On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G, 6G & Beyond
This addresses a security vulnerability in 5G/6G networks that could harm critical infrastructure, though it is incremental as it builds on known issues and standards.
The paper tackles the problem of covert channel exploitation in cellular MAC layer broadcast signals, specifically the SPARROW scheme that uses unprotected broadcast messages for data exfiltration, and proposes a method to obfuscate contention resolution identity (CRI) broadcasts, achieving significant protection with minimal impact on random-access performance as demonstrated numerically.
In this work, we propose a novel framework to identify and mitigate a recently disclosed covert channel scheme exploiting unprotected broadcast messages in cellular MAC layer protocols. Examples of covert channel are used in data exfiltration, remote command-and-control (CnC) and espionage. Responsibly disclosed to GSMA (CVD-2021-0045), the SPARROW covert channel scheme exploits the downlink power of LTE/5G base-stations that broadcast contention resolution identity (CRI) from any anonymous device according to the 3GPP standards. Thus, the SPARROW devices can covertly relay short messages across long-distance which can be potentially harmful to critical infrastructure. The SPARROW schemes can also complement the solutions for long-range M2M applications. This work investigates the security vs. performance trade-off in CRI-based contention resolution mechanisms. Then it offers a rigorously designed method to randomly obfuscate CRI broadcast in future 5G/6G standards. Compared to CRI length reduction, the proposed method achieves considerable protection against SPARROW exploitation with less impact on the random-access performance as shown in the numerical results.