[ Home | Glossary | Acronyms | Links | Contact us ]

Cellular Networking Perspectives Ltd.

Back Issues List

A Technical Bulletin on Authentication, Voice & Data Encryption and other Wireless Security Issues


Wireless Security Perspectives was a monthly technical bulletin on authentication, voice and data encryption, fraud, network protection and other wireless security issues that was published until 2004. The technical editor was Les Owens, a respected cryptographer and wireless security expert (often quoted in the media). Articles were written by Les Owens, David Crowe (editor of Cellular Networking Perspectives) and by a variety of industry security experts.

From the first issue of the bulletin in March, 1999 until June, 1999 the bulletin was known as Dr. Jon's Wireless Security and was written by Dr. Jon Hamilton, a highly respected expert on cryptography and security issues. For July and August, 1999, the mysterious and anonymous Crypto Answer Man filled in, before Les Owens became the editor.

Wireless Security Perspectives is now available at now cost from this website, simply click on one of the month names below.

If you want to find out about the kind of information that we provide, sign up for our free alert service, occasional emails on a variety of standards and wireless technology topics.

We would like to hear from you. Send us your comments!

Credits

  • Technical Editor: Les Owens
  • Publisher: David Crowe
  • Article Sourcing: Tim Kridel
  • Layout: Doug Scofield, FrameWrite

List of Wireless Security Perspectives Back Issue Articles

December, 2004 Articles

1. Thank You Readers.
After 5 years, Wireless Security Perspectives is suspending publication.
2. The Latest in WiFi Certification…and WAPI.
3. The Hunt for Stolen Handsets.
Phone theft is a big problem in Europe. The IMEI, built into every handset, is one way to track stolen phones, and block them from making calls.
4. Progress in Hashing Cryptanalysis.
Due to newly discovered weaknesses in the MD5 secure hash algorithm, all new designs should use SHA-1, until even stronger hashes become available. Existing systems using MD5 should confirm that they only need target collision resistance, not random collision resistance.

November, 2004 Articles

1. Our Swan Song.
After more than 12 years, Cellular Networking Perspectives will suspend publication at the end of 2004.
2. Cell Broadcast and Emergency Alert Service: A Marriage Made in Heaven?.
Cell broadcast sends one radio message that is received by every idle mobile in the cell's coverage area. Wouldn't this be just ducky for sending out alerts for tornadoes, terrorist attacks and recently abducted children?.
3. 3GPP TSG Radio Access Network (RAN) Update.
An update on the activities of the 3GPP Technical Specification Group for the UMTS radio interface, including all their recently updated specifications.
4. 3GPP2 TSG-C/TIA TR-45.5 cdma2000 Standards.
A list of all cdma2000 standards published by TIA TR-45.5 and 3GPP2 TSG-C, including the IS-95 and IS-2000 radio interface specifications.

October, 2004 Articles

1. Water Water Everywhere but not an IMSI in Sight!.
IMSI seems like an almost infinite resource with a quadrillion distinct codes available, but sometimes there still are not enough, largely due to bad planning more than a decade ago. And the GSM Association wants to make sure it stays this way.

October, 2004 Articles

1. RFID - Facts and Myths, Risks and Security.
RFID is penetrating everywhere, perhaps even in the pocket of your designer jeans. This comes with a number of security risks that have not been fully addressed.
2. 3GPP TSG CN Update – Core Network.
An update on activities and specifications within the 3GPP TSG responsible for Core Network standardization. This includes both the MAP (Mobile Application Part) used by GSM for roaming for years and the 'All IP' core network designed for UMTS systems.
3. 3GPP Organization (TSGs and Working Groups).
The organizational structure of 3GPP TSGs, including all working groups.
4. 3GPP2 TSG-X (and related SDOs) Wireless Core Network Specifications.
The latest status of specifications produced by 3GPP2 TSG-X and its two associated North American SDO formulating groups: TR-45.2 and TR-45.6.
4. Fraud and Security Patent News.
The latest US fraud and security-related patents.

September, 2004 Articles

1. Reorganization of Surveillance Standards.
TIA TR-45 has reorganized its standardization efforts for lawfully authorized electronic surveillance (LAES).

September, 2004 Articles

1. In the News: Mosquito Bites.
The newest wireless annoyance, the Mosquito Trojan. Not serious yet, but it is only going to get worse.
2. ia450 – New Technology, Old Association, New Name.
The NMT association has a new focus – cdma2000 in the 450 MHz band.
2. Verizon Wireless Fries Spammer.
Cook up one for the good guys. Verizon nailed a wireless spammer from Rhode Island, and has a couple more cases pending.
3. New Leadership for TIA TR-45.2 .
The TIA TR-45.2 subcommittee for core network standards has a new chair and vice-chair. At least one of the names will be familiar.
3. Controlling Wireless Access to Adult Content.
Wireless carriers are starting to take the issue of access to adult content from wireless devices seriously.
4. ATIS T1's Vanishing Act.
The ATIS T1 group of standards committees all have new names, completing the integration of the committees back into ATIS.
4. Fraud and Security Patent News.
The latest US fraud and security-related patents.
5. 3GPP TSG SA: Service & System Aspects.
An update on the standards being produced by the 3GPP Technical Specification Group that provides much of its high level coordination and technical direction.

July, 2004 Articles

1. Is Your Coke Can Eavesdropping? It's NOT the real thing, then!.
Randomly selected Coke cans were equipped with GPS and transmission equipment for a contest and were seen as a security threat by some in the US military.
2. The Bell Labs Privacy-Conscious Personalization Framework.
Bell Labs has developed the iLocator system to support the rich personalization of data privacy.
3. U-R-Linked: WiFi Phones...and More.
The Wireless Bandits web site is a meeting place for WiFi hackers.
4. Fraud and Security Patent News.
US patents related to fraud and security that were issue in July 2004.
5. Corporate WiFi Security Survey.
An iGillot Research survey shows that 98% of corporate wireless LANs are secured, although VPN provides the security in most cases, not native WiFi.

June, 2004 Articles

1. Cryptography in the News.
The 802.11i security specification for 802.11 wireless LANs (WiFi) has been approved.
2. Quote of the Month.
Science is built up of facts, as a house is built of stones; but an accumulation of facts is no more a science than a heap of stones is a house. (Henri Poincaré).
3. Getting Ready for Harmful Content on Mobile Terminals.
Cabir was the first real mobile phone virus. What can be done about them?.
4. Swiss Track Prepaid Users.
A new law in Switzerland will force carriers to identify everyone using a prepaid wireless card.
5. Fraud and Security Patent News.
US patents issued in June 2004 covering issues of security and fraud management.

May, 2004 Articles

1. When Keyboards Talk.
There are several techniques, described in this article, allowing the recovery of keystrokes from a keyboard based on the sounds or light reflections from the keyboard.
2. US Law Enforcement Petitions for More Eavesdropping.
US law enforcement agencies have petitioned the US FCC for more eavesdropping, particularly for voice over IP and push-to-talk.
3. Fraud and Security Patent News.
US patents related to security and fraud management that were issued in May 2004.
4. Quote of the Month.
We must plan for freedom, and not only for security, if for no other reason than that only freedom can make security secure. (Sir Karl Popper).

April, 2004 Articles

1. Crypto In the News - PKIX Working Group Message Digest Specification.
A new 224-bit one-way hash function developed by the IETF that will be useful for Triple-DES.
2. China WAPI Update.
China blinked first. The country is backing off its plan to mandate a WiFi security algorithm that only Chinese companies would be privy to.
3. The RFID Bogeyman.
Some news reports and political speeches imply that RFID will enable 'Big Brother' to closely track ordinary citizens. However, RFID systems are not suitable for this role because of their miniscule monitoring radius.
4. Advanced in Wireless Fraud Detection.
Wireless packet data is raising new challenges for fraud detection. Systems based on profiling behaviour may well prove very useful for this, just as they are widely used for wireless voice systems. .
5. Fraud and Security Patent News.
US patents for security and fraud management purposes that were issued in April, 2004.
6. Wireless Insecurity.
In Norway you can file your taxes by SMS. It might ski there, but will it fly in America?.

March, 2004 Articles

1. California Mulls RFID Privacy Law.
In February 2004 the state of California set guidelines for consumer applications of RFID.
2. Privacy and Telematics: Driving Ahead of the Law.
Having a location-enabled device in your car could get you in trouble with your rental car company if you speed, or with the police if you hit and run.
3. Fraud and Security Patent News.
US Fraud and Security related patents approved in March 2004.

February, 2004 Articles

1. First Bluejacking, Now Bluesnarfing.
Bluesnarfing utilizes Bluetooth to access information stored on another device, relying on the non-existent or limited security most users have.
2. Securely Enabling Inermediary-Based Services, Part II.
ESVP extends IPsec ESP by leaving portions of the payload unencrypted at intermediary devices.
3. Fraud and Security Patent News.
A summary of recent US patents related to security and fraud management.

January, 2004 Articles

1. RFID Alternative in an 802.11 Network.
Under what circumstances could a WiFi tracking card be an alternative to RFID, and what would be the differences in security issues?.
2. Security Enabling Intermediary-based Services.
End-to-end encryption of IP messaging prevents intermediate nodes from performing many intelligent operations. To allow this perhaps two layers of encryption are required, with the outer layer providing visibility to intermediate network elements.
3. Fraud and Security Patent News.
Selected US fraud management and security-related patents for January 2004.

December, 2003 Articles

1. China's Home-grown WiFi Security.
China is attempting to impose their WAPI security scheme on WiFi vendors. Is this an attempt to bring money into the Chinese companies that control this, or is there a 'back door' which will allow Chinese authorities access to WiFi communications?.
2. The Sound of Security.
SonicKey is a Qualcomm research project to provide a strong authentication mechanism that can be cheaply deployed. It is basic on the transmission of a public key from a cell phone speaker.
3. Fraud and Security Patent News.

November, 2003 Articles

1. Bluejacking: Bluetooth Graffiti.
When someone with a Bluetooth-equipped cellphone throws an impertinent message on your screen do we have a security problem?.
2. Securing WLANs.
A discussion of the evolution of wireless LAN security, the reasons for WiFi's weaknesses, and the tradeoffs required to overcome them.
3. Fraud and Security Patent News.

October, 2003 Articles

1. In the News: T-Mobile, WiFi and 802.1X.
WiFi and Microsoft are teaming up to provide 802.1X enhanced security at T-Mobile's hot spots.
2. IMEI Fraud: Security in GSM.
Stolen phones can be used in many GSM networks because of limited abilities to verify that the IMEI (hardware identifier) of the phone. Internationally linked EIRs is a solution, although not completely secure.
3. A Precedent for Location Privacy?.
Finland is considering a law that would let parents track their children via wireless devices.
4. Creating a Secure and Trusted Environment in Wireless Terminals.
ARM, supplier of the designs for CPUs found in many wireless devices, is developing a new processor with a built in secured processing and storage area.
5. Secure Mobility Forum.
This forum has been created by the US National Security Agency to exchange ideas to help support classified mobile technology users.
6. Fraud and Security Patent News.
Recent US patents related to fraud prevention and other security issues.

September, 2003 Articles

1. GSM Voice Encryption Cracked.
A group of Israeli cryptographers have seriously cracked the A5/2 'export' voice encryption algorithm for GSM, and have used it as a wedge to walk around A5/1 and A5/3. A5/1 is also cracked, but only after some serious pre-computation (e.g. a room full of PCs cranking for a year).
2. Can You See Me Now?.
Camera phones are introducing new security issues - and innovative ways to deal with them!.
3. Scalable, Extensible Security is Key to RFID Ubiquity.
Radio Frequency ID (RFID) tags are a great convenience for many applications, but this author argues that without public key encryption they are simply not secure enough for most applications.
4. Addressing RFID Consumer Privacy Issues.
Consumer groups see RFID tags as intrusive. There are physical methods to deal with this, but they are generally inconvenient and not universally applicable. RSA theoreticians have designed the 'Blocker Tag' as a way to reduce privacy concerns.
5. GPS-less Tracking: RFID, WLAN and GSM-based.
Tracking requirements for Wireless LAN may be satisfied with simpler techniques than GPS.
6. Wireless Jammers and Scammers.
Jamming wireless is becoming more popular. At the high end is the US military, and at the low end salesmen who move from pub to pub selling illegal GSM jamming equipment.
7. Fraud and Security Patent News.
US fraud and security patents approved in August and September, 2003.

August, 2003 Articles

1. Security for 802.16 Networks.
An overview of security for the new IEEE 802.16 ('WiMax') wireless Metropolitan Area Network (MAN) standard.
2. WiFi (in)Security in the News.
DefCon introduced a WiFi sniffing robot to the world.
3. Biometrics Cellphone.
A new PDC cellphone has a fingerprint censor to protect the user's data within the phone.
4. Rogue AP Gadget.
Airsnarf from the Shmoo group demonstrates how easy it is to steal hotspot access information by temporarily emulating a hotspot.
5. Fraud and Security Patent News.
US security and fraud management patents recently assigned.

July, 2003 Articles

1. Security and Privacy in RFID.
Radio Frequency Identification (RFID) devices can be embedded in just about anything to enable intelligent tracking. There are a number of security challenges and privacy concerns, however, without obvious solutions.
2. Radio Security for Software-Defined Radios.
Software Defined Radio is made even more complex if radios have to adhere to national regulatory standards. This article describes how a security system can be designed to ensure that the radio hardware and software is only used when certified for the current location.
3. Fraud and Security Patent News.
A list of patents related to fraud management and other security issues that were approved by the US patent office in July, 2003.

June, 2003 Articles

1. In the news: 3G phones banned at Italian polls.
3G camera phones have been banned at Italian voting booths because of fears they will be used to verify vote-buying arrangements.
2. Software Defined Radio: Some Basics.
Software defined radios can change the radio interfaces that can be accessed by a change of software.
3. 'Over-the-Air' Firmware Updates of Mobiles.
Using the radio interface to update mobile firmware can save on customer service costs, but needs to be managed carefully to avoid flooding the airwaves.
4. Fraud and Security Patent News.
A list of patents related to fraud management and other security issues that were approved by the US patent office in June, 2003.

May, 2003 Articles

1. In the News: Automated Intelligence Systems.
The US Information Awareness Office has plans to automate the gathering of anti-terrorist intelligence.
2. Security for ubiquitous computing.
Plans for networked computers in fridges, stereos and cars raise some significant security issues.
3. Talk about Wireless Security!.
A stun gun disguised as a cellphone gives new meaning to the term "wireless security".
4. IREAN Workshop Papers Online.
Talks from a Virginia Tech conference covering wireless security are available online.
5. Fraud and Security Patent News.
The latest US patents for anti-fraud and security devices and systems.

April, 2003 Articles

1. In the News: WiLDing the Hotspot.
A description of how (and why) people go around monitoring for WiFi networks, including a description of the information they are trying to gather.
2. Enterprise Mobility and Security: Can you have both?.
A description ofhow wireless data can be made mobile (while retaining security) from WiFi to CDMA 1X to GPRS.
3. Fraud and Security Patent News.
US patents related to fraud and security that were recently granted.

March, 2003 Articles

1. In the news: Cellphone denial of service attack.
A European GSM phone (Nokia 6210) is vulnerable to a denial of service attack based on receipt of a malformed vCard. While not serious, this may be a harbinger of more dangerous attacks on wireless devices in the future.
2. Securing WLANs with Location Enabled Networks.
Wireless LANs based on 802.11b are easy to set up, but create many vulnerabilities for corporations, especially if installed within the corporate firewall. Location Enabled Networks are a solution that Newbury Networks is proposing.
3. Fraud and Security Patent News.
A list of security and fraud management patents that have been recently granted.

February, 2003 Articles

1. Nation Cybersecurity.
A summary of the US national strategy to secure cyberspace.
2. CALEA Packet Data Intercept for CDMA Packet Data Networks.
A description of how CALEA lawfully authorized intercept could work on packet data networks (e.g. CDMA2000).
3. Fraud and Security Patent News.
A list of important US fraud and security patents issued in January, 2003.

January, 2003 Articles

1. GPS Impacts from a Kit-built jammer.
Instructions for building a GPS jammer from a simple kit are now on the internet. What havoc could this wreak?.
2. Security Requirements for the Management Plane.
ATIS T1M1 has released a new standard that describes how to secure telecom management systems.
3. CALEA: What a Long, Strange Trip it has been.
Two well-known telecom lawyers take a look back at the development (and many roadblocks) in compliance with US CALEA 'intercept' legislation.
4. Fraud and Security Patent News.
A list of important US fraud and security patents issued in January, 2003.

December, 2002 Articles

1. Biometric security for wireless devices.
A discussion of how biometric security could find practical application in wireless devices.
2. Fraud and Security Patent News.
The latest information on US fraud and security-related patents issued in November and December, 2002.

November, 2002 Articles

1. In the News: Cyberdefense.
The NSA and DoD are combining resources to develop the "Therminator", designed to image a network's traffic.
2. Evolution of WiFi Security.
WEP is broken, WPA is an interim fix, but long term WiFi security rests on RSN (Robust Security Networks).
3. Computer Security: Special Publication 800 Series.
NIST publication 800-48 examines the security benefits and risks of wireless technologies, including 802.11 (WiFi) and Bluetooth.
4. Fraud and Security Patent News.
Fraud and security-related patents granted in October and November 2002. .

October, 2002 Articles

1. Cryptography in the News.
An update on quantum cryptography - now going wireless.
2. More NIST Documents.
An update on recently released NIST documents, including 800-38B on the RMAC Authentication Mode.
3. 3GPP2 Security Algorithms.
An update on the 3GPP2 security algorithms, based on SHA-1 and Rijndael.
4. Fraud and Security Patent News.
US Security and Fraud patents granted in October, 2002.

September, 2002 Articles

1. Development in Prime Number Searching - Primality Testing.
In August 2002, Indian scientists claimed to have found a more efficient and accurate algorithm for determining primality of a number. Many security algorithms rely on the difficulty of factoring multiples of large prime numbers.
2. Fraud and Security Patent News.
Relevant US patents issued in July and August, 2002.

July, 2002 Articles

1. New Algorithm Developed: A5/3 Cipher.
GSM has developed a new, higher security algorithm for encryption of traffic, based on work on 3G security. It is based on the Kasumi kernel.
2. Request for Comments on NIST draft.
NIST has released a draft of special publication 800-48, entitled Wireless Network Security: 802.11, Bluetooth and Handheld Devices for comment.
3. Fraud and Patent Security News.
Relevant US patents released in June and July, 2002.

June, 2002 Articles

1. New Wireless Security Book.
802.11 Wireless Networks: The Definitive Guide to Creating and Administering Wireless Networks was published in April 2002.
2. Book Review - Hackproofing your Network.
3. URL of Interest.
www.netstumbler.com provides a great deal of information related to wireless networking technology and security.
4. IETF Insights.
A brief description of events at the 54th meeting of the IETF in Japan during July 2002.
5. Other IETF Insights.
IETF drafts for X.509 (PKI), Policy Extension, X.509 PKI Identifier and WLAN Certificate Extensions are described.
6. Fraud and Security Patent News.
Relevant US patents issued in April, May and June, 2002.

April, 2002 Articles

1. Crypto in the News: FIPS 198 Published.
NIST released an updated version of the FIPS 198 Keyed-Hash Message Authentication Code (HMAC) on April 18, 2002.
2. Wireless Security in a Mobile World.
How to deal with security holes, missing management capabilites and lack of support for mobility or applications on 802.11 'WiFi' WLAN systems.
3. Fraud and Security Patent News.
Descriptions of fraud and security-related US patents issued in April, 2002.

March, 2002 Articles

1. Editor at Wireless Security Conference.
WSP editor Les Owens is speaking at a Wireless Security Conference in New York City on May 8-9, 2002 arranged by the Strategic Research Institute (www.srinstitute.com).
2. Enterprise Mobile Security - Is it Possible?.
How can enterprises ensure the security of their corporate networks while allowing access from employees using mobile devices such as laptops and PDAs.
3. IETF Insights.
Descriptions of security related IETF standards (RFCs) for XML digital signatures, Kerberos-based Windows 2000 security and proper procedures for gathering evidence after a cyber-security incident.
4. Fraud and Security Patent News.
US fraud and security patents granted in March 2002.

February, 2002 Articles

1. The ISTPA privacy framework in wireless environments.
An attempt to define a technical framework to protect the privacy of personal information in wireless environments.
2. Rindjael in action.
The IETF (Internet Engineering Task Force) has recently produced an Internet Draft, titled, “The AES Cipher Algorithm and Its Use With IPsec.” It describes the use of the AES Cipher Algorithm in Cipher Block Chaining (CBC) Mode, as a confidentiality mechanism within IPSec. IPSec is the security protocol suite at the foundation of Virtual Private Networks (VPNs) – both wireless and wired.
3. MobileIP security.
An Internet draft has been developed that specifies a security “threat model” to allow identification of the security requirements in the MobileIP environment.
4. Fraud and security patent news.
Patents approved by the USPTO in December 2001 and February 2002.

January, 2002 Articles

1. Security Silicon is booming.
A brief description of the chips being produced by Cavium Networks, Corrent, HiFn and Net Octave that embed security algorithms in silicon.
2. Securing the Maginot Line of Wireless LANs.
David Juitt of Bluesocket provides a perspective on requirements for securing the increasingly popular IEEE 802.11 wireless LAN protocol.
3. Upcoming Fraud and Security Events.
List of major fraud and security events occuring in the months following publication.
4. Fraud and Security Patent News.
Security related patents granted by the US patent office in December 2001 or January 2002.

December, 2001 Articles

1. U.S. Government Approves AES.
On December 4, 2001, the United States Secretary of Commerce announced approval of the Advanced Encryption Standard (AES), the new information technology encryption standard for the federal government.
2. New cdma2000 Security Group.
3GPP2 has created a new security group that will gradually take over responsibilities from the TIA AHAG.
3. Fraud and Security Patent News.
Patents granted by December 11, 2001.
4. New Wireless Security Solution for IEEE 802.11 WEP.
RSA Security Inc. recently announced that it helped create a more secure solution for the encryption standard in WEP. The solution, called Fast Packet Keying, is designed to generate a unique RC4 cryptographic key for each packet sent over the wireless LAN. .

November, 2001 Articles

1. Wireless LAN Security in 802.11b Enterprise Networks.
A detailed description of security risk in 802.11b wireless LAN networks, and some of the techniques that can be used to mitigate these risks.
2. Crypto in the News.
New chips from Dallas Semiconductor implement the SHA-1 digital 'fingerprint' algorithm.
2. Upcoming Fraud and Security Events.
4. Fraud and Security Patents.
Summary of security-related patents that were granted by the US patent office in October and November 2001.

October, 2001 Articles

1. Improving Wireless LAN Authentication.
New ideas on how to improve the security of 802.11 (WiFi) wireless LAN authentication methodologies.
2. Fraud and patent security news.
Security related patents granted in October 2001.

September, 2001 Articles

1. Rijndael Revealed.
This article examines Rijndael, the encryption algorithm chosen by the US government as AES, to replace DES.
2. Fraud and Security Patent News.
The latest patents in the security area.

August, 2001 Articles

1. Security - The Key to m-commerce.
WAP has significant security flaws for m-commerce. What are the requirements?.
2. Fraud and Security Patent News.
The latest patents in the security area.

July, 2001 Articles

1. CryptoNews: New Federal Cryptography Standard Approved.
US FIPS 140-2 defines minimum levels of security in federal security products as of November 25, 2001.
2. Encryption and Export Controls.
The US government has strict rules on exports of encryption technology. These have had a significant restrictive impact on TIA standards development.
3. Fraud and Security Patent News.
A list of new US patents related to fraud and security that were approved in June and July, 2001.

June, 2001 Articles

1. An overview of Public Key Infrastructure (PKI).
PKI promises to tie together all the parts of a security system so they are more easily managed. Certificates are an essential component of these systems.
2. Appendix: Simple example of the RSA algorithm.
3. Fraud and security patent news.

May, 2001 Articles

1. Designing Security Systems for Biometric Authentication.
Designing biometric security systems requires more care to be taken over the enrollment process and internal communications.

April, 2001 Articles

1. Grrr...Carnivore: Ethernet Packet Wiretaps.
Carnivore is the FBI system used for lawfully authorized electronic surveillance of ISP customers. What are its implications for wireless data?.
2. Cryptographic News - DSL: Always On? Always Open?.
What are the implications of the recent 'back doors' found in Alcatel DSL modems?.

February, 2001 Articles

1. CryptoNews: WEP Woes.
Vulnerabilities published regarding Wireless Equivalency Protocol used by 802.11b.
2. Bluetooth, Part II: Applications.
How the Bluetooth cable replacement protocol could be used to make secure, mobile wireless security provisioning possible.
3. Bluetooth, Part III: Information Resources.
Lists of websites related to Bluetooth, including upcoming conferences and major manufacturers.

January, 2001 Articles

1. Bluetooth: A Global Specification for Wireless Connectivity.
Bluetooth promises to replace wires between personal electronic devices by radio waves. But, what are the security implications.

November, 2000 Articles

1. CryptoNews: VPNs are taking off.
2. Abelian Varieties: Optimal Cryptography for Wireless Applications.
Abelian varieties are an an advanced new number-theoretic form of public key encryption, and offer future hope for more secure wireless communications.

October, 2000 Articles

1. CryptoNews: Rijndael Selected for AES.
The long-awaited replacement to the DES encryption algorithm has been announced, named after its Belgian creators.
2. Another Cryptographic Option for Wireless Communications: "Lattice" Cryptography from NTRU Cryptosystems.
NTRU's 'Lattice' cryptography is a relatively new publickey cryptosystem (PKCS) that has some significant performance advantages over existing PKCS options.

September, 2000 Articles

1. Public Key Cryptosystems (PKCS): A Three Part Series.
WSP is initiating a three part series on public key cryptosystems, with a focus on their wireless applications.
2. PKCS Part I: Is Elliptic Curve Cryptography Ideal for Wireless?.
The demand for small wireless devices, enabling mobile commerce, location-based services, and the extension of the corporate intranet, is fueling the deployment of Elliptic Curve Cryptography.

August, 2000 Articles

1. EPE: A Network View.
TDMA Enhanced Privacy and Encryption (EPE) was designed to enhance a subscriber's privacy in two ways: Signaling Message Encryption (SME) and voice/user data privacy. Signaling message encryption prevents subscriber sensitive information, (e.g., calling party number), from being transmitted in the clear over the air. Voice and user data privacy prevents an intruder from eavesdropping on a subscriber's conversation on the air interface between the mobile station and base station. Currently, the wireless industry is using the Cellular Message Encryption Algorithm (CMEA) and Voice Privacy Mask (VPM) key generation procedure to protect a subscriber's privacy. Since these keys are static, TR45 AHAG has proposed using the new EPE to provide dynamic session keys, Digital Control Channel (DCCH) and Digital Traffic Channel (DTC) keys, for every TDMA burst. EPE is targeted for mobile stations and wireless network that support at least TIA/EIA-136B.

July, 2000 Articles

1. Inside EPE.
Enhanced Privacy and Encryption is a new technology being used in TDMA (TIA/EIA-136) systems for protecting voice, data and signaling communications.

June, 2000 Articles

1. Response to Global Roaming and Security.
Frank Quick and Greg Rose of Qualcomm respond to a May, 2000 article on 3G authentication, claiming that the authors from Lucent were interpreting differences between CAVE and AKA authentication as deficiencies of AKA.

May, 2000 Articles

1. Lucent Technologies on 3G Authentication.
Lucent Technologies provides its opinion on 3G authentication, and particularly on the remaining weaknesses of AKA chosen for future TIA-based authentication.

April, 2000 Articles

1. Enhancing Network Security: TIA/EIA/IS-778.
Authentication procedures for analog, TDMA and CDMA network operations are defined in TIA/EIA-41-D. IS-778 is a recent tune-up to close loopholes, extend the situations covered by authentication, and clarify the specification.

February, 2000 Articles

1. Wireless Application Protocol (WAP) Security: How does it work.
WAP is being touted as a way to bring the wonders of the web to wireless devices. But if e-commerce is to thrive, how can it be secured?.
2. Book Review: The Code Book by Simon Singh.
A new (October 1999) book on the history of code-making and code-breaking from the distant past to the speculative future.

January, 2000 Articles

1. Recent Cryptanalysis of GSM A5/1 Algorithm: What Does it Mean?.
A5/1 is used for voice encryption in GSM. Has it been cracked, and will criminals be able to exploit this?.

December, 1999 Articles

1. Enhanced Security and Authentication...and Then There Was One...
Originally there were four candidates for TIA's ESA replacement for CAVE-based authentication and encryption. Now there is only one (or is it two?).
2. 3GPP Authentication and Key Agreement: Looking under the Hood.
3GPP AKA is a surprise winner of the AHAG contest to replaced CAVE-based authentication. What are its strengths and weaknesses? Will it really make global roaming easier?.

October, 1999 Articles

1. ESA Part II: The Four Candidates.
There are four candidates to replace the CAVE authentication algorithm: Lucent's LESA, a GSM-centric proposal from 3GPP and two public key proposals from Certicom and CipherIT.
2. Network Concerns.
TIA standards subcommittee TR-45.2 is trying to figure out how the various ESA proposals can fit into inter-system operations.

September, 1999 Articles

1. From Dr. Jon's Wireless Security to Wireless Security Perspectives.
Our name has been changed to reflect the topics we will be covering, rather than the name of the first writer.
2. ESA Part I: What is all this Enhanced Subscriber Authentication stuff anyway?.
Is the A-Key we've come to know and tolerate going away? Why? What is going to be replacing it?.

August, 1999 Articles

1. AHAG Update.
ESA candidate will strut their stuff in late August. AHAG is considering the impact of Twinkle, and related attacks, on wireless security.
2. Basics of Wireless Authentication.
The Crypto-Answer-Man describes how wireless authentication protects against cloning.
3. New Writer, New Name.
Les Owens has been appointed chief writer for Dr. Jon's Wireless Security. A new name is required. [Wireless Security Perspectives was chosen in September, 1999].

July, 1999 Articles

1. Transmitting Keys Over a Radio Interface.
The "Crypto Answer Man" answers the question: How can you securely transmit a secret key over a radio interface?.
2. AHAG Update.
What is new with the ad-hoc Authentication Group?.
3. Encryption certificates.
What are encryption certificates? And, how does the certificate authority authenticate the party it sends a certificate to?.

June, 1999 Articles

1. Security issues for wireless networks.
Major issues in the security of wireless system, including types of attacks and strength of cryptographic algorithms. Includes a number of security recommendations from Dr. Jon Hamilton.

May, 1999 Articles

1. Public Key versus Symmetric Key Cryptography.
A comparison of Symmetric Key (aka Private Key) cryptography and Public Key cryptography, focussed on the correct choice for the Enhanced Subscriber Authentication (ESA) algorithm. .
2. International Wireless Security.
A summary of a meeting between North American and Japanese wireless companies interested in security issues.
3. Dr. Jon's Recommendation.
Public Key encryption should be chosen for the ESA algorithm for future, more secure wireless networks.

April, 1999 Articles

1. Enhanced Subscriber Authentication (ESA).
A description of the requirements for the new authentication algorithm being chosen for TIA wireless standards.
2. Update on AHAG (TIA TR-45 Standards Committee Ad Hoc Authentication Group).
AHAG activities include ESA (see above), ESP (Enhanced Subscriber Privacy) and the review of new services from the CDMA (TR-45.5) and network subcommittees (TR-45.2).

March, 1999 Articles

1. Introducing Dr. Jon's Wireless Security.
This new report will be published monthly as an optional enhancement to your existing Cellular Networking Perspectives subscription. It will inform you about authentication, voice and data privacy, and network security issues for wireless systems.
2. Introduction to AHAG.
AHAG is not a code word for a predatory mother in law, but rather the TR-45 Ad Hoc Authentication Group, which is responsible for authentication, voice and data privacy, and network security issues for TIA/EIA-41 wireless networks...
3. Interim Security Enhancements.
An interim alternative to CAVE (Cellular & Voice Encryption algorithm) is under consideration by AHAG.
4. Enhanced Security Algorithms (includes table).
The major goal of AHAG in 1999 is to develop cryptographic algorithms and processes for Enhanced Subscriber Authentication (ESA) and Enhanced Subscriber Privacy (ESP).
5. Enhanced Security Algorithms (includes table).
TR-45.2 has approved Authentication Enhancements to TIA/EIA-41-D (project PN-4081) for TIA publication as IS-778.
6. Global Roaming.
Global roaming requires global authentication in this age of authenticatable wireless phones...
7. Replacing DES.
The United States Government, through NIST, is sponsoring a competition for the replacement of 25 year old DES (Data Encryption Standard).

© – Copyright 2007: Cellular Networking Perspectives Ltd. Last updated: November 28, 2007.