ANALYSIS OF A POTENTIAL LTE DENIAL-OF-SERVICE TIMING VULNERABILITY
Loading...
Authors
Long, James G.
Subjects
denial of service
dos
long-term evolution
cellular
timing advance
time division multiple access
single carrier frequency division multiple access
physical uplink shared channel
demodulation reference symbol
dos
long-term evolution
cellular
timing advance
time division multiple access
single carrier frequency division multiple access
physical uplink shared channel
demodulation reference symbol
Advisors
Roth., John D.
Date of Issue
2019-09
Date
September 2019
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
There are 3.7 billion long-term evolution (LTE) subscribers worldwide, according to the Ericsson
Mobility Report for the first quarter of 2019. To the average user, the exchange of this cellular traffic may
seem secure; however, there exists at least one vulnerability: the unencrypted timing advance (TA). The TA
is responsible for maintaining time synchronization between the evolved NodeB (eNB) and the user
equipment (UE). Without it, the eNB-UE communication link fails, resulting in degraded cell service. By
issuing faux TAs, an attacker disrupts the eNB-UE timing synchronization and denies service to the UEs.
This thesis investigates specific effects such an attack has on targeted and time-adjacent users’ subframe
bit-error rate (BER). Moreover, we show the disruption of a single user’s communications while leaving
other users’ communications untouched. Through simulation, we show that delaying a target transmission is
less desirable to the attacker since the eNB has delay-correcting capabilities. Additionally, by advancing a
target transmission using one TA, we achieve, on average, 50% subframe BERs. Lastly, we demonstrate that
the attacker has flexibility in issuing the TAs without interfering with time-adjacent users. Specifically, the
attacker can issue roughly 48 TAs before incurring a non-zero BER on time adjacent users. With this
functionality, combined with an unsecure timing mechanism, an attacker has the capability of denying
service to a targeted individual.
Type
Thesis
Description
Series/Report No
Department
Electrical and Computer Engineering (ECE)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.