oran-testing / soft-t-ue

Open source O-RAN 5G security testing tool
https://rantesterue.org
GNU Affero General Public License v3.0
2 stars 3 forks source link

RACH Jamming #39

Open cueltschey opened 2 months ago

cueltschey commented 2 months ago

Random Access Channel Jamming / DoS Attack

Implementation (UE):

Attack Metrics:

cueltschey commented 2 months ago

RACH Jamming is a type of Denial of Service (DoS) attack targeting the Random Access Channel (RACH) in LTE and 5G networks, where an adversary deliberately transmits high-power interference signals or continuous noise over the RACH frequency. This jamming disrupts the Random Access Procedure, preventing UEs (User Equipment) from successfully communicating with the base station during the initial connection phase. As a result, legitimate RACH preambles sent by UEs are drowned out by the jamming signal, leading to connection failures or significant delays in network access. RACH Jamming can severely degrade network performance, especially in environments with high user density, as it blocks the critical entry point for new connections.

To perform a RACH Jamming test in srsRAN, we can simulate a jamming signal using a software-defined radio (SDR) or by modifying the srsUE to continuously transmit random or high-power signals over the RACH frequencies. First, identify the specific RACH frequency and configuration used by the srsGNB. Then, configure the SDR or srsUE to broadcast a strong, continuous signal on this frequency. Deploy the srsENB to monitor the network's response, and observe the impact of the jamming on RACH procedures, such as increased collision rates, connection delays, or complete failures. This test helps assess the network's resilience to jamming attacks and the effectiveness of countermeasures like frequency hopping, spread spectrum techniques, or RACH configuration changes to mitigate such threats.

Prab-khnl commented 1 month ago

Working on the RACH Jamming attack.