Data-plane signaling in cellular IoT: attacks and defense

In this paper, we devise new attacks exploiting the unprotected data-plane signaling in cellular IoT networks (aka both NB-IoT and Cat-M). We show that, despite the deployed security mechanisms on both control-plane signaling and data-plane packet forwarding, novel data-plane signaling attacks are still feasible. Such attacks exhibit a variety of attack forms beyond simplistic packet-blasting, denial-of-service (DoS) threats, including location privacy breach, packet delivery loop, prolonged data delivery, throughput limiting, radio resource draining, and connection reset. Our testbed evaluation and operational network validation have confirmed the viability. We further propose a new defense solution within the 3GPP C-IoT standard framework.