Abstract
The paper gives an insight into current ASMONIA research work on risk analysis, security requirements and defence strategies for 4G network elements. It extends the 3GPP security architecture for 4G networks, in particular when being part of critical infrastructures. Based on identified requirements it focuses on enhanced protection concepts, aiming to improve implementation security of threatened elements in 4G networks through attack resistant mechanisms for integrity protection, covering attacks against a system during boot- and execution-time. The concepts concentrate on generic mechanisms that can be applied to 4G network elements and complete other methods researched in ASMONIA. The paper describes infrastructure aspects of software integrity in mobile networks and provides proposals for implementation of verification and enforcement processes inside self-validating target systems. The proposals are based on typical exemplary systems, relying on Linux and QEMU/KVM.
Keywords
- Runtime integrity protection
- TPM
- PKI
- certificates
- signatures
- secure boot
- 3GPP security
- eNB
- HeNB
- ASMONIA
- Linux
- QEMU
- KVM
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Official ASMONIA Project web-page, http://www.asmonia.de/index.php?page=1
Egners, A., Schäfer, M., Wessel, S.: ASMONIA Deliverable D2.1 “Evaluating Methods to assure System Integrity and Requirements for Future Protection Concepts” (April 2011)
Egners, A., Rey, E., Schneider, P., Wessel, S.: ASMONIA Deliverable D5.1, “Threat and Risk Analysis for Mobile Communication Networks and Mobile Terminals” (March 2011)
TCG, TPM Main Specifications, Parts 1-3, Specification Version 1.2, Level 2, Revisions 103 (July 2007), https://www.trustedcomputinggroup.org/specs/TPM/
Kursawe, K., Schellekens, D., Preneel, B.: Analyzing trusted platform communication. In: ECRYPT Workshop, CRASH - CRyptographic Advances in Secure Hardware (2005), https://www.cosic.esat.kuleuven.be/publications/article-591.pdf
Sparks, E.: A Security Assessment of Trusted Platform Modules. Computer Science Tech. Report TR2007-597, Department of Computer Science Dartmouth College (2007)
Winter, J., Dietrich, K.: A Hijacker’s Guide to the LPC Bus. In: Petkova-Nikova, S., Pashalidis, A., Pernul, G. (eds.) EuroPKI 2011. LNCS, vol. 7163, pp. 176–193. Springer, Heidelberg (2012), www.cosic.esat.kuleuven.be/europki2011/pp/preproc.pdf
Kauer, B.: OSLO: Improving the security of Trusted Computing. In: SS 2007 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (2007)
UEFI: Unified Extensible Firmware Interface, UEFI SPEC 2.3.1 (2011), http://www.uefi.org
Apvrille, A., Gordon, D., et al.: Ericsson DigSig: Run-time Authentication of Binaries at Kernel Level. In: Proceedings of the 18th Large Installation System Administration Conference (LISA 2004), Atlanta, November 14-19, pp. 59–66 (2004)
Apvrille, A., Gordon, D.: DigSig novelties. In: Libre Software Meeting (LSM 2005), Security Topic, Dijon, France, July 4-9 (2005), disec.sourceforge.net/docs/DigSig-novelties.pdf
KVM and QEMU, http://www.linux-kvm.org/page/Documents
Network file system (NFS) vers. 4, RFC 3530 (2003), http://tools.ietf.org/html/rfc3530
Arvind, S., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In: Proceed. of the ACM Symposium on Operating Systems Principles (SOSP 2007), Stevenson, WA (October 2007)
RSBAC, Rule Set Bases Access Control, http://www.rsbac.org/
SeLinux, Security Enhanced Linux, http://www.nsa.gov/research/selinux/docs.shtml
ProPolice / Stack Smashing Protector, http://www.trl.ibm.com/projects/security/ssp/ , http://www.x.org/wiki/ProPolice
Schäfer, M., Moeller, W.D.: Tailored Concepts for Software Integrity Protection in Mobile Networks. International Journal on Advances in Security 4(1&2) (August 2011)
3GPP TS 33.320, http://www.3gpp.org/ftp/Specs/archive/33_series/33.320/33320-b30.zip
3GPP TS 33.401, http://www.3gpp.org/ftp/Specs/archive/33_series/33.401/33401-b10.zip
Wessel, S., Stumpf, F.: Page-based Runtime Integrity Protection of User and Kernel Code. In: Proceedings of EuroSec 2012, 5th European Workshop on System Security (April 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schäfer, M. (2012). Risk Analysis and Software Integrity Protection for 4G Network Elements in ASMONIA. In: Ortmeier, F., Daniel, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33678-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-33678-2_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33677-5
Online ISBN: 978-3-642-33678-2
eBook Packages: Computer ScienceComputer Science (R0)
