Towards Resilient 5G: Lessons Learned from Experimental Evaluations of LTE Uplink Jamming

Girke, Felix; Kurtz, Fabian; Dorsch, Nils; Wietfeld, Christian

doi:10.1109/iccw.2019.8756977

Cited by 18 publications

(16 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Further, attacks can exploit protocol vulnerabilities of the phone [43], [24] or exhaust resources [46] for a denial of service. A special kind of denial of service are jamming attacks that disturb the physical communication [27], [31], [16]. Hussain et al [24] present an authentication relay attack that allows eavesdropping on un-encrypted traffic.…”

Section: Related Workmentioning

confidence: 99%

IMP4GT: IMPersonation Attacks in 4G NeTworks

Rupprecht

Kohls

Holz

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Long Term Evolution (LTE/4G) establishes mutual authentication with a provably secure Authentication and Key Agreement (AKA) protocol on layer three of the network stack. Permanent integrity protection of the control plane safeguards the traffic against manipulations. However, missing integrity protection of the user plane still allows an adversary to manipulate and redirect IP packets, as recently demonstrated. In this work, we introduce a novel cross-layer attack that exploits the existing vulnerability on layer two and extends it with an attack mechanism on layer three. More precisely, we take advantage of the default IP stack behavior of operating systems and show that combining it with the layer-two vulnerability allows an active attacker to impersonate a user towards the network and vice versa; we name these attacks IMP4GT (IMPersonation attacks in 4G neTworks). In contrast to a simple redirection attack as demonstrated in prior work, our attack dramatically extends the possible attack scenarios and thus emphasizes the need for user-plane integrity protection in mobile communication standards. The results of our work imply that providers can no longer rely on mutual authentication for billing, access control, and legal prosecution. On the other hand, users are exposed to any incoming IP connection as an adversary can bypass the provider's firewall. To demonstrate the practical impact of our attack, we conduct two IMP4GT attack variants in a live, commercial network, which-for the first time-completely break the mutual authentication aim of LTE on the user plane in a realworld setting.

show abstract

Section: Related Workmentioning

confidence: 99%

IMP4GT: IMPersonation Attacks in 4G NeTworks

Rupprecht

Kohls

Holz

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…However, the transmit power of IJs are limited due to their wide-band nature and distance to the target [9]. Hence, for the IJs to be effective, they are required to be deployed near the target in sufficient number and in close proximity [11]. Moreover, this work consider that the IJs possesses necessary details about network parameters including location of target, transmit power and frequency band, thus, forcing the target out of coverage [9,12,13].…”

Section: Distributed Denial-of-service Attacksmentioning

confidence: 99%

“…) is achieved as (11). Similarly, for uniformly distributed IJs without RFA, UL coverage probability expression,…”

Section: Coverage Probability For Ul In the Presence Of Ijs Without Rfamentioning

confidence: 99%

5G Cellular Networks: Coverage Analysis in the Presence of Inter-Cell Interference and Intentional Jammers

et al. 2020

View full text Add to dashboard Cite

Intentional jammers (IJs) can be used by attackers for the launching of distributed denial-of-service attacks in 5G cellular networks. These adversaries are assumed to have adequate information about the network specifications, such as duration, transmit power and positions. With these assumptions, the IJs gain the ability to disrupt the legitimate communication of the network. Heterogeneous cellular networks (HetNets) can be considered a vital enabler for 5G cellular networks. Small base stations (SBSs) are deployed inside macro base station (MBS) to improve spectral efficiency and capacity. Due to orthogonal frequency division multiplexing assumption, HetNets’ performance is mainly limited by inter-cell interference (ICI). Additionally, there exist IJs-interference (IJs-I), which significantly degrades the network coverage depending on the IJs’ transmit power levels and their proximity with the target. The proposed work explores the uplink (UL) coverage performance of HetNets in the presence of both IJs-I and ICI. Moreover, to reduce the effects of ICI and IJs-I, reverse frequency allocation (RFA) is employed which is a proactive interference abating scheme. In RFA, different sub-bands of the available spectrum are used by MBS and SBS in alternate regions. The proposed setup is evaluated both analytically as well as with the help of simulation. The results demonstrate considerable UL coverage performance improvement by effectively mitigating IJs-I and ICI.

show abstract

“…The authors demonstrate that by employing their proposed setup, peak signal-to-noise ratio (PSNR) increases by 11.3 dB. In [25], the authors investigate smart jammer attacks on the LTE Physical Uplink Shared Channel (PUSCH), Physical Uplink Control Channel (PUCCH), and the radio access procedure. Moreover, they derive possible mitigation and recommendations to improve the robustness of mission-critical communications.…”

Section: Related Workmentioning

confidence: 99%

“…1. In [14,[21][22][23][24][25], different jamming techniques with their detection and mitigation methods are investigated in different networks. However, these studies lack the analysis of both ICI and JI in HetNets along with RFA.…”

Section: Approach and Contributionsmentioning

confidence: 99%

Proactive Uplink Interference Mitigation in HetNets Stressed by Uniformly Distributed Wideband Jammers

Abbas

Haroon

et al. 2019

Electronics

View full text Add to dashboard Cite

In heterogeneous cellular networks (HetNets), densification of small base stations (SBSs) in the macro base station (MBS) coverage region leads to improved network coverage and capacity. However, this improvement is at the cost of inter-cell interference (ICI) due to the high MBS transmit power. The situation deteriorates further when uniformly deployed wideband jammers (WBJs) to initiate distributed denial-of-service (DDoS) attacks are present. With sufficient knowledge about the network parameters, WBJs produce substantial jammer interference (JI) by transmitting unwanted energy in the legitimate band. Such jamming attacks can cause significant JI in the UL communications of MBS edge users (M-EUs) due to i) low uplink (UL) transmit power of user equipment (UE) and ii) longer distances of M-EUs. As a result of ICI and JI, M-EUs are severely affected and go off the coverage due to a low received signal-to-interference ratio (SIR). Hence, to mitigate both ICI and JI, we use a proactive resource allocation scheme known as reverse frequency allocation (RFA). The results indicate that although ICI and JI significantly degrade network performance, RFA employment leads to improved SIR due to effective ICI and JI mitigation.

show abstract

Towards Resilient 5G: Lessons Learned from Experimental Evaluations of LTE Uplink Jamming

Cited by 18 publications

References 14 publications

IMP4GT: IMPersonation Attacks in 4G NeTworks

IMP4GT: IMPersonation Attacks in 4G NeTworks

5G Cellular Networks: Coverage Analysis in the Presence of Inter-Cell Interference and Intentional Jammers

Proactive Uplink Interference Mitigation in HetNets Stressed by Uniformly Distributed Wideband Jammers

Contact Info

Product

Resources

About