Enhancing the Robustness of LTE Systems: Analysis and Evolution of the Cell Selection Process

Labib, Mina; Marojevic, Vuk; Reed, Jeffrey H.; Zaghloul, Amir I.

doi:10.1109/mcom.2017.1500706cm

Cited by 24 publications

(15 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also, 5G will mitigate the threat by removing the PCFICH. Labib et al use radio frequency spoofing to impair synchronization and cell selection [10,11]. Based on experiments with a software UE, enhancements to the aforementioned techniques are proposed.…”

Section: Related Workmentioning

confidence: 99%

Towards Resilient 5G: Lessons Learned from Experimental Evaluations of LTE Uplink Jamming

Girke

Kurtz

Dorsch

et al. 2019

2019 IEEE International Conference on Communications Workshops (ICC Workshops)

View full text Add to dashboard Cite

Energy, water, health, transportation and emergency services act as backbones for our society. Aiming at high degrees of efficiency, these systems are increasingly automated, depending on communication systems. However, this makes these Critical Infrastructures prone to cyber attacks, resulting in data leaks, reduced performance or even total system failure. Beyond a survey of existing vulnerabilities, we provide an experimental evaluation of targeted uplink jamming against Long Term Evolution (LTE)'s air interface. Primarily, our implementations of smart attacks on the LTE Physical Uplink Control Channel (PUCCH), the Physical Uplink Shared Channel (PUSCH) as well as on the radio access procedure are outlined and tested. In exploiting the unencrypted resource assignment process, these attacks are able to target and jam specific UE resources, effectively denying uplink access. Evaluation results reveal the criticality of such attacks, severely destabilizing Critical Infrastructures, while minimizing attacker exposure. Finally we derive possible mitigations and recommendations for 5G stakeholders, which serve to improve the robustness of mission critical communications and enable the design of resilient next generation mobile networks.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Resilient 5G: Lessons Learned from Experimental Evaluations of LTE Uplink Jamming

Girke

Kurtz

Dorsch

et al. 2019

2019 IEEE International Conference on Communications Workshops (ICC Workshops)

View full text Add to dashboard Cite

show abstract

“…This symmetric key security architecture results in the inability of a communication endpoint, the UE, to verify the authenticity and validity of any message that is exchanged prior to the NAS Attach cryptographic handshake. The need for pre-authentication messages to be sent in the clear is widely acknowledged as the root cause of most known LTE protocol exploits [6], [7], [14].…”

Section: Potential Vulnerabilities Of 5g-security Challenges Andmentioning

confidence: 99%

“…The openness of the standard, the large community of researchers, and the broad availability of SDRs, software libraries and open-source implementations of both the eNodeB and the UE protocol stacks have enabled a number of excellent LTE security analyses [5], [9], [10], [28], [29]. Despite the stronger cryptographic algorithms and mutual authentication, UEs and base stations exchange a substantial amount of pre-authentication messages that can be exploited to launch denial of service (DoS) attacks [6], [14], [30], catch IMSIs [31] or downgrade the connection to an insecure GSM link [7], [10]. Researchers also found new privacy and location leaks in LTE [16].…”

Section: A Lte Protocol Exploitsmentioning

confidence: 99%

Security and Protocol Exploit Analysis of the 5G Specifications

Jover

Marojevic

2019

IEEE Access

Self Cite

View full text Add to dashboard Cite

The Third Generation Partnership Project (3GPP) released its first 5G security specifications in March 2018. This paper reviews the proposed security architecture, its main requirements and procedures, and evaluates them in the context of known and new protocol exploits. Although security has been improved from previous generations, our analysis identifies unrealistic 5G system assumptions and protocol edge cases that can render 5G communication systems vulnerable to adversarial attacks. For example, null encryption and null authentication are still supported and can be used in valid system configurations. With no clear proposal to tackle pre-authentication messages, mobile devices continue to implicitly trust any serving network, which may or may not enforce a number of optional security features, or which may not be legitimate. Moreover, several critical security and key management functions are left outside of the scope of the specifications. The comparison with known 4G Long-Term Evolution (LTE) protocol exploits reveals that the 5G security specifications, as of Release 15, Version 1.0.0, do not fully address the user privacy and network availability challenges.

show abstract

“…If this timer expires, the UE should blacklist the PSS for a certain amount of time, and choose the second strongest cell within the same frequency. PSS and SSS spoofing attacks can be mitigated by having the UE create a list of all available cells in the given frequency channel along with their received power levels [14]. The UE could then search for the PBCH of the strongest cell and have another timer for decoding the MIB.…”

Section: Survey Of Mitigation Techniquesmentioning

confidence: 99%

5G NR Jamming, Spoofing, and Sniffing: Threat Assessment and Mitigation

Lichtman

Rao

Marojevic

et al. 2018

2018 IEEE International Conference on Communications Workshops (ICC Workshops)

Self Cite

View full text Add to dashboard Cite

In December 2017, the Third Generation Partnership Project (3GPP) released the first set of specifications for 5G New Radio (NR), which is currently the most widely accepted 5G cellular standard. 5G NR is expected to replace LTE and previous generations of cellular technology over the next several years, providing higher throughput, lower latency, and a host of new features. Similar to LTE, the 5G NR physical layer consists of several physical channels and signals, most of which are vital to the operation of the network. Unfortunately, like for any wireless technology, disruption through radio jamming is possible. This paper investigates the extent to which 5G NR is vulnerable to jamming and spoofing, by analyzing the physical downlink and uplink control channels and signals. We identify the weakest links in the 5G NR frame, and propose mitigation strategies that should be taken into account during implementation of 5G NR chipsets and base stations.

show abstract

Enhancing the Robustness of LTE Systems: Analysis and Evolution of the Cell Selection Process

Cited by 24 publications

References 8 publications

Towards Resilient 5G: Lessons Learned from Experimental Evaluations of LTE Uplink Jamming

Towards Resilient 5G: Lessons Learned from Experimental Evaluations of LTE Uplink Jamming

Security and Protocol Exploit Analysis of the 5G Specifications

5G NR Jamming, Spoofing, and Sniffing: Threat Assessment and Mitigation

Contact Info

Product

Resources

About