SecurityRequirements forWirelessNetworking

Developedby

Copyright2007RysavyResearch

TABLEOFCONTENTS
INTRODUCTION.................................................................................................................................................. 2 SECURITYREQUIREMENTS ................................................................................................................................. 2 WIRELESSOPERATORSECURITYLIMITATIONS .................................................................................................... 3 ENDTOENDSECURITY ...................................................................................................................................... 5 CONCLUSION ..................................................................................................................................................... 6

Introduction
Organizationsaredeployingmobilecomputerapplicationsoverwidegeographicareas,usingan increasingnumberofprivateandpublicnetworks,manyofwhicharewireless.Meanwhile,therearea growingnumberofregulatoryrequirementsfortheprotectionofcommunicateddata,particularlyin government,financialandmedicalareas.Evenwithoutregulations,nearlyallenterprisesand organizationswanttoensurethattheirdatacommunicationsaresecure,andthattheirnetworks remainprotectedfromexternalattacks. Toimplementsecuritypoliciesandtomosteffectivelydesigntheirsecurityarchitectures,network managersmustunderstandthesecurityfeaturesofthenetworkstheyareusing,aswellastheir limitations. Thiswhitepaperdiscussessecurityrecommendationsandregulations,reviewsthesecuritymechanisms availablewithpublicwirelessnetworks,explainswheretheyfallshort,andconcludesthatonlyanend toendsecurityapproachsuchasamobileVPNcanfullyaddressthesecurityneedsformost applications.

SecurityRequirements
Whileanyorganizationwantstoprotectitssensitivedata,todetecttamperingofdataandtolimit accesstoauthorizedindividuals,variousindustriesmustalsocomplywithanarrayofregulatoryand industryrequirementsandguidelines.Theseincludeamongothers,theSarbannesOxleyAct,theHealth InsurancePortabilityandAccountabilityAct(HIPAA),theGrammLeachBlileyAct,theCriminalJustice InformationServicesDivision(CJIS)SecurityPolicy,andthePCI(PaymentCardIndustry)DataSecurity Standard. Onecommonrequirement,especiallyforgovernmentorganizations,isthatsensitivedatathatisstored orcommunicatedoverpublicnetworksmustbeencryptedusingcertifiedalgorithms.Forinstance,the WirelessPolicyoftheCJISSecurityPolicy1statesAllnewwirelessupgradescontractedafterthecloseof federalfiscalyear2002(September30,2002),shallsupportaminimumof128bitencryptionforall data.TheNationalInstituteofTechnologyandStandards(NIST)FIPS1402isawidelycited requirement. Anothercommonrequirementisforuserstoauthenticatethemselvesusingtwoauthentication, generallyachievedbyacombinationofsomethingtheuserpossessessuchasasecuritytoken(e.g.,USB dongleorsecuritysmartcard),andsomethingtheuserknows(e.g.,password).Biometricapproaches canalsobeusedasoneoftheauthenticationfactors.

CJISSecurityPolicy,August2003,Version3.2

SecurityRequirementsforWirelessNetworking

Page2

Regulationsarebecomingmorestringent,bothatthestateandfederallevel.Organizationsdesigning newmobileaccesssolutionsneedtoplanaccordinglytoensuretheycomplywithbothcurrentand futurerequirements.

WirelessOperatorSecurityLimitations
Wirelessoperatorshaveimplementedanumberofsecuritymechanismswithintheirnetworks.While useful,theoperatorprovisionshaveshortcomings,asexplainedinthissection. Thetypicalsecuritymechanismsthatoperatorsprovideincludedeviceauthentication,encryptionofthe radiolink,optionalencryptionforInternetcommunications,privatecircuitsandfirewallrules. Inthecaseofuserauthentication,networkoperatorsareprimarilyconcernedwithfraudulentuseof theirnetwork,andsotheauthenticationmechanismsaredesignedtoensurethatonlylegitimate devicesconnecttothenetwork.WithGlobalSystemsforMobileCommunications(GSM)networks,for instance,thenetworkvalidatesthecredentialsintheSubscriberIdentityModule(SIM)card.In2G cellularnetworks,therearenoprovisionstoauthenticatethenetworktotheusersystem.Thisallows maninthemiddleattackswhereanattackercouldoperatealowpowerequipmentthatsimulatesa wirelessnetwork,andcouldacquireusercredentials.Whilethisisnotatrivialundertaking,cellular technologistsconsidereditasufficientthreatthat3GtechnologiessuchasUniversalMobile TelecommunicationsSystem(UMTS)employbidirectionalauthentication. Theproblem,however,isthatusersusuallydonotknowwhethertheyareona2Gor3Gsystem, especiallyasoperatorshaveimplementedseamlesshandoverforbothvoiceanddataservicesbetween their2Gand3Gnetworks.Thehandoverallowsactivedatasessionstooriginateononenetwork,and thentocarryacrosstotheothernetworkwiththesameIPaddress.Forinstance,theusercouldstart theirsessionona3Gsystembutdriveintoa2Gonlycoveragearea.Thisproblemof2Gvs.3Gsystems isalsoanissuewhenwelookatencryption. Withrespecttouserauthentication,somemobiledevices(e.g.,GSM/UMTS),allowfordevicestobe configuredsothatausermustenteraPINbeforeusingthedevice.However,ausercaneasilydisable thismechanism.Italsodoesnotsatisfytwofactorauthenticationrequirements. Thereisanadditionalconcernwithrespecttoauthentication,particularlyifthecustomerhasarranged foraprivateconnectionbetweentheirnetworkandtheoperatornetwork.Typicalarrangements includenetworkVPNsandFrameRelaycircuits.Often,thesecustomarrangementsaremadein conjunctionwithaspecificpoolofIPaddressesthatthenetworkassignstomobilesystems,facilitating firewallrulesatthecustomersite.Thevulnerabilityisthataccessisbasedonthedevicescredentials, nottheuserscredentials.Iftheusersnetworkcard,laptoporsmartphoneislostorstolen,thenin manycircumstancesitwillbepossibleforathirdpartytogainaccesstotheenterprisenetworkviathe privateconnection. Theprimarysecuritymechanismpromotedbyoperatorsistheirencryptionoftheradiolink.3Gsystems haveindeedimplementedrobustmeasures,withbothUMTS2andCDMA2000EvolvedDataOptimized (EVDO)technologieshavingimplemented128bitencryptionalgorithms:KasumiforUMTSand AdvancedEncryptionStandard(AES)forEVDO.Thereare,however,variouslimitationstothese schemes.Oneisthattheyareonlyavailablewhenin3Gmode.Ifconnectingtoa2Gsystemsuchas 1xRTTforCDMA2000orGPRS/EDGEwithUMTS,theavailableencryptionschemesarefarweaker.
DiscussionofUMTSincludesadvanceddataservicessuchasHighSpeedDownlinkPacketAccess(HSDPA)and HighSpeedUplinkPacketAccess(HSUPA).
2

SecurityRequirementsforWirelessNetworking

Page3

1xRTTemploysa32bitshiftregisterencryptionschemewhilemostGSM/EDGEnetworksusea64bit keywithaneffectivekeylengthof54bits.Anotherconcernisthatcellularoperatorsdonotnecessarily employradioencryptionevenwhenitisavailable,asitisanoptionalfeatureofmanywireless technologies,even3GsystemssuchasEVDO.Yourhomeoperatorcouldoffertheencryption,butyou mightroamontoanothercarriersnetworkthatdoesnothaveencryption.Thebottomlineisthatitis problematictoreliablydeterminewhatkindofencryptionthenetworkisprovidingatanymomentin time. Evenifyoucouldrestrictoperationtowirelesscoverageareasthathavestrongencryption,thereisyet anothersecurityconcern.Thisisthattheradioencryptionterminateswithintheoperatornetwork.For EVDOnetworks,theencryptionendpointisatthebasestationcontroller(BSC),whereasfor GSM/EDGE/UMTSnetworksitisattheServingGPRSSupportNode(SGSN).Beyondthat,thedata typicallyisintheclearasittraversestheoperatornetwork.Eveniftheoperatorreencryptsuserdata withintheirnetwork(e.g.,usingIPsec),thedatawillexistinanunencryptedforminapartofthe network.Grantedthattheunencrypteddataisontheoperatorsprivatenetworkandwouldlikelybe difficulttoaccessfromtheoutside,butrelyingontheoperatorsafeguardingsensitivedatarepresentsa significantvulnerability,especiallyasitiscompletelyoutofthecontroloftheorganizationusingthe network. Thenthereisthematterofbackendconnectivity,whichreferstohoworganizationsconnecttheir networkstotheoperatornetwork.ThedefaultconnectionmethodisviatheInternet,whichclearlyis notasecuremedium.Toaugmentsecurityofthislink,someoperatorsofferconnectivityoptionssuch asFrameRelaypermanentvirtualcircuits(PVCs)andnetworkVPNconnections.FrameRelaycircuits providesomemeasureofprivacy,thoughtheyarenotcryptologicallyprotected,andhencevulnerable toattackerswhomaygainphysicalaccesstothelocalcircuitthatconnectsfromtheorganizationtothe FrameRelaypointofpresence.NetworkVPNconnectionsaregenerallybasedonIPsecprotocols,and hencesecureifconfiguredcorrectly.However,bothFrameRelayandnetworkVPNsrequirecustom arrangementswiththeoperator,andwillincuradditionalservicecharges.Andtheystilldonotaddress theproblemthatthedatawillpassthroughanunencryptedstagewithintheoperatornetwork. Finally,usersmaybeusinganumberofdifferentaccessnetworksinadditiontoacellularoperator wirelessdatanetwork.Forinstance,theymaywanttousetheirhomehighspeedInternetconnections, hotelbroadbandconnectionsorpublichotspots.Clearly,theoperatorbasedsecuritymechanismswill providenobenefitsinthesealternativeconnectionscenariosexceptinisolatedinstanceswherethe operatoroperatesboththewirelessnetworkandthealternatenetwork. Thefollowingtablesummarizesthelimitationsofoperatorhostedsecurityfeatures.

Table:SummaryofOperatorSecurityMechanismsandLimitations OperatorSecurity Mechanism Device Authentication UserAuthentication HowitWorks Networkauthenticates devicetoallownetwork access. UsermustenterPINto beabletousedevice. Limitations Only3Gnetworksemploybidirectional authentication.Seamless2G/3Ghandovermakesit difficulttoknownetworktype. OnlyavailableforGSM/UMTSnetworks. Usercandisablefeature,anddoesnotsatisfytwo factorauthenticationrequirements.

SecurityRequirementsforWirelessNetworking

Page4

Table:SummaryofOperatorSecurityMechanismsandLimitations(continued)

OperatorSecurity Mechanism EncryptionofRadio Link

HowitWorks

Limitations

Only3Gnetworksofferencryptionusing128bit Encryptionoftheradio linkfromuserdevicetoa keysandrecognizedalgorithms,andnotall nodewithintheoperator operatorsnecessarilyimplementthefeature. network. Seamless2G/3Ghandovermakesitdifficultto knownetworktype. Datadecryptedwithinoperatornetworkandmay travelintheclearwithinoperatornetwork.

BackendConnection SecurityOptions Protectionfor AlternateNetwork Access

Privatecircuitsand networkVPNstoprotect Internettraversal. Potentialextensionof encryptiontoother networktypes.

Requirescustomarrangementwithadditional servicecharges.PrivatecircuitssuchasFrameRelay donotencryptdata. Onlyavailableinisolatedcasesfornetworksunder theparticularoperatorscontrol.

Doesthismeanorganizationsshouldnottakeadvantageoftheoperatorssecurityoptions?Not necessarily.Thesesecurityoptionsmaywellaugmentanoverallsecurityarchitecture.Forinstance, someoperatorsprovidefirewallconfigurationsthatpreventunsolicitedIPpacketsfrombeingsentto mobiledevices,thusprotectingagainstdenialofserviceattacks.Butbythemselves,theoperator provisionsdonotfullyaddresstheneedsofsecureapplications.

EndtoEndSecurity
Theonlyapproachthatprovidessecuritythataddressesbothregulatoryrequirementsandguidelines, andthatalsoovercomestheshortcomingsofjustusinganoperatorssecurityprovisions,isavirtual privatenetwork(VPN)thatextendsfromtheuserdevicetoacontrollednodewithinthecustomer organizationsnetwork. Byusinganendtoendapproach,organizationsachievethefollowingsecuritybenefits: Twofactorauthentication(whichissupportedbymanyVPNs) Mutualauthentication Protectionagainstlostorstolendevices Protectionregardlessofaccessnetwork(operatornetwork,WiFi,homeInternet,etc.) Privacyateverypointofnetworktraversal Noneedforcustomizedbackendconnectivityarrangementswithoperator

SecurityRequirementsforWirelessNetworking

Page5

 Thefollowingdiagramillustratesthespanofdifferentsecurityelements. Figure:SecurityElementsinWirelessNetworks
EDGE/UMTS Radio Encryption Data Not Necessarily Encrypted Operator Network VPN or private circuit

Base Station

Base Station Controller

SGSN (GSM, UMTS)

Other Operator Network Elements

Internet Enterprise Network

Data Decrypted Base Station

EV-DO Radio Encryption End-to-End Protection with a Mobile VPN

Thewirelessindustryitselfrecognizesthelimitationsoftheirsecurityprovisions.Forinstance, Qualcomm,thecompanythatwastheprimaryinventorofCDMA2000EVDOtechnology,statesina whitepaperonsecurityUserdataisbestsecuredwithawelltestedendtoendsolutionlikeaVPN regardlessofairlinkencryption3

Conclusion
Enterprisesareincreasinglytakingadvantageofwirelessnetworksfortheirmobileworkers.However, thesenetworksintroducesignificantsecurityconcerns,especiallyasenterprisesmustnotonlyprotect theirdataandnetworks,butmustalsoaddressagrowingnumberofregulatoryrequirementsfordata safeguarding. Wirelessoperatorshaveimplementedvarioussecuritymechanismstomitigatesecurityissues.Forsome relativelylowriskapplications,thesemaybesufficient.Butforsensitivedata,thesesafeguardsby themselvesdonotfullyaddressuserauthenticationandprivacy,especiallyasencryptionmechanisms extendonlyoveraportionofthenetwork.Anotherlimitationisthattheoperatormechanismsonly applytotheirnetworkanddonotsafeguardtheuserwhenusingothertypesofnetworks. Themosteffectivesolutionforsecurecommunicationoverwirelessnetworksistoemployanendto endsecurityapproachsuchasamobileVPN.

Qualcommwhitepaper,2003,1xEVDOWebPaperComparisonofAirlinkEncryptions.

SecurityRequirementsforWirelessNetworking

Page6

RysavyResearchprovidesthisdocumentandtheinformationcontainedhereintoyouforinformational purposesonly.RysavyResearchprovidesthisinformationsolelyonthebasisthatyouwilltake responsibilityformakingyourownassessmentsoftheinformation. AlthoughRysavyResearchhasexercisedreasonablecareinprovidingthisinformationtoyou,Rysavy Researchdoesnotwarrantthattheinformationiserrorfree.RysavyResearchdisclaimsandinnoevent shallbeliableforanylossesordamagesofanykind,whetherdirect,indirect,incidental,consequential, orpunitivearisingoutoforinanywayrelatedtotheuseoftheinformation.

SecurityRequirementsforWirelessNetworking

Page7