The Secure Overview and Analysis OF 3GPP MAC CE

To more effectively control and allocate network resources, MAC CE has been introduced into the network protocol, which is a type of control signaling located in the MAC layer. Since MAC CE lacks encryption and integrity protection mechanisms provided by PDCP, the control signaling carried by MAC CE is vulnerable to interception or tampering by attackers during resource scheduling and allocation. Currently, the 3GPP has analyzed the security risks of Layer 1/Layer 2 Triggered Mobility (LTM), where handover signaling sent to the UE via MAC CE by the network can lead to privacy leaks and network attacks. However, in addition to LTM, there may be other potential security vulnerabilities in other protocol procedures. Therefore, this paper explores the security threats to MAC CE and the corresponding protection mechanisms. The research is expected to support the 3GPP's study of MAC CE and be integrated with the security research of lower-layer protocols, thereby enhancing the security and reliability of the entire communication system.

@article{cao2025_2506.09502,
  title={ The Security Overview and Analysis of 3GPP 5G MAC CE },
  author={ Jin Cao and Yuanyuan Yang and Ruhui Ma and Sheng Li and Hui Li },
  journal={arXiv preprint arXiv:2506.09502},
  year={ 2025 }
}