Analyzing and enhancing the resilience of LTE/LTE-A systems to RF spoofing

The long-term evolution (LTE) is cellular communications standard that is widely adopted and deployed around the world. It offers high-speed wireless services to meet the increasing demand on user data traffic. LTE technology is also considered for public safety networks. Hence, it is mandatory to ensure that the LTE system can operate in interference-prone environments including targeted interference. We introduce the term LTE control channel spoofing, which refers to transmitting a partial LTE downlink frame, created by a fake eNodeB which does not possess the registration keys nor offers any service. We have built a testbed to demonstrate that this can cause permanent denial of service for UEs that are in cell selection process. This is achieved by sending fake control channel messages rather than authentication attacks. The failure of attachment that is caused by LTE control channel spoofing can be explained in conjunction with the 3GPP specifications. Mitigation techniques are proposed to effectively enhance the robustness of LTE systems and ensure that it is secure and available when and where needed. The recommended modifications to the specifications only require simple changes to UE message handling and are backward compatible with currently deployed LTE networks.