Ethan Frome - Crui

wirelessguideΚινητά – Ασύρματες Τεχνολογίες

24 Νοε 2013 (πριν από 3 χρόνια και 10 μήνες)

70 εμφανίσεις










_____________________________________
___________________________________________________________


----------------------------------------------------------------------------------------------------------------
---------------------------

Sede centrale:
Via S. Marta,3


50139 Firenze


Tel: +39
-
055
-
47961 Fax: +39.055.494569

Sede distaccata: Via Lombroso, 6/17 50134 Firenze


Tel: +39.055.47961 Fax: +39.055.4796767

E
-
Mail: contact@det.unifi.it www.det.unifi.it


1
/
5

Università degli Studi di Firenze

DET

Dipartimento di El
ettronica e Telecomunicazioni


Future Mobile Security and Privacy


Introduction and overview

Recent years have witnessed the rapid growth of wireless technology. Mobile computing and
networks are becoming ubiquitous and portable devices
-

such as laptops, palmtops, PDAs,
cellular phones



providing broadband access to network services are becoming pervasive.

Wireless technology offers many benefits


such as portability, flexibility, increased
productivity and lower installation costs.

One of the major concerns in the context of wirel
ess communication is security. Users are
more and more aware of the impact of the development of mobile communications on their
personal privacy.

The large scale adoption of mobile computing technologies has led to several applications that
involve access
to, and transmission of, sensitive information, making security a serious problem.

Security issues that are traditionally present in wired networks are exacerbated in the wireless
context. In fact, the use of a public transmission medium, such as the airwa
ve, implies that the
physical signal is open and easily accessible to malicious entities. Moreover, the mobility of users
and wireless handsets introduces more security concerns.

Security in wireless systems is essential to the future of wireless communica
tions but its
implementation is a difficult and challenging task. Security issues can be best addressed if they are
considered as an integral part of the system design for wireless components, rather than being
addressed as an afterthought.

The goal is to
establish foundations for security provision from the start of the design and
development of the next generation of mobile communication technology in order to provide
secure, trusted communications between people, and ease of access to information and ser
vices
wherever and whenever we want it.



Basic security services

There are some key concepts that need to be addressed when discussing the provision of
security; we will refer to these issues with the term
security services
or

security features
:



Authenti
cation



the process of proving the credentials (identity, location, and other
attributes) to another individual or system component. The more secure the method of
authentication, the more confident we are that individuals who interact with the system are
who
they claim to be.



Confidentiality



the process of protecting information from unauthorized users, therefore
providing privacy.










_____________________________________
___________________________________________________________


----------------------------------------------------------------------------------------------------------------
---------------------------

Sede centrale:
Via S. Marta,3


50139 Firenze


Tel: +39
-
055
-
47961 Fax: +39.055.494569

Sede distaccata: Via Lombroso, 6/17 50134 Firenze


Tel: +39.055.47961 Fax: +39.055.4796767

E
-
Mail: contact@det.unifi.it www.det.unifi.it


2
/
5

Università degli Studi di Firenze

DET

Dipartimento di El
ettronica e Telecomunicazioni




Integrity



the process of verifying that a piece of information has come from a source
recognized by the system and has not

been modified by an unauthorized party.



Non
-
repudiation



service provided the recipient/originator of data, providing evidence
that data were genuinely sent by the originator/received by its intended recipient.

Note that these services can be provided by

a variety of different techniques. Identifying
which security services are needed comes from a requirements analysis of a system: deciding
which security mechanisms should be employed to provide the services, and how they should be
managed, is an implemen
tation decision.



State of the art in security technologies

Global System for Mobile Communications (GSM):

its relatively high level of security is
determined by the fact that security was taken into account from the start of its development and
was defi
ned and embedded in standards. GSM provides security functions for
authentication


checking the user identity with the Subscriber Identity Module (SIM); for
anonymity



protecting
the subscriber anonymity; and for
confidentiality



encrypting user’s voice

and data and sensitive
signaling data.

Universal Mobile Telecommunication System (UMTS):

its security is built on the success of GSM
providing new and enhanced security features, which are divided into network access security,
network domain security, use
r domain security and application domain security features.

Bluetooth:

in this radio wave based, short range communication technology effort has been
made to develop and standardize adequate security mechanisms. It provides peer device
authentication and a
n encryption mechanism; still, more work is required.

Wireless Local Area Network (WLAN):

in the default mode, WLAN does not provide any
security features; thus, a mobile attacker can eavesdrop and manipulate all the wireless traffic with
standard tools. T
he Wireless Equivalent Protocol (WEP) is the security mechanism defined in the
IEEE 802.11 standard and is designed to provide data confidentiality, control of access to wireless
network infrastructure and data integrity. However, WEP cannot be relied on f
or security because
weaknesses have been proved.

Secure Sockets Layer (SSL)

and
Transport Layer Security (TLS):

these network protocols are by far
the most widely used Internet security protocols. They provide entity authentication, data
authentication and

data confidentiality.

Wireless Application Protocol (WAP):

it is essentially the wireless equivalent of the Internet
protocol stack; however, it showed serious security gaps after its introduction. The communication
between the mobile phone and the WAP ga
teway is secured with WTLS, a wireless variant of the
SSL and TLS protocols.













_____________________________________
___________________________________________________________


----------------------------------------------------------------------------------------------------------------
---------------------------

Sede centrale:
Via S. Marta,3


50139 Firenze


Tel: +39
-
055
-
47961 Fax: +39.055.494569

Sede distaccata: Via Lombroso, 6/17 50134 Firenze


Tel: +39.055.47961 Fax: +39.055.4796767

E
-
Mail: contact@det.unifi.it www.det.unifi.it


3
/
5

Università degli Studi di Firenze

DET

Dipartimento di El
ettronica e Telecomunicazioni


Need for security and privacy

The increasingly important role played in the society by mobile communications is, in
contrast, characterized by an effective lack of security. Cu
rrent solutions do not show the flexibility
and interoperability that is needed for securing mobile communications. In fact, limitations and
vulnerabilities can be observed in wireless security:



access points are easily accessed by users outside the physic
al location;



eavesdropping is very easy, undetectable, and can be done from afar with simple
equipment;



many wireless technologies do not have built
-
in authentication measures;



encryption of data and key management procedures have showed many weaknesses.


The lack of effective security is strongly connected with technical, human, social, economic
and legal factors:



rapid development of mobile technology due to high user expectations;




implementation of security is seen as too much work in a short time;




creation of secure software is a complicated task;




careless software installation and maintenance;




many industries didn’t emphasize security in the past;




managing passwords is seen as a hard endeavor;




limited processing power and storage capabilities o
f mobile devices;




current solutions lack the flexibility and interoperability that is needed for securing mobile
communications;




most consumers are not aware of the potential risks and not concerned about security.



Requirements for further research

Security and privacy issues are becoming important and complex due to the growing demand
for mobile communications. The development of technologies cannot be divorced from socio
-
economic and legal factors.

Technology

issues for mobile security are:



need

for privacy preserving technologies;



authentication and access control;



standardization of mobile security;



infrastructure protection.

Socio
-
economic

issues for mobile security are:



adequate security is prerequisite for new ways of working and new t
ypes of business;



security as a value
-
creator (business perspective);



acceptance;



benefits for society.










_____________________________________
___________________________________________________________


----------------------------------------------------------------------------------------------------------------
---------------------------

Sede centrale:
Via S. Marta,3


50139 Firenze


Tel: +39
-
055
-
47961 Fax: +39.055.494569

Sede distaccata: Via Lombroso, 6/17 50134 Firenze


Tel: +39.055.47961 Fax: +39.055.4796767

E
-
Mail: contact@det.unifi.it www.det.unifi.it


4
/
5

Università degli Studi di Firenze

DET

Dipartimento di El
ettronica e Telecomunicazioni


Legislative/regulatory

issues for mobile security:



conditions which will enable and encourage the growth and development of future digital
services;



protection of human rights.

These three aspects


economy/society, legislation/regulation, and access/technology


need to be
integrated for the success of future wireless communications.



High
-
priority research issues

The most crucial and challenging
topics that need to be addressed in the future 5
-
10 years are:



User privacy and identity management.



Trust in dynamically changing networks.



Distributed and adaptable intrusion detection systems.



Trusted computing platforms on devices.



More sophistica
ted content protection.


University of Florence main research topics

The
University of Florence

is now involved in the following studies:



Digital watermarking techniques.



Cryptography algorithms.



Physical layer intrinsic secure transmission
techniques
.



MAC level user authentication/identification.



Personal data treatment in immersive wireless environment (legal aspects).






Contact Information
:


Prof. Enrico Del Re

(
delre@lenst.det.unifi.it
)


Ing. Lor
enzo Mucchi

(
mucchi@lenst.det.unifi.it
)


Dott
. Chiara Falsi

(
falsi@lenst.det.unifi.it
)










_____________________________________
___________________________________________________________


----------------------------------------------------------------------------------------------------------------
---------------------------

Sede centrale:
Via S. Marta,3


50139 Firenze


Tel: +39
-
055
-
47961 Fax: +39.055.494569

Sede distaccata: Via Lombroso, 6/17 50134 Firenze


Tel: +39.055.47961 Fax: +39.055.4796767

E
-
Mail: contact@det.unifi.it www.det.unifi.it


5
/
5

Università degli Studi di Firenze

DET

Dipartimento di El
ettronica e Telecomunicazioni