Skip to main content
SpringerLink
Log in
Book cover

International Conference on Wired/Wireless Internet Communications

WWIC 2006: Wired/Wireless Internet Communications pp 155–165Cite as

Efficient Protection of Mobile Devices by Cross Layer Interaction of Firewall Approaches

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3970))

Abstract

In this paper we discuss IP layer packet filtering and an application level gateway approach used to secure handheld devices when providing and using web services. We propose a firewall management plane as a means for cross layer interaction. In our approach the application level gateway updates the IP layer firewall rules based on its knowledge about whether or not a certain source is sending malicious packets. We show that such a cross layer interaction can significantly decrease the CPU load in case of attacks, i.e., if many malicious packets arrive at the handheld device. Our measurement results show that the additional overhead for IP layer filtering is less than 10 per cent, if the number of applied rule sets is less than 200. In addition our cross layer approach can reduce the CPU load caused by the application layer gateway by about 10 up to 30 per cent.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Netfilter/iptables Project Homepage, http://www.netfilter.org

  2. nf-HiPAC: High Performance Firewall for Linux Netfilter, http://www.hipac.org

  3. Extensible Markup Language (XML) 1.0 (3rd edn.), http://www.w3.org/TR/2004/REC-xml-20040204

  4. http://webservices.xml.com

  5. Wireless Security Software for Handheld Mobile Devices from Bluefire Security Technologies, http://www.bluefiresecurity.com/

  6. Trust Digital - Solutions - TRUST Mobile Device Applications, http://www.trustdigital.com

  7. Security Basics for PDAs and Handheld PCs, http://www.smallbusinesscomputing.com/webmaster/article.php/10732_3400641_2

  8. Web Services Security (WS-Security), http://www-106.ibm.com/developerworks/webservices/library/ws-secure/

  9. XML Encryption Syntax and Processing, http://www.w3.org/TR/xmlenc-core/

  10. Reactivity: The Secure Web Services Deployment System, http://www.reactivity.com/

  11. Forum Systems, Inc. - The Leader In Web Services Security, http://www.forumsystems.com

  12. XML-Security-C, http://xml-security-c.sourceforge.net

  13. Handhelds.org - Open Source Operating Systems for Handheld Devices, www.handhelds.org

  14. OASIS, Security Assertion Markup Language (SAML) V2.0, available at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security#samlv20

  15. Robert van Engelen, gSOAP 2.7.2 User Guide, available at: http://gsoap2.com/sourceforge

  16. Forum Systems: Anatomy of a Web Services Attack: A Guide to Threats and Preventive Countermeasures (2004), available at http://forumsystems.com/papers/Anatomy_of_Attack_wp.pdf

  17. Bellovin, M.: nf-HiPAC High Performance Packet Classification High Performance Packet Classification for Linux Netfilter (2005), available at: http://www.hipac.org/documentation/nf-hipac-nfws2005.pdf

Download references

Author information

Authors and Affiliations

  1. IHP, Im Technologiepark 25, 15236, Frankfurt (Oder), Germany

    Peter Langendoerfer & Krzysztof Piotrowski

  2. DFS Deutsche Flugsicherung GmbH, Langen, SH/IR, Am DFS-Campus 2, 63225, Langen, Germany

    Martin Lehmann

Authors
  1. Peter Langendoerfer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martin Lehmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Krzysztof Piotrowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Computer Science and Applied Mathematics, University of Bern, Switzerland

    Torsten Braun

  2. Wilhelm-Schickard-Institut für Informatik, University of Tübingen, Germany

    Georg Carle

  3. Department of Computer Science, Purdue University, 250 N. University Street, IN 47907-2066, West Lafayette, USA

    Sonia Fahmy

  4. Department of Communications Engineering, Tampere University of Technology, Korkeakoulunkatu 10, 33720, Tampere, Finland

    Yevgeni Koucheryavy

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Langendoerfer, P., Lehmann, M., Piotrowski, K. (2006). Efficient Protection of Mobile Devices by Cross Layer Interaction of Firewall Approaches. In: Braun, T., Carle, G., Fahmy, S., Koucheryavy, Y. (eds) Wired/Wireless Internet Communications. WWIC 2006. Lecture Notes in Computer Science, vol 3970. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11750390_14

Download citation

  • DOI: https://doi.org/10.1007/11750390_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34023-2

  • Online ISBN: 978-3-540-34024-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation