• norsk
    • English
  • norsk 
    • norsk
    • English
  • Logg inn
Vis innførsel 
  •   Hjem
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • Vis innførsel
  •   Hjem
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • Vis innførsel
JavaScript is disabled for your browser. Some features of this site may not work without it.

Investigation of LTE Privacy Attacks by Exploiting the Paging Mechanism

Zhou, Shelley Xianyu
Master thesis
Thumbnail
Åpne
18206_FULLTEXT.pdf (3.717Mb)
18206_COVER.pdf (1.556Mb)
Permanent lenke
http://hdl.handle.net/11250/2561308
Utgivelsesdato
2018
Metadata
Vis full innførsel
Samlinger
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1596]
Sammendrag
In mobile communication in general, and LTE in particular, security

should be a main focus, also because of the vulnerabilities introduced

by the radio link. Compared to GSM and UMTS, the LTE security has

been improved. However, the paging procedure is still not protected in

LTE. The unprotected paging unfortunately opens possibility for hackers

to gather sensitive information or track the user s location. This thesis

studies attacks that are feasible because of the weaknesses of the paging

procedure.

A theoretical study of published papers about the attacks making use

of the paging procedure is conducted in this thesis. In addition, several

published papers proposing countermeasures against the attacks are also

studied.

In this thesis, a paging message catcher is set up and catches paging

messages from the commercial LTE. A paging message catcher is basically

a passive message sniffer. It listens to the paging channel of the LTE air

interface, and collects paging messages. The collected paging messages

are decoded and analyzed.

By analyzing the collected paging messages, it is confirmed that both

Telia s and Telenor s LTE have enabled a non-standardized smart paging

feature. The smart paging feature is introduced by most LTE vendors to

improve the network resource efficiency. The feature essentially enables

the network to page a user within one or few latest observed active cells

instead of a whole tracking area. It has a side effect though in terms

of location tracking by listening to the paging, as a paged user can be

located within a much smaller geographical area.

In this thesis, it is verified how often Telia s LTE updates the temporary

identity of a UE and what events trigger the updates. Telia is selected

because of subscription availability. In LTE, a temporary identity is

used to achieve user identity confidentiality. The temporary identity is

supposed to get updated often enough to avoid traceability over time.

A paging response feeder is attempted as well in this thesis with the goal

of verifying the feasibility and potential consequence for the victim. In

contrast to the paging message catcher which is passive, a paging response

feeder is an active attacking device. It acts as a UE and tries to feed in

paging response impersonating a victim.
Utgiver
NTNU

Kontakt oss | Gi tilbakemelding

Personvernerklæring
DSpace software copyright © 2002-2019  DuraSpace

Levert av  Unit
 

 

Bla i

Hele arkivetDelarkiv og samlingerUtgivelsesdatoForfattereTitlerEmneordDokumenttyperTidsskrifterDenne samlingenUtgivelsesdatoForfattereTitlerEmneordDokumenttyperTidsskrifter

Min side

Logg inn

Statistikk

Besøksstatistikk

Kontakt oss | Gi tilbakemelding

Personvernerklæring
DSpace software copyright © 2002-2019  DuraSpace

Levert av  Unit