|
Wireless &
Mobile Computing Security
Security Problems
Security is an even greater problem for wireless networks, since radio signals travel
through the open atmosphere where they can be intercepted by individuals who are
constantly on the move — and therefore difficult to track down.
Secondly, wireless solutions are, almost universally, dependent on
public-shared infrastructure where you have much less control of, and
knowledge about, the security discipline employed. Horror stories of
hackers scanning airwaves and siphoning off cellular ID numbers for fraudulent use have
become commonplace. Even pager messages are no longer safe.
Here are some examples of common security breaches:
-
Interception of law enforcement data on SMR, private radio or CDPD networks by criminal
elements
-
Interception of credit card authorizations over wireless networks
-
Physical breach of security at unmanned base stations or other communications centers.
-
Interception of e-mail messages on wireless internet connections
-
Stealing of cellular airtime
While it may not be possible to make any system completely secure, there are certain
steps that can be and must be taken to ensure that the risk of security breaches is
minimized.
Sources of Security Leaks
Many local exchange carriers use microwave communications for their inter-LATA calls.
Since the frequencies used by carriers is public information, it is not at all difficult
for an intruder to intercept both voice and data transmissions.
Even with inter-exchange circuits increasingly being converted to fiber, radio and
satellite transmissions are still used by many carriers. Network providers should be asked
specifically what type of circuits are used for traffic back-haul from base stations, and
in particular what circuits will be used in any proposed networking solution.
Tampering with Cellular NAMs as a Security Leak
A common problem in the cellular industry is the theft of air time by individuals who
make cellular calls without paying for them. These people have found a relatively easy way
of pirating the numeric assignment numbers (NAMs) of valid users. Even combinations of NAM
plus MAN1 or MAN2 sequences are no longer secure. PCS digital networks are somewhat more
secure than analog cellular networks.
Stealing Information
It is not uncommon for individuals intent on industrial espionage to scoop up vast
quantities of information by placing small scanners at appropriate locations and searching
with very powerful algorithms. Credit card numbers and bank account numbers are among the
most common types of information stolen. While such an effort does require determination
and planning on the part of thieves, it should be remembered that often the law breaker is
far more motivated than is the person in charge of security. Security system designers
need to keep this in mind and to make their security arrangement as tight as the
technology and the budget will allow.
Handheld (PalmOS) Security &
Encryption Problem
Because of small footprint and relatively
slow processor, encryption of data on client device has been a problem
in the past. Two announcements In May/June 2001 address this
problem.
- F-Secure announced Security@Hand
(to ship in august 2001) will include FileCrypto software with
support for Pocket PC, Symbian and Palm Os platforms. FileCrypto
uses 128-bit encryption and requires a password to decrypt. Password
may be administered by IT managers giving them some degree of
control in large corporations.
- In June 2001, Certicom announced
movianCrypt, an enterprise-grade and efficient data encryption
software for PalmTM Handhelds. Go
here for more.
|
