Security in mobile communications
Download
Report
Transcript Security in mobile communications
SECURITY IN MOBILE
NETWORKS
BY
BHONGIRI ANAND RAJ
VENKAT PAVAN RAVILISETTY
NAGA MOHAN MADINENI
Introduction
Mobile communication - provides huge wireless
connectivity in today’s world enabling mobility
and computing in different communication
environments.
In traditional e-commerce, due to lack of
security, frauds are seen as the major obstacle
to people.
web browsers and servers are enabled to use
public infrastructures for cryptographic key
distribution and use protocols such as SSL
Need to ensure that client and server
sides are not ignored.
Installing firewalls and intrusion detection
systems, systems can be traced
Flexibility and functionality are key factors
for creating successful e-commerce
applications
Some of the mechanisms in communication
security are:
Confidentiality
Integrity
Authentication
Non repudiation
Location of the communication
The location of the communication, whether the
communication is taking place or not are some
of the mechanisms need to be private
Confidentiality of traffic, location and addresses
of mobile network will depend on technology
used.
Depending on the protocols used, the
types of authentication varies
For example, in SSL – has four different
types of authentication
Server authentication
Client authentication
Both client and server’s authentication
No authentication, but, providing only
confidentiality.
Different groups have different importance
regarding authentication. For example:
Network operators – interested in authenticating the users for
billing purpose
Content service providers and users – will be interested in
authenticating themselves and with the network service
providers.
These all authentications depend on business model and
technology used
Public key cryptography – an essential element
for SSL. Used for securing web communications.
Public key certificate
CA (certification authorities) digital signature on public key
some attributes
CA ( certificate authority) – is a trusted third party (TTP)
used to verify and certify the identity of public key owner
before issuing certificate.
Security in heterogeneous networks – architectures
depend on protocol layers which represents the way of
modeling and implementing data transmission between
the communication parties
Figure: communication protocol layers
Mobile applications like radio network span over
different networks which complicates the
security implementation and becomes difficult to
obtain end to end security.
There will be difference between desired
security service and the protocol layer
For example,
figure: security architecture using WTLS
Usage of security
Common design makes security services as transparent as
possible. but, this makes user to get less security
information
Figure: semantic protocol layer between human user and organizations
a good user interface indicated the combination of
multimedia and optimal terminal design.
Security of active content
Active content
allows sound and image animation
Provides the user with the ability to interact with server side
during session
Active X, java applets are some of the examples
sandboxing and certification is used to counter
threats from active content
Sandboxing
the active content is restricted in what resources it can
access on the host system
Adv: always active and transparent to user
Disadv: limits the capabilities of active contents
Certification
trusted party has validated and digitally signed active
content
Adv: can access all system resources
Disadv: certification is not equivalent with trustworthiness
Security level of mobile communication
Level 1 security:
Implemented using passcode identification
User send the passcode to the mobile network and
then it is compared with one in the database
Level 2 security:
Implemented using symmetric key schemes
Main feature is client able to authenticate the
identity with gateway
Figure: Generic model of level 2 secure mobile communication
Level 3 security:
Implemented by asymmetric key schemes.
Client is able to authenticate the gateway’s identity
Figure: Generic model of level 3 secure mobile communication
Implementing the security levels in mobile
communication
Mobile devices and networks need to support
technologies and standards
Different models were proposed. But, communication
between mobile device and trusted server is not
secure.
Clients are classified into following categories
No private key
One private key used for authentication or signing
Two or more private keys from which one is used for
authentication and the other one for signing
Implementation of security level 1
The client sends the passcode by SMS or WAP
When verified, user is granted to access information
Implementation of security level 2
Depends on capability of storing private keys
If not capable, private key must be stored either in
mobile device or must be entered by user
Implementation of security level 3
Depends on capability of client to store private keys
Generate the digital signature
If the client is not able to generate digital signatures,
we use delegated PKI (public key infrastructure)
signing ( means the security server signs on behalf of mobile device)
Implementing security level 3 of mobile communications
Some of the physical constraints of mobile
communication systems are:
Broad-based medium:
Wireless medium is broad based medium
Extremely exposed to eavesdropping (spying)
Disconnections
Frequently gets disconnected due to high degree
of noise and interference
Heterogeneity
Moving from one domain to other host encounters
different levels of security and management
policies
Highly distributed environment
Some of the security threats are:
Device vulnerability :
Many mobile devices are small and light weight
which leads to device being misplaced or lost
Raises a security concern as thief have chances to
view some secret information
Domain crossing:
Happens when user mobile gets into a new
location belonging to other domain and was
registered
This raises some of the security matters
When entering into new domain, important for both
user and foreign domain trust one and other
Anonymity:
Mobile user wants to be anonymous to the outside
domains
Authentication:
Mobile user crosses domain boundaries must be
authenticated
Should not interfere with users task which requires
the authentication to be transparent to user
Some of the examples of mobile communication
are:
Global System for Mobile communication (GSM):
Cellular Digital Packet Data (CDPD)
Mobile IP
Conclusion
Mobile networks have positive side and negative
side
The mobile network operators are well placed to
become trusted third party and able to support
the security applications.
Development of e-commerce technology,
functionality and flexibility gets the highest
priority as form the basis for new business
model
The only hope is in future, mobile networks will
be more secure
1. What are the different encryption types and
tools available in networks security?
There are three types
Manual encryption:
Completely provided by the user
User has to manually select the objects for encryption such as
files or folder and run some command to encrypt or decrypt
these objects
Transparent encryption:
here the encryption/decryption is performed at a low level
during all read/write operations
From the point of general security principles, complete
low-level transparent encryption is the most secure type
imaginable, easiest, and imperceptible for the user to
manage
Semi transparent encryption
This operates not permanently, but before or after access is
made to confidential objects or during some read or write
operations
2. How do you do authentication with a message digests
MD5 in network?
MD5 is a cryptographic hash function with 128 bit has
value output.
Used to check integrity of files or inputs.
An MD5 hash is expressed as a 32-character hex number.
It takes the variable-length input and converts it into a fixed
length output of 128-bits called as MD5 hash.
It is a one way hash function
Any change in the message would result in a completely
different hash
3. What is routing protocol and routed
protocol?
Routed protocol
Any protocol that provides enough information in
its network layer address to allow a packet to be
forwarded from host to host base on addressing
scheme.
Routed protocols define the format and use of the
fields within a packet.
Internet protocol (IP) is an example for routed
protocol
Routing protocol
Support a routed protocol by providing
mechanisms for sharing routing information.
Routing protocol messages move between routers
The routing protocol allows the routers to
communicate with other routers to update and
maintain tables.
4. What are the different types of network
security?
There are two types of network security
Physical security
It is important to physically secure your computer
and its components so that unauthorized people
cannot touch your computers and gain access to
your network.
Software security:
Along with securing your hardware it is necessary to
protect your network from hackers and outside
attackers
Keeping a firewall on the system to block unwanted
data
Having maximum protection against viruses
Use spam filter software
There are many more things to do to ensure complete
network security.
References
http://sky.fit.qut.edu.au/~josang/papers/JS2003
-AISW.pdf
http://www.win.tue.nl/~jmarkovs/Application%2
0level%20security%20of%20mobile%20comm
unications%20-%20MII2003%20final.pdf
http://www.docomoeurolabs.de/pdf/publication
s/STL_wpmc03_future_mobile.pdf
http://www.philadelphia.edu.jo/aiccsa2007/t3.p
df
?