CableLabs eyes mobile security challenges

Nov. 18, 2019
False Base Station (FBS) has posed a security threat to all generations of mobile networks since 2G. Certain aspects of 5G help mitigate the risks, but in 5G release 16, 3GPP SA3 is studying ...

False Base Station (FBS) has posed a security threat to all generations of mobile networks since 2G. Certain aspects of 5G help mitigate the risks, but in 5G release 16, 3GPP SA3 is studying FBS again and looking for a more complete solution, according to a recent CableLabs blog post. However, consensus has not been reached.

"It is hard to predict when the companies which object to the (proposed) solutions will change their position," said Tao Wan, principal architect, Security, CableLabs.

For those not familiar, FBS, and likewise Rogue Base Station (RBS), International Mobile Subscriber Identifier (IMSI) Catcher or Stingray, refers to a combination of hardware and software that allows for both active and passive attacks over radio access networks (RANs) by exploiting security weaknesses in mobile networks. Namely, base stations broadcast information about the network so that mobile devices can select an appropriate cell and connect. These messages are not protected because of a variety of challenges. The FBS broadcasts the same network identifier using a stronger signal so that it succeeds in luring the user away. (The signal has to be at least 30 dB stronger; those 40 dB stronger have a 100% success rate.) A passive attack involves listening but not interfering with the communication; the end result could be identity theft or location tracking. An active attack is a man-in-the-middle or a man-on-the-side setup where a signal is injected.

3GPP has studied the mitigation of FBS-type attacks, but there have been constraints including difficulty in both the deployment of cryptographic key management and timing synchronization. 5G Release 15 specifies network side detection which reduces the risk but does not fully prevent FBS. 5G Release 15 also offers public key encryption of subscriber permanent identifier, which makes it more difficult for the FBS to get hold of this information.

CableLabs' view is that lack of integrity protection of broadcasting messages is the primary reason FBS can occur, and therefore the solution should include protecting broadcasting messages with integrity via public key based digital signatures, for example. However, Wan said that there is not one solution to fit all, since there are hundreds of mobile operators worldwide and more to come. Therefore, there should be multiple solutions supported so that operators can make the best choice for them.

The digital-signature based solutions face challenges with key management, computational overhead, and time synchronization between devices. The solutions that are not related to digital signatures leverage the existing security contexts shared between devices and the network when the devices are in the state to verify broadcast message integrity.

"The challenge with those solutions is that they can only mitigate certain threats," Wan said.

Users are often not aware that the attack is occurring, but sometimes there are ways to detect it. For example, if the service generation icon switches from 4G or LTE to 2G, that could be a sign, Wan said. Users should also be aware of fraudulent text messages send out by FBS; certain mobile apps are available to help determine which messages are frauds.

"We look forward to agreement from 3GPP SA3 on a long-term solution that can fundamentally solve the problem of FBS in 5G," Wan said.        

About the Author

BTR Staff

EDITORIAL
STEPHEN HARDY
Editorial Director and Associate Publisher
[email protected]
MATT VINCENT
Senior Editor
[email protected]
SALES
KRISTINE COLLINS
Business Solutions Manager
(312) 350-0452
[email protected]
JEAN LAUTER
Business Solutions Manager
(516) 695-3899
[email protected]

Sponsored Recommendations

From Concept to Connection: Key Considerations for Rural Fiber Projects

Dec. 3, 2024
Building a fiber-to-the-home network in rural areas requires strategic planning, balancing cost efficiency with scalability, while considering factors like customer density, distance...

On Topic: Tech Forecast for 2025/ What Will Be Hot

Dec. 9, 2024
As we wind down 2024, Lightwave’s latest on-topic eBook will examine the hot topics for 2025. AI is at the top of the minds of optical industry players supporting...

On Topic: Metro Network Evolution

Dec. 6, 2024
The metro network continues to evolve. As service providers have built out fiber in metro areas, they have offered Ethernet-based data services to businesses and other providers...

Meeting AI and Hyperscale Bandwidth Demands: The Role of 800G Coherent Transceivers

Nov. 25, 2024
Join us as we explore the technological advancements, features, and applications of 800G coherent modules, which will enable network growth and deployment in the future. During...