Hossen A. Mustafa,Wenyuan Xu,Ahmad-Reza Sadeghi,Steffen Schulz

DOI: https://doi.org/10.1109/DSN.2014.102

2014-01-01

Abstract:Caller ID (caller identification) is a service provided by telephone carriers to transmit the phone number and/or the name of a caller to a callee. Today, most people trust the caller ID information, and it is increasingly used to authenticate customers (e.g., by banks or credit card companies). However, with the proliferation of smartphones and VoIP, it is easy to spoof caller ID by installing corresponding Apps on smartphones or by using fake ID providers. As telephone networks are fragmented between enterprises and countries, no mechanism is available today to easily detect such spoofing attacks. This vulnerability has already been exploited with crucial consequences such as faking caller IDs to emergency services (e.g., 9-1-1) or to commit fraud. In this paper, we propose an end-to-end caller ID verification mechanism CallerDec that works with existing combinations of landlines, cellular and VoIP networks. CallerDec can be deployed at the liberty of users, without any modification to the existing infrastructures. We implemented our scheme as an App for Android-based phones and validated the effectiveness of our solution in detecting spoofing attacks in various scenarios.

Shinan Liu,Xiang Cheng,Hanchao Yang,Yuanchao Shu,Xiaoran Weng,Ping Guo,Kexiong (Curtis) Zeng,Gang Wang,Yaling Yang

2021-01-01

Abstract:The GPS has empowered billions of users and various critical infrastructures with its positioning and time services. However, GPS spoofing attacks also become a growing threat to GPS-dependent systems. Existing detection methods either require expensive hardware modifications to current GPS devices or lack the basic robustness against sophisticated attacks, hurting their adoption and usage in practice. In this paper, we propose a novel GPS spoofing detection framework that works with off-the-shelf GPS chipsets. Our basic idea is to rotate a one-side-blocked GPS receiver to derive the angle-of-arrival (AoAs) of received signals and compare them with the GPS constellation (consists of tens of GPS satellites). We first demonstrate the effectiveness of this idea by implementing a smartphone prototype and evaluating it against a real spoofer in various field experiments (in both open air and urban canyon environments). Our method achieves a high accuracy (95%-100%) in 5 seconds. Then we implement an adaptive attack, assuming the attacker becomes aware of our defense method and actively modulates the spoofing signals accordingly. We study this adaptive attack and propose enhancement methods (using the rotation speed as the "secret key") to fortify the defense. Further experiments are conducted to validate the effectiveness of the enhanced defense.

Zishuai Cheng,Mihai Ordean,Flavio Garcia,Baojiang Cui,Dominik Rys

DOI: https://doi.org/10.56553/popets-2023-0053

2023-04-01

Proceedings on Privacy Enhancing Technologies

Abstract:Voice over LTE (VoLTE) and Voice over NR (VoNR), are two similar technologies that have been widely deployed by operators to provide a better calling experience in LTE and 5G networks, respectively. The VoLTE/NR protocols rely on the security features of the underlying LTE/5G network to protect users' privacy such that nobody can monitor calls and learn details about call times, duration, and direction. In this paper, we introduce a new privacy attack which enables adversaries to analyse encrypted LTE/5G traffic and recover any VoLTE/NR call details. We achieve this by implementing a novel mobile-relay adversary which is able to remain undetected by using an improved physical layer parameter guessing procedure. This adversary facilitates the recovery of encrypted configuration messages exchanged between victim devices and the mobile network. We further propose an identity mapping method which enables our mobile-relay adversary to link a victim's network identifiers to the phone number efficiently, requiring a single VoLTE protocol message. We evaluate the real-world performance of our attacks using four modern commercial off-the-shelf phones and two representative, commercial network carriers. We collect over 60 hours of traffic between the phones and the mobile networks and execute 160 VoLTE calls, which we use to successfully identify patterns in the physical layer parameter allocation and in VoLTE traffic, respectively. Our real-world experiments show that our mobile-relay works as expected in all test cases, and the VoLTE activity logs recovered describe the actual communication with 100% accuracy. Finally, we show that we can link network identifiers such as International Mobile Subscriber Identities (IMSI), Subscriber Concealed Identifiers (SUCI) and/or Globally Unique Temporary Identifiers (GUTI) to phone numbers while remaining undetected by the victim.

English Else

Tian Xie,Guan-Hua Tu,Bangjie Yin,Chi-Yu Li,Chunyi Peng,Mi Zhang,Hui Liu,Xiaoming Liu

DOI: https://doi.org/10.48550/arXiv.1811.11274

2018-11-29

Abstract:Since 2016, all of four major U.S. operators have rolled out nationwide Wi-Fi calling services. They are projected to surpass VoLTE (Voice over LTE) and other VoIP services in terms of mobile IP voice usage minutes in 2018. They enable mobile users to place cellular calls over Wi-Fi networks based on the 3GPP IMS (IP Multimedia Subsystem) technology. Compared with conventional cellular voice solutions, the major difference lies in that their traffic traverses untrustful Wi-Fi networks and the Internet. This exposure to insecure networks may cause the Wi-Fi calling users to suffer from security threats. Its security mechanisms are similar to the VoLTE, because both of them are supported by the IMS. They include SIM-based security, 3GPP AKA (Authentication and Key Agreement), IPSec (Internet Protocol Security), etc. However, are they sufficient to secure Wi-Fi calling services? Unfortunately, our study yields a negative answer. We conduct the first study of exploring security issues of the operational Wi-Fi calling services in three major U.S. operators' networks using commodity devices. We disclose that current Wi-Fi calling security is not bullet-proof and uncover four vulnerabilities which stem from improper standard designs, device implementation issues and network operation slips. By exploiting the vulnerabilities, together with several state-of-the-art computer visual recognition technologies, we devise two proof-of-concept attacks: user privacy leakage and telephony harassment or denial of voice service (THDoS); both of them can bypass the security defenses deployed on mobile devices and the network infrastructure. We have confirmed their feasibility and simplicity using real-world experiments, as well as assessed their potential damages and proposed recommended solutions.

Cryptography and Security

Chi-Yu Li,Guan-Hua Tu,chunyi peng,zengwen yuan,yuanjie li,songwu lu,xinbing wang

DOI: https://doi.org/10.1145/2810103.2813618

2015-01-01

Abstract:VoLTE (Voice-over-LTE) is the designated voice solution to the LTE mobile network, and its worldwide deployment is underway. It reshapes call services from the traditional circuit-switched telecom telephony to the packet-switched Internet VoIP. In this work, we conduct the first study on VoLTE security before its full rollout. We discover several vulnerabilities in both its control-plane and data-plane functions, which can be exploited to disrupt both data and voice in operational networks. In particular, we find that the adversary can easily gain free data access, shut down continuing data access, or subdue an ongoing call, etc. We validate these proof-of-concept attacks using commodity smartphones (rooted and unrooted) in two Tier-1 US mobile carriers. Our analysis reveals that, the problems stem from both the device and the network. The device OS and chipset fail to prohibit non-VoLTE apps from accessing and injecting packets into VoLTE control and data planes. The network infrastructure also lacks proper access control and runtime check.

Su, Li,Du, Haitao

DOI: https://doi.org/10.1007/s00500-023-09486-x

IF: 3.732

2024-01-11

Soft Computing

Abstract:The security context, generally stored in the universal subscriber identity module card or the baseband chip, is the critical information applied by the subscriber to access the 5G network during the fast authentication procedure. Once exposed or illegally used, the security context can be exploited to derive various keys for authentication and encryption. Despite its importance, challenges and questions still remain in the previous relevant research. To fill this gap, by adopting the security protocol verification tool ProVerif, we provide a comprehensive formal model of the fast authentication procedure based on the security context to analyze whether security goals can be met. Unfortunately, we uncover two vulnerabilities, including one never reported before. Our analysis shows that these vulnerabilities stem from fundamental design flaws in the cellular network protocol and thus apply to the 4G network. These vulnerabilities could be exploited to launch several attacks, including impersonation and eavesdropping. We have validated these attacks using 5 mobile phones from 5 different baseband manufacturers through experimentation in three mobile carriers. We find an insecure implementation of one of these phones, which exposed it to replay attacks. And we further discuss the security threats posed by the impersonation attack, such as location spoofing and one-tap authentication bypass, which is verified on 10 popular apps. We finally propose several countermeasures to eliminate these security issues. Actually, we have reported the novel vulnerability to the GSM Association and received a confirmation in the form of a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.

computer science, artificial intelligence, interdisciplinary applications

Guan-Hua Tu,Yuanjie Li,Chunyi Peng,Chi-Yu Li,Muhammad Taqi Raza,Hsiao-Yun Tseng,Songwu Lu

DOI: https://doi.org/10.48550/arXiv.1510.08531

2015-10-29

Cryptography and Security

Abstract:Mobile Internet is becoming the norm. With more personalized mobile devices in hand, many services choose to offer alternative, usually more convenient, approaches to authenticating and delivering the content between mobile users and service providers. One main option is to use SMS (i.e., short messaging service). Such carrier-grade text service has been widely used to assist versatile mobile services, including social networking, banking, to name a few. Though the text service can be spoofed via certain Internet text service providers which cooperated with carriers, such attacks haven well studied and defended by industry due to the efforts of research community. However, as cellular network technology advances to the latest IP-based 4G LTE, we find that these mobile services are somehow exposed to new threats raised by this change, particularly on 4G LTE Text service (via brand-new distributed Mobile-Initiated Spoofed SMS attack which is not available in legacy 2G/3G systems). The reason is that messaging service over LTE shifts from the circuit-switched (CS) design to the packet-switched (PS) paradigm as 4G LTE supports PS only. Due to this change, 4G LTE Text Service becomes open to access. However, its shields to messaging integrity and user authentication are not in place. As a consequence, such weaknesses can be exploited to launch attacks (e.g., hijack Facebook accounts) against a targeted individual, a large scale of mobile users and even service providers, from mobile devices. Current defenses for Internet-Initiated Spoofed SMS attacks cannot defend the unprecedented attack. Our study shows that 53 of 64 mobile services over 27 industries are vulnerable to at least one threat. We validate these proof-of-concept attacks in one major US carrier which supports more than 100 million users. We finally propose quick fixes and discuss security insights and lessons we have learnt.

Zhiwei Cui,Baojiang Cui,Junsong Fu,Renhai Dong

DOI: https://doi.org/10.1155/2022/7395128

IF: 1.968

2022-09-05

Security and Communication Networks

Abstract:With the rapid development of 5G SA (standalone) networks, increasing subscribers are motivated to make calls through 5G. To support voice services critical to mobile users, 5G SA networks adopt two solutions: VoNR (Voice Over New Radio) and EPS (Evolved Packet System) fallback. At this stage, 5G SA networks provide voice services through EPS fallback, which leverages 4G networks to support voice calls for 5G users. This switch between cellular network systems may expose vulnerabilities to adversaries. However, there is a lack of security research on voice services in the 5G SA network. In this paper, we analyze the security of EPS fallback and its closely related IMS from the perspective of the protocol and the practices of the carriers. We uncover two protocol design vulnerabilities and two implementation flaws. In addition, we exploit them to design three attacks: voice DoS, voice monitoring, and SMS spoofing and interception. We validated these vulnerabilities and attacks using SDR (software-defined radio) tools and a set of open-source software in three mobile carriers. Our analysis reveals that the problems stem from both specifications and carrier networks. We finally propose several potential countermeasures to defend these attacks.

computer science, information systems,telecommunications

Namin Hou,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603286

2024-01-01

Abstract:The advancement of Fifth-Generation (5G) technology has greatly enriched individuals' access to a broad array of convenient services, offering significant benefits in mobile communications, autonomous driving, smart homes, and the Internet of Things. However, with the increase in the number of network access devices, large and frequent data interactions have brought potential security risks to wireless networks, which are related to user privacy security, traffic safety, and even social security. Malicious intrusions targeting wireless communications have resulted in significant disruptions and incurred substantial losses. Presently, user identities in wireless communications rely on software-based data identifiers, which can be forged easily. This paper proposes a hardware-level device authentication mechanism that uses the intrinsic hardware characteristics of the transmitter (shown as impairments in the radio signal of the transmission link) for identity authentication. The resulting fingerprint is naturally distinctive and highly resistant to counterfeiting attempts. We use 5 devices across different models and 10 devices of the same model for experimental evaluation. Then we apply machine learning algorithms to construct a fingerprint database and device authentication, achieving an average of 82.4% precision, 89.9% recall, and 85.9% F1-score, which can help to safeguard the security of 5G communication.

Norbert Ludant,Marinos Vomvas,Guevara Noubir

DOI: https://doi.org/10.48550/arXiv.2403.06717

2024-03-11

Abstract:Over the years, several security vulnerabilities in the 3GPP cellular systems have been demonstrated in the literature. Most studies focus on higher layers of the cellular radio stack, such as the RRC and NAS, which are cryptographically protected. However, lower layers of the stack, such as PHY and MAC, are not as thoroughly studied, even though they are neither encrypted nor integrity protected. Furthermore, the latest releases of 5G significantly increased the number of low-layer control messages and procedures. The complexity of the cellular standards and the high degree of cross-layer operations, makes reasoning about security non-trivial, and requires a systematic analysis. We study the control procedures carried by each physical channel, and find that current cellular systems are susceptible to several new passive attacks due to information leakage, and active attacks by injecting MAC and PHY messages. For instance, we find that beamforming information leakage enables fingerprinting-based localization and tracking of users. We identify active attacks that reduce the users' throughput by disabling RF front ends at the UE, disrupt user communications by tricking other connected UEs into acting as jammers, or stealthily disconnect an active user. We evaluate our attacks against COTS UEs in various scenarios and demonstrate their practicality by measuring current operators' configurations across three countries. Our results show that an attacker can, among other things, localize users with an accuracy of 20 meters 96% of the time, track users' moving paths with a probability of 90%, reduce throughput by more than 95% within 2 seconds (by spoofing a 39 bits DCI), and disconnect users.

Cryptography and Security

Zhiwei Cui,Baojiang Cui,Li Su,Haitao Du,Hongxin Wang,Junsong Fu

2023-03-20

Abstract:The security context used in 5G authentication is generated during the Authentication and Key Agreement (AKA) procedure and stored in both the user equipment (UE) and the network sides for the subsequent fast registration procedure. Given its importance, it is imperative to formally analyze the security mechanism of the security context. The security context in the UE can be stored in the Universal Subscriber Identity Module (USIM) card or in the baseband chip. In this work, we present a comprehensive and formal verification of the fast registration procedure based on the security context under the two scenarios in ProVerif. Our analysis identifies two vulnerabilities, including one that has not been reported before. Specifically, the security context stored in the USIM card can be read illegally, and the validity checking mechanism of the security context in the baseband chip can be bypassed. Moreover, these vulnerabilities also apply to 4G networks. As a consequence, an attacker can exploit these vulnerabilities to register to the network with the victim's identity and then launch other attacks, including one-tap authentication bypass leading to privacy disclosure, location spoofing, etc. To ensure that these attacks are indeed realizable in practice, we have responsibly confirmed them through experimentation in three operators. Our analysis reveals that these vulnerabilities stem from design flaws of the standard and unsafe practices by operators. We finally propose several potential countermeasures to prevent these attacks. We have reported our findings to the GSMA and received a coordinated vulnerability disclosure (CVD) number CVD-2022-0057.

Cryptography and Security

Simon Erni,Martin Kotuliak,Patrick Leu,Marc Roeschlin,Srdjan Capkun

DOI: https://doi.org/10.1145/3495243.3560525

2022-09-08

Abstract:In cellular networks, attacks on the communication link between a mobile device and the core network significantly impact privacy and availability. Up until now, fake base stations have been required to execute such attacks. Since they require a continuously high output power to attract victims, they are limited in range and can be easily detected both by operators and dedicated apps on users' smartphones. This paper introduces AdaptOver - a MITM attack system designed for cellular networks, specifically for LTE and 5G-NSA. AdaptOver allows an adversary to decode, overshadow (replace) and inject arbitrary messages over the air in either direction between the network and the mobile device. Using overshadowing, AdaptOver can cause a persistent ($\geq$ 12h) DoS or a privacy leak by triggering a UE to transmit its persistent identifier (IMSI) in plain text. These attacks can be launched against all users within a cell or specifically target a victim based on its phone number. We implement AdaptOver using a software-defined radio and a low-cost amplification setup. We demonstrate the effects and practicality of the attacks on a live operational LTE and 5G-NSA network with a wide range of smartphones. Our experiments show that AdaptOver can launch an attack on a victim more than 3.8km away from the attacker. Given its practicability and efficiency, AdaptOver shows that existing countermeasures that are focused on fake base stations are no longer sufficient, marking a paradigm shift for designing security mechanisms in cellular networks.

Cryptography and Security

Sourav Purification,Jinoh Kim,Jonghyun Kim,Sang-Yoon Chang

DOI: https://doi.org/10.3390/electronics13173474

IF: 2.9

2024-09-03

Electronics

Abstract:Fake base stations comprise a critical security issue in mobile networking. A fake base station exploits vulnerabilities in the broadcast message announcing a base station's presence, which is called SIB1 in 4G LTE and 5G NR, to get user equipment to connect to the fake base station. Once connected, the fake base station can deprive the user of connectivity and access to the Internet/cloud. We discovered that a fake base station can disable the victim user equipment's connectivity for an indefinite period of time, which we validated using our threat prototype against current 4G/5G practices. We designed and built a defense scheme which detects and blacklists a fake base station and then, informed by the detection, avoids it through link routing for connectivity availability. For detection and blacklisting, our scheme uses the real-time information of both the time duration and the number of request transmissions, the features of which are directly impacted by the fake base station's threat and which have not been studied in previous research. Upon detection, our scheme takes an active measure called link routing, which is a novel concept in mobile/4G/5G networking, where the user equipment routes the connectivity request to another base station. To defend against a Sybil-capable fake base station, we use a history–reputation-based link routing scheme for routing and base station selection. We implemented both the base station and the user on software-defined radios using open-source 5G software (srsRAN v23.10 and Open5GS v2.6.6) for validation. We varied the base station implementation to simulate legitimate vs. faulty but legitimate vs. fake and malicious base stations, where a faulty base station notifies the user of the connectivity disruption and releases the session, while a fake base station continues to hold the session. We empirically analyzed the detection and identification thresholds, which vary with the fake base station's power and the channel condition. By strategically selecting the threshold parameters, our scheme provides zero errors, including zero false positives, to avoid blacklisting a temporarily faulty base station that cannot provide connectivity at the time. Furthermore, our link routing scheme enables the base station to switch in order to restore the connectivity availability and limit the threat impact. We also discuss future directions to facilitate and encourage R&D in securing telecommunications and base station security.

engineering, electrical & electronic,computer science, information systems,physics, applied

Chien-Ming Chen,Yao-Hsin Chen,Yue-Hsun Lin,Hung-Min Sun

DOI: https://doi.org/10.1016/j.eswa.2013.07.068

IF: 8.5

2014-01-01

Expert Systems with Applications

Abstract:Recently, femtocell solutions have been attracting increasing attention since coverage for broadband radios can effectively eliminate wireless notspots. To restrict malicious subscribers from accessing femtocells, 3G/WiMAX standards introduce an access control strategy, called Closed Subscriber Group (CSG). However, CSG only prevents malicious clients, but not rouge femtocells. In 2009, Han et al. proposed the first mutual authentication mechanism. This mechanism does not consider the case that an attacker can locate femtocells in an unregistered area even these femtocells are legitimate. In this paper, we first define two attacks, sinkhole and wormhole attacks, in femtocell-enabled mobile networks. Then, we design two approaches based on distance bounding protocols and geographic information to defend against these two attacks. In our design, a subscriber can confirm whether or not the femtocell he connected with is physically-present. Experiment results demonstrate that the distance bounding protocol can estimate an approximate distance between a subscriber's device and the deployed femtocell. Moreover, femtocells that are deployed inside or outside can both be identified and distinguished without the bias of signal strength based on our design.

Guan-Hua Tu,Chi-Yu Li,Chunyi Peng,Yuanjie Li,Songwu Lu

DOI: https://doi.org/10.1145/2976749.2978393

2016-01-01

Abstract:SMS (Short Messaging Service) is a text messaging service for mobile users to exchange short text messages. It is also widely used to provide SMS-powered services (e.g., mobile banking). With the rapid deployment of all-IP 4G mobile networks, the underlying technology of SMS evolves from the legacy circuit-switched network to the IMS (IP Multimedia Subsystem) system over packet-switched network. In this work, we study the insecurity of the IMS-based SMS. We uncover its security vulnerabilities and exploit them to devise four SMS attacks: silent SMS abuse, SMS spoofing, SMS client DoS, and SMS spamming. We further discover that those SMS threats can propagate towards SMS-powered services, thereby leading to three malicious attacks: social network account hijacking, unauthorized donation, and unauthorized subscription. Our analysis reveals that the problems stem from the loose security regulations among mobile phones, carrier networks, and SMS-powered services. We finally propose remedies to the identified security issues.

Hossen Mustafa,Wenyuan Xu,Ahmad-Reza Sadeghi,Steffen Schulz

DOI: https://doi.org/10.1109/tdsc.2016.2580509

2016-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Caller ID (caller identification) is a service provided by telephone operators where the phone number and/or the name of the caller is transmitted to inform the callee who is calling. Today, most people trust the caller ID information and some banks even use Caller ID to authenticate customers. However, with the proliferation of smartphones and VoIP, it is easy to spoof caller ID information by installing a particular application on the smartphone or by using service providers that offer Caller ID spoofing. As the phone network is fragmented between countries and companies and upgrades of old hardware is costly, no mechanism is available today to let end-users easily detect Caller ID spoofing attacks. In this article, we propose a new approach of using end-to-end caller ID verification schemes that leverage features of the existing phone network infrastructure (callerDec) . We design an SMS-based and a timing-based version of callerDec that works with existing combinations of landlines, cellular and VoIP networks and can be deployed at the liberty of the users. We implemented both CallerDec schemes as an App for Android-based phones and validated their effectiveness in detecting spoofing attacks in various scenarios.

Yaru Yang,Yiming Zhang,Tao Wan,Chuhan Wang,Haixin Duan,Jianjun Chen,Yishen Li

DOI: https://doi.org/10.1145/3643833.3656131

2024-01-01

Abstract:5G messaging services, based on Global System for Mobile Communications Association (GSMA) Rich Communication Service (RCS) and 3rd Generation Partnership Project (3GPP) IP Multimedia Subsystem (IMS), have been deployed globally by more than 90 mobile operators serving over 421 million monthly active users via 1.2 billion devices. Despite the widespread use, security research of 5G messaging remains sparse. In this paper, we present a comprehensive security analysis and measurement of 5G messaging services, assisted by a semi-automated testing tool we developed. We considered both carrier-side deployment and phone-side software implementations by testing against three large operators, each with hundreds of millions of subscribers, and six popular 5G messaging-enabled devices. We uncovered 4 categories of vulnerabilities, allowing for a wide range of attacks, including Man-In-The-Middle (MITM) attacks, zero-click remote information leakage, phone storage exhaustion and mobile data consumption, and Denial-of-Services (DoS) attacks. Our study underscores the need for further security enhancements in security specifications, implementation, and deployment of 5G messaging services.

Guan-Hua Tu,Min-Yue Chen,Chunyi Peng,Sihan Wang,Jingwen Shi,Chi-Yu Li,Tian Xie,Man-Hsin Chen,Yiwen Hu

DOI: https://doi.org/10.1145/3636534.3649377

2024-05-29

Abstract:IMS (IP Multimedia Subsystem) is vital for delivering IP-based multimedia services in mobile networks. Despite constant upgrades by 3GPP over the past two decades to support heterogeneous radio access networks (e.g., 4G LTE, 5G NR, and Wi-Fi) and enhance IMS security, the focus has primarily been on cellular infrastructure. Consequently, IMS security measures on mobile equipment (ME), such as smartphones, lag behind rapid technological advancements. Our study reveals that mandated IMS security measures on ME fail to keep pace, resulting in new vulnerabilities and attack vectors, including denial of service (DoS) across all networks, named SMS source spoofing, and covert communications over Video-over-IMS attacks. All vulnerabilities and proof-of-concept attacks have been experimentally validated in operational 5G/4G networks across various phone models and network operators. Finally, we propose and prototype standard-compliant remedies for these vulnerabilities.

Computer Science,Engineering

Marc Lichtman,Jeffrey H. Reed,T. Charles Clancy,Mark Norton

DOI: https://doi.org/10.1109/GlobalSIP.2013.6736871

2014-03-12

Abstract:LTE is well on its way to becoming the primary cellular standard, due to its performance and low cost. Over the next decade we will become dependent on LTE, which is why we must ensure it is secure and available when we need it. Unfortunately, like any wireless technology, disruption through radio jamming is possible. This paper investigates the extent to which LTE is vulnerable to intentional jamming, by analyzing the components of the LTE downlink and uplink signals. The LTE physical layer consists of several physical channels and signals, most of which are vital to the operation of the link. By taking into account the density of these physical channels and signals with respect to the entire frame, as well as the modulation and coding schemes involved, we come up with a series of vulnerability metrics in the form of jammer to signal ratios. The ``weakest links'' of the LTE signals are then identified, and used to establish the overall vulnerability of LTE to hostile interference.

Other Computer Science

Volodymyr Buriachok,Volodymyr Sokolov,Mahyar TajDini

DOI: https://doi.org/10.48550/arXiv.2004.00318

2020-04-01

Cryptography and Security

Abstract:Caller ID parodying produces the valid Caller character, in this manner deciding seem to start from another client. This apparently basic assault strategy has been utilized in the developing communication fake and trick calls, bringing about significant financial trouble. Unfortunately, callerID spoofing is easy to implement but yet it is difficult to have protection against it. In addition, there are not effective and defense solutions available right now. In this research it is suggested the CIVE (Callee Inference & VErification), a compelling and viable guard against Caller ID spoofing. This way it is described how it's possible to lunch call spoofing and between line describe how CIVE approach method can help to prevent somehow this kind of attacks. Caller ID Spoofing could cause huge financial and political issues special nowadays, when many things even sometimes authentication and verification are available by phone call, like banks approving transactions or two factor authentications and many other things. We believe critical industries specially banks and payment service providers should be protected against such vulnerabilities with their system and make an approach to prevent it, also it is very important to learn people specially who has special social place like politicians or celebrities to know such kind of attack are already exist. For this paper we implemented a call from white house to show there is no limitation and no matter whom you try to spoof, but destination which is the victim receive the call and that make this attack vector dangerous. And even modern communication and even devices like 4G and smart phones are not able to prevent or even detect this kind of attack. This study is a demonstration of the vulnerabilities available. All experiments were conducted on isolated mock-ups.