The widespread availability of cellular devices introduces new threat vectors that allow users or attackers to bypass security policies and physical barriers and bring unauthorized devices into sensitive areas. These threats can arise from user non-compliance or deliberate actions aimed at data exfiltration/infiltration via hidden devices, drones, etc. We identify a critical gap in this context: the absence of low-latency systems for high-quality and instantaneous monitoring of cellular transmissions. Such low-latency systems are crucial to allow for timely detection, decision (e.g., geofencing or localization), and disruption of unauthorized communication in sensitive areas. Operator-based monitoring systems, built for purposes such as people counting or tracking, lack real-time capability, require cooperation across multiple operators, and thus are hard to deploy. Operator-independent monitoring approaches proposed in the literature either lack low-latency capabilities or do not scale. We propose LTag, the first low-latency, operator-independent and scalable system designed to monitor cellular connections across all operators prior to any user data transmission. LTag consists of several downlink sniffers and a distributed network of uplink sniffers that measure both downlink protocol information and uplink signal characteristics at multiple locations to gain a detailed spatial image of uplink signals. LTag aggregates the recorded information, processes it, and provides a decision about the connection all prior to connection establishment of a UE. To evaluate LTag, we deployed it in the context of geofencing, where LTag was able to determine if the signals originate from inside or outside of an area within 2.3 ms of the initial base station-to-device message, therefore enabling prompt and targeted suppression of communication before any user data was transmitted.

翻译：蜂窝设备的广泛普及带来了新的威胁向量，使得用户或攻击者能够绕过安全策略和物理屏障，将未经授权的设备带入敏感区域。此类威胁可能源于用户的不合规行为，或旨在通过隐藏设备、无人机等进行数据外泄/渗透的蓄意行动。我们在此背景下发现了一个关键缺口：缺乏能够对蜂窝传输进行高质量即时监控的低延迟系统。此类低延迟系统对于及时检测、决策（例如地理围栏或定位）以及阻断敏感区域内未经授权的通信至关重要。运营商基于的监控系统（设计用于人数统计或跟踪等目的）缺乏实时能力，需要跨多个运营商合作，因此难以部署。文献中提出的独立于运营商的监控方法要么缺乏低延迟能力，要么无法扩展。我们提出了LTag，这是首个低延迟、独立于运营商且可扩展的系统，旨在在任何用户数据传输之前监控所有运营商的蜂窝连接。LTag由若干下行链路嗅探器和一个上行链路嗅探器分布式网络组成，可在多个位置测量下行链路协议信息和上行链路信号特征，从而获得上行链路信号的详细空间图像。LTag在用户设备建立连接之前，聚合记录的信息、处理并提供关于连接的决策。为了评估LTag，我们将其部署在地理围栏场景中，LTag能够在初始基站到设备消息发出后的2.3毫秒内判断信号来自区域内部还是外部，从而能够在任何用户数据传输之前，实现及时且有针对性通信抑制。