On the security of software-defined next-generation cellular networks

In the recent years, mobile cellular networks are ndergoing fundamental changes and many established concepts are being revisited. Future 5G network architectures will be designed to employ a wide range of new and emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network management and operation, enabling the creation of new generation services with substantially higher data rates and lower delays. However, new security challenges and threats are also introduced. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a secure and reliable way. At the same time, novel 5G systems have proffered invaluable opportunities of developing novel solutions for attack prevention, management, and recovery. In this paper, first we discuss the main security threats and possible attack vectors in cellular networks. Second, driven by the emerging next-generation cellular networks, we discuss the architectural and functional requirements to enable appropriate levels of security

A Preliminary Study of Machine-Learning-Based Ranging with LTE Channel Impulse Response in Multipath Environment

Alternative navigation technology to global navigation satellite systems (GNSSs) is required for unmanned ground vehicles (UGVs) in multipath environments (such as urban areas). In urban areas, long-term evolution (LTE) signals can be received ubiquitously at high power without any additional infrastructure. We present a machine learning approach to estimate the range between the LTE base station and UGV based on the LTE channel impulse response (CIR). The CIR, which includes information of signal attenuation from the channel, was extracted from the LTE physical layer using a software-defined radio (SDR). We designed a convolutional neural network (CNN) that estimates ranges with the CIR as input. The proposed method demonstrated better ranging performance than a received signal strength indicator (RSSI)-based method during our field test.Comment: Submitted to IEEE/IEIE ICCE-Asia 202

Detection solution analysis for simplistic spoofing attacks in commercial mini and micro UAVs

Enamus droone kasutab lennundusest pärit GPS navigatsiooniseadmeid, millel puuduvad turvaprotokollid ning nende riskioht pahatahtlike rünnakute sihtmärgina on kasvanud hüppeliselt lähimineviku arengute ja progressi tõttu SDR ja GNSS simulatsioonitarkvara valdkonnas. See on loonud ligipääsu tehnikale amatöörkasutajatele, millel on saatja aadressi võltsimise jõudlus. Need potensiaalsed rünnakud kuuluvad lihtsakoeliste kategooriasse, kuid selle uurimustöö tulemusena selgus, et nendes rünnakute edukuses on olulised erinevused teatud GPS vastuvõtjate ja konfiguratsioonide vahel. \n\rSee uurimustöö analüüsis erinevaid saatja aadressi võltsimise avastamise meetodeid, mis olid avatud kasutajatele ning valis välja need, mis on sobilikud mini- ja mikrodroonide tehnonõuetele ja operatsioonistsenaariumitele, eesmärgiga pakkuda välja GPS aadresside rünnakute avastamiseks rakenduste tasandil avatud allikakoodiga Ground Control Station tarkvara SDK. Avastuslahenduse eesmärk on jälgida ja kinnitada äkilisi, abnormaalseid või ebaloogilisi tulemväärtusi erinevates drooni sensiorites lisaallkatest pärit lisainfoga. \n\rLäbiviidud testid kinnitavad, et olenevalt olukorrast ja tingimustest saavad saatja aadressi võltsimise rünnakud õnnestuda. Rünnakud piiravad GPS mehanismide ligipääsu, mida saab kasutada rünnakute avastuseks. Neid rünnakuid puudutav info asetseb infovoos või GPSi signaalprotsessi tasandis, kuid seda infot ei saa haarata tasandile kus SDK tarkvara haldab kõigi teiste sensorite infot.Most of UAVs are GPS navigation based aircrafts that rely on a system with lack of security, their latent risk against malicious attacks has been raised with the recent progress and development in SDRs and GNSS simulation software, facilitating to amateurs the accessibility of equipment with spoofing capabilities. The attacks which can be done with this setup belong to the category simplistic, however, during this thesis work there are validated different cases of successful results under certain GPS receivers’ state or configuration.\n\rThis work analysis several spoofing detection methods found in the open literature, and selects the ones which can be suitable for mini and micro UAV technical specifications and operational scenario, for proposing a GPS spoofing detection solution developed in the application layer of an open source code Ground Control Station software SDK. The detection solution is intended to monitor and correlate abrupt, abnormal or unreasonable values of different sensors of the UAV with data obtained from available additional sources.\n\rThe conducted tests validate the cases and circumstances where the spoofing attacks were successful. Limitations include the lack of mechanisms to access GPS values which can be useful for detection spoofing attacks, but reside in the data bit or signal processing layer of the GPS and can not be retrieve to the layer where the SDK in computing all data of other sensors

Analysis of a Simple, Multi-Receiver GPS Spoof Detector

GPS spoofing is a hot topic of late; technical discussions vary widely based upon the assumed capabilities and a priori knowledge of the spoofer. For a single GPS receiver, various methods to detect a spoofing event have been proposed in the literature. These range from simple ideas (e.g. monitoring the power levels of the GPS signals) to more complex concepts (e.g. looking for vestigial peaks in the correlator outputs) to the comparison to non- GPS signals (e.g. an IMU). Much of this prior work has been on the conceptual level with limited experimentation; little appears to have been done to analyze the resulting detection performance. The detector of interest here monitors the GPS signals using not one, but two or more receivers with their antennas at known relative positions. The assumption is that during a spoofing event these multiple receivers will receive the same spoofer RF signal in that the satellites’ characteristics (i.e. relative times of arrival) are identical at all of the antennas. With no spoofer present, each antenna would receive a unique RF signal, consistent with its position in space. The concept of the detector, then, is that the presence of spoofing is discernible from the near equivalence of the receivers’ receptions. While one could compare these multiple receptions at the RF level, we compare the position solutions across receivers, declaring a spoofing event if the resulting position solutions are too close to each other as compared to the (known) relative locations of the antennas. The primary advantage of such an approach is that the hypothesis test does not require receiver hardware modification or even access to software GPS methods; a separate processor could easily monitor the positions output from the receivers. In this paper we analyze such a detector from a Neyman-Pearson perspective assuming Gaussian statistics on the position solution data. We consider four cases: (1) two receivers with fixed (known) locations, (2) two receivers with fixed separation and known orientation (but unknown absolute position), (3) two receivers with fixed separation and unknown orientation, and (4) a three receiver example