Attack analysis and Security concepts for MObile Network infrastructures,
supported by collaborative Information exchAnge

Final ASMONIA Workshop

We have the pleasure to announce

ASMONIA Result Presentation Workshop
May 7th, 2013
Fraunhofer Forum Berlin
Anna-Louisa-Karsch-Str. 2, 10178 Berlin

Mobile communications is increasingly more often in focus of cyber threats. Any detection of events, which causes harm to the mobile infrastructures, anticipates that sufficient sensor data has been gathered and collected. Sometimes the sensor base is not sufficient, for example, to detect an attack, to understand malware propagation or see that integrity in the infrastructure is endangered. Sometimes events could be learned in the network of a competitor, but this information is not communicated because a loss of reputation is feared.

The BMBF funded project ASMONIA addresses advanced concepts to improve the security of the infrastructures of Mobile Network Operators as, for example software integrity measures, the protection of mobiles, the detection of malware and its propagation and, last not least, the use of cloud computing technologies. These concepts and measures serve as examples for sensors, which generate data that can be collaboratively shared between network operators - without putting reputation at risk.

The project ASMONIA ends in May 2013 and project partners will present results and benefits that the project created. The ASMONIA result presentation workshop will start with a keynote from ENISA, followed by a series of project born presentations of the advanced protection concept. Research results will be demonstrated subsequently. Please see the agenda and demo set below.

You are kindly asked to register in advance via, as local arrangement is limited to 50 participants (first come, first serve). Participation is free of charge; business lunch will be served.

Preliminary ASMONIA Workshop Agenda

Time Title, Abstract Presenter, Company
09:30 a.m. Welcome, Introduction
09:40 a.m. Keynote: Incident Reporting and Information Sharing - an EU Perspective Vangelis Ouzounis, ENISA
Abstract: Incident Reporting is an important mechanism for improving transparency about major security incidents at national and even at EU level. The EU Commission has already in force a mandatory incident reporting scheme for the Telecom Sector. The same scheme should now be used for other critical sectors in the future. ENISA, the EU cyber security agency, collects via National Regulatory Authorities reports about incidents and analyses them to better understand the trends and root causes of them. Analysing and sharing information about incidents improves our understanding about the quality of our preparedness and response capabilities. Download slides (PDF, 320 KB)
10:10 a.m. 4G Mobile Networks at Risk Peter Schneider, Nokia Siemens Networks Research
Abstract: With their ever growing importance as part of the infrastructure of a country, mobile networks get also more and more into the focus of various kinds of cyber threats. 4G LTE networks rely strongly on Internet protocols for connectivity and delivery of services and are capable of integrating traffic over various, inhomogeneous access networks, so they are particularly endangered. To get a clearer view on the extent of such threats, and to guide the investigations within the framework of ASMONIA, we have performed a comprehensive threat and risk analysis for 4G mobile networks. This presentation - after a short introduction to 4G LTE networks - shows the results of this work and points out which are the most relevant threats to mitigate, and what are the most endangered network elements to protect in order to ensure the security that is vital for existing and future mobile networks. Download slides (PDF, 335 KB)
10:30 a.m. Penetration Testing in Telecommunication Networks ¹ Hendrik Schmidt, ERNW
Abstract: The necessity of penetration testing comes up with the acceptance of risk, compliance, and elimination of vulnerabilities as described in several international standards and is one of the main factors in a vulnerability management process. This necessity also arrives the telecommunication industry in using IP technologies, caused by becoming more and more important due to a higher publicity and therefore being more in focus of attackers. It covers core components like HLR, SGSN and GGSN, as in LTE networks MME, eNodeB and SAE-GW. This talk gives an introduction to the necessity, as showing up typical problems and testing methods.
10:50 a.m. Coffee break
11:20 a.m. ASMONIA - a collaboration for the exchange of cyber threat information Peter Schoo, Fraunhofer AISEC
Abstract: Considering a collaborative approach between MNO for the exchange of information on cyber threat, the ASMONIA project has elaborated technical results for a more comprehensive protection of mobile communication within one country. The presentation will depict foreseen use cases, engaged technology components like SW integrity protection, elastic cloud systems, malware detection as well as the collaborative exchange of security information. Specific emphasis will be given the competitive situation of the collaborating parties. Download slides (PDF, 505 KB)
11:40 a.m. Integration of Software Integrity Protection into Mobile Networks Manfred Schäfer, Nokia Siemens Networks Research
Abstract: Starting from specific requirements and technology evaluation the presentation describes SW integrity methods, as developed in ASMONIA and particularly applicable for LINUX based NE. Specific emphasis is put on alternative, PKI based protection paradigms and trust for booting concepts, as well as for event triggered runtime protection, harmonizing with a common infrastructure for SW signing at manufacturer's side. In addition it is shown how the protection mechanisms can be integrated into the mobile NW, to a far extent re-using the existing SW management infrastructure (OAM) and thus, minimizing the overhead for network integration. Download slides (PDF, 1.3 MB)
12:00 a.m. Integrity Protection on Mobile devices ¹ Sascha Wessel, Fraunhofer AISEC
Abstract: The presentation will give an overview of integrity protection mechanisms for mobile devices considering boot-time and run-time integrity measurements. While these mechanisms are typically implemented by the device manufacturer giving him control over his devices after roll-out, we also consider mechanisms useable for third-party users. In this case the integrity is guaranteed to a trusted verifier, which can be remotely connected, integrated in an isolated execution environment running on the same processor, or an external secure element locally connected to an interface of the smartphone, e.g. to the microSD card slot. Download slides (PDF, 770 KB)
12:20 p.m. Lunch break
01:30 p.m. Countering Mobile Malware in the Network and directly on Smartphones ¹ André Egners, RWTH Aachen
Abstract: We present the evolution of malware countering measures that have been developed during the ASMONIA project. After shortly summarizing our findings, we introduce a two-fold approach to malware detection in the MNO context. Based on our findings, we designed a UE-centric anomaly detection framework which uses system-call monitoring allowing us to indicate anomalous behavior on a per-app basis. This mechanism is complemented with MNO-based backend support and in-network processing of the respectively generated events. As a second line of detection we also developed network-based detection mechanisms targeting UE-generated traffic. Download slides (PDF, 590 KB)
01:50 p.m. Method for Collaborative Detection and Analysis ¹ Dennis Titze, Fraunhofer AISEC
Abstract: The collaboration between different MNOs has to fulfill requirements that avoid reputation loss in case security related information is shared between competing partners. This presentation will introduce to the implemented procedure. The internal evaluation of the collaborative method supporting detection and analysis will be discussed, in particular for the use case of warning exchange. It concentrates on concerns MNOs have participating in such an information sharing system and presents our design and a proof-of-concept for collaborative exchange of warnings to handle this task. Download slides (PDF, 525 KB)
02:10 p.m. A Cloud Architecture for Cooperating Mobile Network Providers ¹ Mark Gall, Fraunhofer AISEC
Abstract: The use of cloud computing in the backend of mobile network providers has been one of the research interests of the ASMONIA project. From the security perspective the usage of cloud computing can improve the availability of backend components. In this talk we present the results of our research in the form of an architecture for cloud computing in the environment of cooperating mobile network providers. The architecture is based on concepts of the Intercloud and forms a collaborative cloud by joining resources from all providers. We will introduce the design goals of the architecture and highlight various aspects of it, e.g. Intercloud cloning.
02:30 p.m. Coffee break
03:00 p.m. Simulation based Validation Mirko Haustein, EADS Cassidian
Abstract: The use of simulation is a novel approach to the domain of cyber-security. The availability of high fidelity simulation models and the availability of sophisticated simulation tools and high performance computer technology as well as the non-availability of sufficient information and data from real networks caused us to take this path. We will give an introduction about the applied simulation and the implemented use case. Furthermore we will give a short explanation regarding the traffic model and the resulting data records.
03:20 p.m. Common Situational Awareness for Critical Infrastructures Michael Hoche, EADS Cassidian
Abstract: The security discipline has so far been scoped towards technology for e.g. encryption, authentication, authorization or accounting. Recently, there is a trend focusing on risk analysis and proactive intelligence. We illustrate information security of critical infrastructures as an emergent property and propose a method for service-based measuring. We show enterprise architecture for common situational awareness inside the covering socio-economic-technical environment that will promote collaboration. We address data collection by a monitoring recommender system for economical analytics to maintain shared models of security posture that is tightly related to real value flows within infrastructures.
03:40 p.m. Conclusion
03:50 p.m. Demonstrations of topics marked ¹ above
05:30 p.m. End of workshop

Information on Demonstration

  • Continuous Monitoring and Situational AwarenesS (COSMOS)
    The goal of the COSMOS Mock Up is to assess relevance of the developed capability set and the architectural design for common situational awareness. Encompassed are analytical questions for risk-informed decision making, exploratory data analysis, statistical prediction/modeling, results for risk-informed decision making, challenge results by significance validation and model checking.
  • 4G Network Simulation
    Demonstration of the impact of distortions within a 4G (LTE) Network based on the simulation model used for the data generation process in ASMONIA. Influence on specific network elements by network effects (impact of a successful DDoS attack), i.e. network element not reachable within a certain time, e.g. node failure/recovery.

  • 4G Network Sensor for Mobile Malware
    The demonstrator provides a real-time detection of SMS based mobile malware initiated traffic directly in the mobile network and informs the affected user about a suspicious activity via a Sensor App.

  • Collaborative Information Exchange System Demonstartor
    Demonstrates collaborative warning exchange between participants sharing information. Each participant of the ASMONIA Collaboration Network will have its own peer, where warnings are generated, and receive warning messages that were distributed.

  • Pentesting Tools Demo
    The Demo shows the developed tools during the ASMONIA project. The tools ca be use to discover information, test implementation and exploit weaknesses in telecommunication networks.

  • Sandboxing Android with Operating System-level Virtualization
    The demonstrator shows a lightweight mechanism to isolate multiple Android userland instances from a trustworthy and secure entity. This entity controls and manages the Android instances and provides an interface for remote administration and management of the device and its software. Furthermore, it builds the basis for the implementation of integrity protection mechanisms. The demonstrator is based on a Samsung Galaxy S3.

  • Software-based Trust Anchors for ARM Cortex Application Processors
    A common technique to improve smartphone security is a secure boot process, typically based on a bootloader stored in the ROM of a device and under control of the device manufacturer. This demonstrator shows our approach of a secure boot process based on a software-based trust anchor not under control of the device manufacturer. This forms the basis for all further integrity protection mechanisms.

  • Intercloud Cloning Demonstration
    The demonstrator shows how the ASMONIA collaborative cloud architecture can help to ensure availability of services in the mobile network provider backend. An automatic scaling mechanism is used to scale backend services, e.g. sip servers, across provider boundaries using Intercloud Cloning.

Please note that agenda and demo set may be subject to change

Valid XHTML 1.0 | Valid CSS 2.1