Security of Long Term Evolution (LTE) Mobile Networks

The LTE (Long Term Evolution) is quickly becoming the network technology of choice for 4G deployments around the world. As user demand for mobile broadband services continues to rise, LTE and its ability to cost-effectively provide very fast, highly responsive mobile data services appears to be the right technology at the right time. However, an LTE network attacker can set up a rogue base station easily to make the victim user equipment (UE) connect to such base station and get the UEs International Mobile Subscriber Identity (IMSI) as the objective is to access sensitive information and/or create a Denial of Service (DoS). The privacy of the UE will be compromised and if there is a security vulnerability then the LTE network will not be used by the people. So this dissertation discusses the ways of protecting the LTE network against security attacks.;To address this issue, two different methods are proposed to preserve the sensitive information of users. First, a rogue base station identification protocol is proposed to protect UE privacy. The proposed protocol utilizes the mobile property of the UE and is designed based on the observation that a rogue base station can only cover a small area. The proposed protocol uses the measurements of UE in different locations to estimate the power and location of the base stations. The UE also tracks the signatures of each legitimate base station. If the base station is already verified by the detection protocol, then the UE connects to the base station according to LTE standard. For any new appearing base stations it sends the power of the base station and the GPS location itself to a cloud server to verify the legitimacy of the base station. The cloud server maintains a database of real base stations. The proposed protocol does not need to change existing LTE standard and no base station modification is required. The proposed protocol is implemented on NS3 LTE module and evaluated with various practical settings. The results indicate the proposed protocol can ensure that the UE can successfully detect rogue base stations and avoid sending privacy data to rogue base stations. Second, a protocol is proposed to identify fake base stations to protect user privacy. The basic idea is to synchronize to all base stations in range and collect the network IDs. Based on the fact that legitimate base stations have the same network ID that is different from fake ones, the UE can connect to the legitimate base station with the strongest power instead of any base station with the strongest power in traditional design. The proposed protocol is a UE side solution and no base station modification is required. This protocol can be deployed in the future. The proposed protocol is implemented on NS3 LTE module and evaluated with various practical settings. The results indicate the proposed protocol can ensure that the UE can always connect to the legitimate base station with the strongest power.