Analysis of a Potential LTE Denial-of-Service Timing Vulnerability

Abstract

There are 3.7 billion long-term evolution (LTE) subscribers worldwide, according to the Ericsson Mobility Report for the first quarter of 2019. To the average user, the exchange of this cellular traffic may seem secure; however, there exists at least one vulnerability: the unencrypted timing advance (TA). The TA is responsible for maintaining time synchronization between the evolved NodeB (eNB) and the user equipment (UE). Without it, the eNB-UE communication link fails, resulting in degraded cell service. By issuing faux TAs, an attacker disrupts the eNB-UE timing synchronization and denies service to the UEs. This thesis investigates specific effects such an attack has on targeted and time-adjacent users subframe bit-error rate (BER). Moreover, we show the disruption of a single users communications while leaving other users communications untouched. Through simulation, we show that delaying a target transmission is less desirable to the attacker since the eNB has delay-correcting capabilities. Additionally, by advancing a target transmission using one TA, we achieve, on average, 50 subframe BERs. Lastly, we demonstrate that the attacker has flexibility in issuing the TAs without interfering with time-adjacent users. Specifically, the attacker can issue roughly 48 TAs before incurring a non-zero BER on time adjacent users. With this functionality, combined with an unsecure timing mechanism, an attacker has the capability of denying service to a targeted individual.

Document Details

Document Type

Technical Report

Publication Date

Sep 01, 2019

Accession Number

AD1185978

Entities

Tags