Abstract
In this letter, we propose three schemes designed to detect attacks over the air interface in cellular networks. These decision rules rely on the generalized likelihood ratio test, and are fed by data that can be acquired using common off-the-shelf receivers. In addition to more classical (barrage/smart) noise jamming attacks, we further assess the capability of the proposed schemes to detect the stealthy activation of a rogue base station. The evaluation is carried out through an experimentation of a LTE system concretely reproduced using Software-Defined Radios. Illustrative examples confirm that the proposed schemes can effectively detect air interface threats with high probability.
Highlights
Thirty years ago, wireless cellular networks were threatened only by a handful of resource-rich opponents equipped with tailored instrumentation
Most of the radio interface attacks are grounded on the suitable combination of targeted jamming signals [1], [2] to force the User Equipment (UE) to abandon the legitimate operator signal and make it connect to a Rogue Base Station (RBS) controlled by the adversary
A Barrage Noise-like Jammer (BNLJ) places noise energy across the entire width of the frequency spectrum used by the target communication systems, whereas the considered Smart Noise-like Jammer (SNLJ) attacks noncontiguous narrow portions of the target spectrum at a given time [12]
Summary
Wireless cellular networks were threatened only by a handful of resource-rich opponents equipped with tailored instrumentation. Most of the radio interface attacks are grounded on the suitable combination of targeted jamming signals [1], [2] to force the User Equipment (UE) to abandon the (interfered) legitimate operator signal and make it connect to a (fake) Rogue Base Station (RBS) controlled by the adversary At this time, the opponent may suitably spoof unauthenticated protocol/signaling messages so as to steer the victim into: Man-In-The-Middle scenarios such as downgrade/biddingdown attacks [3], [4]; location privacy threats such as tracking or International Mobile Subscriber Identity (IMSI) catching [5], [6]; device capability information gathering [7], and so on [8]. In addition to insights on the collected measurements, these experiments allow us to confirm that the temporally white Gaussian assumption on the measurement noise, which is suitable for analytical tractability of the problem, has a limited impact on the detection performance in real world where, clearly, the measurement noise is not deemed to follow such a tractable model
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
