Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

Exposing LTE Security Weaknesses at Protocol Inter-layer, and Inter-radio Interactions

  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_16,
        author={Muhammad Raza and Fatima Anwar and Songwu Lu},
        title={Exposing LTE Security Weaknesses at Protocol Inter-layer, and Inter-radio Interactions},
        proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM},
        year={2018},
        month={4},
        keywords={LTE security LTE protocol interactions LTE interaction with 2G/3G networks},
        doi={10.1007/978-3-319-78813-5_16}
    }
    
  • Muhammad Raza
    Fatima Anwar
    Songwu Lu
    Year: 2018
    Exposing LTE Security Weaknesses at Protocol Inter-layer, and Inter-radio Interactions
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_16
Muhammad Raza1,*, Fatima Anwar1,*, Songwu Lu1,*
  • 1: University of California – Los Angeles
*Contact email: taqi@cs.ucla.edu, fatimanwar@ucla.edu, slu@cs.ucla.edu

Abstract

Despite security shields to protect user communication with both the radio access network and the core infrastructure, 4G LTE is still susceptible to a number of security threats. The vulnerabilities mainly exist due to its protocol’s inter-layer communication, and the access technologies (2G/3G) inter-radio interaction. We categorize the uncovered vulnerabilities in three dimensions, i.e., authentication, security association and service availability, and verify these vulnerabilities in operational LTE networks. In order to assess practical impact from these security threats, we convert these threats into active attacks, where an adversary can (a) kick the victim device out of the network, (b) hijack the victim’s location, and (c) silently drain the victim’s battery power. Moreover, we have shown that the attacker does not need to communicate with the victim device or reside at the device to launch these attacks (i.e., no Trojan or malware is required). We further propose remedies for the identified attacks.