loading page

On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G, 6G & Beyond
  • Reza Soosahabi ,
  • Magdy Bayoumi
Reza Soosahabi
Author Profile
Magdy Bayoumi
Author Profile


In this work, we propose a novel framework to identify and mitigate a recently disclosed covert channel scheme exploiting unprotected broadcast messages in cellular MAC layer protocols.
Examples of covert channel are used in data exfiltration, remote command-and-control (CnC) and espionage.
Responsibly disclosed to GSMA (CVD-2021-0045), the SPARROW covert channel scheme exploits the downlink power of LTE/5G base-stations that broadcast contention resolution identity (CRI) from any anonymous device according to the 3GPP standards.
Thus, the SPARROW devices can covertly relay short messages across long-distance which can be potentially harmful to critical infrastructure.
The SPARROW schemes can also complement the solutions for long-range M2M applications.
This work investigates the security vs. performance trade-off in CRI-based contention resolution mechanisms.
Then it offers a rigorously designed method to randomly obfuscate CRI broadcast in future 5G/6G standards.
Compared to CRI length reduction, the proposed method achieves considerable protection against SPARROW exploitation with less impact on the random-access performance as shown in the numerical results.