Transcript VoIP

Adrian Garrity – Managing Director
Introduction
PMO
MRS
Independent ICT Consultancy
Practical Considerations when deploying
VoIP and Mobile Data
Practical Considerations when
deploying VoIP and Mobile Data
Presented by
Tyronne Mexson of
For
Introduction - VoIP
Introduction - VoIP
• VoIP enables convergence of data, voice, and video onto single
network.
• Attractive opportunities
–
Reducing costs
–
Reducing complexities
–
Enabling progressive business gains
• Biggest concern with VoIP is security - steps being taken to
secure internet
• Other concerns include Quality of Service
-4-
Introduction - VoIP
• Numerous threats
–
Device failures
–
Malicious attacks
• Need to guarantee calls as well as data over networks
• Need to guarantee services
–
999 emergency services
–
101 SNEN
-5-
Introduction - VoIP
This presentation will cover the following:
• What is VoIP?
• Security Risks
• Security Solutions
• Future of VoIP
-6-
What is VoIP?
What is VoIP?
• Voice over IP
–
Making phone calls using a computer network by transmitting
voice signals over an IP network
–
Analog signal converted to digital, compressed, broken into
packets, sent across network, and converted back to analog at
destination
–
Packet switched network
–
Less cost and more scalability
–
No dedicated bandwidth
–
Uses standard networking components (routers and switches)
-8-
What is VoIP?
• Voice over IP
–
IP phones have Ethernet network interface cards included for
internet access
–
Dedicated phone line or telephone set not needed any longer
–
Need high speed internet connection
–
Telephone calls can be made from PC using microphone and
speakers
-9-
Network Components
• Four main network components needed:
–
IP telephony device
–
Call processing manager
–
Voice mail system
–
Voice gateway
-10-
Network Components
• 1) IP telephony device
–
Any device that supports placing calls in an IP telephony network
–
IP phones
–
System applications using microphones and speakers
-11-
Network Components
• 2) Call Processing Manager
–
A.K.A. IP PBX
–
Server that provides call control and configuration management
for IP telephony devices
–
Functions include: call setup and routing calls
-12-
Network Components
• 3) Voice Mail System
–
IP voice mail storage
–
Provides user directory lookup
–
Provides call forwarding
-13-
Network Components
• 4) Voice Gateway
–
IP packet routing
–
Backup call processing
–
Provides access to legacy voice systems for local calls, toll
bypass, and WAN backup in case of failures
-14-
Benefits of VoIP
• Ability to combine voice, video, data on same network
• Use existing internet connection for phone calls
• Call anyone, anywhere, at any length
• Same or lower cost
• Increased employee productivity
–
Combination of communication channels (telephone, voice mail,
fax, e-mail, pagers, mobile phones, PDAs)
–
Listen to emails & Check voice mails from internet
-15-
Capabilities
• By using XML capabilities, new IP phones have enhanced user
interfaces
–
Access to any web-based content
–
Access to employee extension numbers
–
Administrative and attendance solutions for school districts and
universities
–
Inventory tracking
–
Restaurant listings and reservations
–
Emergency notification and audio streaming systems for
government and public safety personnel
–
Enterprise applications – email, unified messaging, corporate
directories, conference room booking, and expense reporting
–
Easily accessible for employees anytime, anywhere
-16-
Reliability
• Traditional PBX highly reliable
–
99.999% reliability (5 minutes of outage per year)
–
Highly reliable components and built in redundancy
• VoIP
–
Relies on gateways and phones that can register on multiple
servers
–
Uses IP networks – multiple paths
-17-
VoIP QoS
• Voice signals more demanding than data communications
• To ensure quality, attributes must be managed properly:
–
Bandwidth
–
Number of packets lost
–
Round trip delay
–
Jitter / variability in delay
• Establish QOS needed for expected traffic
-18-
VoIP QoS - Bandwidth
• Bandwidth
–
Generally modest (64 kbps or less)
–
Depends on codec and use of silence suppression
Codec
Rate (kbps)
G.711
64
G.722
48-64
G.729 (A/B)
8
• Packet loss
–
Should be less then 5%
-19-
VoIP QoS - Latency
• Voice quality characteristics
–
Clarity: fidelity, clearness, and intelligibility of signal
–
Delay: effect on interactivity
–
Echo: distracting and confusing
• Latency
–
Components: Encoding, Packetisation, Network delay, Receiver
buffering, Decoding
–
ITU-TG.114 recommends 150ms
One-way Delay
Effect on perceived Quality
<100 -150ms
Delay not detectable
150 - 200ms
Acceptable quality; slight delay or hesitation noticeable
Over 200 - 300ms
Unacceptable delay; normal conversation impossible
-20-
VoIP QoS - Jitter
• Jitter
–
Smoothed by playback buffers
–
Receivers adapt the depth of these buffers
–
Sudden changes in jitter may cause loss
-21-
Convergence mediation
H.323 and SIP
H.323
• Recommendation published by ITU
• Ties together a number of protocols to allow multimedia
transmission through an unreliable packet-based network
• 1996: approved by ITU
• 2003: Version 5
-24-
H.323 Architecture
• H.323 Terminal
• Gateway
• Gatekeeper
• Multipoint Control Units (MCU)
-25-
H.323 Protocol Stack for VoIP
-26-
G.7xx – Speech (De)Coding
• H.323 systems must support G.711: PCM, 64kbps
• Other codecs: G.729, G.726, …
-27-
RTP
• Realtime Transport Protocol (RFC 3550, July 2003)
• Application layer protocol for transmitting realtime data (audio,
video, ...)
• Includes payload type identification, sequence numbering,
timestamping, delivery monitoring
• Mostly over UDP
• Supports multicast & unicast
-28-
Control Protocol - RTCP
• RTP Control Protocol (RFC 3550, July 2003)
• Periodic transmission of control packets to all participants in the
session
• Main functions:
–
provide feedback on quality of data distribution
–
carries a persistent transport-level identifier for an RTP source
(CNAME)
–
each participant sends control packets to all others which
independently observe the number of participants
-29-
More Control Protocols in H.323
• H.225 (RAS)
–
protocol between terminal and gatekeeper (if present)
–
allows terminals to join/leave zone, request/return bandwidth,
provide status updates, …
• H.245 (Call Control)
–
Media Control Protocol
–
Allows terminals to negotiate connection parameters (codec, bit
rate, ..)
• Q.931 (Call Signaling)
–
Manages call setup and termination
-30-
SIP – Session Initiation Protocol
• Developed by IETF since 1999
• RFC 2543, March 1999 (obsolete)
• RFC 3261, June 2002
• Target: develop simpler and more modular protocol for VoIP
than the large and complex H.323 by ITU
-31-
SIP – Session Initiation Protocol
• SIP is a text-based protocol similar to HTTP and SMTP, for
initiating interactive communication sessions between users
• SIP is an application-layer control (signaling) protocol for
creating, modifying and terminating sessions with one or more
participants
• Sessions include Internet Multimedia conferences, Internet
Telephone calls and Multimedia distribution
-32-
SIP – Session Initiation Protocol
• SIP can be used with different transport protocols, it doesn't
even require reliable transport protocols
• A simple SIP client can be implemented using only UDP
-33-
SIP components
-34-
SIP components
UAC (user agent client)
Caller application that initiates and sends SIP requests.
UAS (user agent server)
Receives and responds to SIP requests on behalf of
clients; accepts, redirects or refuses calls.
SIP Terminal
Supports real-time, 2-way communication with another
SIP entity. Supports both signalling and media, similar
to H.323 terminal. Contains UAC.
Proxy Server
Contacts one or more clients or next-hop servers and
passes the call requests further. Contains UAC and
UAS.
Redirect Server
Accepts SIP requests, maps the address into zero or
more new addresses and returns those addresses to
the client. Does not initiate SIP requests or accept calls.
Location Server
Provides information about a callers possible locations
to redirect and proxy servers. May be co-located with a
SIP server.
-35-
Comparison of H.323 and SIP
Item
H.323
SIP
Designed by
ITU
IETF
Compatibility with PSTN
Yes
Largely
Compatibility with Internet
No
Yes
Architecture
Monolithic
Modular
Completeness
Full Protocol Stack
SIP just handles set-up
Parameter negotiation
Yes
Yes
Call signaling
Q.931 over TCP
SIP over TCP or UDP
Message format
Binary
ASCII
Media Transport
RTP/RTCP
RTP/RTCP
Multiparty calls
Yes
Yes
Multimedia conferences
Yes
No
Addressing
Host or Tel Number
URL
Call termination
Explicit or TCP Release
Explicit or timeout
Instant messaging
No
Yes
Encryption
Yes
Yes
Size of standards
1400 Pages
250 pages
Implementation
Large and Complex
Moderate
Status
Widely deployed
Up and coming
-36-
Disadvantages to VoIP
• Some internet voice services do not work during power outages
and do not provide backup power
• Some services difficult to connect with 999 dispatcher
• Some providers do not provide white pages
• SECURITY
-37-
Security Risks
DoS Attack
?
call
-39-
Toll Fraud
Hacker sells your company
calling information
Your company gets the bill
-40-
Call Manager OS
-41-
Call Manager OS
?
-42-
Eavesdropping
call
-43-
Recording
call
-44-
Hijacking/Injection Attack
call
-45-
Call Forwarding/Spoofing
call
-46-
Call Forwarding/Spoofing
call
-47-
Call Forwarding/Spoofing
?
call
-48-
Expose private conversations
!
call
-49-
Block certain calls
?
555-1212
999-1213
987-6543
-50-
Log call activity
call
-51-
VoIP Security Concerns
VoIP Security Concerns
• What is the greatest risk to your organisation when
implementing Voice over IP?
-53-
VoIP Security Concerns
• What is the greatest risk to your organisation when
implementing Voice over IP?
Loss of use – and resulting loss of business,
whether a result of a DoS attack, power failure,
or poor management/maintenance of the VoIP
systems.
-54-
VoIP Security Concerns
• What are the security risks you are exposing your
organisation to when considering Voice over IP (VoIP)?
-55-
VoIP Security Concerns
• What are the security risks you are exposing your
organisation to when considering Voice over IP (VoIP)?
Denial of Service, Toll Fraud, O/S Vulnerabilities,
Hacking, Recording, Eavesdropping, Hijacking,
Spoofing, Call Forwarding, Call Blocking, Call
Logging
-56-
Security Solutions
Network Solutions: Security Policy
• Establish a corporate security policy
–
Acceptable Use Policy
–
Analog/Dial-in/ISDN Line Policy
–
Anti-Virus Process
–
E-mail Policy
» Automatic Forwarding
» Usage
» Retention
–
Ethics Policy
–
Password Protection Policy
–
Patch Management Process
–
Router Security Policy
–
Server Security Policy
–
Risk Assessment Policy
–
VPN Security Policy
–
Wireless Security Policy
-58-
Security Solutions: Network
Network Design by Cisco Systems
-59-
Security Solutions: DoS
• Provide redundancy through:
–
Mesh Corporate WAN design
–
Utilising multiple ISPs
–
Fallback PSTN Gateway(s)
–
Uninterruptible Power Supplies
• Negotiate QoS agreements
-60-
Security Solutions: Hacking
• Segment networks into separate VLANs
–
Voice network
–
Data network
–
Monitoring and control network
-61-
Security Solutions: Hacking
• Maintain VoIP application server updates
–
Call manager server(s)
–
Voicemail server(s)
–
Gateway server(s)
» Install current Operating System patches
» Install current application software patches
-62-
Security Solutions: Spoofing
• Eliminate unknown devices
–
DHCP Snooping
–
DAI: Dynamic Address Resolution Protocol Inspection
–
IP Source Guard
• Eliminate unknown software
–
Digital Signatures
-63-
Security Solutions: Threats
• Manage and prevent threats via:
–
Stateful Firewalls
–
Virus Filters
–
Intrusion Detection (NIDS)
–
Intrusion Prevention (HIPS)
–
Filter unnecessary ports on:
» Routers
» Switches
» PCs
» IP Telephones
» Firewalls
-64-
Security Solutions: Complete
-65-
FUTURE OF VoIP
Wireless VoIP
• 802.11b (WiFi), the current standard, supports raw data rates up
to 11Mbps.
• 802.11a & 802.11g standards support 54 Mbps
-67-
Differences between A & G
• Major difference is operating spectrum frequency.
–
‘G’ standard utilises 2.4GHz ISM band (same as ‘B’ standard)
–
‘A’ standard utilises 5.2GHz band
-68-
Advantages
• ‘A’ standard
•
–
No interference because it utilises the 5.2GHz band
–
Meets the need for future high-bandwidth applications for wireless
video and the like.
‘G’ standard
–
Extended capability of supporting ‘B’ devices.
–
Older ‘B’ mobile units can continue to be used along with any new
‘G’ mobile devices.
–
Meets the need for future high-bandwidth applications for wireless
video and the like.
-69-
Disadvantages
• ‘A’ standard
–
802.11a wireless voice devices are not readily available on the
market.
–
Few vendors have announced support of ‘A’ for a wireless VoIP
application.
• ‘G’ standard
–
ISM band may become too crowded and introduces a possibility
of interference problems (e.g., Bluetooth, cordless phones, etc.).
-70-
Conclusion
Conclusion
• “The challenge of VoIP security is not new. History has shown
that advances and trends in information technology typically
outpace the corresponding realistic security requirements. Such
requirements are often tackled only after these technologies
have been widely adopted and deployed” – Cable Datacom
News
-72-
Major Concern
• With VoIP the Internet becomes the backbone of a company's
phone network.
–
Hackers
–
Worms
–
Viruses
–
DoS attacks
-73-
Advantages
• Convergence of voice and data into a common infrastructure for
wiring, routers, network connectivity.
• Companies will be able to deploy, manage and maintain one
network to serve all communication needs, saving on
infrastructure costs and resources.
-74-
Introduction – Mobile Data
Introduction – Mobile Data
This presentation will cover the following:
• The Need For Remote Access
• Internet IPVPNs
• Key Customer Wireless Issues
• Considerations for Personal Trusted Devices
-76-
The Need For Remote Access
Is there a need for Remote access?
• Save money on office facilities
• Use of smaller workforce effectively and strategically
• Reach and service more customers
• Flexibility to work force - flexihours
Space to Workforce
lower than 1:3 in many
offices
MOBILITY is MONEY
-78-
Needs of Mobile Workforce
• Corporate Email
–
Allows mobile workforce to be in touch
• Access to corporate intranets.
–
Marketing/sales collaterals, access KM sites, download forms,
generate quotations.
• Access to resources.
–
Source code, documents, lab infrastructure, calendaring system,
booking meeting rooms.
• Access to enterprise applications
–
SAP, Oracle, Lotus notes or other suites for purposes like order
processing, tracking, inventory management etc.
• Video and Tele Conferencing
• 24X7 Availability and Support
-79-
Challenges for Enterprises
• Authenticating of the user
• Encrypting data that is sent over the public network
• Tracking the usage of devices
• Protection from Spoofing and Sniffing
• Support for growing list of devices
-80-
Technology Choices available today
• Technology
–
IPSec VPN
» Allows complete access to enterprise resources
» Heavy weight protocol, but complete control to user
» Needs software on clients
–
Email access
» Accessible through https (secure HTTP)
• Connectivity options
–
Ethernet
–
GPRS
–
WiFi
-81-
Technology trends
• Encrypted Disk drives
–
Data is stored in encrypted form
• External security keys
–
Stored as USB Dongle or Serial port device
–
Used as a key to access enterprise data
–
Allows authentication and tracking
• SSL VPN
–
Allows any web browser to access enterprise data
–
Light weight solution, deployment cost is low
–
Access restricted to Web based resources only
• Biometric identification
–
Eye (iris) or finger print based identification
-82-
Gaps remaining
• Access of enterprise data at public kiosks
–
Caching of information
–
Saving of downloaded information
• Theft
–
The disks can be read by another device
–
Pictures and Messages stored in PDAs/Cell Phones
• Secured Access guarantee by ISPs
• Remote Patch Management
• Enterprise Policy for Remote Work Force
-83-
Suggestions for Enterprises
• Formulate a Policy for Remote Connectivity
• Centralise the maintenance and control of Security Settings
• Standardisation of devices
–
Employees should not be allowed to choose devices
• Enforce anti-virus and patch management policy
• Have an approved list of applications to be used remotely
• Encryption of data is a must
-84-
IPVPNs
Internet VPN
An Internet VPN is configured on the customers own equipment e.g. a
router. A tunnel is created between two customer sites normally using IP
Sec (IP Security) on the customer router and the traffic is routed over the
Internet.
It is a very low-cost way of establishing a VPN between two locations.
However, there is no commitment with regard to speed of delivery of the
data and at times when the Internet is busy it may not be possible to
establish a connection at all or to transmit data with any reasonable speed.
Many corporate customers will not use this type of VPN as it can route
over many different service providers' networks and is subject to the same
security risks as the www.
-86-
Internet VPN
Sole traders and companies who only need to exchange email and
perhaps a small amount of data are the major users of Internet VPNs.
If a customer is comparing the price of an Internet VPN to that of an
internet IPVPN it is important not to focus too much on the price of the
IPVPN as two totally different services are being compared.
-87-
Internet IPVPN (Tunnelling) Technologies
• VPN technology
–
GRE
–
IP sec
• IP sec standards
–
AH
–
ESP
–
IKE
–
DES
–
Triple DES
–
RC4
–
X.509 digital certificates
-88-
VPN using GRE Tunnel
GRE (Generic Route Encapsulation) is another method of creating a tunnel
which can then form a VPN between two sites.
The most common use of GRE tunnels is to transport legacy i.e. protocols
other than IP across MPLS networks.
For example a customer with a fully meshed IPVPN over an MPLS core
network could connect two sites using a GRE tunnel and send SNA traffic
(i.e. non IP traffic) between the two sites without having to convert the SNA
to IP before it entered the IPVPN.
It can also be used as an unsecured internet VPN for non-sensitive traffic.
-89-
VPN using IP sec tunnelling
IP Sec (IP Security) based VPNs use authentication mechanisms to
ensure that only valid clients can connect across the tunnel. In addition
there are different encryption algorithms that can be applied to IP Sec
tunnels to ensure that the data passing through the VPN is not
compromised.
An IP Sec VPN is a point to point tunnel that can also be established
between two sites that are connected into a multi-site IPVPN with MPLS.
This would be used for example to connect two bank computer sites
together where security of data transfer between mainframes is vital.
The two sites would send email over the normal MPLS IPVPN fully
meshed VPN and just use the IP Sec tunnel for special data between the
two computers.
-90-
IP sec Key features
Data Concealment
(Encryption)
Global
Open Standards
Based
Manageability
Mobility
Authentication
-91-
IP sec VPN
CA
Directory
Services and Management Zone
Corporate
Infrastructure
Remote User
Internet
Mobile User
Internal Web Site
VPN Gateway
Data
Branch Office
Ethernet
VPN Gateway
Mail
Headquarters
Business Partner
-92-
Key Customer Wireless Issues
Key Customer Wireless Issues
-94-
Considerations for Personal
Trusted Devices
The big picture: Convergence of Internet and
digital telecom networks
PC
Mobile
terminal
TV
set
CA
server
Community
server
Mobile NW
Operator
sphere
IP Backbone
Network
E-commerce
server
Service provider
Server (e.g. GIS)
-96-
The big picture: Access Network technologies
Wireless
Access Networks
Wired
Access Networks
Bluetooth
GSM
UMTS
IEEE
802.11
IrDA
Wireline Backbone
GSM
("ALL-IP")
Digi-TV/Air
Interface
ISDN
IEEE
802.3
4G
Servers
Mobile
terminals
Digi-TV/
Analog
Cable
modelm
Servers
wired
terminals
-97-
Some measures for the big picture
• Global wireless infrastructure based on GSM technology is truly
global with its roaming capability and coverage.
• At the end of 2002, there were 454 GSM operators worldwide in
182 countries, and they served over 730 million users.
• In 2002, 75 percent of the new mobile customers started to use
GSM terminals and services offered by the GSM networks
[Nok2003].
• The number of digital telecom handsets has exceeded 1 billion
(in 2002, ca. 400 million handsets were sold) and by 2006
perhaps 2 billions.
-98-
Some measures for the big picture
• Of these handsets hundreds of millions are Internet-enabled
(WWW, WAP- or I-mode -enabled).
• There are over a hundred million of servers at the server side (in
Internet 1) and many in private networks
-99-
What is a Personal Trusted Device?
• When the wireless terminals in the above big picture are
capable of supporting seamless communication, authentication
and authorisation of users, various kind of contents - including
text, voice and video streams, geocoded contents, etc. – and
practically any conceivable application or service, one can begin
to talk about a Personal Trusted Device (PTD)
• A device where M-commerce transactions can be launched,
credit card information stored, access to corporate resources
allowed through PTDs now
• A multimedia mobile phone or PDA
• A Laptop with GPRS / WiFi / 3G card
-100-
Functionality of a PTD
-101-
Security and privacy problems of PTDs
• The PTDs are able to host larger and larger amount of data as
memories get bigger
• This data is a security risk, because the device could be stolen
or lost. So should we minimise the amount of critical data kept
at the PTD?
• On the other hand, for guarding against privacy violations it
might be wise to store large amounts of data at the PTD
• What is an optimal approach and on what does the optimality
depend?
-102-
Security and privacy risks
• Evidently, if there is no risk of losing the device and data then it
makes sense to keep as much as possible data, also critical, at
the device
• However, on the contrary, if the risk of losing the device to a
thief, or if losing the data because of a device crash or any
other technical problem is high, it is advisable to minimise the
amount of critical data kept at the device
-103-
Assets, risks, threats
• Assets:
–
Any data stored at the PTD
• Risks:
–
PTD data lost
» The data stored at PTD is lost for the data owner. There are many
threats that result in this, as discussed below.
–
PTD data misused
» The data stored at PTD and subsequently extracted is misused by
malicious persons.
-104-
Assets, risks, threats
• Threats:
–
PTD is destroyed
» In this case no one can use the data any more
–
PTD is lost for the owner
» In this case the owner does not get the device or data back; he or
she is unsure, whether the data will be misused or not
–
PTD is stolen from the owner
» The owner knows that the device is stolen and certainly all the data
is lost, and perhaps some or all the data is misused
-105-
Assets, risks, threats
• Threats (Cont):
–
PTD data misused unnoticed
» In this case the data stored at the PTD is extracted and/or altered in
a way that the owner does not notice it
» The PTD and the data remains at the disposal of the owner
(perhaps, however, altered in some way)
» This case can lead to considerable security threats and damages
from the owners point of view (misuse of cyber-identity, passwords,
credit card, access to company infrastructure etc.)
» The privacy violation also belongs to this category, if the data
provided by or stored at the terminal is misused
-106-
Assets, risks, threats
• Threats (Cont):
–
PTD data misused but detected
» This case can result from theft, losing the device and subsequent
theft, or disclosure of a misuse attempt from logs or physical traces
(cf. Bluetooth/Ir-connection).
» In this case the device owner detects the misuse either when it is
evident from the context (theft) or sometimes afterward
» The difference to the previous case is that the device owner can take
deliberate countermeasures
-107-
Countermeasures against losing data
• Minimising the amount of critical data stored at PTD
• Full (or partial) data replication at a safe network component,
• Provision of safe “backdoors” to the data for which the
legitimate owner has lost access for some reason (encrypted
data, lost access to the entire device or to decryption keys, etc.)
-108-
Countermeasures against PTD misuse
• Minimising the amount of critical data stored at the device
• As good as possible physical protection of the PTD
• Reliable access control to the PTD and the data stored at it
• Encryption of the data stored at the device
• Partition of the data and storing it at the device and at another
safe location (server, memory card, etc.)
-109-
Countermeasures against PTD misuse
• Self-destruction of the data if misuse attempt is detected by the
device
• Privacy related data and algorithms that monitor what
combinations of data handed out from the device while using
various external services could lead to privacy violations or
threats
• Refraining from accessing networked services
• Rroviding full security for communications over the air interface
(end-to-end message encryption, end to authentication,
authorisation)
-110-
Technical support for the countermeasures at PTD
• Reliable access control and authorisation
–
This is a prerequisite for any security and privacy scheme; if a
malicious person gets access to the data at the device just by
getting hold of it physically, nothing much can be done anymore;
Physical security of the PTD is thus a key ingredient in the
security field
–
The second security sphere is a proper authentication (PIN,
biometric authentication, etc.)
–
Third sphere is a proper authorisation of data access stored at the
device
–
Fourth sphere is protecting the device against malicious programs
that are run there
-111-
Technical support for the countermeasures
• Categorisation of the data
–
Assess risk level of particular piece of data and tell this to the
system software (e.g. high, medium, low)
• Minimising the amount of vulnerable data at the PTD
–
This can be semiautomatic, based on the risk level and the above
categorisation
–
If the risk level exceeds a threshold (e.g. due to movement to a
high risk area), the vulnerable data is moved away from the
device or encrypted in a suitable way
-112-
Technical support for the countermeasures
• Data partitioning
–
The idea here is to store only a portion of a particular data halfgranule at the PTD and another granule at a network
component/other device so that both granules are useless alone,
I.e. cannot be used unless first combined; thus grabbing the
device or the other half-granule at the network would not yet grant
access to the other half-granule
–
The problem with the scheme is that if there is no network
connection, the legal user can neither use the data, because the
half-granules cannot be recombined
–
Another problem is the need for wireless capacity
-113-
Technical support for the countermeasures
• Data replication
–
This scheme is solely against losing the data for whatever reason
(device crash, loss or theft)
–
The data granules stored outside the device (at other devices,
network components, etc.) function basically as back-up copies
that must be refreshed from time to time
–
The draw-back of the scheme is that it increases risk of misuse of
the data, because the same data is stored in perhaps many
places outside the device
–
Another drawback is storage and wireless network cost
-114-
Technical support for the countermeasures
• Encryption of data
–
Encryption means that even if a malicious person has got hold of
the device, he or she should be able do decrypt the data in order
to misuse it
–
This can be only be done by passing authorisation as a necessary
step while accessing the data (PIN or authorising the action by
other means)
-115-
Technical support for the countermeasures
• Destruction of the data
–
This is an ultimate measure that the device should launch
automatically, if it detects a rather clear misuse attempt
–
By destruction the misuse is prohibited, but so is the legal use,
unless the data is replicated
–
How the decision can be done automatically, is by no means clear
at the moment
-116-
Conclusions and further research
• Added security and privacy protection tend to decrease the
usability of the device and increase power consumption and
network capacity requirements
• It is therefore vital that the security and privacy protection
policies and methods used in PTDs are in the right proportion to
the threats
• Support from the network side is needed in almost all schemes;
thus, there must be an integrated overall security and privacy
scheme
-117-
Conclusions and further research
• Many problems remain open, such as
–
The measures for the threat and for the similarity of the copies.
–
A comprehensive analytical model with the help of which one
could better assess the impact of the chosen policies and
methods to the usability, security and privacy of the PTDs
–
These are for further study
-118-
Contact Details
• WWW.HiTexConsulting.Co.UK
• [email protected]
• Tel. 0845 408 2412
• Fax. 0845 223 5158
• Presenters:
–
[email protected]
–
[email protected]
-119-