On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G, 6G & Beyond

In this work, we propose a novel framework to identify and mitigate a recently disclosed covert channel scheme exploiting unprotected broadcast messages in cellular MAC layer protocols.

Examples of covert channel are used in data exfiltration, remote command-and-control (CnC) and espionage.

Responsibly disclosed to GSMA (CVD-2021-0045), the SPARROW covert channel scheme exploits the downlink power of LTE/5G base-stations that broadcast contention resolution identity (CRI) from any anonymous device according to the 3GPP standards. 

Thus, the SPARROW devices can covertly relay short messages across long-distance which can be potentially harmful to critical infrastructure. 

The SPARROW schemes can also complement the solutions for long-range M2M applications.

This work investigates the security vs. performance trade-off in CRI-based contention resolution mechanisms. 

Then it offers a rigorously designed method to randomly obfuscate CRI broadcast in future 5G/6G standards.

Compared to CRI length reduction, the proposed method achieves considerable protection against SPARROW exploitation with less impact on the random-access performance as shown in the numerical results.