LTE System Security Research, 10-R8505
Inclusive Dates: 10/20/14 – Current
Background — Cyber physical systems, which are expected to drive our future economy and to be critical to our national security, will need secure and reliable wireless communications. Cellular communications systems have very broad coverage and fourth-generation (4G) long-term evolution (LTE) cellular technology has excellent bandwidth and low latency. Localized or personal cellular access points that may be deployed inside a home, office building, or crowded event venue are expected to be very popular in the future as cellular operators work to extend coverage, allowing more users to take advantage of cellular services in a congested or closed space. Cellular connectivity may replace or co-exist with Wi-Fi access.
However, small cheap base stations probably won't be painstakingly designed with security in mind and they will likely be affordable to hobbyists and "hackers." A hacked base station could be used to intercept communications, track users, or prevent users from connecting to the desired operator network. System designers want to know whether the LTE user equipment they may be embedding in their systems could be vulnerable, so this research investigated one aspect of LTE system security, the "rogue" base station.
Approach — This research project developed and tested a methodology for identifying suspicious or rogue LTE base stations. A couple of commercially available systems for detecting a rogue base station were announced after this research project was initiated, but these were only effective against 3G systems and not LTE systems. This project was broken into two phases: 1) a study phase to investigate LTE signal and protocol parameters for detecting a suspicious system and 2) a development and test phase to demonstrate parameter usage in algorithms designed to identify a suspicious base station.
Accomplishments — A number of LTE signal and protocol parameters were identified and incorporated into algorithms that could be used to identify a suspicious LTE base station. Laboratory-scale cellular systems were created that exhibited some of the suspicious parameters. Algorithms were developed and tested to ensure they could differentiate suspicious base stations from normal cellular base stations, and a cell phone application that incorporated some of the algorithms was developed and demonstrated.