Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context
The paper proposes a location-aware mobile Intrusion Prevention System (mIPS) architecture with enhanced privacy that is integrated in Managed Security Service (MSS). The solution is envisaged in a future fifth generation telecommunications (5G) context with increased but varying bandwidth, a virtualised execution environment and infrastructure that allows threads, processes, virtual machines and storage to be migrated to cloud computing services on demand, to dynamically scale performance and save power. 5G mobile devices will be attractive targets for malicious software, and this threat will in some cases change with location. Mobile devices will store more sensitive information and will also be used to a larger extent for sensitive transactions than they typically do today. In addition, a distributed execution environment in itself gives raise to some new security challenges. In order to handle these security challenges, we have proposed the location-aware mIPS architecture, which benefits from a distributed execution environment where processor intensive services can be outsourced to Cloud hosting providers. The mIPS supports querying location threat profiles in a privacy-preserving way, and ensures that mIPS alerts sent to the the first-line MSS are anonymised. We finally perform an analysis of potential strengths and weaknesses of the proposed approach.
Keywords5G Mobility Security Personal privacy Location profile Intrusion detection and prevention
Unable to display preview. Download preview PDF.
- 1.3GPP TS 31.101. (2009). 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; UICC-terminal interface; Physical and logical characteristics (Release 9).3GPP, Sophia Antipolis, Valbonne, France, 12.Google Scholar
- 2.3GPP TS 33.401. (2009). 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE): Security architecture; (Release 9). 3GPP, Sophia Antipolis, Valbonne, France, 12.Google Scholar
- 3.3GPP TR 36.913. (2009). 3rd Generation Partnership Project; Technical Specification Group Radio Access Network; Requirements for further advancements for Evolved Universal Terrestrial Radio Access (E-UTRA) (LTE-Advanced) (Release 9). 3GPP, Sophia Antipolis, Valbonne, France, 12.Google Scholar
- 4.Alrodhan, W., & Mitchell, C. J. (2008). A delegation framework for liberty. In Proceedings: 3rd conference on advances in computer security and forensics, (ACSF 2008) (pp. 67–73). Liverpool, UK: Liverpool JMU.Google Scholar
- 5.Attrapadung, N., & Kobara, K. (2003). Broadcast encryption with short keys and transmissions. In Proceedings of the 3rd ACM workshop on digital rights management (pp. 55–66). Washington, DC, USA, ACM.Google Scholar
- 6.Büschkes, R., & Kesdogan, D. (1999). Privacy enhanced intrusion detection. In G. Müller & K. Rannenberg, Multilateral security in communications, information security (pp. 187–204). Reading, MA: Addison Wesley.Google Scholar
- 7.Büsckes, R. & Kesdogan D. (1999). Privacy enhanced intrusion detection. In Multilateral Security for Global Communication - Technology, Application, Business. Addison-Wesley-Longman.Google Scholar
- 8.Debar, H., Curry, D., & Feinstein, B. (2007). The intrusion detection message exchange format (IDMEF). http://www.ietf.org/rfc/rfc4765.txt.
- 10.Feinstein, B., & Matthews, G. (2007). The intrusion detection exchange protocol (IDXP). http://www.ietf.org/rfc/rfc4767.txt.
- 11.Fischer-Hübner S. (2007) IDA-An intrusion detection and avoidance system (in German). Shaker, AachenGoogle Scholar
- 12.Flegel U. (2007) Privacy-respecting intrusion detection. Springer, NewyorkGoogle Scholar
- 13.Freedman, M. J., Nissim, K., Pinkas, B. (2004). Efficient private matching and set intersection. In Advances in Cryptology - EUROCRYPT 2004, volume 3027 of Lecture notes in computer science pp. (1–19). Springer.Google Scholar
- 14.Garfinkel, T., & Rosenblum, M. (2003). A virtual machine introspection based architecture for intrusion detection. In Proceedings network and distributed systems security symposium pp. (191–206).Google Scholar
- 15.Holz, T. (2004). An efficient distributed intrusion detection scheme. In COMPSAC Workshops pp. (39–40).Google Scholar
- 16.ITU-R (2008). REPORT ITU-R M.2133, Requirements, evaluation criteria and submission templates for the development of IMT-Advanced. Technical report, ITU, 12.Google Scholar
- 17.Kissner, L., & Song, D. (Aug 2005). Private and threshold set-intersection. In Proceedings of CRYPTO ’05.Google Scholar
- 18.Køien G. M. (2007) Subscriber privacy in cellular systems. Telektronikk ISSN 0085-7130(103): 39–51Google Scholar
- 19.Køien G. M., Oleshuck Vladimir A. (2007) Personal privacy in a digital world. Telektronikk ISSN 0085-7130(103): 4–19Google Scholar
- 20.Køien, G. M., (Oct 2009). Entity authentication and personal privacy in future cellular systems. The River Publishers Series in Standardisation.Google Scholar
- 21.Lawrence Berkeley National Laboratory. Bro intrusion detection system. http://bro-ids.org.
- 23.Marchiori, M. (Ed). (2002). The platform for privacy preferences 1.0 specification. http://www.w3.org/TR/P3P.
- 24.MIT Kerberos Team (2009). Kerberos: The network authentication protocol. http://web.mit.edu/Kerberos.
- 25.Moriarty K. M., & Trammell, B. H. (2008). IODEF/RID over SOAP. http://www.ietf.org/internet-drafts/draft-moriarty-post-inch-rid-soap-05.txt.
- 26.Moses, T. (Ed). (2005). OASIS eXtensible Access Control Markup Language (XACML) Version 2.0. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.
- 27.Pang, R., & Paxson, V. (2003). A high-level programming environment for packet trace anonymization and transformation. In Proceedings of the 2003 conference on applications, technologies, architectures, and protocols for computer communications (pp. 339–351), Karlsruhe, Germany ACM.Google Scholar
- 28.Powers, C., & Schunter, M. (Ed) (2003). Enterprise privacy authorization language (epal 1.2). http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/.
- 29.Reiss, F., & Joseph, M. H. (2004). Data triage: An adaptive architecture for load shedding in TelegraphCQ. In In ICDE pp. (155–156).Google Scholar
- 31.Sobirey, M., Richter, B., & König, H. (1996). The intrusion detection system AID - architecture and experiences in automated audit trail analysis. In Proceedings of the IFIP TC6/TC11 international conference on communications and multimedia security pp. (278–290).Google Scholar
- 32.Sobirey, M., Fischer-Hübner, S., & Rannenberg, K. (1997). Pseudonymous audit for privacy enhanced intrusion detection. In Proceedings of the IFIP TC11 13th international conference on information security (SEC’97) pp. (151–163).Google Scholar
- 33.Ulltveit-Moe, N., & Oleshchuk, V. (2009). Two tiered privacy enhanced intrusion detection system architecture. In IEEE International workshop on intelligent data acquisition and advanced computing systems: technology and applications, 2009. IDAACS 2009 (pp. 8–14).Google Scholar