LTE Security

Forsberg, Dan; Horn, Gnther; Moeller, Wolf‐Dietrich; Niemi, Valtteri

doi:10.1002/9781118380642

Cited by 46 publications

(41 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One solution is to protect broadcast messages using a public key mechanism but this requires relatively big changes in LTE protocols. According to [54], 3GPP decided against usage of public key mechanisms because its implementation cost was deemed too high. However, our findings may have changed the equilibrium in this trade-off.…”

Section: B Countermeasures and Discussionmentioning

confidence: 99%

“…A proof of concept paper by P. Jover et al [63] provides an overview of new effective attacks (smart jamming) that extend the range and effectiveness of basic radio jamming. However according to [54], both aforementioned flooding and jamming attacks are non-persistent DOS attacks hence not considered as a threat to address in the LTE architecture. In contrast, our DoS attacks are persistent and targeted towards the UE (subscribers).…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems

Shaik¹,

Borgaonkar²,

Asokan³

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

Self Cite

183

178

View full text Add to dashboard Cite

Abstract-Mobile communication systems are now an essential part of life throughout the world. Fourth generation "Long Term Evolution" (LTE) mobile communication networks are being deployed. The LTE suite of specifications is considered to be significantly better than its predecessors not only in terms of functionality but also with respect to security and privacy for subscribers. We carefully analyzed LTE access network protocol specifications and uncovered several vulnerabilities. Using commercial LTE mobile devices in real LTE networks, we demonstrate inexpensive, and practical attacks exploiting these vulnerabilities. Our first class of attacks consists of three different ways of making an LTE device leak its location: In our experiments, a semi-passive attacker can locate an LTE device within a 2 km 2 area in a city whereas an active attacker can precisely locate an LTE device using GPS co-ordinates or trilateration via cell-tower signal strength information. Our second class of attacks can persistently deny some or all services to a target LTE device. To the best of our knowledge, our work constitutes the first publicly reported practical attacks against LTE access network protocols.We present several countermeasures to resist our specific attacks. We also discuss possible trade-off considerations that may explain why these vulnerabilities exist. We argue that justification for these trade-offs may no longer valid. We recommend that safety margins introduced into future specifications to address such trade-offs should incorporate greater agility to accommodate subsequent changes in the trade-off equilibrium.

show abstract

Section: B Countermeasures and Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems

Shaik¹,

Borgaonkar²,

Asokan³

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

Self Cite

183

178

View full text Add to dashboard Cite

show abstract

“…The use of the UICC that contains IMSI and TMSI to generate keys, will ensure the end-to-end security and the confidentiality between the communicating parties. The mentioned approach is described in the specification designed by the 3GPP consortium and analyzed by Forsberg in [16]. The downside of this approach is the possibility of causing performance degradation due to the external connection.…”

Section: Org 249mentioning

confidence: 99%

“…In order to increase the security and trust level within the system, we have to ensure that all users are real people and all devices are legal registered products -no clone or modified device should be allowed -a 4G/LTE (or 3G if not available, because LTE security functions are backward compatible with universal mobile telecommunications system (UMTS) security functions [16]) network connection with a valid universal integrated circuit card (UICC, formerly called as the SIM card) is required. By this way, all users of the system will be authenticated by the network operators and personal information about the user will be available but not visibly disclosed to merchants or third party companies and applications.…”

Section: Validation Of the Partiesmentioning

confidence: 99%

Widipay: A Cross-Layer Design for Mobile Payment System Over Lte Direct

Cabuk¹

2016

IJRET

View full text Add to dashboard Cite

Long term evolution direct, plus its features of device-to-device networking and proximate discovery, are new and emerging technologies able to come out of the shadow to render a whole new perspective at mobile payments. In this work, we propose a new mobile payment system using long term evolution direct and its features. A sensitive mobile payment system would require high security requirements in order to be trusted by the users and the businesses. These requirements are taken into account in our proposed system design and solutions to security considerations are provided. The system's security and usability features are designed for implementation from physical to application layer to address the identified issues. Within the scope of this work, we provided the conceptual design solutions to allow the system to be as solid and secure as possible while they are convenient enough not to degrade user's experience when using the system.

show abstract

“…The use of AKA in LTE is required by 3GPP TS 33.401 [28]. A detailed description of the AKA protocol is available within [29].…”

Section: Appendix A-acronyms and Abbreviationsmentioning

confidence: 99%

Consideration for Identity Management in Public Safety Mobile Networks

Hastings

Franklin²

2015

View full text Add to dashboard Cite

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in Federal information systems. AbstractThis document analyzes approaches to identity management for public safety networks in an effort to assist individuals developing technical and policy requirements for public safety use. These considerations are scoped into the context of their applicability to public safety communications networks with a particular focus on the nationwide public safety broadband network (NPSBN) based on the Long Term Evolution (LTE) family of standards. A short background on identity management is provided alongside a review of applicable federal and industry guidance. Considerations are provided for identity proofing, selecting tokens, and the authentication process. While specific identity management technologies are analyzed, the document does not preclude other identity management technologies from being used in public safety communications networks.

show abstract

LTE Security

Cited by 46 publications

References 3 publications

Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems

Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems

Widipay: A Cross-Layer Design for Mobile Payment System Over Lte Direct

Consideration for Identity Management in Public Safety Mobile Networks

Contact Info

Product

Resources

About