Write supiOrSuci to log on re-sync failure #13
Conversation
| // Check if suci | ||
| if suciPart := strings.Split(supiOrSuci, "-"); suciPart[0] == "suci" { | ||
| // Get SuciProfile index and write public key | ||
| keyIndex, err := strconv.Atoi(suciPart[suci.HNPublicKeyIDPlace]) |
There was a problem hiding this comment.
need to rename err (ex: err1) to prevent golangci-linter fail: shadow: declaration of "err" shadows declaration at line 158 (govet)
|
Pushed commit w/ rename. Sorry about that! |
|
Hello, I am Virgil, a security researcher from the WSPR (Wolfpack Security and Privacy Research) lab at North Carolina State University.
As part of an ongoing 5G security project, we have done some error handling analysis of free5GC. One finding involves the writing of
supito log in the event of a re-sync error. This occurs atinternal/sbi/producer/generate_auth_data.goLine 297.supiis considered a sensitive identifier, as per TS 33.501 Section 5.2.5.This PR changes the
supilog write tosupiOrSuciand adds a write of the UDM public key for ease of configuration identification.The change to writing
supiOrSuciensures the encrypted SUCI is written to log rather than SUPI, if it is present.The addition of the UDM public key allows for easier
suciProfileconfiguration YAML identification, in the event of multiple UDMs. The public key is in the SUCI, but this prevents an auditor from having to parse the SUCI to identify the neccessary keys for decryption.The writing of SUCI instead of SUPI (if present) still allows for the debugging of the re-sync error (as the operator should have access to the private key), but prevents the SUPI from being written to log.
Will open submodule hash update PR in main repo if accepted.