This work proposes a novel framework to identify and exploit vulnerable MAC layer procedures in commercial wireless technologies for covert communication. Examples of covert communication include data exfiltration, remote command-and-control (CnC) and espionage. In this framework, the SPARROW schemes use the broadcast power of incumbent wireless networks to covertly relay messages across a long distance without connecting to them. This enables the SPARROW schemes to bypass all security and lawful-intercept systems and gain ample advantage over existing covert techniques in terms of maximum anonymity, more miles per Watts and less hardware. The SPARROW schemes can also serve as an efficient solution for long-range M2M applications. This paper details one recently disclosed vulnerability (CVD-2021-0045 in GSMA coordinated vulnerability disclosure program) in the common random-access procedure in the LTE and 5G standards This work also proposes a rigorous remediation for similar access procedures in current and future standards that disrupts the most sophisticated SPARROW schemes with minimal impact on other users.
翻译:这项工作提出了一个新的框架,用以查明和利用商业无线技术在隐蔽通信方面脆弱的MAC层程序,隐蔽通信的例子包括数据过滤、远程指挥控制(CnC)和间谍活动,在这一框架内,SPARROW计划利用现有无线网络的广播能力,在不与无线网络连接的情况下,将信息秘密传送到长距离,从而使SPARROW计划能够绕过所有安全和合法拦截系统,在最大匿名、每瓦兹多英里和较少硬件方面对现有隐蔽技术获得充分优势。SPARROW计划还可以作为远程M2M应用的有效解决方案。这份文件详细介绍了最近在LTE和5G标准通用随机访问程序中披露的脆弱性(GSMA协调脆弱性披露方案中的CVD-2021-0045),这项工作还提议对目前和今后标准中破坏最复杂的SPARROW计划、对其他用户影响最小的类似访问程序进行严格的补救。