Modern radio access networks (RANs) are both highly complex and potentially vulnerable to unauthorized security setting changes. A RAN is studied in a proof-of-concept experiment to demonstrate that an unauthorized network state is detectable at layers in the RAN architecture away from the source of the state setting. Specifically, encryption state is set at the packet data convergence protocol (PDCP) layer in the Long-Term Evolution (LTE) network model and an anomalous cipher- state is shown to be detectable at the physical layer. Three tranches of experimental data totaling 1,987 runs and each involving 285 measurands were collected and used to construct and demonstrate single-feature, multi-feature, and multi-run encryption state detectors. These detectors show a range of performances with the single-feature detector based on reference signal received quality achieving near-0% false alarms and near-100% true detections. Multi-run averaging detectors show similar low-error performance, even just based on marginally effective detector features. The detectors’ performances are studied across the three tranches of experimental data and found by multiple complementary measures to be generalizable provided the testbed protocol is carefully controlled. Essential to these results was an automated, comprehensively instrumented experiment testbed in which measurands were treated as distributions.

中文翻译：

---

无线接入网络中的异常状态检测：概念验证


现代无线接入网络 (RAN) 非常复杂，并且可能容易受到未经授权的安全设置更改的影响。在概念验证实验中研究了 RAN，以证明未经授权的网络状态可以在远离状态设置源的 RAN 架构中的各层进行检测。具体而言，加密状态是在长期演进（LTE）网络模型中的分组数据汇聚协议（PDCP）层处设置的，并且异常加密状态被证明是在物理层处可检测到的。收集了三批实验数据，总计 1,987 次运行，每批涉及 285 个被测量，并用于构建和演示单特征、多特征和多运行加密状态检测器。这些探测器展示了基于参考信号接收质量的单功能探测器的一系列性能，实现了接近 0% 的误报和接近 100% 的真实检测。即使仅基于边际有效的检测器功能，多次运行平均检测器也显示出类似的低误差性能。通过三部分实验数据对探测器的性能进行了研究，并通过多种补充措施发现，只要仔细控制测试台协议，探测器的性能就可以推广。这些结果的关键是一个自动化的、全面仪器化的实验测试台，其中被测量被视为分布。