Localization Attack by Precoder Feedback Overhearing in 5G Networks and Countermeasures

TL;DR

This paper demonstrates how an external attacker can accurately determine user locations in 5G networks by passively overhearing precoder feedback signals, and proposes a mitigation strategy that reduces localization accuracy with minimal impact on network performance.

Contribution

It introduces a novel passive localization attack exploiting precoder feedback in 5G, and proposes a simple mitigation method that preserves most of the network's rate performance.

Findings

Attacker can achieve high localization accuracy using overheard precoder feedback.

Mitigation by random precoder selection significantly reduces localization precision.

The proposed attack and mitigation are validated through simulations.

Abstract

In fifth-generation (5G) cellular networks, users feed back to the base station the index of the precoder (from a codebook) to be used for downlink transmission. The precoder is strongly related to the user channel and in turn to the user position within the cell. We propose a method by which an external attacker determines the user position by passively overhearing this unencrypted layer-2 feedback signal. The attacker first builds a map of fed back precoder indices in the cell. Then, by overhearing the precoder index fed back by the victim user, the attacker finds its position on the map. We focus on the type-I single-panel codebook, which today is the only mandatory solution in the 3GPP standard. We analyze the attack and assess the obtained localization accuracy against various parameters. We analyze the localization error of a simplified precoder feedback model and describe its asymptotic localization precision. We also propose a mitigation against our attack, wherein the user randomly selects the precoder among those providing the highest rate. Simulations confirm that the attack can achieve a high localization accuracy, which is significantly reduced when the mitigation solution is adopted, at the cost of a negligible rate degradation.