Thursday, August 8, 2024

 A Case for ASN.1 in Preventing Critical System Failures

The CrowdStrike incident serves as a stark reminder of the potential consequences of even minor coding oversights in critical systems. The incident stemmed from a discrepancy in the number of input parameters within a content updatewhere the root cause was a fundamental data structure mismatch.

To mitigate such risks, organizations must adopt robust methodologies for data structure definition and validation. ASN.1 offers a compelling solution.

The ASN.1 Advantage

Rigorous Data Structure Definition: ASN.1 mandates precise specification of data elements, including their types, constraints, and relationships. This eliminates ambiguities that can lead to catastrophic errors like the one experienced by CrowdStrike.

Enhanced Data Integrity: ASN.1, coupled with encoding standards like DER, provides unparalleled data integrity. Any deviation from the defined structure is immediately detectable, preventing corrupted or malicious data from infiltrating systems.

Improved Error Detection and Prevention: ASN.1-based systems are inherently equipped to identify and handle errors gracefully. Decoding failures due to incorrect data formats can be caught early in the process, preventing system crashes.

Facilitated Interoperability: ASN.1 is a widely adopted standard for data exchange. By using ASN.1, organizations can ensure seamless communication and data sharing across diverse systems and platforms, reducing the risk of compatibility issues.

Long-Term Maintainability: ASN.1's clear and structured approach to data definition promotes code readability and maintainability. This is crucial for large-scale systems that evolve over time, reducing the likelihood of regression errors.

Cost-Benefit Analysis: While there may be initial investment in ASN.1 expertise and tooling, the long-term benefits in terms of reduced system failures, improved data quality, and enhanced security far outweigh the costs.

Integrating ASN.1 into CrowdStrike

To effectively prevent similar incidents, CrowdStrike would need to:

  • Define Data Structures: Create ASN.1 definitions for all critical data structures, including content updates. This would involve specifying the exact structure of the data, including the number and types of fields.

  • Develop ASN.1 Encoding/Decoding Libraries: Build or acquire libraries capable of encoding and decoding data according to the defined ASN.1 structures.

  • Integrate into Development Process: Incorporate ASN.1 into the development lifecycle, ensuring all data exchange formats are defined in ASN.1.

  • Rigorous Testing: Conduct extensive testing to verify the correctness of ASN.1 definitions and the behavior of encoding/decoding libraries under various conditions.

Example:

Let's assume the content update in question had the following ASN.1 definition:

ContentUpdate ::= SEQUENCE {

    version INTEGER,

    parameters SEQUENCE (SIZE(20)) OF Parameter,

    signature OCTET STRING

}

Parameter ::= SEQUENCE {

    id INTEGER,

    value OCTET STRING

}

In this example, any attempt to provide an incorrect number of parameters would result in a decoding error.

A Proactive Approach

By incorporating ASN.1 into development processes, organizations can proactively address potential vulnerabilities before they become critical issues. It's not just about preventing another CrowdStrike-like incident; it's about establishing a foundation for building more reliable, secure, and efficient systems.

In conclusion

ASN.1 is not merely a technical standard but a strategic asset for organizations seeking to protect their critical infrastructure. Its ability to enforce data integrity, detect errors early, and promote interoperability makes it an indispensable tool in the modern software development toolkit.

Monday, December 11, 2023

OSS NAS Tools - URSP Support

 The OSS NAS Tools now support encoding/decoding of URSP (UE Route Selection Policy) information within a NAS message (3GPP TS 24.526 Release 16.8.0). URSP is a network slice feature that provides a way to manage network slice information for the UE.

The URSP messages are transported in the UE Policy Container of the Uplink/Downlink NAS Transport, RegistrationRequest, or ContainerEntryUL message type. In earlier versions of the NAS Tools, the container value was decoded as an octet string. The UE policy message can now be fully decoded into a UE Policy Management message structure/object.

The UE Policy Container contains a UE Policy Management message that can be one of the following types: 

  • Manage UE Policy Command

  • Manage UE Policy Complete 

  • Manage UE Policy Command Reject 

  • UE State Indication 

  • UE Policy Provisioning Request 

  • UE Policy Provisioning Response


The decoding of the URSP message is done in two steps. In the first step, the top-level NAS message is decoded. In the next step, the UE Policy Container is decoded to a UE Policy Management message structure/object from its octet string value that was obtained from the first decoding step of the top-level message.

For more technical details, please review the URSP sample (nas_ursp) located under the samples/ directory of the OSS NAS Tools.

Friday, March 10, 2023

What's New in 2023

OSS Nokalva is ready to support our customers in 2023 with tools that work in diverse, often complex, environments that require flexibility and reliability. For those working in rapidly evolving sectors, such as 5G and ITS (Intelligent Transportation Systems), OSS is equipped to deliver solid, dependable solutions.

As ITS standardization continues at a rapid pace, milestones in this generational technology happen regularly. Now that 3GPP Release 17 has been finalized, development and deployment activities can progress in earnest. Moving forward, 3GPP will be working on Release 18 in 2023 and 2024. The OSS ASN.1 and NAS tools will continue to support new 3GPP and ITS standards.


OSS ASN.1 Tools

In 2023, OSS has released new versions of the OSS ASN.1 Tools that include the following new features and enhancements:

  • 3GPP Release 17 support and samples

  • ASN.1 Value Notation (AVN) encoding/decoding support in the ASN.1/C, ASN.1/C++, ASN./Java, and ASN.1/C# TOED runtimes

  • Convert ASN.1 binary encodings to AVN and vice versa

  • Memory Handling API support in the ASN.1/C RTOED runtime

  • Detect unknown extensions in SEQUENCE, SET, CHOICE (available in the ASN.1/C, ASN.1/C++, and ASN.1/Java Tools)

  • Convert ASN.1 binary messages to CSV and vice versa in the ASN.1/C, ASN.1/C++, and ASN.1/Java SOED runtimes

  • Convert binary data that represents Binary-Coded Decimal (BCD) numbers and IP addresses to standard text format and vice versa


OSS NAS Tools

The OSS NAS/C, NAS/C++, NAS/Java, NAS/C# Tools and NAS-1Step Tools will be upgraded to the latest versions of LTE and 5G Release 17. Support for 3GPP Release 18 will be added when it is available.


NEW Web App Subscription Plans

OSS Nokalva now offers subscription plans for our expanding suite of web apps, ASN.1 IO. These helpful apps complement your current ASN.1 or NAS Tools and we encourage you to give them a try. 


ASN.1 Playground

Compile, Encode, Decode

Provide your schema or use a standard one to encode or decode your data.

ASN1DOC

Document your schema

Create an HTML document from your schema with a few clicks.

Schema Analyzer

Improve your schema

Multiple rules across multiple categories can be used to improve your schema.


NAS Playground

Decode NAS Messages

Troubleshoot your NAS messages by converting them from binary to text.


PKI/DER Inspector

Inspect crypto data

Troubleshoot certificates, keys and other PKI data.

CDR Inspector

Call Data Records Decoder

Troubleshoot your CDR, detect BER encoding errors, find issues with schema, etc.

ASN.1 Python

Python all-source

Get the data bindings for your schema, encode, decode, validate your data.

JSON/Schema2ASN

Have JSON? Get ASN.1

Infer an ASN.1 schema from JSON with a few clicks.

Proto2ASN

Migrate Proto schema into ASN.1 schema

Try an international standard alternative for Google Protocol Buffers.

ASN1VSIX

Microsoft Visual Studio extensions

Install this ASN.1 extension for your Visual Studio family of products to add an ASN.1 schema syntax highlighter and validator, with IntelliSense.

Please contact us at info@oss.com with any questions about the OSS ASN.1 Tools, OSS NAS Tools, and the new Web App subscription plans.

Tuesday, August 16, 2022

OSS CAGL for Data Analysis

Data Analysis is the process of inspecting, cleansing, transforming, and modeling data with the goal of discovering useful information, forming conclusions, and supporting decision-making. The main purpose of data analytics is to apply statistical analysis and technologies on data to find trends and solve problems. Data analytics has become increasingly important in the enterprise as a means of shaping business processes and improving business results.

There is valuable information available in ASN.1 binary encoded data, whether Call Detail Records (CDR), Radio Resource Control information (RRC), and  Location services information (LCS), etc. used in telecommunications, or Basic Safety Messages (BSM), and  Signal Phase and Timing (SPaT) messages used  in intelligent transportation systems. There is a need to convert these binary messages to a human readable format, e.g. XML, JSON, or CSV. OSS CAGL (Compile-And-Go Library) enables you to perform these conversions dynamically.


Using CAGL an add-on to the OSS ASN.1 Tools for C, you can write a few lines of code to dynamically parse the ASN.1 schema of your binary messages and convert those messages to XML, JSON or CSV. Once the data is transformed into one of these text formats, data analysis tools can be used to examine the converted data in order to gather valuable information to drive your business decisions.


An application, using CAGL, can be used for any ASN.1 schema and messages, i.e. you can change the schema on the fly. You don’t have to rebuild your application to support new schemas. You can easily implement various applications that must work with multiple schemas at runtime, such as protocol analyzers. The CAGL parsing model is analogous to that of DOM, in that it allows you to parse ASN.1 modules and then use the result to immediately parse either XML documents or PER, OER, COER, BER, CER, DER and JSON messages, and convert between these as you wish.


You can review CAGL’s documentation for more information. For a free trial, please contact OSS Nokalva sales department at info@oss.com.


Friday, November 5, 2021

ASN.1 Value Notation Support in the Time-Optimized Runtime

OSS ASN.1 tools now support an ASN.1 value notation feature. The representation structures/objects can be encoded into value notation format and those values can then be decoded to the representation structures/classes. 

This feature is very useful for testing your application. The test messages can be kept in a human readable value notation format. You can parse the value notation into the representation structures/objects, serialize representation structures/objects into value notation format, and convert them to any ASN.1 binary (e.g. BER, PER, OER), JSON, or XML encoding format. It is also important to note that even though ASN.1 value notation is human readable, it is less verbose than XML and JSON, and thus more suitable for creating test messages.

The feature is also useful for creating eUICC profiles. The user can create the profile in value notation format and then use the OSS ASN.1 encoder to convert it to DER format. 

The sample messages in the standards are usually in value notation format. Such messages can be easily checked, modified, and converted to any standard ASN.1 encoding format. 

The feature is currently available in the time-optimized runtime of the OSS ASN.1 C, C++, Java, and C# tools. You can find details of the feature in the online documentation. A free evaluation is available here. If you have questions about value notation support in the OSS ASN.1 tools, please contact technical support at support@oss.com.

Tuesday, August 17, 2021

Using OSS ASN.1/Java Tools with Kotlin

Overview

Kotlin was designed so that it interoperates seamlessly with Java. Kotlin code can directly call any existing Java code without making any changes to it. This allows the OSS ASN.1 Tools for Java to easily be used with an application written in Kotlin.


Users of the OSS ASN.1/Java Tools typically deal with the following tasks:

1. Work with the API of Java classes generated for an ASN.1 schema. Use constructors, getters, and setters to create, examine, or modify objects that represent messages and their components.

2. Work with the API of ASN.1/Java coding services to serialize or deserialize objects that represent messages to or from encodings.


Using generated Java classes in a Kotlin application

A Kotlin application can invoke the constructors defined in generated Java classes as is, while getters and setters are mapped to Kotlin properties.


For example, this VehicleIdentification Java class


public class VehicleIdentification extends Sequence {

    public VehicleIdentification();

    public VehicleIdentification(WMInumber wMInumber, VDS vDS);

    public WMInumber getWMInumber();

    public void setWMInumber(WMInumber wMInumber);

    public boolean hasWMInumber();

    public void deleteWMInumber();

    public VDS getVDS();

    public void setVDS(VDS vDS);

    public boolean hasVDS();

    public void deleteVDS();

}


represents the VehicleIdentification component of the DENM message from the CAM/DENM ASN.1 Schema. Kotlin will map the following getters and setters of the Java class


     public WMInumber getWMInumber();

    public void setWMInumber(WMInumber wMInumber);

    public VDS getVDS();

    public void setVDS(VDS vDS);


to the "wmInumber" and "vds" Kotlin properties. The Kotlin application can then use the following code to instantiate the VehicleIdentification object:


val vehicleIdentification = VehicleIdentification().apply {

    wmInumber = WMInumber("WVW")

    vds = VDS("ZZZ1JZ")

}


Alternatively, the constructor with arguments defined in the generated VehicleIdentification Java class can be used


val vehicleIdentification = 

    VehicleIdentification(WMInumber("WVW"), VDS("ZZZ1JZ"))


and use the following code to modify or access the "vds" component of the VehicleIdentification:


vehicleIdentification.vds = VDS("ZZZ2JZ")

val vds = vehicleIdentification.vds


Using coding services in a Kotlin application

Using coding services in a Kotlin application is straightforward: just instantiate and configure the appropriate Coder object and invoke its encode() or decode() method to serialize or deserialize the message.


For example, a Kotlin application can use the following code to serialize the top-level CAM message from the CAM/DENM schema to an in-memory buffer:


//Instantiate and configure the appropriate Coder object

val coder = Camdenm.getPERUnalignedCoder().apply {

    enableEncoderConstraints()

    enableDecoderConstraints()

}

//Create the CAM message using the API of the generated Java classes

val pdu = CAM(...)

//Encode the "pdu" object that represents the CAM message to an

//in-memory buffer

val encoded = ByteArrayOutputStream().use {

    coder.encode(pdu, it)

    it.toByteArray()

}


The message can also be serialized to a disk file:


//Encode the "pdu" object that represents the CAM message to a

//disk file

val file = File("cam.uper")

file.outputStream().buffered().use {

    coder.encode(pdu, it)

}


Use the following code to decode the message from an in-memory encoding and examine its contents:


val decoded = encoded.inputStream().use {

    coder.decode(it, CAM())

}

val camBody = decoded.cam


Or the message can be decoded from a disk file:


val file = File("cam.uper")

val decoded = file.inputStream().buffered().use {

    coder.decode(it, CAM())

}


You can download a free trial of the OSS ASN.1 Tools for Java and access the online documentation on the OSS Nokalva website. Please contact our technical support at support@oss.com with any questions about support for Kotlin or to receive a sample program that demonstrates how the OSS ASN.1 Tools for Java can be used with Kotlin. Complete details about calling Java from Kotlin are available here.

Thursday, May 20, 2021

OSS NAS Tools for Python

Building on the success of its OSS NAS Tools for C/C++/Java/C# and NAS-1Step products, OSS Nokalva is excited to announce an addition to its NAS portfolio: the OSS NAS Tools for Python. Available for 3GPP 5G and LTE Release 16, the Tools can be used to process NAS messages for UE and Core Network solutions.



The OSS NAS Tools for Python facilitates the conversion of NAS messages, which conform to 3GPP Technical Specifications 24.301 and 24.501, to and from JSON and XML formats. The Tools are available on Windows and Linux platforms.


Among many useful features, the OSS NAS Tools for Python supports

  • Conversion of NAS binary messages to JSON format

  • Conversion of NAS binary messages to XML format

  • Enhanced diagnostics that can report multiple defects in erroneous NAS messages


You can download a free trial of the OSS NAS Tools for Python and access online documentation on the OSS Nokalva website. Please contact us with any questions about the Tools.