The widespread availability of cellular devices introduces new threat vectors that allow users or attackers to bypass security policies and physical barriers and bring unauthorized devices into sensitive areas. We identify a critical gap in this context: the absence of low-latency systems for high-quality and instantaneous monitoring of cellular transmissions. Such low-latency systems are crucial to allow for timely detection, decision, and disruption of unauthorized communication in sensitive areas. Operator-based monitoring systems, built for purposes such as people counting or tracking, lack real-time capability, require cooperation across multiple operators, and thus are hard to deploy. Operator-independent monitoring approaches proposed in the literature either lack low-latency capabilities or do not scale. We propose WaveTag, the first low-latency and scalable system designed to monitor 5G and LTE connections across all operators prior to any user data transmission. WaveTag consists of several downlink sniffers and a distributed network of uplink sniffers that measure both downlink protocol information and uplink signal characteristics at multiple locations to gain a detailed spatial image of uplink signals. WaveTag then aggregates the recorded information, processes it, and provides a decision about the connection--all done prior to the complete connection establishment of a UE. To evaluate WaveTag, we deployed it in the context of geofencing, where WaveTag was able to determine whether the signals originate from inside or outside of an area within 2.3 ms of the initial base station-to-device message, therefore enabling prompt and targeted suppression of communication before any user data was transmitted. WaveTag achieved 99.66% geofencing classification accuracy. Finally, we conduct a real-world uplink measurement evaluation on a commercial 5G SA network.

翻译：蜂窝设备的广泛普及引入了新的威胁向量，使得用户或攻击者能够绕过安全策略和物理屏障，将未经授权的设备带入敏感区域。我们在此背景下识别出一个关键空白：缺乏用于高质量、即时监控蜂窝传输的低延迟系统。此类低延迟系统对于及时检测、决策和阻断敏感区域内的未授权通信至关重要。运营商基于的监控系统（为人员计数或跟踪等目的而构建）缺乏实时能力，需要跨多个运营商合作，因此难以部署。文献中提出的独立于运营商的监控方法要么缺乏低延迟能力，要么不可扩展。我们提出了WaveTag，这是首个低延迟且可扩展的系统，旨在在任何用户数据传输之前监控所有运营商的5G和LTE连接。WaveTag由多个下行嗅探器和一个上行嗅探器分布式网络组成，这些嗅探器在多个位置测量下行协议信息和上行信号特征，以获得上行信号的详细空间图像。WaveTag随后聚合记录的信息，进行处理，并提供关于连接的决策——所有这些都在用户设备完成连接建立之前完成。为评估WaveTag，我们将其部署在地理围栏场景中，WaveTag能够在初始基站到设备消息的2.3毫秒内确定信号是来自区域内部还是外部，从而能够在任何用户数据传输之前实现及时且有目标的通信抑制。WaveTag实现了99.66%的地理围栏分类准确率。最后，我们在一个商用5G SA网络上进行了真实世界的上行链路测量评估。