In fifth-generation (5G) cellular networks, users feed back to the base station the index of the precoder (from a codebook) to be used for downlink transmission. The precoder is strongly related to the user channel and in turn to the user position within the cell. We propose a method by which an external attacker determines the user position by passively overhearing this unencrypted layer-2 feedback signal. The attacker first builds a map of fed back precoder indices in the cell. Then, by overhearing the precoder index fed back by the victim user, the attacker finds its position on the map. We focus on the type-I single-panel codebook, which today is the only mandatory solution in the 3GPP standard. We analyze the attack and assess the obtained localization accuracy against various parameters. We analyze the localization error of a simplified precoder feedback model and describe its asymptotic localization precision. We also propose a mitigation against our attack, wherein the user randomly selects the precoder among those providing the highest rate. Simulations confirm that the attack can achieve a high localization accuracy, which is significantly reduced when the mitigation solution is adopted, at the cost of a negligible rate degradation.
Localization Attack by Precoder Feedback Overhearing in 5G Networks and Countermeasures
Tomasin S.
;
2021
Abstract
In fifth-generation (5G) cellular networks, users feed back to the base station the index of the precoder (from a codebook) to be used for downlink transmission. The precoder is strongly related to the user channel and in turn to the user position within the cell. We propose a method by which an external attacker determines the user position by passively overhearing this unencrypted layer-2 feedback signal. The attacker first builds a map of fed back precoder indices in the cell. Then, by overhearing the precoder index fed back by the victim user, the attacker finds its position on the map. We focus on the type-I single-panel codebook, which today is the only mandatory solution in the 3GPP standard. We analyze the attack and assess the obtained localization accuracy against various parameters. We analyze the localization error of a simplified precoder feedback model and describe its asymptotic localization precision. We also propose a mitigation against our attack, wherein the user randomly selects the precoder among those providing the highest rate. Simulations confirm that the attack can achieve a high localization accuracy, which is significantly reduced when the mitigation solution is adopted, at the cost of a negligible rate degradation.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.