Revisiting security of proportional fair scheduler in wireless cellular networks

Proportional fair scheduling (PFS) and its variants have been widely deployed in 3G/4G systems, where base stations (BSs) use channel quality indicator (CQI) from users as a channel feedback. Series of recent papers have shown that PFS may not perform as expected, when these client-side feedbacks such as CQI or NACK are fabricated. These results, however, were obtained without considering all relevant components in practice that are designed to handle various corner cases. In this paper, we revisit the impact of CQI and NACK fabrications, and also the fabrication of ACK (which has been largely ignored in prior work), by jointly considering all known components such as adaptive modulation and coding (AMC), hybrid automatic repeat request (HARQ), outer loop link adaptation (OLLA) and PFS as a whole. To consider many practical fabrication scenarios, we study both cases when only a single feedback and a smart combinations of multi-feedbacks are exploited for selfish and/or malicious purposes. From these studies, we draw in-depth findings with large practical implications, most of which are in sharp contrast to those in prior work on the security of PFS.