Wireless Personal Communications

, Volume 57, Issue 3, pp 317–338 | Cite as

Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context

  • Nils Ulltveit-Moe
  • Vladimir A. Oleshchuk
  • Geir M. Køien


The paper proposes a location-aware mobile Intrusion Prevention System (mIPS) architecture with enhanced privacy that is integrated in Managed Security Service (MSS). The solution is envisaged in a future fifth generation telecommunications (5G) context with increased but varying bandwidth, a virtualised execution environment and infrastructure that allows threads, processes, virtual machines and storage to be migrated to cloud computing services on demand, to dynamically scale performance and save power. 5G mobile devices will be attractive targets for malicious software, and this threat will in some cases change with location. Mobile devices will store more sensitive information and will also be used to a larger extent for sensitive transactions than they typically do today. In addition, a distributed execution environment in itself gives raise to some new security challenges. In order to handle these security challenges, we have proposed the location-aware mIPS architecture, which benefits from a distributed execution environment where processor intensive services can be outsourced to Cloud hosting providers. The mIPS supports querying location threat profiles in a privacy-preserving way, and ensures that mIPS alerts sent to the the first-line MSS are anonymised. We finally perform an analysis of potential strengths and weaknesses of the proposed approach.


5G Mobility Security Personal privacy Location profile Intrusion detection and prevention 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    3GPP TS 31.101. (2009). 3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals; UICC-terminal interface; Physical and logical characteristics (Release 9).3GPP, Sophia Antipolis, Valbonne, France, 12.Google Scholar
  2. 2.
    3GPP TS 33.401. (2009). 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE): Security architecture; (Release 9). 3GPP, Sophia Antipolis, Valbonne, France, 12.Google Scholar
  3. 3.
    3GPP TR 36.913. (2009). 3rd Generation Partnership Project; Technical Specification Group Radio Access Network; Requirements for further advancements for Evolved Universal Terrestrial Radio Access (E-UTRA) (LTE-Advanced) (Release 9). 3GPP, Sophia Antipolis, Valbonne, France, 12.Google Scholar
  4. 4.
    Alrodhan, W., & Mitchell, C. J. (2008). A delegation framework for liberty. In Proceedings: 3rd conference on advances in computer security and forensics, (ACSF 2008) (pp. 67–73). Liverpool, UK: Liverpool JMU.Google Scholar
  5. 5.
    Attrapadung, N., & Kobara, K. (2003). Broadcast encryption with short keys and transmissions. In Proceedings of the 3rd ACM workshop on digital rights management (pp. 55–66). Washington, DC, USA, ACM.Google Scholar
  6. 6.
    Büschkes, R., & Kesdogan, D. (1999). Privacy enhanced intrusion detection. In G. Müller & K. Rannenberg, Multilateral security in communications, information security (pp. 187–204). Reading, MA: Addison Wesley.Google Scholar
  7. 7.
    Büsckes, R. & Kesdogan D. (1999). Privacy enhanced intrusion detection. In Multilateral Security for Global Communication - Technology, Application, Business. Addison-Wesley-Longman.Google Scholar
  8. 8.
    Debar, H., Curry, D., & Feinstein, B. (2007). The intrusion detection message exchange format (IDMEF).
  9. 9.
    Dolev D., Yao A. (1983) On the security of public-key protocols. IEEE Transactions on Information Theory 29(2): 198–208MathSciNetzbMATHCrossRefGoogle Scholar
  10. 10.
    Feinstein, B., & Matthews, G. (2007). The intrusion detection exchange protocol (IDXP).
  11. 11.
    Fischer-Hübner S. (2007) IDA-An intrusion detection and avoidance system (in German). Shaker, AachenGoogle Scholar
  12. 12.
    Flegel U. (2007) Privacy-respecting intrusion detection. Springer, NewyorkGoogle Scholar
  13. 13.
    Freedman, M. J., Nissim, K., Pinkas, B. (2004). Efficient private matching and set intersection. In Advances in Cryptology - EUROCRYPT 2004, volume 3027 of Lecture notes in computer science pp. (1–19). Springer.Google Scholar
  14. 14.
    Garfinkel, T., & Rosenblum, M. (2003). A virtual machine introspection based architecture for intrusion detection. In Proceedings network and distributed systems security symposium pp. (191–206).Google Scholar
  15. 15.
    Holz, T. (2004). An efficient distributed intrusion detection scheme. In COMPSAC Workshops pp. (39–40).Google Scholar
  16. 16.
    ITU-R (2008). REPORT ITU-R M.2133, Requirements, evaluation criteria and submission templates for the development of IMT-Advanced. Technical report, ITU, 12.Google Scholar
  17. 17.
    Kissner, L., & Song, D. (Aug 2005). Private and threshold set-intersection. In Proceedings of CRYPTO ’05.Google Scholar
  18. 18.
    Køien G. M. (2007) Subscriber privacy in cellular systems. Telektronikk ISSN 0085-7130(103): 39–51Google Scholar
  19. 19.
    Køien G. M., Oleshuck Vladimir A. (2007) Personal privacy in a digital world. Telektronikk ISSN 0085-7130(103): 4–19Google Scholar
  20. 20.
    Køien, G. M., (Oct 2009). Entity authentication and personal privacy in future cellular systems. The River Publishers Series in Standardisation.Google Scholar
  21. 21.
    Lawrence Berkeley National Laboratory. Bro intrusion detection system.
  22. 22.
    Maier G., Sommer R., Dreger H., Feldmann A., Paxson V., Schneider F. (2008) Enriching network security analysis with time travel. SIGCOMM Computer Communication Review 38(4): 183–194CrossRefGoogle Scholar
  23. 23.
    Marchiori, M. (Ed). (2002). The platform for privacy preferences 1.0 specification.
  24. 24.
    MIT Kerberos Team (2009). Kerberos: The network authentication protocol.
  25. 25.
    Moriarty K. M., & Trammell, B. H. (2008). IODEF/RID over SOAP.
  26. 26.
    Moses, T. (Ed). (2005). OASIS eXtensible Access Control Markup Language (XACML) Version 2.0.
  27. 27.
    Pang, R., & Paxson, V. (2003). A high-level programming environment for packet trace anonymization and transformation. In Proceedings of the 2003 conference on applications, technologies, architectures, and protocols for computer communications (pp. 339–351), Karlsruhe, Germany ACM.Google Scholar
  28. 28.
    Powers, C., & Schunter, M. (Ed) (2003). Enterprise privacy authorization language (epal 1.2).
  29. 29.
    Reiss, F., & Joseph, M. H. (2004). Data triage: An adaptive architecture for load shedding in TelegraphCQ. In In ICDE pp. (155–156).Google Scholar
  30. 30.
    Schmidt A.-D., Peters F., Lamour F., Scheel C., Çamtepe Seyit A., Sahin A. (2009) Monitoring smartphones for anomaly detection. Mobile Networks and Applications 14(1): 92–106CrossRefGoogle Scholar
  31. 31.
    Sobirey, M., Richter, B., & König, H. (1996). The intrusion detection system AID - architecture and experiences in automated audit trail analysis. In Proceedings of the IFIP TC6/TC11 international conference on communications and multimedia security pp. (278–290).Google Scholar
  32. 32.
    Sobirey, M., Fischer-Hübner, S., & Rannenberg, K. (1997). Pseudonymous audit for privacy enhanced intrusion detection. In Proceedings of the IFIP TC11 13th international conference on information security (SEC’97) pp. (151–163).Google Scholar
  33. 33.
    Ulltveit-Moe, N., & Oleshchuk, V. (2009). Two tiered privacy enhanced intrusion detection system architecture. In IEEE International workshop on intelligent data acquisition and advanced computing systems: technology and applications, 2009. IDAACS 2009 (pp. 8–14).Google Scholar

Copyright information

© Springer Science+Business Media, LLC. 2010

Authors and Affiliations

  • Nils Ulltveit-Moe
    • 1
  • Vladimir A. Oleshchuk
    • 1
  • Geir M. Køien
    • 1
  1. 1.University of AgderGrimstadNorway

Personalised recommendations