TPR0439CX Application Note How to secure Femtocells using VaultIC TM Security Modules?
2
Table of Contents Introduction...5 1 What is a Femtocell?...6 2 Security risks in a Femtocell system...7 2.1 What are the risks?...7 2.2 What are the attacks?...7 3 VaultIC solution...9 3.1 Inside the VaultIC Module......9 3.2 Against attack number 1......10 3.3 Against attack number 2......10 3.4 Against attack number 3......10 4 Conclusion...12 Definitions & Abbreviations...13 Revision History...15 3
4
Introduction Due to the popularity of mobile phones at home and the increased demand for mobile voice and broadband capacity, Femtocells, which respond to these demands, have found a ready market. However Femtocells use the Internet to deliver voice and data services which means that there are elevated risks of security attacks. Mobile Operators need to be prepared for these attacks and must employ defenses against them to prevent identity theft, fraud and confidentiality violations. VaultIC Security Modules - based on highly secure microcontrollers used in Banking or ID markets - can respond to these challenges. Depending on the size of the data which needs to be secured, the VaultIC Security Modules Family is composed of ATVaultIC100, and ATVaultIC4xx Series with various interfaces and file system sizes. 5
1. What is a Femtocell? "Originally known as an Access Point Base Station, a Femtocell (or FAP) is a small cellular Base Station (BTS) typically designed for use in a home or small business. It connects to the service provider s network via broadband cable or DSL internet connections; current designs typically support 2 to 4 active mobile phones simltaneously in a residential setting." (Source: Wikipedia). A Femtocell allows Mobile Operators to extend service coverage indoors at the subscriber home or business. It could enhance their Average Revenue Per User (ARPU) and profitability with new tariffs, pricing plans or "Femto Zone" Services. At the same time, mobile consumers benefit mostly from "five bars" of coverage throughout the household, higher data rates per user, better quality voice and the use of their existing handsets, not to mention the interaction with home networks in new and exciting ways. For instance, Femtocells will make it easier for users to download music and videos, or even control home appliances remotely from the phone. The Femtocell incorporates the functionality of a typical base station but extends it to allow a simple, self-contained deployment by offering new levels of service to consumers and new economic deployment models for operators. Figure 1-1. Femtocell Environment 6
2. Security risks in a Femtocell system 2.1 What are the risks? The Mobile Operators, as well as subscribers, are concerned with fraud and service theft, privacy and confidentiality violations. Indeed if attack risks are under-estimated, the Mobile Operators can lose revenues and consumers their privacy. Fraud and service theft Since Internet is usually used as the access network between the Mobile Operator s Network core and the FAPs, it is easy to imagine that identity theft could be used to access the network and therefore services, consuming resources and expenditures. An attacker using registration flood attacks for instance may be able to assume the identity of the FAP by spoofing at multiple layers. Service theft can take the form of obtaining more services than authorized or paid for (i.e., piggybacking on existing session signaling messages with additional media sessions), exploiting early media, so sessions are not accounted for and billed and utilizing higher bandwidth codecs than negotiated during the session establishment. Privacy and confidentiality violation Even if digital networks, like GSM and UMTS, encode the voice and data messages sent from the mobile to the base station, the link between the base station to the operators central switching centers is weak, as conversations travel over the internet. So they can be caught by hackers and use for malicious means such as identity theft and password phishing, which can cause lost revenue or lawsuits. Bill avoidance Like bypassing electricity or gas meters, the Femtocell could be used to access services for free. 2.2 What are the attacks? Attacks threats can be listed in two categories: third party attacks, which target the communication links, and hosting party attacks, which target the FAP devices themselves. Third party attacks include man-in-the-middle attacks, traffic spying, eavesdropping, "fake base station" attacks and authentication snooping. The communication links aimed at are between the handset and the FAP, and/or the FAP and the Network (Attack Numbers 2 and 3 in Figure 2-1). For instance, if the hacker succeeds in being authenticated to the network, then he has access to free services. Another example is traffic spying: the hacker can capture sensitive information and make improper use of it. Hosting party attacks include hacking, reverse engineering and device cloning. The devices themselves (FAP in this case) are targeted (Attack Number 1 in Figure 2-1). The figure below shows where the threats are, in a Femtocell architecture (The attacks are numbered on the diagram and will be identified with these numbers in the next paragraph). 7
Figure 2-1. Femtocell attacks diagram 1 3 Voice Data Femtocell Broadband Router Internet Mobile Operator Network 2 Femtocell Gateway Controller 8
3. VaultIC solution Conscious of all the threats described above, VaultIC products can provide the security needed: a solution to prevent the system from unauthorized access and fraud is to embed a VaultIC security module in a Femtocell. 3.1 Inside the VaultIC Module... A VaultIC Module can be considered as a secure box, storing secrets seamlessly and securely. To do this, the secret objects are stored in the secure memory of the module, in the form of a dynamic file system. In the Femtocells case, the file system downloaded by the manufacturer in an VaultIC might be composed as follows: Administrator data : file system version, private keys. These data allow the Mobile Operator s Network to be authenticated to the Femtocell and then to upgrade keys or change administration data. FAP data : identifier, private keys, certificate. These data allow the Mobile Operator s Network to authenticate the FAP before allowing access to core networks and services. For more security these data are unique per chip. Devices data : identifier of each handset, access rights for each handset. These data allow the FAP to authenticate each device in the home/business network. Figure 3-1. VaultIC Solution Integration Femtocell Baseband processor RF Main processor Femtocell Application IPsec Application VaultIC module Authentication / Secure Channel... Ethernet Administration Services (key Management) Secure Data Storage Cryptographic Services (sign / encrypt...) 9
3.2 Against attack number 1... VaultIC Modules embed dedicated hardware for protection against SPA/DPA attacks, advanced protection against physical attack (including active shield), environmental protection systems (voltage, frequency, temperature monitors), light protection and secure management/access protection. Reverse engineering or cloning are then not possible on the VaultIC modules. Moreover, the main processor of the Femtocell and the VaultIC Module can authenticate each other and therefore open a Secure Channel, allowing secure data exchanges which prevents spying on the communication bus. The FAP, and therefore the secret file system, is then secure and hosting party attacks are warded off. 3.3 Against attack number 2... Considering the attack number 2 described in page 8, it appears that the handsets of the home/business network must be authenticated. To do this, a VaultIC Security Module can identify several devices with different privileges : for instance the manufacturer, the host (Network) and the handsets. Moreover, each device can be assigned different access rights. For example updating secret keys may only be done by the Network (host) whereas a handset only has the right to download data from the Internet. In this way the file system allows different security levels. Another aspect of the local network is secure communication: thanks to the VaultIC Module, data between handsets and the FAP are encrypted. Attack Number 2 in the schematic above is then prevented. 3.4 Against attack number 3... In the same way as the previous paragraph, the FAP and the network must mutually authenticate each other. In order to authenticate the FAP on the Mobile Operator s Network, a VaultIC Security Module can securely store sensitive data, such as a unique certificate (obviously delivered by a trusted organism, so that they can not be duplicated) and a key-pair unique per VaultIC. In this way, each FAP is unique and considered as genuine by the Mobile Operator s Network. Each VaultIC module can also generate his own key-pair and use it for the strong authentication process that VaultIC modules can perform with the Operator s Network. As a result FAPs will be authenticated on the Network and allowed to make connection and access authorized services. It can also authenticate the Network and therefore avoid transferring private data to a "fake" network. Moreover, data exchanges between the FAP and the Network are secure: Femtocells use IPsec for transferring data. IPsec is a suite of protocols that has encryption and signature mechanisms to ensure subscriber communication confidentiality. Encrypting the voice and packet data prior to Internet transport hides the actual content. VaultIC Security Modules can provide cryptographic mechanisms: VaultIC Modules can generate the cryptographic primitives needed by the main CPU of the FAPs in order to use the IPsec protocol, as described on Figure 3-1. 10 These primitives include algorithms such as 3DES, AES, RSA up to 4096 bits, DSA up to 2048 bits, ECC up to 384 bits, as well as Public Key Pair Generation, Digital Signature, Encryption / Decryption, Key Wrapping / Unwrapping and HOTP One-Time Password Generation. For more details, please refer to the technical datasheets ot the VaultIC products.
Note that these primitives are computed with very good performances thanks to hardware cryptographic engines. All the solutions described above can be schematically represented as follows: Figure 3-2. VaultIC implementation Voice Data Broadband Router Femtocell authentication authentication Internet IPsec Mobile Operator Network Femtocell Gateway Controller 11
4. Conclusion According to a recent study from ABI research, by 2011 there will be 102 million users of Femtocell products on 32 million access points worldwide. But because Femtocells typically use the Internet for voice and data traffic, the Mobile Operators network is opened to risks. In addition to ensuring an adequate mobile residential coverage and responding to emerging VoIP and WiFi offerings, Mobile Operators want to preserve their ARPU and protect their subscribers privacy. Subscribers want assurance that their home networks are secure and their private life is protected. Implementing VaultIC Security Modules in Femtocells provide user authentication, registration and authentication and therefore prevent fraud and confidentiality violation. VaultIC Security Modules protect the fundamental mechanisms: Mutual authentication : FAPs and the Network are mutually authenticated to authorize data exchanges. Data Privacy : Due to the hostile and unreliable features of the network, the privacy and the confidentiality of the data exchanged between the FAP, the network and the handsets are protected. Data Integrity : The FAP is not physically vulnerable to tampering by malicious users. For more details about the VaultIC Products Family please contact your local INSIDE Secure Sales office. 12
Definitions & Abbreviations AES Advanced Encryption Standard algorithm as defined in FIPS PUB 197 ARPU ASSP Authentication DES/3DES Average Revenue Per Unit Application Specific Standard Product An identification or entity authentication technique assures one party (the verifier), through acquisition of corroborative evidence, of both the identity of a second party involved, and that the second (the claimant) was active at the time the evidence was created or acquired. (From Handbook of Applied Cryptography) Data Encryption Standard algorithm as defined in FIPS PUB 46-3. Tiple DES algorithm DSA Digital Signature Algorithm as defined in FIPS PUB 186-2 ECC FAP Femto Zone Services FGW GSM IPsec RSA SPA/DPA UMTS Elliptic Curves algorithm Femtocell Access Point. This is the Femtocell term in a network environement Mobile data / voice services triggered when the phone comes in range of the Femtocell. For instance, get an SMS when your kids arrive or depart the home, automatic podcast reload and photo / video upload to the web when you get at home Femtocell Gateway Controller Global System for Mobile Communications, the most popular standard for mobile phones Internet Protocol Security. It is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session Rivest Shamir Adleman algorithm Simple Power-Analysis involves visually interpreting power traces, or graphs of electrical activity over time. Differential Power-Analysis is more advanced form of power analysis which can allow an attacker to compute the intermediate values within cryptographic computations by statistically analyzing data collected from multiple cryptographic operations Universal Mobile Telecommunications System, one of the third-generation (3G) mobile telecommunications technologies 13
14
Revision History Document Details Title: How to secure Femtocells using VaultIC TM Security Modules? Literature Number: TPR0439CX Date: 01Mar11 Rev. TPR0439AX-SMS-09/09 Official release - Final draft Rev. TPR0439BX-SMS-12/09 Minor corrections (english) Rev. TPR0439CX-VIC-03/11 Inside Secure Format migration 15
Headquarters Product Contact INSIDE Secure 41, Parc Club du Golf 13586 Aix-en-Provence Cedex 3 France Tel: +33 (0)4-42-39-63-00 Fax: +33 (0)4-42-39-63-19 Web Site www.insidesecure.com Technical Support e-security@insidefr.com Sales Contact sales_web@insidefr.com Disclaimer: All products are sold subject to INSIDE Secure Terms & Conditions of Sale and the provisions of any agreements made between INSIDE Secure and the Customer. In ordering a product covered by this document the Customer agrees to be bound by those Terms & Conditions and agreements and nothing contained in this document constitutes or forms part of a contract (with the exception of the contents of this Notice). A copy of INSIDE Secure Terms & Conditions of Sale is available on request. Export of any INSIDE Secure product outside of the EU may require an export Licence. The information in this document is provided in connection with INSIDE Secure products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of INSIDE Secure products. EXCEPT AS SET FORTH IN INSIDE SECURE S TERMS AND CONDITIONS OF SALE, INSIDE SECURE OR ITS SUPPLIERS OR LICENSORS ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL INSIDE SECURE BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, LOSS OF REVENUE, BUSINESS INTERRUPTION, LOSS OF GOODWILL, OR LOSS OF INFORMATION OR DATA) NOTWITHSTANDING THE THEORY OF LIABILITY UNDER WHICH SAID DAMAGES ARE SOUGHT, INCLUDING BUT NOT LIM- ITED TO CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY, STRICT LIABILITY, STATUTORY LIABILITY OR OTHERWISE, EVEN IF INSIDE SECURE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. INSIDE Secure makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. INSIDE Secure does not make any commitment to update the information contained herein. INSIDE Secure advises its customers to obtain the latest version of device data sheets to verify, before placing orders, that the information being relied upon by the customer is current. INSIDE Secure products are not intended, authorized, or warranted for use as critical components in life support devices, systems or applications, unless a specific written agreement pertaining to such intended use is executed between the manufacturer and INSIDE Secure. Life support devices, systems or applications are devices, systems or applications that (a) are intended for surgical implant to the body or (b) support or sustain life, and which defect or failure to perform can be reasonably expected to result in an injury to the user. A critical component is any component of a life support device, system or application which failure to perform can be reasonably expected to cause the failure of the life support device, system or application, or to affect its safety or effectiveness. The security of any system in which the product is used will depend on the system s security as a whole. Where security or cryptography features are mentioned in this document this refers to features which are intended to increase the security of the product under normal use and in normal circumstances. INSIDE Secure 2011. All Rights Reserved. INSIDE Secure, INSIDE Secure logo and combinations thereof, and others are registered trademarks or tradenames of INSIDE Secure or its subsidiaries. Other terms and product names may be trademarks of others.