SPARROW: A Novel Covert Communication Scheme Exploiting Broadcast Signals in LTE, 5G & Beyond

This work proposes a novel framework to identify and exploit vulnerable MAC layer procedures in commercial wireless technologies for covert communication. Examples of covert communication include data exfiltration, remote command-and-control (CnC) and espionage. In this framework, the SPARROW schemes use the broadcast power of incumbent wireless networks to covertly relay messages across a long distance without connecting to them. This enables the SPARROW schemes to bypass all security and lawful-intercept systems and gain ample advantage over existing covert techniques in terms of maximum anonymity, more miles per Watts and less hardware. The SPARROW schemes can also serve as an efficient solution for long-range M2M applications. This paper details one recently disclosed vulnerability (CVD-2021-0045 in GSMA coordinated vulnerability disclosure program) in the common random-access procedure in the LTE and 5G standards This work also proposes a rigorous remediation for similar access procedures in current and future standards that disrupts the most sophisticated SPARROW schemes with minimal impact on other users. [This pre-print is also available at https://arxiv.org/abs/2108.12161]

[1]  Anuran Makur,et al.  Information Capacity of BSC and BEC Permutation Channels , 2018, 2018 56th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[2]  Ian Brown Lawful Interception Capability Requirements , 2013 .

[3]  Cristina Cano,et al.  srsLTE: an open-source platform for LTE evolution and experimentation , 2016, WiNTECH@MobiCom.

[4]  S. Sargento,et al.  LoRa Connectivity Analysis for Urban Coverage in Real Mobile Environments , 2021, 2021 Telecoms Conference (ConfTELE).

[5]  Abhishek Singh,et al.  Malicious ICMP Tunneling: Defense against the Vulnerability , 2003, ACISP.

[6]  Seppo Horsmanheimo,et al.  Latency analysis of LTE network for M2M applications , 2015, 2015 13th International Conference on Telecommunications (ConTEL).

[7]  Stig Fr. Mjølsnes,et al.  Easy 4G/LTE IMSI Catchers for Non-Programmers , 2017, MMM-ACNS.

[8]  Rongfeng Zheng,et al.  A comprehensive survey on DNS tunnel detection , 2021, Comput. Networks.

[9]  Sergey Andreev,et al.  Non-Terrestrial Networks in 5G & Beyond: A Survey , 2020, IEEE Access.

[10]  Sergio Verdú,et al.  Generalizing the Fano inequality , 1994, IEEE Trans. Inf. Theory.

[11]  Roger Piqueras Jover,et al.  Connection-less communication of IoT devices over LTE mobile networks , 2015, 2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[12]  Yuanqing Zheng,et al.  CloakLoRa: A Covert Channel over LoRa PHY , 2020, 2020 IEEE 28th International Conference on Network Protocols (ICNP).

[13]  Jianfang Li,et al.  The study of APT attack stage model , 2016, 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS).