Litcius/Paper detail

Fake Base Station Detection and Blacklisting

Sourav Purification, Simeon Wuthier, Jinoh Kim, Jonghyun Kim, Sang‐Yoon Chang

202411 citationsDOI

Abstract

A fake base station is a well-known security issue in mobile networking. The fake base station exploits the vulnerability in the broadcasting message announcing the base station’s presence, which is called SIB1 in telecommunications protocols such as 4G LTE and 5G NR, to get the user equipment to connect to itself. Once connected, the fake base station can deprive the user of connectivity and access to the Internet/cloud. We discover that a fake base station (which engages the user equipment until parts of the connectivity setup and then discontinues with the protocol) can disable the victim user equipment’s connectivity for an indefinitely long time, which we validate using our threat prototype against current 4G/5G practice. We design and build a detection and blacklisting identification of the fake base station so that the user equipment can avoid the base station and move on to connecting to a legitimate base station for the connectivity availability. Our detection and blacklisting scheme builds on the standardized 5G protocol and requires the implementation only on the user equipment (no further protocol changes), facilitating practicality. Our scheme uses the real-time information of both the time duration and the number of request transmissions, which features are directly impacted by the fake base station’s threat and have not been studied in the previous research. We implement both the base station and the user defense on software-defined radio using open-source 5G software (srsRAN and Open5GS) for validations. We vary the base station implementation to simulate legitimate vs. faulty-but-legitimate vs. fake-and-malicious base stations, where the faulty base station notifies the connectivity disruption and releases the session while the fake base station continues to hold the session. We empirically analyze the detection and identification thresholds, which vary with the fake base station’s power and the channel condition. By strategically selecting the threshold parameters, our scheme provides zero errors, including zero false positives to avoid blacklisting the temporarily faulty base stations which can not provide the connectivity at the time.

Topics & Concepts

BlacklistingComputer scienceBase (topology)BlacklistBase stationComputer securityComputer networkMathematical analysisMathematicsDigital Media Forensic DetectionAdvanced Malware Detection TechniquesDigital and Cyber Forensics
Fake Base Station Detection and Blacklisting | Litcius