A Security Assessment of HTTP/2 Usage in 5G Service-Based Architecture

Fifth generation (5G) networks are designed to bring enhanced network operational efficiency to serve a wide range of emerging services. Toward this purpose, 5G adopts a service-based architecture (SBA) that features web-based technologies such as Hypertext Transfer Protocol version 2 (HTTP/2) used for signaling and application programming interfaces (APIs) for service delivery. Several works in the literature have reported that the shift toward the aforementioned technologies brings potential cybersecurity challenges to the 5G network. In this article, we discuss different security features introduced by 5G SBA and explore these security challenges and their solutions in this new architecture. We carefully examine HTTP/2 features, standards, and custom headers, and discuss their security implications in 5G SBA. We comment on the applicability of some known HTTP/2 attacks in 5G SBA in light of the standardized APIs, and discuss the security opportunities and research directions brought by this protocol and its related technologies.