(A) study of LTE physical layer security

Abstract

Since wireless communication uses the shared and open medium, there is a possibility that the legitimate signal can be counterfeited by a malicious and intentional signal. The mobile communication protocol has prevented the modification of messages through integrity protection in the upper layer, but there are still messages that are not integrity protected.In this paper, we present the signal injection which exploits the fundamental weaknesses of wireless communications that a transmitted signal may be modified in the over the air interface. Furthermore, we presented two possible attacks with signal injection.First, by modifying System Information Block (SIB) message 1, we show that victim UEs can cause a huge amount of signaling on the network without installing a malicious app on the UEs. Second, we show that persistent DoS is possible on the victim UEs by set access barring IE in SIB 2 message.We analyzed the requirements of signal injection by MATLAB simulation and validated it in the major carriers' LTE testbed. In addition, to analyze the efficiency of signal injection, we quantitatively measure signal strength required for signal injection to successfully overwrite a messageand the signal strength needed for a fake base station to reliably attract the nearby UEs. We emphasize that signal injection can occur in the real LTE environment.