 |
|
|
There is a huge gulf between the reality of today’s 2G wireless systems and the dream of tomorrow’s 3G systems. While standards, harmonization agreements, and business plans are being churned out to try to determine exactly what 3G really is (or to convince your customers that what you plan to have ‘n’ years from now is exactly what they are going to need), there are a number small steps that can be taken to improve the security and robustness of wireless systems. Collectively, they will go part of the way towards making the 3G dream come true.
Smart Cards (also known as User Identity Modules (UIM) or Subscriber Identity Modules (SIM)) are mandatory in existing GSM systems. They are a simple computer system on a credit-card-sized device that can securely store the identity and profile of a mobile user. Initially, it was thought that many users would only own a smart card, and would just rent or borrow a phone, inserting their smart card to instantly personalize them. But as the price of phones to users has plummeted over the past decade, there is little benefit to this model, except when roaming in an area that does not support the type of service you have at home. Further, the small size of phone has driven the market away from the full-sized Smart Card, towards the “Smart Chip” which is embedded in the phone, and much less likely to be moved.
However, the smart card, whether embedded in a phone or not, has much potential for future use in e-commerce systems. If it could contain not only the user’s wireless subscription identity and parameters, but also credit card and banking information, it could be used for wireless purchases. Smart cards also have benefits in providing a way for carriers to securely provide pre-programmed subscription information, including the security keys that should not be viewable by people selling phones.
Future modifications to CDMA and TDMA standards are being planned to support smart cards, likely making this technology ubiquitous in 3G systems. Systems for using wireless phones for purchases are still in their infancy, but the combination of Smart Card and WAP Browser may eventually make w-commerce a reality, combining convenience and security.
All wireless systems have had embarrassing security failures over the past few years. First the North American standards were compromised by Bruce Schneier, and then, more recently, GSM standards by Biryukov and Shamir. None of the attacks that have been publicized have really been as bad as some press reports implied, but there is genuine concern that the security of wireless communications is far less than it should be. It is likely that more potent attacks have already been developed by government agencies, and there is a real possibility that, within a few years, sophisticated criminal organizations will again be able to routinely break the security of wireless communications.
To avoid worse revelations in the future, standards organizations around the world are working on the next generation of wireless security standards. It looks, at present, like the winner is the 3GPP AKA method developed in Europe, which has also been adopted in principle by TIA standards committees responsible for TDMA and CDMA standards. 3GPP AKA is based on GSM security algorithms, although it is considerably stronger, and has several major enhancements. It is likely that some of the techniques embedded in the current CAVE-based security used in TDMA and CDMA systems will also be merged in. This could lead to a globally harmonized security system that may make worldwide roaming more accessible, and more secure. Even if radio interfaces are not harmonized, at least multi-mode phones would only have to support a single suite of security algorithms.
GSM security algorithms have the interesting characteristic that the home system can run any authentication algorithm that it wants. Unlike current TDMA and CDMA systems, authentication keys are not provided to the system serving a roamer, but a series of numerical “Questions and Answers.” The serving system picks a question (actually a number) and sends it to the mobile. The mobile either responds with the correct answer (another number, based on a calculation using the first number and secret keys on the Smart Card) or it doesn’t (there is no concept of ‘almost right’). This method does not require the serving system to execute the authentication algorithms (although encryption algorithms do need to be executed, due to real-time constraints). 3GPP AKA preserves this method of operation.
Wired telephony is generally viewed as more robust than wireless, at least under normal conditions. When disasters strike, wireless may be more available, but on days without floods, earthquakes or hurricanes, it is more likely to be a wireless call that fails due to congestion. While wireless was initially viewed as an adjunct, luxury service, it is now an integral part of many people’s lives. Demands for reliability are increasing.
One of the challenges with communications systems is how to provide a reliable system under the worst conditions, and not just under the best. Reliability does not mean that all calls are completed, but it does not mean that the network capacity should start dropping under conditions of heavy load either. It is acceptable for congestion to occur on Mother’s Day, for example, but it is not acceptable for a network to collapse under the load, or to spend so much time handling each call that most callers hang up, not realizing that their calls will eventually succeed. There has to be a graceful way to shed some load, while handling as many calls as possible.
In wireline systems, an obscure technique known as Automatic Code Gapping (ACG) is used, and there now are proposals to include that in future wireless backbone network standards. ACG allows a specified percentage of calls received from a number range or destined to a number range to be blocked, providing a controlled throttling of the network. In the case of a phone-in contest, for example, many people may be dialing a single phone number. By blocking a percentage of calls destined for the switch that holds the contest phone number, that switch can be protected from collapse. In the situation of a major disaster, switches may impose controls to give everyone an even chance of getting a call through, without threatening the ability of the network to continue to process calls. It is better to get a fast-busy signal from your local switch, rather than tying up a number of trunks throughout the network, only to get the same fast-busy signal from the destination switch.
One of the complexities of ACG in a modern environment is local number portability. It used to be that, with a few exceptions, every phone number in a block of 10,000 was served by the same switch. But, with number portability, some of those numbers can be moved to other switches. It is important that ACG is not triggered by a ported number, resulting in the blocking of calls to or from a switch that is not responsible for the overload situation.
Increased network robustness is going to have to be one of the characteristics of 3G systems. The number of people using wireless will continue to climb, and their expectations for quality of service will also continue to increase. Network management techniques, such as ACG may contribute, albeit invisibly, to the increasing perception of wireless system reliability.
As wireless matures from 2G to 3G, it will have to confront many new challenges. Most of the focus is currently on the pizzazz of new technologies such as high-speed surfing using WAP browsers, and not on the more mundane, but equally important issues of network reliability and security. People may find WAP browsers to be cool and exciting, but they will not continue to use them if their sessions keep disconnecting, if their throughput drops to a crawl, or if their personal information shows up on a public website the next day!
© – Copyright