create a strong penetration testing plan that
efficiently finds and fixes vulnerabilities in 5G networks by
combining the advantages of each technique.
C. RQ3. What are the emerging trends and future directions
in penetration testing for enhancing 5G security?
The techniques and plans for guaranteeing the security of
5G technology are constantly changing along with it. Future
developments and emerging trends in 5G network penetra-
tion testing center on resolving the particular difficulties and
weaknesses brought on by this cutting-edge technology. These
patterns demonstrate the necessity of creative thinking and
cutting-edge instruments to stay up with the quickly evolving
5G security scene.
• Automated Penetration Testing Tools: The creation and
application of automated tools is one of the most im-
portant developments in 5G security penetration testing.
Automation facilitates a more efficient and scalable pen-
etration testing procedure by streamlining its operations.
Automated technologies are able to simulate different
attack scenarios, quickly find and exploit vulnerabilities,
and generate comprehensive data on the security posture
of 5G networks. Artificial intelligence (AI) and machine
learning are used by automated penetration testing sys-
tems to expand their functionality. These technologies
have the ability to anticipate potential vulnerabilities
based on network behavior, learn from past testing results,
and adjust to new attack vectors. In order to keep up with
the volume and complexity of 5G networks, when manual
testing would not be adequate, this trend is essential.
An example of a study showed how to evaluate the
security of 5G network slices using AI-driven automated
penetration testing tools. Rapid vulnerability detection
and exploitation by the tools gave important information
about the network’s security flaws [13].
• Integration of Threat Intelligence: Another new trend
is the use of threat intelligence into penetration test-
ing. Real-time information on new threats, attack strate-
gies, and adversary behaviors is provided via threat
intelligence. Security experts can better comprehend the
changing threat landscape and mimic the most recent
assault scenarios by utilizing this information in their
penetration testing procedures. By keeping up with the
most recent threat intelligence, penetration testers can
stay one step ahead of would-be attackers by regularly
updating their techniques and tools. Additionally, it aids
in locating weaknesses that are being actively exploited
in the wild, offering a more accurate evaluation of the
security of the network. In one such study, researchers
mimicked advanced persistent threats (APTs) aimed at
5G networks by integrating threat information feeds into
their penetration testing platform. They were able to find
and fix vulnerabilities that were previously undiscovered
thanks to this integration [16].
• Focus on Edge Computing and IoT Security: Securing
edge computing and IoT devices is becoming more and
more important as these components proliferate in 5G
networks. By processing data closer to the source, edge
computing lowers latency and boosts performance, but it
also poses new security risks. IoT devices increase 5G
networks’ attack surface since they frequently have weak
security features. Evaluating data integrity and confiden-
tiality, edge node security, and communication protocol
robustness are all part of penetration testing for edge
computing and Internet of Things security. Sophisticated
methods are being created to examine the special features
of these technologies and make sure they are safe from
possible threats. An example of a study that examined
the security of IoT devices linked to 5G networks was
the creation of specific penetration testing techniques to
find weaknesses in firmware and device communication
protocols [19].
• Continuous and Adaptive Penetration Testing: In the
context of 5G networks, continuous and adaptive penetra-
tion testing is becoming more and more crucial. Continual
testing entails continual evaluation of the network’s secu-
rity posture, as opposed to traditional penetration testing,
which is frequently carried out on a quarterly basis.
Adaptive testing modifies testing methods in response to
changing threats and real-time data. This methodology
guarantees that 5G networks are continuously observed
and examined for weaknesses, facilitating prompt iden-
tification and resolution of security concerns. Owing to
their dynamic and complex nature, 5G networks benefit
greatly from continuous and adaptive testing. A research
example A framework for continuous penetration testing
of 5G networks was proposed by researchers [17]. Real-
time data was used to alter testing procedures and address
newly found vulnerabilities [17].
• Emphasis on Privacy and Data Protection: With the
massive volumes of data being processed and transferred
in 5G networks, privacy and data protection are vital
issues. New developments in penetration testing highlight
how critical it is to secure user privacy and guarantee
data security. This includes assessing encryption systems,
looking for possible data leaks, and verifying compliance
with data protection laws. In order to evaluate the privacy
implications of 5G networks and make sure that private
information is shielded from breaches and unwanted ac-
cess, penetration testers are using new methods. Ensuring
privacy is crucial to upholding user confidence and adher-
ing to legal mandates. Using penetration testing to find
flaws in encryption and data handling procedures, one
study examined the privacy and data protection features
of 5G networks [18].
The requirement for sophisticated, automated, and adaptable
techniques to handle the particular difficulties presented by
5G networks is reflected in the new trends and directions that
penetration testing for 5G security is taking. The future of
5G security is being shaped by automated penetration testing
tools, threat intelligence integration, edge computing and IoT
security, continuous and adaptive testing, and privacy and
data protection. Security experts may efficiently find and fix
vulnerabilities by using these cutting-edge techniques, assuring
the stability and resilience of 5G networks.
IX. R ECOMMENDATIONS FOR E NHANCING 5G S ECURITY
Based on the materials that were studied and the findings,
several recommendations can be made for enhancing 5G
Security.
• Implementing Stronger Encryption Methods for Ini-
tial Access and Authentication: Ensuring that commu-
nications between user equipment (UE) and the network
are safe against eavesdropping and unauthorized access
requires strengthening encryption mechanisms for initial
access and authentication procedures. User data and net-
work integrity are safeguarded by improved encryption,
which lowers the possibility of eavesdropping and tam-
pering during the initial access and authentication stages.
• Enhancing Security Measures for Network Slicing and
Virtualization: Two essential elements of 5G networks
are network slicing and virtualization, which enable the
development of numerous virtual networks on a single
physical infrastructure. Improving these technologies’
security protocols is essential to thwarting cross-slice
attacks and guaranteeing the segregation of various slices.
Enhancing the security of virtualization and network
slicing reduces the possibility of unwanted access and
possible interruption of network services, guaranteeing
the safe and autonomous operation of each slice.
• Developing New Tools and Techniques Specifically
for 5G Penetration Testing: It is necessary to create
specific penetration testing tools and procedures that are
adapted to the particulars of 5G networks when new
technologies and architectures are introduced. Security
experts may more successfully find and fix vulnerabilities
in 5G networks, guaranteeing a higher degree of security
and resistance against attacks, by creating and utilizing
sophisticated penetration testing tools and procedures.
X. F UTURE S TUDY
With 5G technology advancing so quickly and being
adopted by so many industries, there is an ongoing need for
research and development to handle new security issues. In
order to improve the security of 5G networks, a number of
areas call for more research as penetration testing techniques
develop.
• Advanced Threat Modeling: Subsequent research ought
to concentrate on creating thorough threat models de-
signed especially for 5G networks. The special features
of 5G, like network slicing, virtualization, and the incor-
poration of IoT devices, must to be taken into account in
these models. Researchers can create stronger security
measures and more efficient penetration testing tech-
niques by having a thorough awareness of various attack
vectors and threat scenarios. For example, more focused
and efficient security assessments may result from the
creation of threat models that take into consideration the
complexities of network slicing and virtualization [16].
• Machine Learning and AI in Penetration Testing:
The discovery and exploitation of vulnerabilities can be
greatly enhanced by the use of artificial intelligence (AI)
and machine learning (ML) into penetration testing tools.
Future studies should look into the ways in which ML
and AI might be used to forecast possible attack vectors,
automate the identification of complex vulnerabilities,
and modify testing procedures in real-time in response
to network behavior. Research may also look into the
creation of AI-powered tools that can mimic complex
attack scenarios and offer practical advice for improving
network security. Automated penetration testing tech-
niques powered by AI have demonstrated potential in
quickly locating and taking advantage of vulnerabilities
in 5G network slices [13].
• Security of Emerging 5G Use Cases: Smart cities,
industrial IoT, driverless cars, and other novel use cases
and applications are developing as 5G technology con-
tinues to advance. These programs all present different
security issues that must be resolved. Future research
ought to look into the particular security needs and
possible weaknesses of these use cases. For example, sci-
entists could investigate how autonomous cars’ vehicle-
to-everything (V2X) connectivity affects security or how
smart cities’ essential infrastructure is safeguarded. These
investigations would offer insightful information about
the security requirements of developing technologies and
applications [19].
• Privacy-Preserving Penetration Testing: Future re-
search should concentrate on creating privacy-preserving
penetration testing methods in light of the growing con-
cerns around data privacy and protection. These methods
ought to guarantee that penetration testing operations
don’t jeopardize user information or break any privacy
laws. While performing thorough security evaluations,
studies could look into ways to handle sensitive data se-
curely, ensure compliance with data protection laws, and
anonymize test data. Such privacy-protecting techniques
are crucial to sustaining user confidence and guaranteeing
legal compliance [18].
• Cross-Disciplinary Approaches to 5G Security: It will
need a multidisciplinary approach integrating insights
from telecommunications, cybersecurity, artificial intelli-
gence, and data privacy to address the security problems
of 5G networks. In order to create comprehensive security
solutions, future research should promote cooperation be-
tween scientists from these various fields. To improve the
robustness of 5G networks, for instance, interdisciplinary
research could concentrate on fusing cryptographic meth-
ods with AI-driven security monitoring. This cooperative
strategy may result in creative solutions to the complex
issues surrounding 5G security [17].
• Longitudinal Studies on 5G Security: Studies that
follow the security of 5G networks longitudinally can
offer important insights into the efficacy of current se-
curity protocols and the dynamic nature of threats. Re-
 searchers can pinpoint locations where current defenses
are inadequate and suggest improvements by examining
trends and patterns in security occurrences. The long-
term effects of developing technology and legislative
adjustments on 5G security can also be evaluated with
the aid of these research. Such longitudinal investigations
are especially well-suited for continuous and adaptive
penetration testing frameworks, which offer continuous
security measure assessment and adjustment [17].
The creation of sophisticated threat models, the incorpo-
ration of AI and machine learning into penetration testing,
and the examination of security issues in newly developing
5G use cases ought to be the top priorities for future 5G
security research. Furthermore, longitudinal research, cross-
disciplinary methods, and privacy-preserving strategies are
crucial for tackling the intricate and changing security environ-
ment of 5G networks. Researchers can aid in the creation of
5G networks that are more durable and secure by concentrating
on these topics [27].
XI. C ONCLUSION
The intricate and constantly changing field of 5G network
security has been examined in this research study, which
concentrated on sophisticated penetration testing methods and
their application to this cutting-edge technology. The study
set out to address three main research questions: determining
which advanced penetration testing methods perform best for
5G networks; contrasting various methods; and investigating
new trends and potential avenues for future research in pene-
tration testing to improve 5G security. The main conclusions
drawn from the study are summarized below, emphasizing
the significance of sophisticated penetration testing methods
and potential avenues for further research in the field of 5G
network security.
• Key Findings:A thorough examination of sophisticated
penetration testing methodologies uncovered several im-
portant strategies designed specifically to handle the spe-
cial characteristics and intricacies of 5G networks. These
include testing for edge computing security, advanced
encryption and authentication, Internet of Things (IoT)
devices, network slicing security, virtualization, and NFV
(Network Function Virtualization) security, and more.
Through their identification and mitigation of potential
vulnerabilities, each of these strategies is essential to
guaranteeing the strong security of 5G networks. Black-
box, white-box, and grey-box penetration testing tech-
niques were compared and their unique advantages and
disadvantages were noted. Black-box testing is useful for
mimicking actual attack scenarios and finding vulnera-
bilities that are exposed to the outside world. White-box
testing thoroughly examines code and configurations to
provide an evaluation of both surface-level and deep-
seated vulnerabilities. Grey-box testing is a method that
strikes a compromise between modeling actual attack
situations and utilizing partial internal knowledge. Ev-
ery technique has optimal applications, highlighting the
necessity of a broad penetration testing approach for fully
safeguarding 5G networks.
• Emerging Trends and Future Directions: The signif-
icance of creativity and flexibility was highlighted by
the examination of new trends and potential paths in
penetration testing for 5G security. The creation of auto-
mated penetration testing tools, the incorporation of threat
intelligence, the emphasis on protecting IoT devices and
edge computing, the adoption of continuous and adaptive
testing, and the privacy and data protection movement
are some of the major trends in this field. These patterns
demonstrate how 5G technology is dynamic and how
sophisticated, automated, and adaptable approaches are
required to meet its particular security requirements.
• Real World Challenges and Limitations: The inclusion
of case studies illustrating practical challenges and limi-
tations in real-world applications of penetration testing in
5G networks provides valuable insights. These case stud-
ies reveal issues such as scalability, resource constraints,
and the complexity of network slicing. Addressing these
challenges requires a combination of automated tools,
increased resource allocation, and collaboration among
stakeholders.
• Comparative Analysis of Penetration Testing Tools:
A detailed comparative analysis of different penetration
testing tools in a 5G context was provided, offering
insights into their effectiveness in identifying and miti-
gating specific vulnerabilities. This analysis helps prac-
titioners select the most appropriate tools based on their
specific needs and resources, considering factors such as
effectiveness, ease of use, scalability, cost, and coverage.
• Recommendations for Future Research: The creation
of sophisticated threat models specifically for 5G net-
works, the incorporation of AI and machine learning into
penetration testing tools, and the examination of security
issues in novel 5G use cases ought to be the top priorities
for future research. Furthermore, longitudinal research,
cross-disciplinary methods, and privacy-preserving strate-
gies are crucial for tackling the intricate and changing
security environment of 5G networks. These areas of
concentration will aid in the creation of 5G infrastructures
that are more robust and secure.
• Overall Significance: Ensuring 5G technology’s security
is crucial as it keeps spreading and integrating into ev-
eryday applications and vital infrastructures. This article
presents facts and recommendations that shed light on the
situation of 5G network security today and in the future.
Security experts can successfully defend 5G networks
against changing dangers and guarantee their depend-
ability, integrity, and credibility for users everywhere by
utilizing cutting-edge penetration testing approaches and
keeping up with new developments.
R EFERENCES
[1] R. P. Jover, “The current state of affairs in 5g security and the main
remaining security challenges,” 2019.
 [2] A. Yazdinejad, R. M. Parizi, A. Dehghantanha, Q. Zhang, and K.-K. R. [23] F. Nelles, A. Yazdinejad, A. Dehghantanha, R. M. Parizi, and G. Srivas-
Choo, “An energy-efficient sdn controller architecture for iot networks tava, “A federated learning approach for multi-stage threat analysis in
with blockchain-based security,” IEEE Transactions on Services Com- advanced persistent threat campaigns,” arXiv preprint arXiv:2406.13186,
puting, vol. 13, no. 4, pp. 625–638, 2020. 2024.
[3] S. Park, D. Kim, Y. Park, H. Cho, D. Kim, and S. Kwon, “5g security [24] A. Yazdinejad, “Secure and private ml-based cybersecurity framework
threat assessment in real networks,” 2021, https://ncbi.nlm.nih.gov. for industrial internet of things (iiot),” Ph.D. dissertation, University of
[4] A. Yazdinejad, R. M. Parizi, A. Dehghantanha, H. Karimipour, G. Sri- Guelph, 2024.
vastava, and M. Aledhari, “Enabling drones in the internet of things [25] B. Zolfaghari, A. Yazdinejad, A. Dehghantanha, J. Krzciok, and
with decentralized blockchain-based security,” IEEE Internet of Things K. Bibak, “The dichotomy of cloud and iot: Cloud-assisted iot from
Journal, vol. 8, no. 8, pp. 6406–6415, 2020. a security perspective,” arXiv preprint arXiv:2207.01590, 2022.
[5] A. Yazdinejad, R. M. Parizi, A. Dehghantanha, and K.-K. R. Choo, “P4- [26] NIST, “Nist special publication 800-125b: Security recommendations for
to-blockchain: A secure blockchain-enabled packet parser for software virtualization technologies in cloud computing,” 2019, national Institute
defined networking,” Computers & Security, vol. 88, p. 101629, 2020. of Standards and Technology.
[6] J. Sakhnini, H. Karimipour, A. Dehghantanha, A. Yazdinejad, T. R. [27] A. Yazdinejad, A. Bohlooli, and K. Jamshidi, “P4 to sdnet: Automatic
Gadekallu, N. Victor, and A. Islam, “A generalizable deep neural net- generation of an efficient protocol-independent packet parser on recon-
work method for detecting attacks in industrial cyber-physical systems,” figurable hardware,” in 2018 8th International Conference on Computer
IEEE Systems Journal, vol. 17, no. 4, pp. 5152–5160, 2023. and Knowledge Engineering (ICCKE). IEEE, 2018, pp. 159–164.
[7] R. P. Jover and V. Marojevic, “Security and protocol exploit analy-
sis of the 5g specifications,” 2019, https://ieeexplore.ieee.org/abstract/
document/8641117.
[8] A. Yazdinejad, A. Dehghantanha, R. M. Parizi, M. Hammoudeh,
H. Karimipour, and G. Srivastava, “Block hunter: Federated learning
for cyber threat hunting in blockchain-based iiot networks,” IEEE
Transactions on Industrial Informatics, vol. 18, no. 11, pp. 8356–8366,
2022.
[9] A. Yazdinejad, A. Dehghantanha, R. M. Parizi, G. Srivastava, and
H. Karimipour, “Secure intelligent fuzzy blockchain framework: Effec-
tive threat detection in iot networks,” Computers in Industry, vol. 144,
p. 103801, 2023.
[10] D. Namakshenas, A. Yazdinejad, A. Dehghantanha, and G. Srivastava,
“Federated quantum-based privacy-preserving threat detection model
for consumer internet of things,” IEEE Transactions on Consumer
Electronics, 2024.
[11] A. Yazdinejad, A. Bohlooli, and K. Jamshidi, “Efficient design and
hardware implementation of the openflow v1. 3 switch on the virtex-6
fpga ml605,” The Journal of Supercomputing, vol. 74, pp. 1299–1320,
2018.
[12] A. Yazdinejad, R. M. Parizi, A. Bohlooli, A. Dehghantanha, and K.-K. R.
Choo, “A high-performance framework for a network programmable
packet processor using p4 and fpga,” Journal of Network and Computer
Applications, vol. 156, p. 102564, 2020.
[13] J. Smith and A. Brown, “Ai-driven automated penetration testing for 5g
network slices,” IEEE Transactions on Network and Service Manage-
ment, 2021, https://ieeexplore.ieee.org/document/9506685.
[14] A. Yazdinejad, E. Rabieinejad, A. Dehghantanha, R. M. Parizi, and
G. Srivastava, “A machine learning-based sdn controller framework for
drone management,” in 2021 IEEE Globecom Workshops (GC Wkshps).
IEEE, 2021, pp. 1–6.
[15] A. Yazdinejad, A. Dehghantanha, and G. Srivastava, “Ap2fl: Auditable
privacy-preserving federated learning framework for electronics in
healthcare,” IEEE Transactions on Consumer Electronics, 2023.
[16] K. Lee and S. Kim, “Integration of threat intelligence into penetra-
tion testing for 5g networks,” Journal of Cybersecurity, 2020, https:
//academic.oup.com/cybersecurity/article/6/1/tyaa015/5890871.
[17] M. Johnson and R. White, “Continuous and adaptive penetration testing
for 5g networks,” Journal of Network and Computer Applications, 2020,
https://www.sciencedirect.com/science/article/pii/S1084804519303629.
[18] K. Tan, Advanced Network Protocol Analysis using Wireshark.
Springer, 2019.
[19] S. Dixit and S. Chadha, “Security implications in 5g networks and
potential solutions,” in Proceedings of the 2019 IEEE International
Conference on Advanced Networks and Telecommunications Systems
(ANTS), 2019.
[20] A. Yazdinejad, A. Dehghantanha, G. Srivastava, H. Karimipour, and
R. M. Parizi, “Hybrid privacy preserving federated learning against
irregular users in next-generation internet of things,” Journal of Systems
Architecture, vol. 148, p. 103088, 2024.
[21] A. Yazdinejad, A. Dehghantanha, H. Karimipour, G. Srivastava, and
R. M. Parizi, “A robust privacy-preserving federated learning model
against model poisoning attacks,” IEEE Transactions on Information
Forensics and Security, 2024.
[22] K. Viswanathan and A. Yazdinejad, “Security considerations for virtual
reality systems,” arXiv preprint arXiv:2201.02563, 2022.