Tutorial: LTE and 5G Protocol Security Procedures and Vulnerability Analyses Using Software Radio Testbeds

  • Room: Meridian 1
Tuesday, October 30, 2018: 9:00 AM - 12:00 PM


Vuk Marojevic
Associate Professor
Electrical and Computer Engineering, Mississippi State Univeristy
Roger Piqueras Jover
Security Research Scientist and Senior Security Architect
Bloomberg LP
Jeff Reed
Willis G. Worcester Professor
Virginia Tech


This tutorial provides an introduction to mobile network protocol security and exploitation, with specific focus on the long-term evolution (LTE) and the recently released 5G specifications. Starting from the physical and link layers, the tutorial covers the basics of the LTE Radio Access Network (RAN) and Enhanced Packet Core (EPC). Focusing on the RAN, we analyze the threat of advanced protocol-aware radio frequency (RF) jamming and spoofing. We present our methodology and metrics for analyzing the vulnerabilities of LTE. It is based on experimental evaluation in a controlled radio environment using Virginia Tech’s integrated LTE testbed. The testbed uses software-defined radios as well as industrygrade LTE test instruments.

The second part reviews the LTE Non-Access Stratum (NAS) protocol and discuss the rationale behind the insecurity of LTE mobile protocols. A comprehensive list of threats against mobile networks are identified and categorized. We discuss the effects of rogue LTE base stations as well as those of other protocol exploits that can lock mobile devices, get their location, or force them to handover to an insecure GSM connection. As part of this analysis, the tutorial reviews the known exploits against LTE that have been published over the last 5 years.

The 3rd Generation Partnership Project (3GPP) released the 5G new radio (NR) physical layer specifications in December 2017 and the security architecture and procedures in March 2018. We therefore extend the above analyses to gauging the impact of protocol-aware jamming and protocol exploits against 5G NR in part III of the tutorial. We look at the physical layer as well as the higher layers and analyze the feasibility of equivalent and new protocol exploits. We compare the 5G NR vulnerabilities against those of 4G LTE. Finally, we discuss emerging applications and provide research directions to improve the security and availability of future mobile networks.


Sponsored by:

Approved for 2 CompTIA CEUs: A+, Network+, Security+, Cloud+, CySA+, and CASP; 2 Logical Operations CFR; and 2 GIAC CPEs