NSF Award
2226555
5G wireless communications technologies currently in development rely on a wide variety of devices, including base stations, radios, and end user devices. Most of these devices contain a number of different processors, each running complex firmware, each potentially vulnerable to cyber attacks. The Building Resilient and Secure 5G Systems (BRASS) project tackles the challenge of low-level firmware exploitation of 5G devices, and thereby prevent major classes of attacks. The main research challenge to be targeted in BRASS by the performer Red Balloon Security (RBS) is: How does one provide security on a 5G host in a diverse supply chain environment with multiple vendors and unknown yet-to-be-discovered vulnerabilities almost certainly present in the firmware of the 5G devices – particularly, given the challenge of extreme diversity of firmware formats, and frequent lack of access to source code and/or hardware design information? Currently, addressing these challenges requires significant per-device, per-processor, and per-firmware reverse engineering effort by an expert. The BRASS project will research methods to automate and accelerate the integration of passive and active firmware protections to platforms in critical and vulnerable environments. Leveraging Red Balloon Security’s (RBS) experience in commercializing its firmware security solutions, BRASS will not only result in a prototype that addresses anticipated Department of Defense (DoD) mission scenarios and can be transitioned into DoD operational use, but which can also create protections that 5G Original Equipment Manufacturers (OEMs) would want to incorporate into their products. Given its focus on addressing the challenge presented by the diversity of 5G devices, BRASS would support RBS's broader goal of providing world-class protections to a broad class of cyber-physical system (CPS) embedded firmware. BRASS improvements to RBS’s core firmware analysis and modification toolchain will be made publicly available, enabling a variety of firmware analysis, improvement, and hardening applications.<br/><br/>Red Balloon Security (RBS) has pioneered and successfully deployed novel, host-based embedded firmware defense technologies capable of preventing and/or detecting large classes of cyber attacks, including ones exploiting zero-day vulnerabilities. These capabilities are merged into the candidate firmware using RBS's Open Firmware Reverse Analysis Konsole (OFRAK) toolkit, which does not require access to source code. In BRASS, RBS would: 1) apply firmware protections to baseband firmware on the end-user devices, securing them in the context of arbitrary networks (tracks G.1, G.2, G.3); 2) apply firmware protections to the platform and radio front-end firmware in the 5G infrastructure devices, without affecting their network functionality (tracks G.2 and G.3); and 3) use OFRAK's autotomy capabilities to remove the code implementing non-essential 5G features, and thus all vulnerabilities that code could contain (track G.3 tailored networks not requiring a complete 5G standard implementation). <br/><br/>In Phase 1, RBS will leverage a team with multidisciplinary proficiency to: 1) refine the requirements for its technology based on the DoD mission scenarios and needs; 2) continue its ongoing dialogues with 5G OEMs, such as Ericsson, Nokia, and Parallel Wireless, and to include at least one of them in its Phase 2 team; and 3) demonstrate a proof-of-concept prototype of 5G firmware protections. <br/><br/>RBS will target 5G firmware to: 1) perform a security assessment to highlight security gaps, vulnerabilities, and design flaws; 2) develop a design document and proof of concept describing the new firmware defense capabilities; 3) deliver a feature-complete prototype integrated on target 5G firmware; and 4) demonstrate the prototype’s security efficacy against an exploit in a 5G test environment.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
