Towards 6G Roaming Security: Experimental Analysis of SUCI-Based DoS, Cost, and NF Stress

Abstract

This study investigates performance overheads and security threats in 6th Generation Mobile Communication (6G) roaming environments, which are expected to enable services such as autonomous driving, smart cities, and remote healthcare that demand ultra-low latency and high reliability. To bridge the gap between standardization and real-world deployment, we built a realistic roaming testbed by separating the home and visited public land mobile networks (H-PLMN and V-PLMN) and simulating user equipment (UE) interactions. In this environment, we defined and measured roaming cost by comparing non-roaming and roaming procedures, and reproduced two Subscription Concealed Identifier (SUCI)-based denial-of-service (DoS) attacks: random generation and replay. Our experiments showed that intermediary functions such as the Security Edge Protection Proxy (SEPP) and Service Communication Proxy (SCP) introduced CPU/memory overhead and latency, highlighting performance degradation unique to roaming. Moreover, random SUCI generation concentrated load on the Authentication Server Function (AUSF) in the H-PLMN, whereas replay attacks distributed it across both the H-PLMN and the V-PLMN, consistently identifying the AUSF as a bottleneck. These findings demonstrate that roaming enlarges the attack surface and exposes vulnerabilities not fully addressed in current standards. We conclude that secure and reliable 6G roaming requires multi-layered defense strategies with inter-operator cooperation, providing empirical evidence to guide standardization and operational practice.