15-03-2011, 09:27 AM
presented by:
ASHU SRIVASTAVA
[attachment=10168]
INTRODUCTION
Consumers demand more from their technology. Whether it be a
television, cellular phone, refrigerator, the latest technology purchase must
have new features. With the advent of the Internet, the most-wanted feature
is better, faster access to information. Cellular subscribers pay extra on top
of their basic bills for such features as instant messaging, stock quotes, and
even Internet access right on their phones. But that is far from the limit of
features; manufacturers entice customers to buy new phones with photo and
even video capability. It is no longer a quantum leap to envision a time when
access to all necessary information — the power of a personal computer
sits in the palm of one’s hand. To support such a powerful system, we need
pervasive, high-speed wireless connectivity. A number of technologies
currently exist to provide users with high-speed digital wireless connectivity;
Bluetooth and 802.11 are examples. These two standards provide very
highspeed network connections over short distances, typically in the tens of meters. Meanwhile, cellular providers seek to increase speed on their longrange
wireless networks. The goal is the same: long-range, high-speed
wireless, which for the purposes of this report will be called 4G, for fourthgeneration
wireless system. Such a system does not yet exist, nor will it exist
in today’s market without standardization. Fourth-generation wireless needs
to be standardized throughout the United States due to its enticing
advantages to both users and providers.
ECONOMIC ADVANTAGE
1 - Advantages of 4G In a fourth-generation wireless system,
cellular providers have the opportunity to offer data access to a wide variety
of devices. The cellular network would become a data network on which
cellular phones could operate — as well as any other data device. Sending
data over the cell phone network is a lucrative business. In the information
age, access to data is the “killer app” that drives the market. The most telling
example is growth of the Internet over the last 10 years. Wireless networks
provide a unique twist to this product: mobility. This concept is already
beginning a revolution in wireless networking, with instant access to the
Internet from anywhere.
2 - Problems with the Current System One may then wonder
why ubiquitous, high-speed wireless is not already available. After all,
wireless providers are already moving in the direction of expanding the
bandwidth of
their cellular networks. Almost all of the major cell phone networks already
provide data services beyond that offered in standard cell phones, as
illustrated in Table 1.
Unfortunately, the current cellular network does not have the available
bandwidth necessary to handle data services well. Not only is data transfer
slow — at the speed of analog modems — but the bandwidth that is
available is not allocated efficiently for data. Data transfer tends to come in
bursts rather than in the constant stream of voice data. Cellular providers are
continuing to upgrade their networks in order to meet this higher demand by
switching to different protocols that allow for faster access speeds and more
efficient transfers.
WIRELESS SECURITY
History
The original cellular phone network in the United States was called the
Analog Mobile Phone System (AMPS). It was developed by AT&T and
launched in 1983. AMPS operated in the 800 MHz range, from 824-849
MHz and 869-894 MHz. The lower band was used for transmissions from
the phone to the base station, and the upper band was for the reverse
direction (Leon-Garcia and Widjaja 2000). This allows full duplex
conversation, which is desirable for voice communications. The bands were
divided into 832 sub channels, and each connection required a pair: one each
for sending and receiving data. Each sub channel was 30 KHz wide, which
yielded voice quality comparable to wired telephones. The sub channels
were set up so that every sub channel pair was exactly 45 MHz apart (Leon- Garcia and Widjaja 2000). Several of the channels were reserved exclusively for connection setup and teardown. The base station in a particular cell kept a record of which voice sub channel pairs were in use.
Though usable, this system included a number of security flaws. Because
each phone transmitted (like any radio transmitter) in the clear on its own
frequency, the phones in this system “were almost comically vulnerable to
security attacks” (Riezenman 2000, 40). The crime of service theft plagued cellular service providers, as individuals with radio scanners could “sniff” the cellular frequencies and obtain the phone identification numbers
necessary to “clone” a phone (Riezenman 2000, 39). The abuser could then use this cloned phone to make free telephone calls that would be charged to the legitimate user’s account
Security Analysis
Objectives –
• To ensure that information generated by or relating to a user is adequately
protected against misuse or misappropriation.
• To ensure that the resources and services provided to users are adequately
protected against misuse or misappropriation.
• To ensure that the security features are compatible with world-wide
availability.
• To ensure that the security features are adequately standardized to ensure
world-wide interoperability and roaming between different providers.
• To ensure that the level of protection afforded to users and providers of
services is considered to be better than that provided in contemporary fixed
and mobile networks.
• To ensure that the implementation of security features and mechanisms can
be extended and enhanced as required by new threats and services.
• To ensure that security features enable new ‘e-commerce’ services and
other advanced applications (Howard, Walker, and Wright 2001, 22)
These goals will help to direct security efforts, especially when the system is
faced with specific threats.
Threats
Because instances of 4G wireless systems currently only exist in a few
laboratories, it is difficult to know exactly what security threats may be
present in the future. However, one can still extrapolate based on past
experience in wired network technology and wireless transmission. For
instance, as mobile handheld devices become more complex, new layers of technological abstraction will be added. Thus, while lower layers may be
fairly secure, software at a higher layer may introduce vulnerabilities, or
vice-versa. Future cellular wireless devices will be known for their software
applications, which will provide innovative new features to the user.
Unfortunately, these applications will likely introduce new security holes,
leading to more attacks on the application level (Howard, Walker, and
Wright 2001, 22). Just as attacks over the Internet may currently take
advantage of flaws in applications like Internet Explorer, so too may attacks in the future take advantage of popular applications on cellular phones.
In addition, the aforementioned radio jammers may be adapted to use IP
technology to masquerade as legitimate network devices. However, this
would be an extremely complex endeavor. The greatest risk comes from the application layer, either from faulty applications themselves or viruses
downloaded from the network.
ASHU SRIVASTAVA
[attachment=10168]
INTRODUCTION
Consumers demand more from their technology. Whether it be a
television, cellular phone, refrigerator, the latest technology purchase must
have new features. With the advent of the Internet, the most-wanted feature
is better, faster access to information. Cellular subscribers pay extra on top
of their basic bills for such features as instant messaging, stock quotes, and
even Internet access right on their phones. But that is far from the limit of
features; manufacturers entice customers to buy new phones with photo and
even video capability. It is no longer a quantum leap to envision a time when
access to all necessary information — the power of a personal computer
sits in the palm of one’s hand. To support such a powerful system, we need
pervasive, high-speed wireless connectivity. A number of technologies
currently exist to provide users with high-speed digital wireless connectivity;
Bluetooth and 802.11 are examples. These two standards provide very
highspeed network connections over short distances, typically in the tens of meters. Meanwhile, cellular providers seek to increase speed on their longrange
wireless networks. The goal is the same: long-range, high-speed
wireless, which for the purposes of this report will be called 4G, for fourthgeneration
wireless system. Such a system does not yet exist, nor will it exist
in today’s market without standardization. Fourth-generation wireless needs
to be standardized throughout the United States due to its enticing
advantages to both users and providers.
ECONOMIC ADVANTAGE
1 - Advantages of 4G In a fourth-generation wireless system,
cellular providers have the opportunity to offer data access to a wide variety
of devices. The cellular network would become a data network on which
cellular phones could operate — as well as any other data device. Sending
data over the cell phone network is a lucrative business. In the information
age, access to data is the “killer app” that drives the market. The most telling
example is growth of the Internet over the last 10 years. Wireless networks
provide a unique twist to this product: mobility. This concept is already
beginning a revolution in wireless networking, with instant access to the
Internet from anywhere.
2 - Problems with the Current System One may then wonder
why ubiquitous, high-speed wireless is not already available. After all,
wireless providers are already moving in the direction of expanding the
bandwidth of
their cellular networks. Almost all of the major cell phone networks already
provide data services beyond that offered in standard cell phones, as
illustrated in Table 1.
Unfortunately, the current cellular network does not have the available
bandwidth necessary to handle data services well. Not only is data transfer
slow — at the speed of analog modems — but the bandwidth that is
available is not allocated efficiently for data. Data transfer tends to come in
bursts rather than in the constant stream of voice data. Cellular providers are
continuing to upgrade their networks in order to meet this higher demand by
switching to different protocols that allow for faster access speeds and more
efficient transfers.
WIRELESS SECURITY
History
The original cellular phone network in the United States was called the
Analog Mobile Phone System (AMPS). It was developed by AT&T and
launched in 1983. AMPS operated in the 800 MHz range, from 824-849
MHz and 869-894 MHz. The lower band was used for transmissions from
the phone to the base station, and the upper band was for the reverse
direction (Leon-Garcia and Widjaja 2000). This allows full duplex
conversation, which is desirable for voice communications. The bands were
divided into 832 sub channels, and each connection required a pair: one each
for sending and receiving data. Each sub channel was 30 KHz wide, which
yielded voice quality comparable to wired telephones. The sub channels
were set up so that every sub channel pair was exactly 45 MHz apart (Leon- Garcia and Widjaja 2000). Several of the channels were reserved exclusively for connection setup and teardown. The base station in a particular cell kept a record of which voice sub channel pairs were in use.
Though usable, this system included a number of security flaws. Because
each phone transmitted (like any radio transmitter) in the clear on its own
frequency, the phones in this system “were almost comically vulnerable to
security attacks” (Riezenman 2000, 40). The crime of service theft plagued cellular service providers, as individuals with radio scanners could “sniff” the cellular frequencies and obtain the phone identification numbers
necessary to “clone” a phone (Riezenman 2000, 39). The abuser could then use this cloned phone to make free telephone calls that would be charged to the legitimate user’s account
Security Analysis
Objectives –
• To ensure that information generated by or relating to a user is adequately
protected against misuse or misappropriation.
• To ensure that the resources and services provided to users are adequately
protected against misuse or misappropriation.
• To ensure that the security features are compatible with world-wide
availability.
• To ensure that the security features are adequately standardized to ensure
world-wide interoperability and roaming between different providers.
• To ensure that the level of protection afforded to users and providers of
services is considered to be better than that provided in contemporary fixed
and mobile networks.
• To ensure that the implementation of security features and mechanisms can
be extended and enhanced as required by new threats and services.
• To ensure that security features enable new ‘e-commerce’ services and
other advanced applications (Howard, Walker, and Wright 2001, 22)
These goals will help to direct security efforts, especially when the system is
faced with specific threats.
Threats
Because instances of 4G wireless systems currently only exist in a few
laboratories, it is difficult to know exactly what security threats may be
present in the future. However, one can still extrapolate based on past
experience in wired network technology and wireless transmission. For
instance, as mobile handheld devices become more complex, new layers of technological abstraction will be added. Thus, while lower layers may be
fairly secure, software at a higher layer may introduce vulnerabilities, or
vice-versa. Future cellular wireless devices will be known for their software
applications, which will provide innovative new features to the user.
Unfortunately, these applications will likely introduce new security holes,
leading to more attacks on the application level (Howard, Walker, and
Wright 2001, 22). Just as attacks over the Internet may currently take
advantage of flaws in applications like Internet Explorer, so too may attacks in the future take advantage of popular applications on cellular phones.
In addition, the aforementioned radio jammers may be adapted to use IP
technology to masquerade as legitimate network devices. However, this
would be an extremely complex endeavor. The greatest risk comes from the application layer, either from faulty applications themselves or viruses
downloaded from the network.
