On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G, 6G & Beyond

TL;DR

This paper introduces a new framework to detect and mitigate covert channels exploiting broadcast messages in 5G/6G MAC layers, enhancing security without significantly impairing performance.

Contribution

It proposes a novel obfuscation method for CRI broadcasts that effectively counters SPARROW covert channels with minimal impact on network performance.

Findings

The obfuscation method significantly reduces covert channel effectiveness.

It maintains high random-access performance compared to CRI length reduction.

Numerical results demonstrate improved security-performance trade-off.

Abstract

In this work, we propose a novel framework to identify and mitigate a recently disclosed covert channel scheme exploiting unprotected broadcast messages in cellular MAC layer protocols. Examples of covert channel are used in data exfiltration, remote command-and-control (CnC) and espionage. Responsibly disclosed to GSMA (CVD-2021-0045), the SPARROW covert channel scheme exploits the downlink power of LTE/5G base-stations that broadcast contention resolution identity (CRI) from any anonymous device according to the 3GPP standards. Thus, the SPARROW devices can covertly relay short messages across long-distance which can be potentially harmful to critical infrastructure. The SPARROW schemes can also complement the solutions for long-range M2M applications. This work investigates the security vs. performance trade-off in CRI-based contention resolution mechanisms. Then it offers a rigorously designed method to randomly obfuscate CRI broadcast in future 5G/6G standards. Compared to CRI length reduction, the proposed method achieves considerable protection against SPARROW exploitation with less impact on the random-access performance as shown in the numerical results.