Analyzing RRC Replay Attack and Securing Base Station with Practical Method.

This paper presents our analysis on the possibility of replay attacks with Radio Resource Control (RRC) packet on 5G Non-Standalone (NSA) network based on the 3GPP standard document. We analyzed the RRC Connection Setup process of User Equipment (UE), a malicious UE before and after sending an RRC connection request message, and processing procedures of the false base station and the commercial 5G base station. Through sending a strong signal, the false base station can cause a victim UE to establish the RRC connection to the false base station itself. Moreover, it may be able to launch a Denial-of-Service (DoS) attack, resulting in continuous denial of network access to the victim UE, by exploiting an RRC control message without integrity protection, and victim's temporary identity. In order to protect 5G communication services securely, we suggested practical measures to deter a replay attack based on the 3GPP standard document.