Exploring weakness in Long Term Evolution (LTE) wireless standards

Abstract

The increasingly important role of Long Term Evolution (LTE) has increased security concerns among the service provider and end users and made security of the network even more indispensable. In this thesis, the LTE specifications are examined, and several security vulnerabilities of LTE mechanisms, in particular those that exist within the Layer 2 protocol of the LTE network, are identified. Among these mechanisms, the power control mechanism for LTE is further explored. The unprotected power control signal together with the Cell Radio Network Temporary Identifier (CRNTI) can be exploited to trick the victim User Equipment (UE) to transmit at a much higher than required power, which introduces significant inter-cell interference to adjacent base stations, evolved NodeB (eNodeB). The ways that an attacker can maliciously manipulate the control field of the power control mechanism are demonstrated. The effectiveness of such attack is evaluated with respect to the victim UEs and the adjacent eNodeBs. The impacts include reduction of battery lifespan of victim UE to 33% of the original battery lifetime and reduction in reverse channel signal-to-interference ratio (SIR) of adjacent eNodeB by 3.4 dB causing a decrease in throughput of 37%.