Efficient Protection of Mobile Devices by Cross Layer Interaction of Firewall Approaches

  • Peter Langendoerfer
  • Martin Lehmann
  • Krzysztof Piotrowski
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3970)


In this paper we discuss IP layer packet filtering and an application level gateway approach used to secure handheld devices when providing and using web services. We propose a firewall management plane as a means for cross layer interaction. In our approach the application level gateway updates the IP layer firewall rules based on its knowledge about whether or not a certain source is sending malicious packets. We show that such a cross layer interaction can significantly decrease the CPU load in case of attacks, i.e., if many malicious packets arrive at the handheld device. Our measurement results show that the additional overhead for IP layer filtering is less than 10 per cent, if the number of applied rule sets is less than 200. In addition our cross layer approach can reduce the CPU load caused by the application layer gateway by about 10 up to 30 per cent.


Mobile Device Cross Layer Incoming Packet Security Function Cross Layer Approach 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Netfilter/iptables Project Homepage,
  2. 2.
    nf-HiPAC: High Performance Firewall for Linux Netfilter,
  3. 3.
    Extensible Markup Language (XML) 1.0 (3rd edn.),
  4. 4.
  5. 5.
    Wireless Security Software for Handheld Mobile Devices from Bluefire Security Technologies,
  6. 6.
    Trust Digital - Solutions - TRUST Mobile Device Applications,
  7. 7.
  8. 8.
  9. 9.
    XML Encryption Syntax and Processing,
  10. 10.
    Reactivity: The Secure Web Services Deployment System,
  11. 11.
    Forum Systems, Inc. - The Leader In Web Services Security,
  12. 12.
  13. 13. - Open Source Operating Systems for Handheld Devices,
  14. 14.
    OASIS, Security Assertion Markup Language (SAML) V2.0, available at
  15. 15.
    Robert van Engelen, gSOAP 2.7.2 User Guide, available at:
  16. 16.
    Forum Systems: Anatomy of a Web Services Attack: A Guide to Threats and Preventive Countermeasures (2004), available at
  17. 17.
    Bellovin, M.: nf-HiPAC High Performance Packet Classification High Performance Packet Classification for Linux Netfilter (2005), available at:

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Peter Langendoerfer
    • 1
  • Martin Lehmann
    • 2
  • Krzysztof Piotrowski
    • 1
  1. 1.IHPFrankfurt (Oder)Germany
  2. 2.DFS Deutsche Flugsicherung GmbH, Langen, SH/IRLangenGermany

Personalised recommendations