Subject: Mobile Computing

Difficulty: Medium

Marks: 6 Marks

• Mobile application spans over several networks. One of these networks will be a wireless radio network. Others will be wired network.
• At the boundary of any of these networks, there is need for protocol conversion gateways. These gateways run either at the transport layer or at the application layers.
• Multiple gateways and multiple networks make security challenges in mobile environment complex. In security system, authentication and non-repudiation are meaningful only when these are implemented end to end between parties that need to authenticate each other.
• Authorization is a direct function of authentication. Therefore it is also an end to end function. Authentication, authorization and non-repudiation must therefore be implemented at the application layer. Confidentiality and Integrity can be implemented at any layer or through multiple layers.
• Therefore to offer secured environment in a mobile environment, security procedures will be a combination of many procedures and function.

1. 3GPP security architecture

   In 3GPP’s security architecture, the emphasis is on the network access security mechanism, including mutual authentication, universal terrestrial radio access network (UTRAN) ciphering, and integrity protection of signaling data. Network access security mechanisms mainly fall into three categories:

• Identification by temporary identities such as Temporary Mobile Subscriber Identity (TMSI)
• Identification by a permanent identity such as International Mobile Subscriber Identity (IMSI)
• Authentication and key agreement (AKA). 3GPP looked into these concerns and proposed a new architecture through following important changes:

--- Changes were made to defeat the false base station attack. It is now capable of identifying the network.

--- Key lengths are increased to allow stronger algorithms for encryption and integrity.

--- Mechanisms are included to support security within and between networks.

--- Security is based within the switch rather than the base station to ensure that links are protected between station and switch.

--- The authentication algorithm has not been defined but guidance on choice will be given.

1. Mobile Virtual Private Network

1.Mobile VPN is a private network over a public network (usually the Internet) to connect two endpoints.

2.Instead of using a dedicated physical connection such as leased line, a VPN uses virtual connections routed through the Internet from the enterprise’s private network to the remote mobile device.

3.VPN implements this through an encrypted private connection between nodes.

4.It generally uses IPSec and other PKI frameworks to offer confidentiality, authentication, non-repudiation and Integrity.

1. SMART CARD Security

1.Smart card is called smart because it contains a computer chip.

2.Indeed, smart card is often referred to as chip card or integrated circuit card. It provides not only memory capacity, but computational capability as well.

3.The self-containment of smart card makes it resistant to attack, as it does not need to depend uponpotentially vulnerable external resources.

4.Because of this characteristic, smart cards are often used in different applications, which require strong security protection and authentication.

1. Multifactor Security:

Multifactor security implies to a system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction. Multi factor Security can be a combination of any of the following factors:

a. What You Know: The idea here is that you know a secret often called a password that nobody else does. Thus, knowledge of a secret distinguishes you from all other individuals. And the authentication system simply needs to check to see if the person claiming to be you knows the secret. (e.g. Password, Pass Phrase , PIN, Answer to some personal question)

b. What You Have: Instead of basing authentication on something a principal knows and can forget, maybe we should base it on something the principal has. (E.g. Magnetic Stripe Card, Smart Card, Hardware token, Physical Key, Private Key protected by password)

c. Who You Are: Authentication based on "something you are" will employ behavioral and physiological characteristics of the principal. (E.g. Retinal scan, Fingerprint reader, Handprint reader, Voice print)