Breaking LTE on Layer Two

Explore a comprehensive security analysis of LTE's data link layer (layer two) protocols, uncovering three critical attack vectors that compromise the confidentiality and privacy of LTE communications. Delve into a passive identity mapping attack that matches volatile radio identities to longer-lasting network identities, enabling user identification within a cell. Discover how a passive attacker can exploit resource allocation as a side channel for website fingerprinting, revealing users' browsing habits. Examine the A LTE R attack, which takes advantage of LTE's use of AES-CTR encryption without integrity protection to modify message payloads. Learn about a proof-of-concept demonstration showing how an active attacker can redirect DNS requests and perform DNS spoofing, leading users to malicious websites. Gain insights into the real-world applicability of these attacks and understand the significant threat posed by open attack vectors in LTE layer two protocols.

Introduction
About LTE
Security
Data Planes
LTE Identity
Related Work
Alter Attack
Stream Cipher
Active Man in the Middle
Attack Procedure
Integrity Protection
Conclusion
Questions