See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/327231026

Security and Privacy in 4G/LTE Network

Chapter · August 2018

CITATIONS READS

3 9,252

2 authors:

Nour Moustafa Jiankun Hu

UNSW Canberra UNSW Sydney
222 PUBLICATIONS 11,817 CITATIONS 380 PUBLICATIONS 12,631 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Nour Moustafa on 27 August 2018.

The user has requested enhancement of the downloaded file.

S

network of networks that a system uses

Security and Privacy in 4G/LTE for accessing the Internet/network.
Network APT (Advanced Persistent Threat) is a set
of stealthy, advanced and continuous
Nour Moustafa and Jiankun Hu
hacking processes, often launched
School of Engineering and Information
and controlled by a hacker targeting
Technology, ADFA, Canberra, ACT, Australia
a particular victim.
DoS (Denial of Service) is a cyberattack that
attempts to disrupt services of a host or
Synonyms
network.
4G: Fourth generation; 4G/LTE technologies or
4G/LTE wireless networks; Advanced persistent Introduction
threats(APT) or sophisticated attacks; LTE:
Long-term evolution Over the last few decades, mobile systems have
become essential for users to perform their daily
tasks. This has led to the rapid evolution of wire-
Definitions less technologies, including the second genera-
tion (2G), third generation (3G), and fourth gen-
4G (Fourth Generation for wireless networks) eration (4G) for mobile networks, to ubiquitously
is a set of fourth-generation cellular spread mobile telecommunication services (Sed-
data technologies, which enables digh et al. 2010). The 4G wireless technology has
multimedia communication and recently coined for improving broadband perfor-
provides high data transfer rates. mance and allowing multimedia programs. Con-
LTE (Long-Term Evolution) denotes a stan- sequently, its architectures and standards have
dard for a smooth and efficient tran- considerably enhanced to transfer higher data
sition toward more advanced leading rates than 2G and 4G. Meanwhile, Long-Term
edge technologies for increasing the Evolution (LTE) has evolved to become one of
capacity and speed of wireless data net- the effective technologies that accomplish the 4G
works. wireless performance goals (Shaik et al. 2015).
TCP/IP (Transmission Control Protocol/Inter- Due to the high performances of 4G/LTE mo-
net Protocol) refers to a set of bile devices, the LTE subscribers are expected to
protocols designed to construct a be about 3.16 billion by the end of 2018 (Statista

© Springer International Publishing AG, part of Springer Nature 2018

X.(S.) Shen et al. (eds.), Encyclopedia of Wireless Networks,
https://doi.org/10.1007/978-3-319-32903-1_119-1
2 Security and Privacy in 4G/LTE Network

2018). There are various technological advances high quality of service (QoS) and capacity, and
that 4G/LTE wireless networks provide when (3) high network speeds and coverage (Seddigh
compared to earlier technologies. Firstly, 4G/LTE et al. 2010; Rao et al. 2017). The characteristics
mobile systems work perfectly by utilizing the of 4G technologies compared with 2G and 3G
TCP/IP model. This, in fact, decreases financial are listed in Table 1 (Fagbohun 2014).
and computational costs, where portable devices The bandwidth efficiency and allocation
can connect to the Internet using an Internet Pro- schemes are two important requirements that
tocol (IP) without any constraints to previously should be considered while designing 4G
closed cellular configurations. Nevertheless, with standards (Seddigh et al. 2010). In 4G wireless,
the wide variety of communication protocols in- voice/video multimedia is transited using
cluded in the TCP/IP model, 4G/LTE wireless the network protocols of the TCP/IP model.
networks face multiple security and privacy is- Therefore, the ITU-IMT-Advanced standard for
sues (Seddigh et al. 2010; Shaik et al. 2015). 4G wireless technology should be configured to
The key issues for securing 4G/LTE wireless be compatible with the protocols and services of
networks can be summarized into three aspects. the TCP/IP model. Several 4G wireless standards,
Firstly, mobile devices can flexibly access the in particular, LTE and Mobile WiMAX, have
Internet from any location and are therefore vul- been developed to meet the IMT-Advanced
nerable to being hacked by different advanced requirements and provide broadband wireless
persistent threats (APT). Secondly, while mo- connections for mobile devices (Seddigh et al.
bile IP-based systems are regularly updated with 2010; Rao et al. 2017).
cryptographic and security mechanisms, there is
an effect on their performance and traffic process- LTE Architecture
ing capacity that requires secure and upgraded A LTE architecture includes the modules needed
wireless standards and architectures. Finally, al- to install network protocols between base stations
though vendors are producing new generations and mobile systems. As presented in Fig. 1, the
of 4G/LTE technologies, they do not regularly architecture involves three modules: User Equip-
develop new standards to mitigate vulnerabilities ment (UE), Evolved Universal Terrestrial Ra-
and deter growing cyber APT (Seddigh et al. dio Access Network (E-UTRAN), and Evolved
2010; Shaik et al. 2015; Li et al. 2018). Packet Core (EPC) (Seddigh et al. 2010; Shaik
et al. 2015). The UE, for example, laptops or
smartphones, can link to the wireless network
Background across the evolved NodeB (eNodeB) using the E-
UTRAN base stations. The eNodeB utilizes some
This section discusses the background of 4G access network protocols for exchanging mes-
wireless standards and LTE architectures. Se- sages with the UE. The E-UTRAN links to the
curity controls of 4G/LTE architecture are also EPC which is an IP-based infrastructure, while
explained. the EPC links to the provider of the wireline IP
network.
4G Wireless Standards The 4G/LTE network architecture has some
The International Telecommunications Union enhancements compared to 3G wireless (Shaik
(ITU) declared an International Mobile et al. 2015). Firstly, it has two types of network el-
Telecommunications-Advanced (IMT-Advanced) ements (NEs): (1) the eNodeB that is an improved
standard for 4G wireless networks. This standard base station and (2) the Access Gateway (AGW)
provides the specifications of radio access and that integrates all the functions, specifically Mo-
core 4G wireless networks. The 4G wireless bility Management Entity (MME), needed for the
technology includes the following criteria: (1) EPC. The MME can control the UE identifica-
high data rate, which is 100 Mbps for mobile tion, as well as processing security authentication
devices and 1 Gbps for computer devices, (2) and mobility. LTE can support a meshed structure
Security and Privacy in 4G/LTE Network 3

Security and Privacy in 4G/LTE Network, Table 1 Characteristics of 2G, 3G, and 4G technologies
Features 2G 3G 4G
Standards GSM, iDEN,D-MPS WCDMA, CDMA 2000 Single unified standard, ITU IMT-
Advanced
Data rates 14.4 kbps 2 Mbps 100 Mbps
Services Digital voice, Short Messag- high-quality audio, video, Dynamic information access with higher
ing data multimedia quality, wearable devices
Technology Digital cellular Broad bandwidth CDMA, Unified IP, seamless combination of broad-
IP technology band, LAN/WAN/PAN, WLAN
Core network PSTN Packet Network Internet
Multiplexing TDMA, CDMA CDMA CDMA

Tracking area MME

Cell

Internet
Internet

eNodeB eNodeB
UE

E-UTRAN EPC

Security and Privacy in 4G/LTE Network, Fig. 1 LTE network architecture

that improves wireless network performance, for the sophistication of APT hackers make security
example, an eNodeB can connect with several and privacy of 4G/LTE systems challenging.
AGWs. Finally, as the architecture is compatible
with the TCP/IP model, traffic packets at any UE
can be handled using the AGW and eNodeB with 4G/LTE Security Requirements
different IP-based devices, such as routers. S
In order to secure mobile devices that use 4G/LTE
4G/LTE Security Controls wireless technologies, there should be protection
Abstraction layers are inserted in the 4G/LTE ar- for the connections between the UEs and MMEs
chitecture in terms of the unique identifiers (IDs) and between elements in the wireline networks
for smartphones (i.e., UEs). A temporary unique and mobile stations. For satisfying these require-
ID is used on the SIM card to prevent attack- ments, the 4G/LTE security is significantly im-
ers from stealing identifiers. Another technique proved by adding (1) advanced key hierarchy,
for improving 4G security is adding protected (2) protracted authentication and key agreement,
singling between the UE and MME (Seddigh and (3) additional interworking security for the
et al. 2010; Mohapatra et al. 2015). Security NEs (Mohapatra et al. 2015). The requirements
mechanisms are utilized to secure the connec- are classified into key building blocks and LTE
tions between 4G networks and secure non-4G end-to-end security (Seddigh et al. 2010), as
networks using key management authentication explained below.
protocols. Although several security controls are
used for 4G/LTE wireless technology, its design, • Key building blocks include the following
which is based on an open-IP architecture, and elements:
4 Security and Privacy in 4G/LTE Network

– Key security and hierarchy a unique and temporary UE identity when

LTE has five key strategies used for con- a UE is connected with a cell.
nections of the EPS and E-UTRAN. The
keys are declared as follows: (1) KANS • LTE end-to-end security involves the follow-
encryption and integrity keys are used to ing elements:
protect non-access stratum (NAS) traffic – Authentication and Key Agreement
between the UE and MME, (2) a KUP (AKA)
encryption is used to encrypt traffic be- The foundation of LTE security is
tween the UE and eNodeB, and (3) KPRC authenticating the UEs and wireless
encryption and integrity keys are used to networks. This can be accomplished using
secure the Radio Resource Control (RRC) the AKA process which asserts that the
between the UE and eNodeB. serving network authenticates the identity
– Key management of a user and the UE certifies the network
LTE key management comprises three signature. The AKA creates encryption
functions: key establishment, distribution, and integrity keys applied for originating
and generation. It is essential that 4G/LTE various session keys for ensuring the
wireless technology has key management 4G/LTE security and privacy.
mechanisms that prevent stealing keys, as – Confidentiality and integrity of signaling
mobile devices with IP-based infrastruc- Security of network access control
ture can frequently access different wire- planes is achieved when the RCC and
less networks. An Authentication and Key NAS layer signaling is encrypted and
Agreement (AKA) process is utilized for integrity protected. Ciphering and integrity
establishing and verifying keys in 4G/LTE protection of LTE RRC signaling is
systems. executed at the packet data convergence
– Authentication, encryption, and in- protocol (PDCP) layer, whereas the NAS
tegrity protection layer attains the protection by encrypting
LTE depends on using regular updating the NAS-level signaling. This protection
of the authentication process by exchang- cannot be uniquely performed for each
ing sequence numbers in the messages of UE connection, but it runs across trusted
encryption mechanisms. The IPsec proto- connections between AGW and eNodeB.
col and tunnels are also used for assert- – User plane confidentiality
ing the confidentiality of users’ data while LTE has a security feature for user plane
transmitting traffic between LTE nodes. via encrypting data/voice between the UE
– Unique user identifiers and eNodeB. Encryption is executed at the
LTE has several user identifier IP layer by utilizing IPsec-based tunnels
mechanisms that thwart attackers from between AGW and eNodeB, but no in-
learning mobile user identities; therefore, tegrity protection is offered for the user
attackers cannot track user profiles or plane due to performance and efficiency
launch denial of service (DoS) attacks considerations. The PDCP layer is used
against users. The identifier mechanisms for enabling encrypting/decrypting the user
contain the following: (1) international plane while transmitting traffic between the
mobile equipment identifier (IMEI) which eNodeB and UE.
is a permanent unique identifier for each
mobile, (2) M-TMSI which is a temporary
identifier that defines the UE inside
the MME, and (3) cell radio network
temporary identifier (C-RNTI) which is
Security and Privacy in 4G/LTE Network 5

Cyberattacks and Countermeasure wireless networks (Seddigh et al. 2010; Ferrag

Techniques et al. 2017).
• Availability attacks
4G/LTE wireless technology faces different types Attacks against availability try to make
of cyberattacks that could affect integrity, privacy, services unavailable, such as the service of
availability, and authentication, as described be- data routing (Ferrag et al. 2017). The first
low. in first out (FIFO) and DoS attacks can be
launched by flooding massive malicious ac-
• Privacy attacks tions to 4G wireless victims for disrupting
Attacks against the privacy of mobile their computational resources. Firewall and
users’ data attempt to expose sensitive intrusion detection systems have been usually
data/multimedia of users. A man-in-the- used for defending against these attacks.
middle (MITM) attack is the most serious
privacy attacks in wireless networks that
depend on a false base station attack when
anomalous third-party masquerades its 4G/LTE Challenges and Future Trends
base transceiver station (Mohapatra et al.
2015). Privacy-preserving authentication and Despite a plethora of research and technical stud-
encryption mechanisms have been widely ies that have been conducted for securing 4G/LTE
used to protect wireless networks against the wireless networks, there are several challenges
MITM attacks (Ferrag et al. 2017; Deebak that should be the focus of researchers in future
et al. 2016). that are discussed below, besides a summary in
• Integrity attacks Table 2.
Attacks against integrity attempt to modify
exchanging data between the 4G access points • Designing a flexible and scalable 4G/LTE ar-
and mobile users. Cloning attacks based on the chitecture that can address security and pri-
MITM and message modification scenarios vacy issues is an arduous task. There are
are the major integrity attacks that alter mobile multiple devices and systems that are usually
user information. Authentication and privacy- connected with 4G networks that result in
preserving mechanisms with hash functions vulnerabilities and loopholes in networks.
have been broadly used for securing 4G wire- • Discovering DoS attacks that attempt to vi-
S
less networks against integrity attacks (Ferrag olate 4G wireless networks, as hackers fre-
et al. 2017; Hasan et al. 2017). quently establish new sophisticated variants
• Authentication attacks against eNodeB, UE, and discontinuous re-
Attacks against authentication attempt to ception services.
disturb the client-to-server and/or server-to- • Location tracking denotes tracing the UE pres-
client authentication process. The password ence in a specific cell(s). While many portable
reuse, brute force, password stealing, and dic- devices could link to a 4G/LTE wireless net-
tionary attacks are popular wireless hacking work, ensuring that location tracks of the de-
schemes that interrupt the password-based au- vices are not breached is still a challenging
thentication. In the hacking schemes, an at- issue, due to the considerations of operability
tacker can pretend to be a legal user and try to and scalability.
log in to a server by guessing various words as • The utilization of an effective 4G wireless
a password from a dictionary. Encryption and Software Dened Network (SDN) is a chal-
authentication techniques have been utilized lenge. More specifically, there are technical
for preventing such kind of attacks from 4G gaps in the network scalability, security, and
privacy issues with the SDN.
6 Security and Privacy in 4G/LTE Network

Security and Privacy in 4G/LTE Network, Table 2 Challenges and security and privacy methods of 4G/LTE
technology
Challenges Cyber-attacks Security and privacy methods
A resilient 4G/LTE architecture Privacy attacks: replay, MITM, Privacy-preservation, authentication
impersonation, collaborated, tracing, and encryption mechanisms
spoong, privacy violation, masquerade
Tracking locations of devices Integrity attacks: cloning, spam, mes- Hashing and encryption, and authen-
sage blocking, message modification tication and privacy-preserving meth-
attack, message, insertion, tampering ods
An effective 4G/LTE wireless Soft- Availability attacks: FIFO, redirec- Firewall systems, signature-based and
ware Defined Network (SDN) tion, physical attack, skimming, and anomaly-based systems
free-riding
Collaborative 4G/LTE security and Authentication attacks: password Encryption and authentication tech-
privacy approaches operate on cloud reuse, password stealing, dictionary, niques
and edge paradigms brute force, desynchronization,
forgery attack, collision, stolen smart
card

• Trusted connections through 4G networks in  Wireless Security

the existence of eavesdroppers are the issues.  Wireless Threats
Especially, when 4G wireless technology is  Wireless Internet of Things
used in the Internet of Things, it requires
new cryptographic mechanisms that provide
protection and integrity for smartphones and References
computer systems.
• Instead of individual security techniques, a Deebak BD, Muthaiah R, Thenmozhi K, Swaminathan PI
(2016) Analyzing the mutual authenticated session key
systematic security and privacy protection in ip multimedia server-client systems for 4G networks.
strategies are required for 4G/LTE wireless Turk J Electr Eng Comput Sci 24(4):3158–3177
connections while connecting with cloud and Fagbohun O (2014) Comparative studies on 3G, 4G and
edge computing paradigms. This will provide 5G wireless technology. IOSR J Electr Commun Eng
9(3):88–94
valid security mechanisms, for example, trust Ferrag MA, Maglaras L, Argyriou A, Kosmanos D, Jan-
models, device security, and data assurance icke H (2017) Security for 4G and 5G cellular net-
techniques. works: a survey of existing authentication and privacy-
preserving schemes. J Netw Comput Appl 101:55–82
Hasan K, Shetty S, Oyedare T (2017) Cross layer attacks
on GSM mobile networks using software defined ra-
Key Applications dios. In: 2017 14th IEEE annual consumer communi-
cations & networking conference (CCNC). IEEE, Las
The 4G/LTE wireless technology has emerged Vegas, NV, pp 357–360
Li S, Da Xu L, Zhao S (2018) 5G internet of things: a
for enhancing broadband performance and per- survey. J Ind Inform Integr 10:1–9
mitting multimedia applications. The technology Mohapatra SK, Swain BR, Das P (2015) Comprehensive
has been used for the Internet of Things (IoT) for survey of possible security issues on 4G networks. Int
connecting Machine-to-Machine (M2M) systems J Netw Secur Appl 7(2):61
Rao KV, Rao OK, Sainath MN (2017) A study on broad
and devices such as the In-Vehicle Multi-Carrier spectrum of various wireless technologies. Int J Innov
Router. Adv Comput Sci 6(12):354–360
Seddigh N, Nandy B, Makkar R, Beaumont JF (2010)
Security advances and challenges in 4G wireless net-
works. In: 2010 eighth annual international conference
Cross-References on privacy security and trust (PST). IEEE, Ottawa, ON,
pp 62–71
 4G/LTE Wireless Technology
Security and Privacy in 4G/LTE Network 7

Shaik A, Borgaonkar R, Asokan N, Niemi V, Seifert JP Statista (2018) LTE subscribers. https://www.statista.com/
(2015) Practical attacks against privacy and availabil- statistics/206615/
ity in 4G/LTE mobile communication systems. arXiv
preprint arXiv:151007563

View publication stats