Skip to main content

Risk Analysis and Software Integrity Protection for 4G Network Elements in ASMONIA

  • Conference paper
  • 2113 Accesses

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 7612)

Abstract

The paper gives an insight into current ASMONIA research work on risk analysis, security requirements and defence strategies for 4G network elements. It extends the 3GPP security architecture for 4G networks, in particular when being part of critical infrastructures. Based on identified requirements it focuses on enhanced protection concepts, aiming to improve implementation security of threatened elements in 4G networks through attack resistant mechanisms for integrity protection, covering attacks against a system during boot- and execution-time. The concepts concentrate on generic mechanisms that can be applied to 4G network elements and complete other methods researched in ASMONIA. The paper describes infrastructure aspects of software integrity in mobile networks and provides proposals for implementation of verification and enforcement processes inside self-validating target systems. The proposals are based on typical exemplary systems, relying on Linux and QEMU/KVM.

Keywords

  • Runtime integrity protection
  • TPM
  • PKI
  • certificates
  • signatures
  • secure boot
  • 3GPP security
  • eNB
  • HeNB
  • ASMONIA
  • Linux
  • QEMU
  • KVM

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Official ASMONIA Project web-page, http://www.asmonia.de/index.php?page=1

  2. Egners, A., Schäfer, M., Wessel, S.: ASMONIA Deliverable D2.1 “Evaluating Methods to assure System Integrity and Requirements for Future Protection Concepts” (April 2011)

    Google Scholar 

  3. Egners, A., Rey, E., Schneider, P., Wessel, S.: ASMONIA Deliverable D5.1, “Threat and Risk Analysis for Mobile Communication Networks and Mobile Terminals” (March 2011)

    Google Scholar 

  4. TCG, TPM Main Specifications, Parts 1-3, Specification Version 1.2, Level 2, Revisions 103 (July 2007), https://www.trustedcomputinggroup.org/specs/TPM/

  5. Kursawe, K., Schellekens, D., Preneel, B.: Analyzing trusted platform communication. In: ECRYPT Workshop, CRASH - CRyptographic Advances in Secure Hardware (2005), https://www.cosic.esat.kuleuven.be/publications/article-591.pdf

  6. Sparks, E.: A Security Assessment of Trusted Platform Modules. Computer Science Tech. Report TR2007-597, Department of Computer Science Dartmouth College (2007)

    Google Scholar 

  7. Winter, J., Dietrich, K.: A Hijacker’s Guide to the LPC Bus. In: Petkova-Nikova, S., Pashalidis, A., Pernul, G. (eds.) EuroPKI 2011. LNCS, vol. 7163, pp. 176–193. Springer, Heidelberg (2012), www.cosic.esat.kuleuven.be/europki2011/pp/preproc.pdf

    CrossRef  Google Scholar 

  8. Kauer, B.: OSLO: Improving the security of Trusted Computing. In: SS 2007 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (2007)

    Google Scholar 

  9. UEFI: Unified Extensible Firmware Interface, UEFI SPEC 2.3.1 (2011), http://www.uefi.org

  10. Apvrille, A., Gordon, D., et al.: Ericsson DigSig: Run-time Authentication of Binaries at Kernel Level. In: Proceedings of the 18th Large Installation System Administration Conference (LISA 2004), Atlanta, November 14-19, pp. 59–66 (2004)

    Google Scholar 

  11. Apvrille, A., Gordon, D.: DigSig novelties. In: Libre Software Meeting (LSM 2005), Security Topic, Dijon, France, July 4-9 (2005), disec.sourceforge.net/docs/DigSig-novelties.pdf

  12. KVM and QEMU, http://www.linux-kvm.org/page/Documents

  13. Network file system (NFS) vers. 4, RFC 3530 (2003), http://tools.ietf.org/html/rfc3530

  14. Arvind, S., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In: Proceed. of the ACM Symposium on Operating Systems Principles (SOSP 2007), Stevenson, WA (October 2007)

    Google Scholar 

  15. RSBAC, Rule Set Bases Access Control, http://www.rsbac.org/

  16. SeLinux, Security Enhanced Linux, http://www.nsa.gov/research/selinux/docs.shtml

  17. PAX, http://pax.grsecurity.net/docs/index.html

  18. ProPolice / Stack Smashing Protector, http://www.trl.ibm.com/projects/security/ssp/ , http://www.x.org/wiki/ProPolice

  19. Schäfer, M., Moeller, W.D.: Tailored Concepts for Software Integrity Protection in Mobile Networks. International Journal on Advances in Security 4(1&2) (August 2011)

    Google Scholar 

  20. 3GPP TS 33.320, http://www.3gpp.org/ftp/Specs/archive/33_series/33.320/33320-b30.zip

  21. 3GPP TS 33.401, http://www.3gpp.org/ftp/Specs/archive/33_series/33.401/33401-b10.zip

  22. Wessel, S., Stumpf, F.: Page-based Runtime Integrity Protection of User and Kernel Code. In: Proceedings of EuroSec 2012, 5th European Workshop on System Security (April 2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Schäfer, M. (2012). Risk Analysis and Software Integrity Protection for 4G Network Elements in ASMONIA. In: Ortmeier, F., Daniel, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33678-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33678-2_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33677-5

  • Online ISBN: 978-3-642-33678-2

  • eBook Packages: Computer ScienceComputer Science (R0)