On User Privacy Leaks And Availability In LTE Air Interface

With the rapid development of mobile communication technologies,especially the widespread popularity of LTE networks,mobile privacy and security issues are becoming more and more critical for subscribers.While enjoying the voice,short messages and various data services enabled by the LTE networks,people are also facing the severe challenges of all kinds of privacy information leaks and Denial of Service(Do S)attacks in the LTE air interface.Unlike the research into user's IMSI leak,there are few related works on the leakage of LTE subscriber's phone number.Meanwhile,the existing works on Do S attacks that break the availability of LTE networks are relatively simple and not comprehensive.In view of the shortcomings of the above research work,this master thesis focuses on the privacy leak of user's telephone number in the LTE air interface and also conducts a thoughtful study on the mobile network security problem of Do S attacks based on mobility management signalling.Specifically,this master thesis completed the following works:(1)Based on the existing carrier mobile networks,this thesis designed and implemented a practicable and effective prototype of LTE phone number catcher that exploits the related protocol vulnerabilities in LTE and GSM networks.This research work verified that user privacy in the LTE network is also quite vulnerable to leak as long as the legacy GSM network still exists.Possible preventive countermeasures were also discussed and proposed.(2)We focused on the research into the impact extent of reject signalling based Do S attacks against LTE terminals under different conditions.After analyzing and exploring the protocol standard of LTE signalling plane,we discovered and verified a new vulnerability in the authentication process using software-defined radio tools.We finally divided the actual test results into six different impact levels to better evaluate the effects on mobile subscribers and LTE network availability.(3)We also conducted an in-depth analysis of privacy leaks in the voice solution technology(VoLTE)of 4G networks.We utilized the relevant tools to implement the real VoLTE signalling capture of the mobile phone and founded that the current operator's VoLTE signalling communication is not encrypted,thus there is a risk of leakage of user privacy information including user's phone number.