These days, enterprises focus on securing their wireless devices, their mobile apps, their corporate networks, their clouds. The one factor out of IT's hands, however, is carrier networks. New research from the Wireless @ Virginia Tech program shows that there may be good reason to worry about the security of national wireless networks, especially as the carriers finally converge onto a common technology standard: LTE. (It only took them four generations.)
The National Telecommunications and Information Administration has proposed to develop a nationwide interoperable public safety broadband LTE network called FirstNet that would help disparate agencies and first responders collaborate more efficiently during crises.
Wireless @ Virginia Tech, headed by Dr. Jeffrey Reed, responded to the FirstNet proposal by evaluating three different kinds of jamming attacks that could threaten or disable an LTE network. "It is very possible for radio jamming to accompany a terrorist attack, for the purpose of preventing communications and increasing destruction," wrote Dr. Reed. "Likewise it is possible for criminal organizations to create mayhem among public safety personnel by jamming."
Dr. Reed and his team focused on the types of attacks that could be expected in five to 10 years, each of which aims to cause denial of service to at least one LTE cell. These attacks target one or more LTE subsystems via the uplink or downlink signal.
Dr. Reed described synchronization signal jamming, the first type of attack, as "a brute force method" of preventing a mobile phone from getting three packets of information it needs to connect to an LTE cell.
The second type of attack, primary synchronization signal jamming, does not immediately cause denial of service. "It will prevent new [phones] from accessing the cell(s), and cause [devices] in idle mode to reselect a bogus cell," according to Dr. Reed. "However, it is sufficient for an attack that will last a long period of time." To prevent this type of attack, Dr. Reed's team suggests instituting a cell reselection methodology that can "blacklist 'bogus synchronization signals.'"
Finally, physical uplink control channel jamming leads to degraded cell service, which ultimately results in denial of service.
So how likely are these attacks to occur — and to wreak havoc? One wireless engineer said that while each type of attack scenario is valid, "You would need to deploy jammers throughout the city, and you'd need to combine several jamming methods, as for instance synchronization signal jamming alone will not kick existing users off a cell site.
"The real news here," he continued, "is that LTE will unify the wireless tech world and make jamming easier (if you know your operator's specific LTE spectrum configuration)."