SecureAge SecureAge

 

         
           

News Center

e-News

What is Wireless Security?

With the proliferation of mobile commerce (m-commerce), wireless applications become a vital communication tool for business travelers. These busy professionals are increasingly demanding a more convenient way of accessing information and conducting business transactions anytime and anywhere. However, the growing popularity of wireless communication may unleash some potential threats that can pose security risks on wireless networks.

Wireless networks are most susceptible to unwanted tampering and interception because data is transmitted over the air. Anyone within the same radio frequency range can effortlessly attain your user password and gain access to confidential information that is transmitted over the public wireless network anytime. Therefore, this calls for the importance of implementing security architecture over the wireless network.

Before implementing wireless security solutions, we need to consider all elements involved in ensuring a highly secured wireless environment. A5 algorithm is an encryption algorithm that ensures the confidentiality of conversations in the GSM (Global System for Mobile Communications) network. This is a powerful voice encryption code that keeps eavesdroppers from listening to a conversation.

802.11b is another security standard currently defined by the IEEE (The Institute of Electrical and Electronics Engineers) to safeguard Wireless LAN (WLAN). It is most commonly used commercially and can be incorporated with the WEP (Wired Equivalent Privacy) algorithm to protect the channel from any potential eavesdroppers.

Although both standards are initially developed to ward off any unwanted interception, they may not be completely secured. Some researchers claim that A5 cryptographic code can be easily broken in less than a second on a PC with 128 MB RAM and two 73 GB hard disks, by analyzing the output of the A5 algorithm in the first two minutes of the conversation. Hence, any eavesdropper can easily intercept telephone conversations by performing only one-time data preparation stage. As for 802.11b, some researchers discover that both the 40-bit and 128-bit WEP algorithm can be easily cracked because of the static keys. Once a single key is being compromised, it will affect the entire WLAN and the connected wired network.

In addition, there are other more secure technologies like WPKI (Wireless Public Key Infrastructure), WTLS (Wireless Transport Security) and TLS (Transport Layer Security) that can be used to secure wireless communications in the WAP (Wireless Application Protocol) environment. WPKI uses digital certificates and encryption keys to authenticate user's identity. One way is to utilize crypto.signText JavaScript method which requests the user to digitally sign a string of text, such as a web form, with his or her private key, using RSA or DH (Diffie-Hellman) algorithm. This ensures non-repudiation by providing persistent proof of identity for mobile commerce.

WTLS protocol is derived from the SSL (Secure Sockets Layer) / TLS (Transport Layer Security) protocols as a lower bandwidth version. It allows all GSM devices to be securely connected to a WAP gateway and application server to achieve data security and privacy. But with the advent of GPRS (General Packet Radio Service) and 3G networks, TLS has been selected as the next generation protocol that enables secure data to be transmitted directly between wireless devices and Web servers. The main difference between WTLS and TLS protocols is that the former is tailored for the wireless devices, supports datagrams and Public Key technologies and is bandwidth efficient, while the latter supports specifically the TCP protocol for both wired and wireless networks with the same public key technologies.

In conclusion, it is just not good enough to safeguard your wireless environment by simply relying on a single solution. To further safeguard your mobile transaction and communication, you need to deploy solutions that can fully secure the wireless devices, wireless transmissions and networks, gateways and servers, and backend systems. More importantly, these solutions should be able to interoperate with the existing security infrastructure used in the wired environment, as well as, able to scale and accommodate new mobile users. As such, you may consider using SA SecureAccess and MCom P3 technologies to address all your security needs in the wireless environment. For more information, please visit our website at http://www.secureage.com or email your enquiries to contactus@secureage.com.


Go to Top
Secure Age
Copyright © 2016 SecureAge Technology. All Rights Reserved.