LTE PHY Layer Vulnerability Analysis and Testing Using Open-Source SDR Tools

TL;DR

This paper introduces a methodology and open-source tools to analyze and test the physical layer vulnerabilities of LTE systems using software-defined radios, focusing on subsystem resilience under interference.

Contribution

It presents a novel methodology for subsystem-level vulnerability analysis of LTE PHY layers and provides open-source software for research and educational purposes.

Findings

Control channels vary in resilience to interference

Synchronization signals are highly resilient

Downlink pilots are most susceptible to interference

Abstract

This paper provides a methodology to study the PHY layer vulnerability of wireless protocols in hostile radio environments. Our approach is based on testing the vulnerabilities of a system by analyzing the individual subsystems. By targeting an individual subsystem or a combination of subsystems at a time, we can infer the weakest part and revise it to improve the overall system performance. We apply our methodology to 4G LTE downlink by considering each control channel as a subsystem. We also develop open-source software enabling research and education using software-defined radios. We present experimental results with open-source LTE systems and shows how the different subsystems behave under targeted interference. The analysis for the LTE downlink shows that the synchronization signals (PSS/SSS) are very resilient to interference, whereas the downlink pilots or Cell-Specific Reference signals (CRS) are the most susceptible to a synchronized protocol-aware interferer. We also analyze the severity of control channel attacks for different LTE configurations. Our methodology and tools allow rapid evaluation of the PHY layer reliability in harsh signaling environments, which is an asset to improve current standards and develop new robust wireless protocols.