RACH Jamming

[cueltschey]

Random Access Channel Jamming / DoS Attack

Implementation (UE):

• Transmit a higher volume of RACH messages
• Configure UE to transmit at a higher gain

Attack Metrics:

• Inability of UEs to connect
• Low channel quality
• gNB overload /crash

[cueltschey]

RACH Jamming is a type of Denial of Service (DoS) attack targeting the Random Access Channel (RACH) in LTE and 5G networks, where an adversary deliberately transmits high-power interference signals or continuous noise over the RACH frequency. This jamming disrupts the Random Access Procedure, preventing UEs (User Equipment) from successfully communicating with the base station during the initial connection phase. As a result, legitimate RACH preambles sent by UEs are drowned out by the jamming signal, leading to connection failures or significant delays in network access. RACH Jamming can severely degrade network performance, especially in environments with high user density, as it blocks the critical entry point for new connections.

To perform a RACH Jamming test in srsRAN, we can simulate a jamming signal using a software-defined radio (SDR) or by modifying the srsUE to continuously transmit random or high-power signals over the RACH frequencies. First, identify the specific RACH frequency and configuration used by the srsGNB. Then, configure the SDR or srsUE to broadcast a strong, continuous signal on this frequency. Deploy the srsENB to monitor the network's response, and observe the impact of the jamming on RACH procedures, such as increased collision rates, connection delays, or complete failures. This test helps assess the network's resilience to jamming attacks and the effectiveness of countermeasures like frequency hopping, spread spectrum techniques, or RACH configuration changes to mitigate such threats.