Home     |     About Us     |     Tell A Friend     |     Add A Link     |     Contact Us     |     Advertise

· How to Search   · Tips

 

 Solutions Catalog
 Products & Services
 Vendors
 The Market
 Application Mall
 Business Cases
 Solution Components
 Networks
 Application Development
 System Design
 Resources & Links
 Education
 Professional Services
 Conferences & Events
 Reports & Presentations
 Templates & Aids
 Glossary
 Community Forum
 News
 Topics
 Handheld

 
Wireless & Mobile Computing Security

Designing for Security in Mobile Computing

There are several steps that can be taken in designing for security in mobile computing networks and applications:

Physical Security, Policies and Procedures
There is no point in implementing expensive hi-tech security systems while the physical security of end user devices, base stations, and information servers is ignored. A notebook left in the back seat of an unlocked car is an obvious and only too common security violation that should be discouraged in the strongest possible terms.

This potential problem will soon be exacerbated with the advent of inexpensive PCS/PCN micro-cells located in small and unattended sites throughout communities.

Application and System Assisted Security
The use of user passwords and similar mechanisms is very common method of ensuring security. We shall not dwell on these techniques here. Instead, we shall concentrate on mobile computing security issues.

Dial Back as a Security Technique
Remote access type mobile computing applications can incorporate dial back technique where users and their location are known. Many hardware-based security servers provide this feature.

Firewalls — Security Servers at the Host
Many specialized security companies are providing security servers that can be installed at the corporate host server. Several Remote Access Servers also provide this functionality as an integral part of the communications server. Cylink is well-known for providing RAS security products in wireline remote access environment. You may get more information from their web site.

Racal’s Guardata Watchword II token offers convenient alternatives to passwords based on common names, birthdays, etc. When using WatchWord II, critical information is never entered in clear. The operating principle is based on the challenge/response mechanism described in the ANSI X9.26 secure sign-on standard. The user enables the token by entering a PIN. The WatchWord Generate process takes a digital challenge from the host computer system entered into the token — which then generates a seven-digit response: a one-time password. The response is calculated from the challenge using the DES cryptographic process. There is a security controller or server at the host between the modem pool and the information server. It is anticipated that the next generation of security products will integrate security into the modem or communications server products.

Now, wireless security servers are being provided by companies such as Certicom, Diversinet, Entrust (subsidiary of Nortel), Sonera's SmartTrust (for m-commerce), etc.. Please see references to these vendors further down in the page).

Data Encryption Process in Mobile Computing
Encryption involves scrambling digital information-bits with mathematical algorithms and is the most potent protection available against security intrusions into wireless and wire line communications. Different encryption schemes have been proposed and implemented. The Data Encryption Standard (DES) is one algorithm that has held sway since the 1970s. RSA, based on public key cryptography and named for the three MIT professors — Rivest, Shamir and Adleman — who developed it, is another. Pretty Good Privacy (PGP) is a public domain implementation of RSA available for non-commercial use on the Internet in North America.

Many cellular carriers are now providing encryption between cell sites and the MTSO. Unfortunately, the last segment (i.e., between the end user device and the cell, or base station) obviously cannot be encrypted and this is where all the theft occurs. For end-to-end security, the only answer is to build encryption/decryption capabilities into the end user device itself. Unfortunately, this can be done only with end user devices on digital cellular networks — and digital cellular is still not ubiquitous (only 40 percent-coverage in the U.S. in 1995, according to Dataquest).

Encryption Key Types
There are three types of keys used in encrypting data:

  1. A private key known only by the sender and the recipient
  2. A private/public key combination
  3. A one-time key

In private-key systems, the two parties have a secret key which they use to encrypt and decrypt data.

The private/public key combination is more secure, however. In this scheme, the recipient’s public key — available to all who need it to send encrypted data — is used to encode information for transmission. The recipient uses a private key associated with the set to decode the information.

The one-time key method is based on the generation of a new key every time data is transmitted. A single-use key is transmitted in a secure (encoded) mode and once used, becomes invalid. In some implementations, the central system will not issue a key for a new connection until the user supplies the previously used key.

Electronic Signatures in Wireless Applications
Electronic signatures can be used to ensure that users are who they claim to be. With the appropriate hardware and software — PenOp from Peripheral Vision in the U.K. . — a system can literally demand a valid signature. While the primary use of such software is in contract-related applications (mortgages, loans, etc.) there is no reason why it cannot also be used as a substitute for a password.

PenOp is based on a biometrics signature-verification technique. It supports a variety of signature capture methods, ranging from low cost digitizers attached to desktop PCs, through to hand-held PDAs or pen computers.

An End-To-End Encryption Scheme With a Constantly Changing Public/Private Key Set
 While each of these encryption schemes provide a certain amount of security in and of themselves, we believe the best scheme is one based on end-to-end encryption using private and public keys, where not even the network provider’s control center knows what information is being transferred. To achieve this, the client machine and the information server must each perform encryption/decryption as appropriate, depending on the direction of the transmission. Several PC cards provide encryption capabilities and —while hardware cards are certainly the fastest way of achieving DES and RSA encryption — software-based encryption is also available.

This approach works independently of any security that the network provides. In fact, depending on the number of mobile users involved, the cost of carrier-provided encryption may be much higher than end-to-end encryption implemented by the user organization.

Security for Telecommuters
There's a new trend among hackers to target telecommuters. Network Ice (http://www.networkice.com) offers an amazing personal intrusion-detection tool, BlackIce Defender 1.0. See the full details in InternetWeek Online's article at: http://www.internetwk.com/reviews/rist110199.htm

 

More Information on Wireless & Mobile Security

About Security  |  Problems  |  Design  |  Solutions  |  Handheld Devices
Development & Tools  | Vendors Tips  |  Success Factors  |  Whitepapers  |  Resources

Related Resources:

 

 

 
Site Map     |     About Us     |     Tell A Friend     |     Add A Link     |     Contact Us     |     Advertise

Copyright © 1999 - 2001.  All Rights Reserved. 
Reproduction of any material from the MobileInfo.com website or its newsletters without written permission is strictly prohibited.