User-targeted Denial-of-Service Attacks in LTE Mobile Networks

Abstract

Mobile networks are prevalent in today’s world, being used in a variety of applications ranging from personal use to the work environment and other. Ensuring security for users in a mobile network is therefore increasingly important. Denial-of-service attacks or DoS proved to be the biggest threat to mobile networks in recent years. A lot of work has been done in DoS targeting the infrastructure of the mobile network. User-targeted DoS attacks have been neglected in comparison. The fourth generation of cellular networks 4G LTE is the fastest growing mobile network in terms of subscriber numbers. The security aspect of mobile networks has improved throughout the generations, however, 4G proved to still have vulnerabilities in the signaling plane that allow a malicious attacker to target a specific user. Deploying a rogue base station and forcing the targeted user to connect to it is possible. The attacker could then deny selected services of the targeted user such as voice and SMS services. In this paper, we survey the work done on user-targeted DoS attacks in LTE networks. We analyze the 3GPP LTE standard specifications that allow such attacks. We also test the response of a LTE mobile device to tweaked Attach Accept messages during an Attach Procedure. We furthermore examine the conditions that affect the attack when we have equal priority cells. We finally present a case study of how a targeted user connected to an LTE network provider could be denied SMS and voice services therefore denying 2-factor authentication. We tested the scenarios using open-source implementations of the LTE network stack and widely available Software Defined Radios.