Contact:http://www.packetnexus.com
Experts ponder securing the wireless world April 13, 2001 Web posted at: 10:23 a.m. EDT (1423 GMT) By Cameron Crouch SAN FRANCISCO, California (IDG) -- As security experts watch the airwaves get crowded with wireless transmissions of voice and data, they see their field becoming more vital -- and complicated, in this world of mixed network protocols. Unlike the Internet, which uses only a handful of standard protocols, the wireless world is built on many disparate protocols that don't necessarily work together at all. This lack of standards complicates the security of wireless networks, which discourages their wider adoption. Effective security requires widely accepted standards, agree security gurus and vendors at the RSA Conference here this week. Discussion at the gathering has tackled proposed new protocols, algorithms, and networks for both the wired and wireless worlds. While still in their infancy, wireless broadband and other forms of wireless networking, including home LANs, show great promise as an alternative to wired services used by businesses and home users. But unless the security of those networks can be assured, the young industry could be stillborn, the security experts warn. To protect you, these networks will have to incorporate new security protocols and algorithms as well as some existing methods found on the wired Internet. But agreeing on which standards to adopt may be as big a challenge as getting the high-speed services out the door. New toys raise risks "Modern expectations of the Internet include [service that's] always on, handy, and immediate as well as secure," says Shawn Abbot, president of IVEA Technologies, a developer of security infrastructure products for e-commerce. "But the challenge of these connected personal devices is that they put more personal data into cyberspace, raising the threat to privacy." The most dire risks include forms of identity theft. Someone might learn and misuse your personal information through eavesdropping or information tapping, Abbot says. Also, marketers are eager for the opportunities offered by global positioning functions, which could let them target ads or services based on your location. But "location-based services only magnify these threats, increasing the need for trust from consumers," Abbot adds. Current networks won't do Today's mobile phone and paging networks -- used for wireless devices -- weren't really designed to meet the security needs of transactions, corporate communications, and network-based personal profiles, the experts agree. The traditional mobile phone network has limited security, says Yiquin Lisa Yin, research leader at NTT DoCoMo's Multimedia Communications Labs. "The proprietary protocols and algorithms only provide security for the air interface and not the whole network," Yin says. The air interface in traditional cell phone networks includes the traffic between the handset and the cellular base station, Yin says. Then, the base station connects to a core network for the carrier, often with little security between them, she adds. On the reverse end, Internet data connects to the core network through a wireless application protocol gateway. There, it is temporarily decrypted and then re-encrypted in a mobile-phone-friendly format, Yin says. That WAP gap isn't a big deal for simple applications, but it's becoming more important with transaction services, Abbot agrees. But Yin urges security improvements not for the gateway, but for every link in the network. She says security in traditional networks is