2 research outputs found
LTE PHY Layer Vulnerability Analysis and Testing Using Open-Source SDR Tools
This paper provides a methodology to study the PHY layer vulnerability of
wireless protocols in hostile radio environments. Our approach is based on
testing the vulnerabilities of a system by analyzing the individual subsystems.
By targeting an individual subsystem or a combination of subsystems at a time,
we can infer the weakest part and revise it to improve the overall system
performance. We apply our methodology to 4G LTE downlink by considering each
control channel as a subsystem. We also develop open-source software enabling
research and education using software-defined radios. We present experimental
results with open-source LTE systems and shows how the different subsystems
behave under targeted interference. The analysis for the LTE downlink shows
that the synchronization signals (PSS/SSS) are very resilient to interference,
whereas the downlink pilots or Cell-Specific Reference signals (CRS) are the
most susceptible to a synchronized protocol-aware interferer. We also analyze
the severity of control channel attacks for different LTE configurations. Our
methodology and tools allow rapid evaluation of the PHY layer reliability in
harsh signaling environments, which is an asset to improve current standards
and develop new robust wireless protocols.Comment: 7 pages, 7 figures. Publication accepted at IEEE MILCOM, 2017. This
updated version is very close to the camera-ready version of the pape
Identifying the Fake Base Station: A Location Based Approach
Fake base station (FBS) attack is a great security challenge to wireless user
equipment (UE). During the cell selection stage, the UE receives multiple
synchronization signals (SSs) from multiple nearby base stations (BSs), and
then synchronizes itself with the strongest SS. A FBS also can transmit a SS
with sufficient power to confuse the UE, which makes the UE connect to the FBS,
and may lead to the leakage of private information. In this letter,
countermeasure to the FBS attack by utilizing the location information is
investigated. Two location awareness based FBS-resistance schemes are proposed
by checking the received signal strength according to the position of the UE
and a legitimate BS map. The successful cheating rate (SCR) definded as the
probability that the UE will connect to the FBS is investigated. Numeric
results show that with the two proposed schemes, the SCR can be greatly reduced
especially when the transmit power of the FBS is large. Beyond that, a
cooperation aided method is further proposed to improve the performance, and we
show that the cooperation aided method can further suppress the SCR when the
signal strength from the FBS is similar to that from the legitimate BS.Comment: To be published in IEEE communications letter