Challenges for Evolving Large-Scale Security Architectures

In this paper, we conduct an informal analysis of challenges that face evolving large-scale security architectures. The 3rd generation partner project (3GPP) mobile systems is our example case and we shall investigate how these systems have evolved and how the security architecture has evolved with the system(s). The 3GPP systems not only represent a truly long-lived system family, but are also a massively successful system family, serving billions of subscribers. What once was an auxiliary voice-based infrastructure has evolved to become a main (and thereby critical) information and communications technology (ICT) infrastructure for billions of people. The 25+ years of system evolution has not all been a linearly planned progression and the overall system is now clearly also a product of its history. Our ultimate goal is to capture some of the essence of security architecture evolution for critical ICT system. Keywords–Evolving Security; System Security; Security Architecture; Long-term security planning.

[1]  Pankaj Rohatgi,et al.  Partitioning attacks: or how to rapidly clone some GSM cards , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[2]  Maria Kalenderi,et al.  Breaking the GSM A5/1 cryptography algorithm with rainbow tables and high-end FPGAS , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[3]  Cormac Herley,et al.  Where Do All the Attacks Go? , 2011, WEIS.

[4]  Geir M. Køien Mutual entity authentication for LTE , 2011, 2011 7th International Wireless Communications and Mobile Computing Conference.

[5]  Geir M. Køien Privacy enhanced mutual authentication in LTE , 2013, 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[6]  Brinio Hond,et al.  Security Testing of GSM Implementations , 2014, ESSoS.

[7]  K. LaBar Beyond Fear , 2007, Current directions in psychological science.

[8]  Zahid Anwar,et al.  Budget constrained optimal security hardening of control networks for critical cyber-infrastructures , 2009, Int. J. Crit. Infrastructure Prot..

[9]  Geir M. Kien Entity Authentication and Personal Privacy in Future Cellular Systems , 2009 .

[10]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[11]  Dionisios N. Pnevmatikatos,et al.  Fast, FPGA-based Rainbow Table creation for attacking encrypted mobile communications , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.

[12]  Bruce Schneier,et al.  Economics of Information Security and Privacy III , 2013, Springer New York.

[13]  Indrajit Ray,et al.  Optimal security hardening on attack tree models of networks: a cost-benefit analysis , 2012, International Journal of Information Security.

[14]  G.M. Koien,et al.  An introduction to access security in UMTS , 2004, IEEE Wireless Communications.

[15]  Karen A. Scarfone,et al.  Guide to General Server Security , 2008 .

[16]  S Dunn,et al.  Cargo cult science. , 1996, Oral surgery, oral medicine, oral pathology, oral radiology, and endodontics.

[17]  Geir M. Køien Privacy enhanced cellular access security , 2005, WiSe '05.

[18]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.