Security Threats Against LTE Networks: A Survey

  • Khyati VachhaniEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)


Mobile Networks are rapidly moving from architectures based on GSM and 3 G to LTE. Security measures added to LTE includes stronger cryptographic primitives for authentication and encryption to plug the security holes of earlier generations. But the introduction of IP-based full inter-networking in LTE has increased the attack-surface. Despite strong authentication and encryption, there are still some messages being exchanged over the air, between an User Equipment (UE) and the eNodeB without integrity protection. This vulnerability opens the door to a severe threat landscape in the LTE network. LTE networks broadly compromises of Core Network and Radio access network. This paper presents a study on the attacks that inflict damage to the availability and privacy of the Radio access network. The paper also explores various vulnerabilities affecting the availability of Core network. Finally, a comparison of all the presented attacks based on the platform required by an attacker, affected range of the attack and impact of the attack is done.


Availability eNodeB Core network DoS LTE Privacy Radio access network Threat UE 


  1. 1.
    Astély, D., Dahlman, E., Furuskär, A., Jading, Y., Lindström, M., Parkvall, S.: LTE: the evolution of mobile broadband. IEEE Commun. Mag. 47(4) (2009)CrossRefGoogle Scholar
  2. 2.
    Bassil, R., Elhajj, I.H., Chehab, A., Kayssi, A.: Effects of signaling attacks on LTE networks. In: 2013 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 499–504. IEEE (2013)Google Scholar
  3. 3.
    Bikos, A.N., Sklavos, N.: LTE/SAE security issues on 4 G wireless networks. IEEE Secur. Priv. 11(2), 55–62 (2013)CrossRefGoogle Scholar
  4. 4.
    Cao, J., Ma, M., Li, H., Zhang, Y., Luo, Z.: A survey on security aspects for lte and LTE-A networks. IEEE Commun. Surv. Tutorials 16(1), 283–302 (2014)CrossRefGoogle Scholar
  5. 5.
    Dubey, A., Vohra, D., Vachhani, K., Rao, A.: Demonstration of vulnerabilities in GSM security with USRP B200 and open-source penetration tools. In: 2016 22nd Asia-Pacific Conference on Communications (APCC), pp. 496–501. IEEE (2016)Google Scholar
  6. 6.
    Golde, N., Redon, K., Borgaonkar, R.: Weaponizing femtocells: the effect of rogue devices on mobile telecommunications. In: NDSS (2012)Google Scholar
  7. 7.
    Hasan, K., Shetty, S., Oyedare, T.: Cross layer attacks on GSM mobile networks using software defined radios. In: 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp. 357–360. IEEE (2017)Google Scholar
  8. 8.
    He, L., Yan, Z., Atiquzzaman, M.: LTE/LTE-A network security data collection and analysis for security measurement: a survey. IEEE Access (2018)Google Scholar
  9. 9.
    Heuveldop, N., et al.: Ericsson mobility report. Ericsson AB, Technology Emerging Business, Stockholm, Sweden, Technical report EAB-17 5964 (2017)Google Scholar
  10. 10.
    Holtmanns, S., Rao, S.P., Oliver, I.: User location tracking attacks for LTE networks using the interworking functionality. In: IFIP Networking Conference (IFIP Networking) and Workshops, pp. 315–322. IEEE (2016)Google Scholar
  11. 11.
    Jover, R.P., Giura, P.: How vulnerabilities in wireless networks can enable advanced persistent threats. Int. J. Inf. Technol. (IREIT) (1), 2 (2013)Google Scholar
  12. 12.
    Jover, R.P.: Security attacks against the availability of lte mobility networks: overview and research directions. In: 2013 16th International Symposium on Wireless Personal Multimedia Communications (WPMC), pp. 1–9. IEEE (2013)Google Scholar
  13. 13.
    Jover, R.P.: LTE security, protocol exploits and location tracking experimentation with low-cost software radio. arXiv preprint arXiv:1607.05171 (2016)
  14. 14.
    Khosroshahy, M., Qiu, D., Ali, M.K.M.: Botnets in 4 G cellular networks: platforms to launch DDoS attacks against the air interface. In: 2013 International Conference on Selected Topics in Mobile and Wireless Networking (MoWNeT), pp. 30–35. IEEE (2013)Google Scholar
  15. 15.
    Mjølsnes, S.F., Olimid, R.F.: Easy 4G/LTE IMSI catchers for non-programmers. In: Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V., Szczypiorski, K. (eds.) MMM-ACNS 2017. LNCS, vol. 10446, pp. 235–246. Springer, Cham (2017). Scholar
  16. 16.
    Park, S., Shaik, A., Borgaonkar, R., Martin, A., Seifert, J.P.: Whitestingray: evaluating IMSI catchers detection applications. In: USENIX Workshop on Offensive Technologies (WOOT). USENIX Association (2017)Google Scholar
  17. 17.
    Qiang, L., Zhou, W., Cui, B., Na, L.: Security analysis of TAU procedure in LTE network. In: 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), pp. 372–376. IEEE (2014)Google Scholar
  18. 18.
    Shaik, A., Borgaonkar, R., Asokan, N., Niemi, V., Seifert, J.P.: Practical attacks against privacy and availability in 4G/LTE mobile communication systems. arXiv preprint arXiv:1510.07563 (2015)
  19. 19.
    Spaar, D.: A practical DoS attack to the GSM network. In: DeepSec (2009)Google Scholar
  20. 20.
    Vohra, D., Dubey, A., Vachhhani, K.: Investigating GSM control channels with RTL-SDR and GNU radio. In: International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 1008–1012. IEEE (2016)Google Scholar
  21. 21.
    Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). Scholar
  22. 22.
    Zugenmaier, A., Aono, H.: Security technology for SAE/LTE. NTT DOCOMO Tech. J. 11(3), 27–30 (2009)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.ECE DepartmentNirma UniversityAhmedabadIndia

Personalised recommendations