ProjectRationale » History » Version 2
laforge, 02/19/2016 10:48 PM
more rationale
1 | 1 | laforge | = Project Rationale = |
---|---|---|---|
2 | |||
3 | == Why? == |
||
4 | Why on earth would somebody want (to write) an open source GSM stack for a GSM baseband chip? |
||
5 | |||
6 | There's many answers to this question. The first and obvious: Because we can. However, |
||
7 | looking more deeper, there are many good reasons for an Open Source GSM baseband firmware: |
||
8 | |||
9 | === Security of an always-connected device in a public network === |
||
10 | Every mobile device that is connected to a cellular network runs some kind of baseband |
||
11 | processor with highly proprietary and closed-source firmware. |
||
12 | |||
13 | Any reasonably complex software has bugs, and a number of them will be security relevant |
||
14 | and might get exploited. |
||
15 | |||
16 | As we know from more than a decade of security nightmares on the Internet: Open Source |
||
17 | projects provide a much higher level of security, as more eyes review the code and |
||
18 | security related bugs get fixed almost immediately. An update is released, and that |
||
19 | particular security issue is closed. |
||
20 | |||
21 | Most people understand that connecting an unprotected PC to a public network like |
||
22 | the internet is dangerous. People use personal or dedicated firewalls, application |
||
23 | level gateways, virus scanners and other technology to protect their PC. |
||
24 | |||
25 | But what about the mobile phone, particularly the baseband processor? It is permanently |
||
26 | attached to a public network, in most cases there is no proper incident response management |
||
27 | and not even a clean way how bugs in that software can be updated quickly, as device |
||
28 | manufacturers rarely release firmware update, publish security advisories or any of |
||
29 | that sort. |
||
30 | |||
31 | The security situation becomes even worse when looking at the software architecture in |
||
32 | those baseband chips. They often run the entire software stack in supervisor mode, |
||
33 | without any software protection. There are no non-executable pages, there's no |
||
34 | stack protection, etc. The UI and the protocol stack run in one shared address |
||
35 | space with no privilege separation. |
||
36 | |||
37 | The only companies who have access to the baesband firmware source code have no |
||
38 | interest in improving this situation. So the logical conclusion is to form an |
||
39 | Open Source project that can try to improve the situation |
||
40 | 2 | laforge | |
41 | === Education === |
||
42 | |||
43 | Despite GSM being a public standard maintained by the ETSI, there are very few |
||
44 | people outside a small group of GSM baseband chip makers who really understand |
||
45 | the details of operation in a GSM mobile phone. |
||
46 | |||
47 | Existing books and other publications focus on "user" or "system administrator" |
||
48 | topics such as network deployment. Or they are scientific literature about |
||
49 | the signal processing involved in GSM and optimizations thereof. Other books |
||
50 | explain the layer 3 protocol very well, but only from a theoretical point of |
||
51 | view. |
||
52 | |||
53 | Designing and implementing the software that runs in the digital baseband of |
||
54 | a GSM mobile phone covers many areas that are currently not publicized much. |
||
55 | |||
56 | One such topic is the layer 1 stack operating synchronous to the TDMA frame |
||
57 | clock of the GSM network. Another important practical issue is what software |
||
58 | can do for power efficiency, as this directly translates to longer battery life. |
||
59 | |||
60 | Digital Baseband ASICs and their corresponding software are present in |
||
61 | billions of mobile phones, but the detailed knowledge on how they work is so |
||
62 | far restricted to a small elite of engineers working for the industry. |
||
63 | |||
64 | Compare that with the knowledge of the Internet protocols such as Ethernet, IP, |
||
65 | TCP, HTTP, SMTP and others. Virtually every IT professional around the world |
||
66 | understands them, the knowledge is wide spread. One of the major reason for |
||
67 | that is the existance of no Free Software or Open Source software implementations. |
||
68 | |||
69 | === Research === |
||
70 | |||
71 | Any practical research into GSM, especially GSM security needs both theoretical |
||
72 | knowledge on the protocols as well as well-documented/published/accessible |
||
73 | implementation, such as a Free Software / Open Source implementation. |
||
74 | |||
75 | It is quite conceivable that the cellular industry itself has no interest in any |
||
76 | research that could harm their market position. Therefore, it is doing as much |
||
77 | as it can to close and hide the operation of their DBB hardware and software from |
||
78 | the general public. |
||
79 | |||
80 | Based on knowledge of the GSM protocols and the general availability of an |
||
81 | Open Source implementation that this project is working on, a great many more people |
||
82 | are enabled to doresearch into GSM protcols. |
||
83 | |||
84 | Such research no longer requires a close alignment with the cellular industry |
||
85 | to get access to key technology - which in turn results in freedom and independence |
||
86 | about the topics of research and the publication of any results thereof. |