Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

21898 Secure base stations
Home Policy Brochure Browse Search User Area Contact Help

Bosch, P. and Brusilovsky, A. and McLellan , R. and Mullender, S.J. and Polakos, P. (2009) Secure base stations. Bell Labs Technical Journal, 13 (4). pp. 227-243. ISSN 1089-7089 *** ISI Impact 1,200 ***

Full text available as:

- Univ. of Twente only
256 Kb

Official URL:


With the introduction of the third generation (3G) Universal Mobile Telecommunications System (UMTS) base station router (BSR) and fourth generation (4G) base stations, such as the 3rd Generation Partnership Project (3GPP) Long Term Evolution (LTE) Evolved Node B (eNB), it has become important to secure base stations from break-in attempts by adversaries. While previous generation base stations could be considered simple voice and Internet Protocol (IP) packet transceivers, newer generation cellular base stations need to perform more of the user- and signaling functions for the cellular radio access network. If adversaries can physically break into newer base stations, they can perform a range of undesirable operations such as snooping on conversations, carrying out denial-of-service attacks on the serving area, changing the software base of the base stations, stealing authentication and encryption keys, and disrupting legitimate cellular operations. The cell-site vault is a secure processing environment designed to resist such tampering and to protect the sensitive functions associated with cellular processing. It provides an execution environment where ciphering functions, key management, and associated functions can execute without leaking sensitive information. In this paper, we present the basic principles of the cell-site vault and present an overview of the types of functions that need to be protected in future base stations for cellular networks. We address the importance of providing a trust hierarchy within the cell-site vault, we present why the vault needs to be used to establish secure and authenticated communication channels—in fact, why the vault needs to be used for most external communications—and we present why it is important to execute functions such as data re-encryption inside the vault. A femtocell or home base station is particularly vulnerable to attacks since these base stations are physically accessible by adversaries. In this paper, we focus in particular on a cell-site vault design for a femto-class base station, including its standardization efforts, as it is challenging to include both secure and nonsecure processing inside a single “system-on-a-chip.”

Item Type:Article
Research Group:EWI-PS: Pervasive Systems
Research Program:CTIT-WiSe: Wireless and Sensor Systems
Additional Information:Special Issue: 4G Wireless Technologies
ID Code:21898
Deposited On:05 June 2012
ISI Impact Factor:1,200
More Information:statistics

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item