Secure base stations


Bosch, Peter and Brusilovsky , Alec and McLellan , Rae and Mullender, Sape and Polakos , Paul (2009) Secure base stations. Bell Labs Technical Journal, 13 (4). pp. 227-243. ISSN 1089-7089

[img] PDF
Restricted to UT campus only
: Request a copy
Abstract:With the introduction of the third generation (3G) Universal Mobile Telecommunications System (UMTS) base station router (BSR) and fourth generation (4G) base stations, such as the 3rd Generation Partnership Project (3GPP) Long Term Evolution (LTE) Evolved Node B (eNB), it has become important to secure base stations from break-in attempts by adversaries. While previous generation base stations could be considered simple voice and Internet Protocol (IP) packet transceivers, newer generation cellular base stations need to perform more of the user- and signaling functions for the cellular radio access network. If adversaries can physically break into newer base stations, they can perform a range of undesirable operations such as snooping on conversations, carrying out denial-of-service attacks on the serving area, changing the software base of the base stations, stealing authentication and encryption keys, and disrupting legitimate cellular operations. The cell-site vault is a secure processing environment designed to resist such tampering and to protect the sensitive functions associated with cellular processing. It provides an execution environment where ciphering functions, key management, and associated functions can execute without leaking sensitive information. In this paper, we present the basic principles of the cell-site vault and present an overview of the types of functions that need to be protected in future base stations for cellular networks. We address the importance of providing a trust hierarchy within the cell-site vault, we present why the vault needs to be used to establish secure and authenticated communication channels—in fact, why the vault needs to be used for most external communications—and we present why it is important to execute functions such as data re-encryption inside the vault. A femtocell or home base station is particularly vulnerable to attacks since these base stations are physically accessible by adversaries. In this paper, we focus in particular on a cell-site vault design for a femto-class base station, including its standardization efforts, as it is challenging to include both secure and nonsecure processing inside a single “system-on-a-chip.”
Item Type:Article
Additional information:Special Issue: 4G Wireless Technologies
Copyright:© 2009 Wiley
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:
Official URL:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page