Content uploaded by Nour Moustafa
Author content
All content in this area was uploaded by Nour Moustafa on Aug 27, 2018
Content may be subject to copyright.
S
Security and Privacy in 4G/LTE
Network
Nour Moustafa and Jiankun Hu
School of Engineering and Information
Technology, ADFA, Canberra, ACT, Australia
Synonyms
4G: Fourth generation;4G/LTE technologies or
4G/LTE wireless networks;Advanced persistent
threats(APT) or sophisticated attacks;LTE:
Long-term evolution
Definitions
4G (Fourth Generation for wireless networks)
is a set of fourth-generation cellular
data technologies, which enables
multimedia communication and
provides high data transfer rates.
LTE (Long-Term Evolution) denotes a stan-
dard for a smooth and efficient tran-
sition toward more advanced leading
edge technologies for increasing the
capacity and speed of wireless data net-
works.
TCP/IP (Transmission Control Protocol/Inter-
net Protocol) refers to a set of
protocols designed to construct a
network of networks that a system uses
for accessing the Internet/network.
APT (Advanced Persistent Threat) is a set
of stealthy, advanced and continuous
hacking processes, often launched
and controlled by a hacker targeting
a particular victim.
DoS (Denial of Service) is a cyberattack that
attempts to disrupt services of a host or
network.
Introduction
Over the last few decades, mobile systems have
become essential for users to perform their daily
tasks. This has led to the rapid evolution of wire-
less technologies, including the second genera-
tion (2G), third generation (3G), and fourth gen-
eration (4G) for mobile networks, to ubiquitously
spread mobile telecommunication services (Sed-
digh et al. 2010). The 4G wireless technology has
recently coined for improving broadband perfor-
mance and allowing multimedia programs. Con-
sequently, its architectures and standards have
considerably enhanced to transfer higher data
rates than 2G and 4G. Meanwhile, Long-Term
Evolution (LTE) has evolved to become one of
the effective technologies that accomplish the 4G
wireless performance goals (Shaik et al. 2015).
Due to the high performances of 4G/LTE mo-
bile devices, the LTE subscribers are expected to
be about 3.16 billion by the end of 2018 (Statista
© Springer International Publishing AG, part of Springer Nature 2018
X.(S.) Shen et al. (eds.), Encyclopedia of Wireless Networks,
https://doi.org/10.1007/978-3-319-32903-1_119-1
2 Security and Privacy in 4G/LTE Network
2018). There are various technological advances
that 4G/LTE wireless networks provide when
compared to earlier technologies. Firstly, 4G/LTE
mobile systems work perfectly by utilizing the
TCP/IP model. This, in fact, decreases financial
and computational costs, where portable devices
can connect to the Internet using an Internet Pro-
tocol (IP) without any constraints to previously
closed cellular configurations. Nevertheless, with
the wide variety of communication protocols in-
cluded in the TCP/IP model, 4G/LTE wireless
networks face multiple security and privacy is-
sues (Seddigh et al. 2010; Shaik et al. 2015).
The key issues for securing 4G/LTE wireless
networks can be summarized into three aspects.
Firstly, mobile devices can flexibly access the
Internet from any location and are therefore vul-
nerable to being hacked by different advanced
persistent threats (APT). Secondly, while mo-
bile IP-based systems are regularly updated with
cryptographic and security mechanisms, there is
an effect on their performance and traffic process-
ing capacity that requires secure and upgraded
wireless standards and architectures. Finally, al-
though vendors are producing new generations
of 4G/LTE technologies, they do not regularly
develop new standards to mitigate vulnerabilities
and deter growing cyber APT (Seddigh et al.
2010; Shaik et al. 2015;Lietal.2018).
Background
This section discusses the background of 4G
wireless standards and LTE architectures. Se-
curity controls of 4G/LTE architecture are also
explained.
4G Wireless Standards
The International Telecommunications Union
(ITU) declared an International Mobile
Telecommunications-Advanced (IMT-Advanced)
standard for 4G wireless networks. This standard
provides the specifications of radio access and
core 4G wireless networks. The 4G wireless
technology includes the following criteria: (1)
high data rate, which is 100 Mbps for mobile
devices and 1 Gbps for computer devices, (2)
high quality of service (QoS) and capacity, and
(3) high network speeds and coverage (Seddigh
et al. 2010; Rao et al. 2017). The characteristics
of 4G technologies compared with 2G and 3G
are listed in Table 1(Fagbohun 2014).
The bandwidth efficiency and allocation
schemes are two important requirements that
should be considered while designing 4G
standards (Seddigh et al. 2010). In 4G wireless,
voice/video multimedia is transited using
the network protocols of the TCP/IP model.
Therefore, the ITU-IMT-Advanced standard for
4G wireless technology should be configured to
be compatible with the protocols and services of
the TCP/IP model. Several 4G wireless standards,
in particular, LTE and Mobile WiMAX, have
been developed to meet the IMT-Advanced
requirements and provide broadband wireless
connections for mobile devices (Seddigh et al.
2010; Rao et al. 2017).
LTE Architecture
A LTE architecture includes the modules needed
to install network protocols between base stations
and mobile systems. As presented in Fig. 1,the
architecture involves three modules: User Equip-
ment (UE), Evolved Universal Terrestrial Ra-
dio Access Network (E-UTRAN), and Evolved
Packet Core (EPC) (Seddigh et al. 2010; Shaik
et al. 2015). The UE, for example, laptops or
smartphones, can link to the wireless network
across the evolved NodeB (eNodeB) using the E-
UTRAN base stations. The eNodeB utilizes some
access network protocols for exchanging mes-
sages with the UE. The E-UTRAN links to the
EPC which is an IP-based infrastructure, while
the EPC links to the provider of the wireline IP
network.
The 4G/LTE network architecture has some
enhancements compared to 3G wireless (Shaik
et al. 2015). Firstly, it has two types of network el-
ements (NEs): (1) the eNodeB that is an improved
base station and (2) the Access Gateway (AGW)
that integrates all the functions, specifically Mo-
bility Management Entity (MME), needed for the
EPC. The MME can control the UE identifica-
tion, as well as processing security authentication
and mobility. LTE can support a meshed structure
Security and Privacy in 4G/LTE Network 3
S
Security and Privacy in 4G/LTE Network, Table 1 Characteristics of 2G, 3G, and 4G technologies
Features 2G 3G 4G
Standards GSM, iDEN,D-MPS WCDMA, CDMA 2000 Single unified standard, ITU IMT-
Advanced
Data rates 14.4 kbps 2 Mbps 100 Mbps
Services Digital voice, Short Messag-
ing
high-quality audio, video,
data
Dynamic information access with higher
multimedia quality, wearable devices
Technology Digital cellular Broad bandwidth CDMA,
IP technology
Unified IP, seamless combination of broad-
band, LAN/WAN/PAN, WLAN
Core network PSTN Packet Network Internet
Multiplexing TDMA, CDMA CDMA CDMA
I
I
I
I
I
n
n
n
t
t
t
t
t
e
e
r
r
r
r
r
n
n
n
n
ee
e
e
e
t
t
t
t
t
Internet
E-UTRAN
eNodeB eNodeB
UE
Cell
Tracking area MME
EPC
Security and Privacy in 4G/LTE Network, Fig. 1 LTE network architecture
that improves wireless network performance, for
example, an eNodeB can connect with several
AGWs. Finally, as the architecture is compatible
with the TCP/IP model, traffic packets at any UE
can be handled using the AGW and eNodeB with
different IP-based devices, such as routers.
4G/LTE Security Controls
Abstraction layers are inserted in the 4G/LTE ar-
chitecture in terms of the unique identifiers (IDs)
for smartphones (i.e., UEs). A temporary unique
ID is used on the SIM card to prevent attack-
ers from stealing identifiers. Another technique
for improving 4G security is adding protected
singling between the UE and MME (Seddigh
et al. 2010; Mohapatra et al. 2015). Security
mechanisms are utilized to secure the connec-
tions between 4G networks and secure non-4G
networks using key management authentication
protocols. Although several security controls are
used for 4G/LTE wireless technology, its design,
which is based on an open-IP architecture, and
the sophistication of APT hackers make security
and privacy of 4G/LTE systems challenging.
4G/LTE Security Requirements
In order to secure mobile devices that use 4G/LTE
wireless technologies, there should be protection
for the connections between the UEs and MMEs
and between elements in the wireline networks
and mobile stations. For satisfying these require-
ments, the 4G/LTE security is significantly im-
proved by adding (1) advanced key hierarchy,
(2) protracted authentication and key agreement,
and (3) additional interworking security for the
NEs (Mohapatra et al. 2015). The requirements
are classified into key building blocks and LTE
end-to-end security (Seddigh et al. 2010), as
explained below.
•Key building blocks include the following
elements:
4 Security and Privacy in 4G/LTE Network
–Key security and hierarchy
LTE has five key strategies used for con-
nections of the EPS and E-UTRAN. The
keys are declared as follows: (1) KANS
encryption and integrity keys are used to
protect non-access stratum (NAS) traffic
between the UE and MME, (2) a KUP
encryption is used to encrypt traffic be-
tween the UE and eNodeB, and (3) KPRC
encryption and integrity keys are used to
secure the Radio Resource Control (RRC)
between the UE and eNodeB.
–Key management
LTE key management comprises three
functions: key establishment, distribution,
and generation. It is essential that 4G/LTE
wireless technology has key management
mechanisms that prevent stealing keys, as
mobile devices with IP-based infrastruc-
ture can frequently access different wire-
less networks. An Authentication and Key
Agreement (AKA) process is utilized for
establishing and verifying keys in 4G/LTE
systems.
–Authentication, encryption, and in-
tegrity protection
LTE depends on using regular updating
of the authentication process by exchang-
ing sequence numbers in the messages of
encryption mechanisms. The IPsec proto-
col and tunnels are also used for assert-
ing the confidentiality of users’ data while
transmitting traffic between LTE nodes.
–Unique user identifiers
LTE has several user identifier
mechanisms that thwart attackers from
learning mobile user identities; therefore,
attackers cannot track user profiles or
launch denial of service (DoS) attacks
against users. The identifier mechanisms
contain the following: (1) international
mobile equipment identifier (IMEI) which
is a permanent unique identifier for each
mobile, (2) M-TMSI which is a temporary
identifier that defines the UE inside
the MME, and (3) cell radio network
temporary identifier (C-RNTI) which is
a unique and temporary UE identity when
a UE is connected with a cell.
•LTE end-to-end security involves the follow-
ing elements:
–Authentication and Key Agreement
(AKA)
The foundation of LTE security is
authenticating the UEs and wireless
networks. This can be accomplished using
the AKA process which asserts that the
serving network authenticates the identity
of a user and the UE certifies the network
signature. The AKA creates encryption
and integrity keys applied for originating
various session keys for ensuring the
4G/LTE security and privacy.
–Confidentiality and integrity of signaling
Security of network access control
planes is achieved when the RCC and
NAS layer signaling is encrypted and
integrity protected. Ciphering and integrity
protection of LTE RRC signaling is
executed at the packet data convergence
protocol (PDCP) layer, whereas the NAS
layer attains the protection by encrypting
the NAS-level signaling. This protection
cannot be uniquely performed for each
UE connection, but it runs across trusted
connections between AGW and eNodeB.
–User plane confidentiality
LTE has a security feature for user plane
via encrypting data/voice between the UE
and eNodeB. Encryption is executed at the
IP layer by utilizing IPsec-based tunnels
between AGW and eNodeB, but no in-
tegrity protection is offered for the user
plane due to performance and efficiency
considerations. The PDCP layer is used
for enabling encrypting/decrypting the user
plane while transmitting traffic between the
eNodeB and UE.
Security and Privacy in 4G/LTE Network 5
S
Cyberattacks and Countermeasure
Techniques
4G/LTE wireless technology faces different types
of cyberattacks that could affect integrity, privacy,
availability, and authentication, as described be-
low.
•Privacy attacks
Attacks against the privacy of mobile
users’ data attempt to expose sensitive
data/multimedia of users. A man-in-the-
middle (MITM) attack is the most serious
privacy attacks in wireless networks that
depend on a false base station attack when
anomalous third-party masquerades its
base transceiver station (Mohapatra et al.
2015). Privacy-preserving authentication and
encryption mechanisms have been widely
used to protect wireless networks against the
MITM attacks (Ferrag et al. 2017; Deebak
et al. 2016).
•Integrity attacks
Attacks against integrity attempt to modify
exchanging data between the 4G access points
and mobile users. Cloning attacks based on the
MITM and message modification scenarios
are the major integrity attacks that alter mobile
user information. Authentication and privacy-
preserving mechanisms with hash functions
have been broadly used for securing 4G wire-
less networks against integrity attacks (Ferrag
et al. 2017; Hasan et al. 2017).
•Authentication attacks
Attacks against authentication attempt to
disturb the client-to-server and/or server-to-
client authentication process. The password
reuse, brute force, password stealing, and dic-
tionary attacks are popular wireless hacking
schemes that interrupt the password-based au-
thentication. In the hacking schemes, an at-
tacker can pretend to be a legal user and try to
log in to a server by guessing various words as
a password from a dictionary. Encryption and
authentication techniques have been utilized
for preventing such kind of attacks from 4G
wireless networks (Seddigh et al. 2010; Ferrag
et al. 2017).
•Availability attacks
Attacks against availability try to make
services unavailable, such as the service of
data routing (Ferrag et al. 2017). The first
in first out (FIFO) and DoS attacks can be
launched by flooding massive malicious ac-
tions to 4G wireless victims for disrupting
their computational resources. Firewall and
intrusion detection systems have been usually
used for defending against these attacks.
4G/LTE Challenges and Future Trends
Despite a plethora of research and technical stud-
ies that have been conducted for securing 4G/LTE
wireless networks, there are several challenges
that should be the focus of researchers in future
that are discussed below, besides a summary in
Table 2.
• Designing a flexible and scalable 4G/LTE ar-
chitecture that can address security and pri-
vacy issues is an arduous task. There are
multiple devices and systems that are usually
connected with 4G networks that result in
vulnerabilities and loopholes in networks.
• Discovering DoS attacks that attempt to vi-
olate 4G wireless networks, as hackers fre-
quently establish new sophisticated variants
against eNodeB, UE, and discontinuous re-
ception services.
• Location tracking denotes tracing the UE pres-
ence in a specific cell(s). While many portable
devices could link to a 4G/LTE wireless net-
work, ensuring that location tracks of the de-
vices are not breached is still a challenging
issue, due to the considerations of operability
and scalability.
• The utilization of an effective 4G wireless
Software Dened Network (SDN) is a chal-
lenge. More specifically, there are technical
gaps in the network scalability, security, and
privacy issues with the SDN.
6 Security and Privacy in 4G/LTE Network
Security and Privacy in 4G/LTE Network, Table 2 Challenges and security and privacy methods of 4G/LTE
technology
Challenges Cyber-attacks Security and privacy methods
A resilient 4G/LTE architecture Privacy attacks: replay, MITM,
impersonation, collaborated, tracing,
spoong, privacy violation, masquerade
Privacy-preservation, authentication
and encryption mechanisms
Tracking locations of devices Integrity attacks: cloning, spam, mes-
sage blocking, message modification
attack, message, insertion, tampering
Hashing and encryption, and authen-
tication and privacy-preserving meth-
ods
An effective 4G/LTE wireless Soft-
ware Defined Network (SDN)
Availability attacks: FIFO, redirec-
tion, physical attack, skimming, and
free-riding
Firewall systems, signature-based and
anomaly-based systems
Collaborative 4G/LTE security and
privacy approaches operate on cloud
and edge paradigms
Authentication attacks: password
reuse, password stealing, dictionary,
brute force, desynchronization,
forgery attack, collision, stolen smart
card
Encryption and authentication tech-
niques
• Trusted connections through 4G networks in
the existence of eavesdroppers are the issues.
Especially, when 4G wireless technology is
used in the Internet of Things, it requires
new cryptographic mechanisms that provide
protection and integrity for smartphones and
computer systems.
• Instead of individual security techniques, a
systematic security and privacy protection
strategies are required for 4G/LTE wireless
connections while connecting with cloud and
edge computing paradigms. This will provide
valid security mechanisms, for example, trust
models, device security, and data assurance
techniques.
Key Applications
The 4G/LTE wireless technology has emerged
for enhancing broadband performance and per-
mitting multimedia applications. The technology
has been used for the Internet of Things (IoT) for
connecting Machine-to-Machine (M2M) systems
and devices such as the In-Vehicle Multi-Carrier
Router.
Cross-References
4G/LTE Wireless Technology
Wireless Security
Wireless Threats
Wireless Internet of Things
References
Deebak BD, Muthaiah R, Thenmozhi K, Swaminathan PI
(2016) Analyzing the mutual authenticated session key
in ip multimedia server-client systems for 4G networks.
Turk J Electr Eng Comput Sci 24(4):3158–3177
Fagbohun O (2014) Comparative studies on 3G, 4G and
5G wireless technology. IOSR J Electr Commun Eng
9(3):88–94
Ferrag MA, Maglaras L, Argyriou A, Kosmanos D, Jan-
icke H (2017) Security for 4G and 5G cellular net-
works: a survey of existing authentication and privacy-
preserving schemes. J Netw Comput Appl 101:55–82
Hasan K, Shetty S, Oyedare T (2017) Cross layer attacks
on GSM mobile networks using software defined ra-
dios. In: 2017 14th IEEE annual consumer communi-
cations & networking conference (CCNC). IEEE, Las
Vegas, NV, pp 357–360
Li S, Da Xu L, Zhao S (2018) 5G internet of things: a
survey. J Ind Inform Integr 10:1–9
Mohapatra SK, Swain BR, Das P (2015) Comprehensive
survey of possible security issues on 4G networks. Int
J Netw Secur Appl 7(2):61
Rao KV, Rao OK, Sainath MN (2017) A study on broad
spectrum of various wireless technologies. Int J Innov
Adv Comput Sci 6(12):354–360
Seddigh N, Nandy B, Makkar R, Beaumont JF (2010)
Security advances and challenges in 4G wireless net-
works. In: 2010 eighth annual international conference
on privacy security and trust (PST). IEEE, Ottawa, ON,
pp 62–71
