'Flat IP' mobile networks face new security challenges

Data will flow more freely as mobile communications networks move towards a "flat IP" model, but developers and operators will face new security challenges.
  • Peter Sayer (IDG News Service)
  • 11 October, 2007 09:30

Data will flow more freely as mobile communications networks move towards a "flat IP" model, but developers and operators will face new security challenges, according to engineers gathered at the Freescale Technology Forum in Paris.

Today's centralized, hierarchical mobile networks are overengineered, said Alcatel Lucent's Vice President Network and Technology Strategy Pierre Tournassoud.

Their use of specialized transport protocols makes them complex to design and manufacture, he said. This is good for a few big manufacturers but not for the industry overall, nor for the end user, Tournassoud said in the keynote address on the second day of the event organized by Freescale Semiconductor.

Instead, future networks should adopt the kind of flat IP model towards which fixed-line networks are moving, Tournassoud said. There, the shift has led to a proliferation of so-called "triple-play" services, where operators use DSL (Digital Subscriber Line) to deliver phone calls, television programs and Internet access over the same pair of copper wires, all managed using IP (Internet Protocol).

Vendors approaching the problem from the PC world, such as Intel with its work on WiMax, or the traditional telecommunications equipment vendors working on LTE -- the Long Term Evolution enhancement to today's 3G (third-generation) mobile networks -- are converging on some common technologies.

With this approach, "mobile networks can be made a lot simpler, like Internet platforms for mobile communications," Tournassoud said.

So simple, in fact, in the future mobile phone users could even have their own network base station at home, as operators adopt new technology such as femtocells -- tiny transmitters that improve in-home wireless coverage, plugging into a DSL connection to carry traffic back to the mobile network core over an IP connection.

But with the advantages of IP come some dangers: the Internet is open not just to well-meaning developers but also to all manner of criminals and vandals, and our always-on DSL connections bring us not only voice and video, but also viruses, along with phishing attacks and Trojan horses.

That's why the developers of the next generation of mobile networks are trying to build security in from the start, according to Tournassoud and numerous engineers working for Freescale Semiconductor and its partners that were also present at the Paris conference.

"It requires a very solid, very secure hardware platform," said Tournassoud.

Page Break

Others at the event echoed his sentiment. Alan Brown, principal analyst with Gartner Dataquest's semiconductor group, said a move to a flat IP structure in mobile networks will bring a lot of flexibility to mobile operators, application developers and service providers. However, "with standard interfaces there is also the ability for hackers to get into routers for financial gain or for the challenge," he said.

Freescale demonstrated a hardware reference platform with a number of security features for future mobile devices, its i.MX31 and i.MX31L multimedia applications processors. Based on the Arm 11 core designed by Arm Holdings, the chips have a run-time integrity checker that verifies the digital signature of code before executing it. This can help stop malware sneaking onto the device -- although it could also be used to lock down a mobile device and prevent the installation of third-party applications, much as Apple has attempted to do with its iPhone.

Prototypes are often designed with additional standard circuitry to make it easier to observe their behavior under test. Probes applied to that circuitry, known as a JTAG interface, can even be used to issue debugging instructions to the microprocessor. The connections for the prototype's JTAG interface often survive -- in different positions on the circuit board -- right through to final production. Identifying where these points were located on Apple's iPhone became one of the goals of those trying to unlock the devices, as access to it might have allowed them to debug Apple's security code.

The development boards are set for release in January, and will ship with Windows CE or Linux operating systems: Freescale expects manufacturers will use them to develop multimedia players, navigation devices or similar gadgets.

Elsewhere at the Forum, Freescale showed multicore processors with built-in encryption engines. These can be used to accelerate the encryption of traffic flowing across a network -- but can also be used to decrypt application software on the fly, just before it is executed, making it harder for attackers to dissect the software in, for example, home base stations.