2,967 research outputs found
Rogue Base Station Detection Techniques
User equipment (UE) and cellular networks implement one or more techniques to detect and mitigate rogue base stations/cells. In one approach, a UE implements base station authentication techniques for detecting and mitigating rogue base stations. In this approach, the UE detects a failed authentication procedure and determines the associated base station is a rogue base station. The UE stores identifying information associated with the rogue base station and location information associated with the UE. Upon attachment with a legitimate base station/cell, the UE sends the identifying information and location information to the network. In another example, the network implements reverse mobility detection techniques for detecting and mitigating rogue base stations. In this approach, static mobile UEs are located throughout the network and monitor signal strength variations associated with cells for detecting rogue base stations. In yet another approach, a UE is configured to detect when a base station is attempting to downgrade the UE to a lower order radio access technology (RAT) and identifies the base station as a rogue base station. In a further approach, a UE is configured to determine when a received signal strength indicator (RSSI) is abnormally high, indicating that a rogue base station is using a signal-jamming mechanism
Generation of realistic signal strength measurements for a 5G Rogue Base Station attack scenario
The detection and prevention of cyber-attacks is one of the main challenges in Vehicle-to-Everything (V2X) autonomous platooning scenarios. A key tool in this activity is the measurement report that is generated by User Equipment (UE), containing received signal strength and location information. Such data is effective in techniques to detect Rogue Base Stations (RBS) or Subscription Permanent Identifier SUPI/5G-GUTI catchers. An undetected RBS could result in unwanted consequences such as Denial of Service (DoS) attacks and subscriber privacy attacks on the network and UE. Motivated by this, this paper presents the novel simulation of a 5G cellular system to generate a realistic dataset of signal strength measurements that can later be used in the development of techniques to identify and prevent RBS interventions. The results show that the tool can create a large dataset of realistic measurement reports which can be used to develop and validate RBS detection techniques
Synthetic Generation of Realistic Signal Strength Data to Enable 5G Rogue Base Station Investigation in Vehicular Platooning
Rogue Base Stations (RBS), also known as 5G Subscription Concealed Identifier (SUCI) catchers, were initially developed to maliciously intercept subscribers’ identities. Since then, further advances have been made, not only in RBSs, but also in communication network security. The identification and prevention of RBSs in Fifth Generation (5G) networks are among the main security challenges for users and network infrastructure. The security architecture group in 3GPP clarified that the radio configuration information received from user equipment could contain fingerprints of the RBS. This information is periodically included in the measurement report generated by the user equipment to report location information and Received Signal Strength (RSS) measurements for the strongest base stations. The motivation in this work, then is to generate 5G measurement reports to provide a large and realistic dataset of radio information and RSS measurements for an autonomous vehicle driving along various sections of a road. These simulated measurement reports can then be used to develop and test new methods for identifying an RBS and taking mitigating actions. The proposed approach can generate 20 min of synthetic drive test data in 15 s, which is 80 times faster than real time
Rogue Drone Detection: A Machine Learning Approach
The emerging, practical and observed issue of how to detect rogue drones that
carry terrestrial user equipment (UEs) on mobile networks is addressed in this
paper. This issue has drawn much attention since the rogue drones may generate
excessive interference to mobile networks and may not be allowed by regulations
in some regions. In this paper, we propose a novel machine learning approach to
identify the rogue drones in mobile networks based on radio measurements. We
apply two classification machine learning models, Logistic Regression, and
Decision Tree, using features from radio measurements to identify the rogue
drones. We find that for high altitudes the proposed machine learning solutions
can yield high rogue drone detection rate while not mis-classifying regular
ground based UEs as rogue drone UEs. The detection accuracy however degrades at
low altitudes.Comment: Submitted to Globecom 201
Applying Machine Learning on RSRP-based Features for False Base Station Detection
False base stations -- IMSI catchers, Stingrays -- are devices that
impersonate legitimate base stations, as a part of malicious activities like
unauthorized surveillance or communication sabotage. Detecting them on the
network side using 3GPP standardized measurement reports is a promising
technique. While applying predetermined detection rules works well when an
attacker operates a false base station with an illegitimate Physical Cell
Identifiers (PCI), the detection will produce false negatives when a more
resourceful attacker operates the false base station with one of the legitimate
PCIs obtained by scanning the neighborhood first. In this paper, we show how
Machine Learning (ML) can be applied to alleviate such false negatives. We
demonstrate our approach by conducting experiments in a simulation setup using
the ns-3 LTE module. We propose three robust ML features (COL, DIST, XY) based
on Reference Signal Received Power (RSRP) contained in measurement reports and
cell locations. We evaluate four ML models (Regression Clustering, Anomaly
Detection Forest, Autoencoder, and RCGAN) and show that several of them have a
high precision in detection even when the false base station is using a
legitimate PCI. In our experiments with a layout of 12 cells, where one cell
acts as a moving false cell, between 75-95\% of the false positions are
detected by the best model at a cost of 0.5\% false positives.Comment: 9 pages,5 figure, 3 tables, 2 algorithm
- …