# CSAI: Open-Source Cellular Radio Access Network Security Analysis   Instrument

**Authors:** Thomas Byrd, Vuk Marojevic, Roger Piqueras Jover

arXiv: 1905.07617 · 2019-05-21

## TL;DR

This paper introduces CSAI, an open-source toolkit for analyzing cellular network security by modifying LTE software stacks and leveraging software radio hardware, enabling real-time signaling analysis and vulnerability testing.

## Contribution

We developed CSAI, a flexible, open-source platform for security analysis of LTE and 5G networks, allowing rapid prototyping and vulnerability detection.

## Key findings

- CSAI can decode LTE downlink messages for security analysis.
- It can identify vulnerabilities and test network robustness.
- CSAI can crash eNBs, revealing potential denial of service issues.

## Abstract

This paper presents our methodology and toolbox that allows analyzing the radio access network security of laboratory and commercial 4G and future 5G cellular networks. We leverage a free open-source software suite that implements the LTE UE and eNB enabling real-time signaling using software radio peripherals. We modify the UE software processing stack to act as an LTE packet collection and examination tool. This is possible because of the openness of the 3GPP specifications. Hence, we are able to receive and decode LTE downlink messages for the purpose of analyzing potential security problems of the standard. This paper shows how to rapidly prototype LTE tools and build a software-defined radio access network (RAN) analysis instrument for research and education. Using CSAI, the Cellular RAN Security Analysis Instrument, a researcher can analyze broadcast and paging messages of cellular networks. CSAI is also able to test networks to aid in the identification of vulnerabilities and verify functionality post-remediation. Additionally, we found that it can crash an eNB which motivates equivalent analyses of commercial network equipment and its robustness against denial of service attacks.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.07617/full.md

## Figures

9 figures with captions in the complete paper: https://tomesphere.com/paper/1905.07617/full.md

## References

20 references — full list in the complete paper: https://tomesphere.com/paper/1905.07617/full.md

---
Source: https://tomesphere.com/paper/1905.07617