LTE PHY layer vulnerability analysis and testing using open-source SDR tools

This paper provides a methodology to study the PHY layer vulnerability of wireless protocols in hostile radio environments. Our approach is based on testing the vulnerabilities of a system by analyzing the individual subsystems. By targeting an individual subsystem or a combination of subsystems at a time, we can infer the weakest part and revise it to improve the overall system performance. We apply our methodology to 4G LTE downlink by considering each control channel as a subsystem. We also develop open-source software enabling research and education using software-defined radios. We present experimental results with open-source LTE systems and shows how the different subsystems behave under targeted interference. The analysis for the LTE downlink shows that the synchronization signals (PSS/SSS) are very resilient to interference, whereas the downlink pilots or Cell-Specific Reference signals (CRS) are the most susceptible to a synchronized protocol-aware interferer. We also analyze the severity of control channel attacks for different LTE configurations. Our methodology and tools allow rapid evaluation of the PHY layer reliability in harsh signaling environments, which is an asset to improve current standards and develop new and robust wireless protocols.

[1]  Jeffrey H. Reed,et al.  Software-Defined LTE Evolution Testbed Enabling Rapid Prototyping and Controlled Experimentation , 2017, 2017 IEEE Wireless Communications and Networking Conference (WCNC).

[2]  Jeffrey H. Reed,et al.  Performance Analysis of a Mission-Critical Portable LTE System in Targeted RF Interference , 2017, 2017 IEEE 86th Vehicular Technology Conference (VTC-Fall).

[3]  Srikanth V. Krishnamurthy,et al.  Denial of Service Attacks in Wireless Networks: The Case of Jammers , 2011, IEEE Communications Surveys & Tutorials.

[4]  Jeffrey H. Reed,et al.  Enhancing the Robustness of LTE Systems: Analysis and Evolution of the Cell Selection Process , 2017, IEEE Communications Magazine.

[5]  Lajos Hanzo,et al.  A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends , 2015, Proceedings of the IEEE.

[6]  Sisi Liu,et al.  Mitigating control-channel jamming attacks in multi-channel ad hoc networks , 2009, WiSec '09.

[7]  Bülent Tavli,et al.  Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks , 2009, Comput. Stand. Interfaces.

[8]  Roger Piqueras Jover,et al.  LTE/LTE-A jamming, spoofing, and sniffing: threat assessment and mitigation , 2016, IEEE Communications Magazine.

[9]  Jeffrey H. Reed,et al.  Analysis and Mitigation of Interference to the LTE Physical Control Format Indicator Channel , 2014, 2014 IEEE Military Communications Conference.

[10]  Peng Ning,et al.  A Byzantine Attack Defender in Cognitive Radio Networks: The Conditional Frequency Check , 2013, IEEE Transactions on Wireless Communications.

[11]  Vuk Marojevic,et al.  Analyzing and enhancing the resilience of LTE/LTE-A systems to RF spoofing , 2015, 2015 IEEE Conference on Standards for Communications and Networking (CSCN).

[12]  Jeffrey H. Reed,et al.  Detection and Mitigation of Uplink Control Channel Jamming in LTE , 2014, 2014 IEEE Military Communications Conference.

[13]  Lifeng Wang,et al.  Safeguarding 5G wireless communication networks using physical layer security , 2015, IEEE Communications Magazine.

[14]  Sisi Liu,et al.  Thwarting inside jamming attacks on wireless broadcast communications , 2011, WiSec '11.

[15]  Yih-Chun Hu,et al.  Cross-Layer Jamming Detection and Mitigation in Wireless Broadcast Networks , 2007, IEEE/ACM Transactions on Networking.

[16]  Jeffrey H. Reed,et al.  Vulnerability of LTE to hostile interference , 2013, 2013 IEEE Global Conference on Signal and Information Processing.