Crosslayer ﬁrewall interaction as a means to provide eﬀective and eﬃcient protection at mobile devices Peter Langendoerfer a, * , Krzysztof Piotrowski a , Steﬀen Peter a , Martin Lehmann b a IHP, Im Technologiepark 25, 15236 Frankfurt (Oder), Germany b DFS Deutsche Flugsicherung GmbH, Langen, SH/IR, Am DFS-Campus 2, 63225 Langen, Germany Available online 16 February 2007 Abstract In this paper, we discuss packet ﬁltering ﬁrewalls and an application level gateway approach used to secure handheld devices. We propose a ﬁrewall management plane as a means for crosslayer interaction. In our approach the application level gateway updates the ﬁrewall rules based on its knowledge about whether or not a certain source is sending malicious packets. Hereby, we pursue a policy of removing malicious packets as close as possible to the network interface. We show that in case of secure web service such a crosslayer interaction can signiﬁcantly decrease the CPU load in case of attacks, i.e., if many malicious packets arrive at the handheld device. Our measurement results show that our crosslayer approach can reduce the CPU load caused by the application layer gateway by about 10– 30%. Finally, we propose an integrated ﬁrewall processing approach that promises further improvements. It integrates the application controlled ﬁrewall before the MAC and provides crosslayer mechanisms to reduce the performance issues of traditional ﬁrewall approaches. Ó 2007 Elsevier B.V. All rights reserved. Keywords: Firewall management plane; Crosslayer interaction; XML; MAC ﬁrewall; Mobile devices 1. Introduction Motivation. Mobile devices are becoming more and more powerful, e.g., current HP iPAQs are equipped with 400 MHz Xscale processors and 128 MB memory. In addi- tion wireless modems are integrated into these devices. With theses increasing capabilities it becomes feasible to integrate mobile devices into e-commerce architectures, e.g., in business-to-consumer and in business-to-employee applications, too. As a result of this development the amount of sensitive data that is stored on mobile devices will increase tremendously. So, mobile devices will attract an increasing number of attackers, and since their integra- tion will be done in an ‘all-IP’ approach, they are exposed to all typical Internet attacks. From our point of view mobile devices are tempting target due to the following facts: 1. The medium (air) can easily be accessed by anyone. 2. Mobile devices are not protected by additional hardware or software such as ﬁrewalls, which are normally deployed at the border of a company network. 3. Compared to a fully equipped PC or laptop, the mobile devices such as PDAs and mobile smart-phones still have very limited resources (calculation and battery power). Strong and exhaustive use of security means drains down the battery of the mobile device quite fast leading to inconvenient up times. Thus, mobile devices are normally not as protected as more powerful devices are. The ﬁrst two points cause the device to be immediately exposed to the attacker and the third one limits the ways to defend it. Our approach uses layer interaction in order to reduce the computational bur- den, caused by security mechanisms. This also leads to the 0140-3664/$ - see front matter Ó 2007 Elsevier B.V. All rights reserved. doi:10.1016/j.comcom.2007.01.019 * Corresponding author. Tel.: +49 335 56 25 350; fax: +49 335 56 25 671. E-mail address: langendoerfer@ihp-microelectromics.com (P. Langendoerfer). www.elsevier.com/locate/comcom Computer Communications 30 (2007) 1487–1497