SKIMS Project Description
The objective of SKIMS lies in the design, development and implementation of a cross-layer security system for mobile devices. Detection mechanisms as well as a proactive and reactive defense of attacks are core components of this project.
Point of Departure: Heterogenous, Insecure Mobile Systems
Without doubt, mobile, wireless-based end devices represent a significant part of our current networks, both with respect to the number of deployed equipment, and their economic impact. Limited hardware resources and the per se unprotected transmission media air turn such devices into attractive targets for attacks. In addition, handhelds commonly store or exchange confidential data. For example, mobiles do not only provide information about contact lists of the owner, but also about his current future locations as layed out in personal schedules. Near Field Communication and Digital Wallet extend the usage for electronic commerce. Directly interconnected mobile devices within so called mobile ad hoc networks monitor buildings, or help in the case of natural disasters. This wide application range of mobile systems requires the development of various types of wireless devices reflecting the different needs with respect to capacities (laptop, smartphone, PDA) and radio access technologies.
The Characteristics of Mobile Systems
In contrast to wired end devices, mobile systems exhibit three characteristic differences: (a) mobile devices normally are equipped with several different network interfaces; (b) their capabilities are significantly limited, so that they are not able to permanently maintain protection mechanisms; (c) physical vicinity with the help of appropriate access technologies allows for the establishment of separate, cooperative delivery structures. Mobile end devices, thus, need a lightweight, environment-adaptive protection mechanism that exploits the heterogeneous, technologies available on-board. To implement the vision of an overall protection in mobile scenarios, the development of an integrated, multi-level and efficient security approach is necessary.
Objective: Digital Immune System for Mobile Devices
A Cross-Layer Security System
This project focuses on the development of a cross-layer security system that independently estimates apparent and existing threats. Based on this, it proposes suitable protection mechanisms to the user, or activates those automatically. The latter is important especially for embedded mobile systems. Similar to the biological immune system, our framework tries to protect the mobile device by itself. In cases where this is insufficient, a cooperative, mobile sandbox will be created based on the interaction between node neighbors. On the one hand this autonomously protects the (mobile) network, on the other hand the network shields an infected peer, e.g., by using data forwarding suppression. To realize the protection, the system uses the modular components that will be designed, developed and analysed in this project. A broad acceptance at the end user site will be ensured as the inherent complexity of the protection mechanisms will be hidden.
The Subcomponents
The aims of the subcomponents are the following: The lightweight local and distributed detection of suspicious events, including necessary protection approaches, as well as the detection and defense of malicious software. Traffic flows will be authenticated autonomously to prevent in particular unreasonable data distribution in group scenarios. Novel mechanisms for a secure code image update will leverage a self-healing process. A mobile honeypot helps to analyse common attacks. The objectives and solutions of this project will be achieved in closed coordination with industrial demands.
Towards a Proof of Concept
The vision of a digital immune system -- and thus the discussed subcomponents -- will be demonstrated in a proof of concept in terms of an extended security application for mobile phones. Analog to a traffic light system, the mobile signals the current level of risk to the user and relaxes the status wherever applicable. This transparency allows users to regain trust that was lost previously in insecure environments.