With the introduction of the third generation (3G) Universal MobileTelecommunications System (UMTS) base station router (BSR) and fourth generation (4G) base stations, such as the 3rd Generation Partnership Project (3GPP) Long Term Evolution (LTE) Evolved Node B (eNB), it has become important to secure base stations from break-in attempts by adversaries. While previous generation base stations could be considered simple voice and Internet Protocol (IP) packet transceivers, newer generation cellular base stations need to perform more of the user-and signaling functions for the cellular radio access network. If adversaries can physically break into newer base stations, they can perform a range of undesirable operations such as snooping on conversations, carrying out denial-of-service attacks on the serving area, changing the software base of the base stations, stealing authentication and encryption keys, and disrupting legitimate cellular operations. The cell-site vault is a secure processing environment designed to resist such tampering and to protect the sensitive functions associated with cellular processing. It provides an execution environment where ciphering functions, key management, and associated functions can execute without leaking sensitive information. In this paper, we present the basic principles of the cell-site vault and present an overview of the types of functions that need to be protected in future base stations for cellular networks. We address the importance of providing a trust hierarchy within the cell-site vault, we present why the vault needs to be used to establish secure and authenticated communication channels-in fact, why the vault needs to be used for most external communications-and we present why it is important to execute functions such as data re-encryption inside the vault. A femtocell or home base station is particularly vulnerable to attacks since these base stations are physically accessible by adversaries. In this paper, we focus in particular on a cell-site vault design for a femto-class base station, including its standardization efforts, as it is challenging to include both secure and nonsecure processing inside a single "system-on-a-chip."
We present Shallow MAC (ShMAC), a fixed-input-length message authentication code that performs most of the computation prior to the availability of the message. Specifically, ShMAC’s message-dependent computation is much faster and smaller in hardware than the evaluation of a pseudorandom permutation (PRP) and can be implemented by a small shallow circuit, while its precomputation consists of one PRP evaluation. A main building block for ShMAC is the notion of strong differential uniformity (SDU), which we introduce and which may be of independent interest. We show an efficient SDU construction built from previously considered differentially uniform functions. Our main motivating application is a system architecture where a hardware-secured processor uses memory controlled by an adversary. We also present in technical detail a novel, efficient approach to encrypting and authenticating memory and discuss the associated tradeoffs, while paying special attention to minimizing hardware costs and the reduction of Dynamic Random Access Memory latency.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.