securing-5g-mac-fnwf22-arxiv.pdf (790.06 kB)
Download file

On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G, 6G & Beyond

Download (790.06 kB)
posted on 2022-09-13, 19:20 authored by Reza SoosahabiReza Soosahabi, Magdy Bayoumi

In this work, we propose a novel framework to identify and mitigate a recently disclosed covert channel scheme exploiting unprotected broadcast messages in cellular MAC layer protocols.

Examples of covert channel are used in data exfiltration, remote command-and-control (CnC) and espionage.

Responsibly disclosed to GSMA (CVD-2021-0045), the SPARROW covert channel scheme exploits the downlink power of LTE/5G base-stations that broadcast contention resolution identity (CRI) from any anonymous device according to the 3GPP standards. 

Thus, the SPARROW devices can covertly relay short messages across long-distance which can be potentially harmful to critical infrastructure. 

The SPARROW schemes can also complement the solutions for long-range M2M applications.

This work investigates the security vs. performance trade-off in CRI-based contention resolution mechanisms. 

Then it offers a rigorously designed method to randomly obfuscate CRI broadcast in future 5G/6G standards.

Compared to CRI length reduction, the proposed method achieves considerable protection against SPARROW exploitation with less impact on the random-access performance as shown in the numerical results.


Email Address of Submitting Author

ORCID of Submitting Author


Submitting Author's Institution

Keysight Technologies Inc

Submitting Author's Country

  • United States of America