Characterizing 5G vulnerabilities in an expeditionary environment

Navy SBIR 21.2 - Topic N212-122
ONR - Office of Naval Research
Opens: May 19, 2021 - Closes: June 17, 2021 (12:00pm edt)

N212-122 TITLE: Characterizing 5G vulnerabilities in an expeditionary environment

RT&L FOCUS AREA(S): 5G;Cybersecurity

TECHNOLOGY AREA(S): Information Systems

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.

OBJECTIVE: Develop a lightweight and reliable vulnerability detection and verification system for 5G end user devices and its supported infrastructure at the Physical (PHY) and Media Access Control (MAC) layers.

DESCRIPTION: The Navy seeks development of a lightweight and reliable vulnerability detection and verification system for 5G end user devices and its supported infrastructure at the Physical (PHY) and Media Access Control (MAC) layers.

The general architecture for 5G networks demonstrates the ability to connect to many differing types of devices such as high speed mobile networks, vehicular networks, and industry machine-to-machine communications. The throughput, latency, and bandwidths not only appeal to every day users but to military operations that seek to become more connected. However, little is understood how the vendors will implement the security features provided in the 3GPP R16 specification [Ref 4]. Due to the diversification of the emerging commercial lines, it is likely that each 5G network will exhibit very different security stances.

The objective is to develop a prototype device that can perform integrity checks and vulnerability discovery actions upon entry into prototypical 5G networks (e.g., vehicular networks, smart communities, healthcare networks). The device will focus on assessing security issues with the media access control (MAC) layer and physical (PHY) layer and providing users that feedback. Major attacks that threaten wireless networks include eavesdropping, jamming, denial-of-service, and man-in-the-middle. Emerging work in protocol fuzzing and protocol reverse engineering provides higher order effects even on proprietary systems. Many of these approaches are difficult under ideal situations.

The prototype device must be able to demonstrate the ability to be deployed in an expeditionary setting. The system should be able to be operated using a power draw from a medium sized tactical vehicle (i.e., JLTV). It should not exceed 100 lbs for easy transport and its dimensions should not warrant larger than a 2-man carry.

Security and privacy studies have focused on earlier generation wireless networks. Only in the last couple of years has a systematic approach to looking at vulnerability discovery for 4G Long Term Evolution (LTE) been published. 5G presents a heavier reliance on virtualization and software-defined networking. The impact of this on security has not yet been fully grasped. These impacts must be understood at the sub-6GHz and the mmWave bands.

Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. owned and operated with no foreign influence as defined by DoD 5220.22-M, National Industrial Security Program Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Counterintelligence and Security Agency (DCSA) formerly Defense Security Service (DSS). The selected contractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances. This will allow contractor personnel to perform on advanced phases of this project as set forth by DCSA and ONR in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material IAW DoD 5220.22-M during the advanced phases of this contract.

PHASE I: Define and develop a concept to meet Naval needs for an innovative and mobile 5G vulnerability detection reporting capability. Evaluate the technical feasibility of this concept for the Naval Forces. Perform modeling and simulation to provide initial assessment of concept. This will include network architectures likely to be encountered in expeditionary environments (see MCTP 3-40G), the attack vectors, and security features expected. Initial system design parameters to perform assessments will also be derived.

PHASE II: Develop a Phase II prototype for evaluation based on the results of Phase I. The prototype will be evaluated to determine its capability in meeting the performance goals defined in Phase II Statement of Work (SOW) and the Naval need for improved security via integrity assessment of nearby local 5G networks that could be leveraged for military operations. Knowledge of which networks are reliable could be disseminated to service members using personal devices in forward deployed zones to increase operational security. Demonstrate the ability to discover vulnerabilities across the PHY and MAC layers (threshold) as well as higher in the stack (objective) and present this data to users. Showcase this ability over various differing network use case configurations. The prototype design should be at least of a vehicle mount configuration. Deliver a minimum of three prototypes to the Navy for evaluation. Perform detailed analysis to ensure the materials are rugged and appropriate for Naval application, including environment, shock, and vibration analysis.

Phase II may become classified (see Description) with the discovery of vulnerabilities within the PHY and MAC layers of signals of interest to the Naval Forces. In those cases, surrogates as well as the specific signals of interest will be evaluated.

PHASE III DUAL USE APPLICATIONS: Apply the knowledge gained in Phase II to build an advanced module, suitably packaged with arbitrary waveform generation, ability to either self-power or connect with a vehicle plant, and to characterize the local 5G network to include its vulnerabilities as defined by Naval requirements. Working with the Navy and applicable industry partners, demonstrate application with the potential to be implemented on a light tactical vehicle and/or at a land-based test site to support vulnerability discovery and reporting. Support the Navy with test and validation to certify and qualify the system for Naval use. Explore the potential to transfer the vulnerability discovery tool to other military and commercial systems (e.g., telecommunications). Identify the most promising areas via market research and analysis and develop manufacturing plans to facilitate a smooth transition to the Navy.

5G is an emerging network that is gaining traction across the entire global market. As users share more and more content online, security and privacy will become a larger concern. Providing a means to understand network integrity will aid users in data transfer decisions and potentially reduce catastrophic vulnerability and economic impacts.




  1. Fang, Donfeng; Quan, Yi; and Hu, Rose Qingyang. "Security for 5G Mobile Wireless Networks" IEEE Access Special Section on Trusted Computing Vol 6, 2019.
  2. Bartock, Mike; Cichonski, Jeff; and Souppaya, Murugiah. "5G Cybersecurity: Preparing a Secure Evolution to 5G." NIST National Cybersecurity Center of Excellence, April 2020.
  3. Hussain, Syed Rafiul; Chowdhury, Omar; Mehnaz, Shagufta; and Bertino, Elisa. "LTE Inspector: A Systematic Approach for Adversarial Testing of 4G LTE." Network and Distributed Systems Security (NDSS) 2019, 18-21 February 2019, San Diego, USA.
  4. 3GPP Release 16. July 2020.

KEYWORDS: Wireless networks; security and privacy; network architecture; attack models; 5G; vulnerability discovery

TPOC-1: Waleed Barnawi



TPOC-2: Adam Miller 



The Navy Topic above is an "unofficial" copy from the overall DoD 21.2 SBIR BAA. Please see the official DoD Topic website at for any updates.

The DoD issued its 21.2 SBIR BAA pre-release on April 21, which opens to receive proposals on May 19, 2021, and closes June 17, 2021 (12:00pm edt).

Direct Contact with Topic Authors: During the pre-release period (April 21 thru May 18, 2021) proposing firms have an opportunity to directly contact the Technical Point of Contact (TPOC) to ask technical questions about the specific BAA topic. Once DoD begins accepting proposals on May 19, 2021 no further direct contact between proposers and topic authors is allowed unless the Topic Author is responding to a question submitted during the Pre-release period.

SITIS Q&A System: After the pre-release period, proposers may submit written questions through SITIS (SBIR/STTR Interactive Topic Information System) at, login and follow instructions. In SITIS, the questioner and respondent remain anonymous but all questions and answers are posted for general viewing.

Note: Questions should be limited to specific information related to improving the understanding of a particular topicís requirements. Proposing firms may not ask for advice or guidance on solution approach and you may not submit additional material to the topic author. If information provided during an exchange with the topic author is deemed necessary for proposal preparation, that information will be made available to all parties through SITIS. After the pre-release period, questions must be asked through the SITIS on-line system.

Topics Search Engine: Visit the DoD Topic Search Tool at to find topics by keyword across all DoD Components participating in this BAA.

Help: If you have general questions about DoD SBIR program, please contact the DoD SBIR Help Desk via email at

[ Return ]