TY - GEN
T1 - How voice call technology poses security threats in 4G LTE networks
AU - Tu, Guan Hua
AU - Li, Chi-Yu
AU - Peng, Chunyi
AU - Lu, Songwu
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/12/3
Y1 - 2015/12/3
N2 - To support voice calls vital to mobile users and carriers, 4G LTE cellular networks adopt two solutions: VoLTE (Voice Over LTE) and CSFB (Circuit-Switched FallBack). In this paper, we disclose that both schemes are harmful to mobile users from a security perspective. The adoption of the latest VoLTE allows an attacker to manipulate the radio resource states of the victim's device in a silent call attack, thereby draining the victim's battery 5-8 times faster. CSFB exhibits two vulnerabilities of exposing 4G↔3G network switch to adversaries. This can be further exploited to launch ping-pong attacks where mobile users may suffer from up to 91.5% performance downgrade, or 4G denial-of-service (DoS) attacks where mobile users are deprived of 4G LTE connectivity without their consent. We devise two proof-of-concept attacks as showcases, and demonstrate their viability over operational LTE networks. We analyze their root causes and uncover that the problems lie in seemingly sound design decisions for functional correctness but such choices bear unexpected and intriguing implications for security design. We finally propose remedies to mitigate the attack damage.
AB - To support voice calls vital to mobile users and carriers, 4G LTE cellular networks adopt two solutions: VoLTE (Voice Over LTE) and CSFB (Circuit-Switched FallBack). In this paper, we disclose that both schemes are harmful to mobile users from a security perspective. The adoption of the latest VoLTE allows an attacker to manipulate the radio resource states of the victim's device in a silent call attack, thereby draining the victim's battery 5-8 times faster. CSFB exhibits two vulnerabilities of exposing 4G↔3G network switch to adversaries. This can be further exploited to launch ping-pong attacks where mobile users may suffer from up to 91.5% performance downgrade, or 4G denial-of-service (DoS) attacks where mobile users are deprived of 4G LTE connectivity without their consent. We devise two proof-of-concept attacks as showcases, and demonstrate their viability over operational LTE networks. We analyze their root causes and uncover that the problems lie in seemingly sound design decisions for functional correctness but such choices bear unexpected and intriguing implications for security design. We finally propose remedies to mitigate the attack damage.
UR - http://www.scopus.com/inward/record.url?scp=84954184459&partnerID=8YFLogxK
U2 - 10.1109/CNS.2015.7346856
DO - 10.1109/CNS.2015.7346856
M3 - Conference contribution
AN - SCOPUS:84954184459
T3 - 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015
SP - 442
EP - 450
BT - 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd IEEE International Conference on Communications and Network Security, CNS 2015
Y2 - 28 September 2015 through 30 September 2015
ER -