Paper Info
Title
Lost traffic encryption: fingerprinting LTE/4G traffic on layer two
Abstract
Long Term Evolution (LTE) provides the communication infrastructure for both professional and private use cases and has become an integral part of our everyday life. Even though LTE/4G overcomes many security issues of previous standards, recent work demonstrates several attack vectors on the physical and network layers of the LTE stack. We do, however, have only limited insights into the security and privacy aspects of the second layer. In this work, we investigate the impact of fingerprinting attacks on encrypted LTE/4G layer-two traffic. Traffic fingerprinting enables an adversary to exploit the metadata side-channel of transmissions---with severe consequences for the user's privacy. In multiple lab and commercial network experiments, we demonstrate the feasibility of passive and active fingerprinting attacks. First, passive website fingerprinting allows the attacker to learn a user's accessed website from encrypted transmissions. While being a well-known attack in other contexts, we provide an extensive performance baseline of state-of-the-art website fingerprinting attacks of encrypted LTE traffic in a lab setup and successfully repeat the experiments in a commercial network. Second, in an active identity-mapping attack, we inject watermarks and localize users within a radio cell. Our attacks succeed for the current LTE/4G specification and exploit features that also persist in the upcoming 5G standard.
Year
DOI
Venue
2019
10.1145/3317549.3323416
Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks
Keywords
Field
DocType
LTE, identification attack, website fingerprinting
Metadata,Use case,Computer science,Computer security,Computer network,Exploit,Encryption,Adversary
Conference
ISBN
Citations 
PageRank 
978-1-4503-6726-4
1
0.35
References 
Authors
0
4
Name
Order
Citations
PageRank
Katharina Kohls1223.71
David Rupprecht2143.65
T HORSTEN HOLZ33532232.93
Christina Pöpper447633.27