Text 1. An overview of the security of wireless networks. Read the text and outline the main problems of wireless communication security and the perspectives of protection means.

More and more applications are being accessed through wireless systems, including commerce, medical, manufacturing, and others. Wireless devices have become an extension of corporate databases and individuals. Their security compromises are as serious as any attack to the corporate database and may have damaging effects on the privacy of individuals and the protection of assets of an enterprise. Wireless devices include cellular phones, two-way radios, PDAs, laptop computers, and similar. These are normally portable devices with limitations of weight, size, memory, and power. The increase in functions in cellular devices creates new possibilities for attacks. Standard attacks against the Internet may now take new forms. Lists of vulnerabilities are already available, showing flaws in many existing products.

Communicating in the wireless environment has its own issues and challenges. It is characterized by relatively low bandwidth and data rates, as well as higher error rates, and the need for low power consumption (for mobile devices). The mobility of the nodes in cases such as ad hoc networks adds another significant layer of complexity and unpredictability.

There exist many different forms of wireless communications and networking.

Some popular forms of wireless communications include:

Satellite communication;

Cellular networks, Cordless systems;

Mobile Internet Protocol (Mobile IP);

Wireless Local Area Networks (WLANs) including LAN extensions, Cross-building interconnects, Nomadic access, Mobile ad hoc networks (MANETs).

The security of wireless systems can be divided into four sections:

1. Security of the application. This means the security of user applications and standard applications such as email.

2. Security of the devices. How to protect the physical device in case it is lost or stolen.

3. Security of the wireless communication. How to protect messages in transit.

4. Security of the server that connects to the Internet or other wired network. After this server the information goes to a network with the usual security problems of a wired network (not discussed here).

There is serious concern about the vulnerabilities of wireless systems. The easy access to the medium by attackers is a negative aspect compounded by the design errors in the early protocols [Arb03, Juu01b, Saa99]. The US Department of Defense recently issued Directive 8100.2 that requires encrypting all information sent in their networks according to the rules of the Federal Information Processing (FIP) standard. The provision also calls for antivirus software. It is interesting to observe that their concern is again mostly about transmission and they don’t seem to be worried about the other aspects of security.

On the other side, Ashley et al. arrived to the conclusion that WAP provides excellent security. It is true that Wi-Fi is becoming more secure and Bluetooth appears reasonably secure but they (and WAP) cover only some of the security layers. A basic security principle indicates that security is an all- layer problem, one or more secure layers is not enough. While some of the layers are still insecure, it is not possible to have true security.

Third generation systems will have voice quality that is comparable to public switched telephone networks. Voice over IP will bring its own set of security problems. The new systems will have also higher data rates, symmetrical and asymmetrical data transmission rates, support for both packet and circuit switched data services, adaptive interface to the Internet to reflect common asymmetry between inbound and outbound traffic, more efficient use of available spectrum, support for wide variety of mobile equipment, and more flexibility. All of these are the potential sources of new security problems.

Web services are not delivered directly to portable devices but transformed in the gateway. Most of the use of web services for mobile systems is now between servers. However, this situation is changing and predictions indicate that web services in cell phones will be arriving soon. In fact, Nokia just announced a Service-Oriented Architecture for smart mobile phones. Security will be an important issue for this generation of smart and complex devices.

Security patterns are a promising area to help designers build secure systems.

Several patterns have been found in the Bluetooth architecture, including versions of the Broker, Layers, Lookup, and Bridge patterns. However, no security patterns for wireless systems have been found yet. This is an area to explore.

Answer the questions

What are the peculiarities of wireless communication?

What are the forms of wireless communication?

How can the security of wireless systems be classified?

What is the forecast of wireless systems protection?