Channel-Based Intrusion Detection at the LTE Physical Layer

Abstract: Long Term Evolution (LTE) is the most widespread cellular technology around the globe. An LTE device must communicate with base stations without encryption and authentication before a connection to a network is established and security steps executed. During that period the device is vulnerable to attacks from rogue base stations; that is, transmitters set up by adversaries to imitate legitimate base stations. The received LTE signals have physical layer properties,such as Channel State Information (CSI) and Carrier Frequency Oset (CFO), which can be utilized to distinguish between legitimate transmissions and illegitimate ones. A method to detect intrusions based on CSI using a Kalman lterand a hypothesis test is studied in this thesis and its performance evaluated.Downlink LTE signals are collected from genuine LTE base stations in an2x2 Multiple-Input Multiple-Output (MIMO) system using Universal SoftwareRadio Peripherals (USRPs) and Software Defined Radio (SDR). Measurements performed at dierent frequency bands (i.e., dierent operators) are used to represent signals from a legitimate transmitter and attackers. The performance of the proposed scheme is evaluated by comparing the acceptance rate of symbols from the legitimate transmitter and the attacker. Additionally, the eects of errors due to false alarms and missed detection are explored. The filtering based intrusion detection shows improved performance compared to a non-filtering CSI based approach.