Wireless Communications Security - Jyrki T. J. Penttinen - ebook

Wireless Communications Security ebook

Jyrki T. J. Penttinen

0,0
379,99 zł

Opis

This book describes the current and most probable future wireless security solutions. The focus is on the technical discussion of existing systems and new trends like Internet of Things (IoT). It also discusses existing and potential security threats, presents methods for protecting systems, operators and end-users, describes security systems attack types and the new dangers in the ever-evolving Internet. The book functions as a practical guide describing the evolvement of the wireless environment, and how to ensure the fluent continuum of the new functionalities, whilst minimizing the potential risks in network security.

Ebooka przeczytasz w aplikacjach Legimi na:

Androidzie
iOS
czytnikach certyfikowanych
przez Legimi
Windows
10
Windows
Phone

Liczba stron: 684




Table of Contents

Cover

Title Page

About the Author

Preface

Acknowledgements

Abbreviations

1 Introduction

1.1 Introduction

1.2 Wireless Security

1.3 Standardization

1.4 Wireless Security Principles

1.5 Focus and Contents of the Book

References

2 Security of Wireless Systems

2.1 Overview

2.2 Effects of Broadband Mobile Data

2.3 GSM

2.4 UMTS/HSPA

2.5 Long Term Evolution

2.6 Security Aspects of Other Networks

2.7 Interoperability

References

3 Internet of Things

3.1 Overview

3.2 Foundation

3.3 Development of IoT

3.4 Technical Description of IoT

References

4 Smartcards and Secure Elements

4.1 Overview

4.2 Role of Smartcards and SEs

4.3 Contact Cards

4.4 The SIM/UICC

4.5 Contents of the SIM

4.6 Embedded SEs

4.7 Other Card Types

4.8 Contactless Cards

4.9 Electromechanical Characteristics of Smartcards

4.10 Smartcard SW

4.11 UICC Communications

References

5 Wireless Payment and Access Systems

5.1 Overview

5.2 Wireless Connectivity as a Base for Payment and Access

5.3 E‐commerce

5.4 Transport

5.5 Other Secure Systems

References

6 Wireless Security Platforms and Functionality

6.1 Overview

6.2 Forming the Base

6.3 Remote Subscription Management

6.4 Tokenization

6.5 Other Solutions

References

7 Mobile Subscription Management

7.1 Overview

7.2 Subscription Management

7.3 OTA Platforms

7.4 Evolved Subscription Management

References

8 Security Risks in the Wireless Environment

8.1 Overview

8.2 Wireless Attack Types

8.3 Security Flaws on Mobile Networks

8.4 Protection Methods

8.5 Errors in Equipment Manufacturing

8.6 Self‐Organizing Network Techniques for Test and Measurement

References

9 Monitoring and Protection Techniques

9.1 Overview

9.2 Personal Devices

9.3 IP Core Protection Techniques

9.4 HW Fault and Performance Monitoring

9.5 Security Analysis

9.6 Virus Protection

9.7 Legal Interception

9.8 Personal Safety and Privacy

References

10 Future of Wireless Solutions and Security

10.1 Overview

10.2 IoT as a Driving Force

10.3 Evolution of 4G

10.4 Development of Devices

10.5 5G Mobile Communications

References

Index

End User License Agreement

List of Tables

Chapter 01

Table 1.1 OMA DM specifications as of December 2015

Table 1.2 ISO/IEC 7816 standard definitions

Table 1.3 Some of the most important IEEE standards related to encryption

Table 1.4 Some of the key 3GPP security specifications

Table 1.5 The complete list of 3GPP security‐related 33‐series documents

Table 1.6 The EAL classes of CC

Table 1.7 Comparison of ciphering techniques relevant for mobile communications

Chapter 02

Table 2.1 Variables used by AKA in UMTS

Table 2.2 Comparison of MBMS security solutions

Table 2.3 Current security solutions for Wi‐Fi/WLAN connectivity

Chapter 03

Table 3.1 The key WLAN IEEE 802 standards

Table 3.2 The theoretical distances of Bluetooth devices per class

Chapter 04

Table 4.1 The ISO/IEC 7816‐2 ICC contacts

Table 4.2 Consumer‐grade SIM FF

Table 4.3 The environmental classification; the main categories for M2M UICCs

Table 4.4 UICC environmental classes and required values

Table 4.5 File types of smartcards

Table 4.6 Some of the key commands of the SIM/UICC

Table 4.7 An example of the SIM/UICC card response messages. The complete list can be found in ISO/IEC 7816‐4 documentation

Chapter 06

Table 6.1 Comparison of SE, TEE and HCE

Table 6.2 Comparison of mobile security solutions

Chapter 07

Table 7.1 The options for the NAA as defined in Ref. [21]

Chapter 09

Table 9.1 Key roles of DPI

List of Illustrations

Chapter 01

Figure 1.1 The contents of this handbook

Chapter 02

Figure 2.1 The statistics of data consumption of mobile laptop and smartphone users

Figure 2.2 The general trends of 3G and 4G data rates. The planned 5G will offer considerably higher speeds

Figure 2.3 The app ecosystem depends on the available technologies and services

Figure 2.4 The development procedure for Android app development

Figure 2.5 The main elements of 3GPP networks. The evolution of LTE brings new elements for, e.g., eMBMS, as well as cell extensions like relay nodes and Home eNB elements, while LTE also extends to unlicensed bands (LTE‐U) and is optimized for IoT/M2M environment (LTE‐M)

Figure 2.6 The signalling chart for the delivery of triplets from the AuC/HLR to VLR

Figure 2.7 The subscriber‐specific Ki, as well as the A3 and A8 algorithms are stored in the SIM and the AuC for the authentication, authorization and session key creation. The A5 algorithm is stored, in turn, in the HW of the Mobile Terminal (MT) and in the Base Transceiver Station (BTS) equipment for protecting the radio interface

Figure 2.8 By utilizing Ki, A3 and A8, the AuC calculates the triplet, i.e., values for the Kc, RAND and SRES. The triplet is stored in the VLR

Figure 2.9 The authentication and authorization is done by A3, RAND and Ki

Figure 2.10 Kc is calculated with the A8 algorithm, based on Ki stored permanently within SIM, and RAND produced in the AuC/VLR

Figure 2.11 The encryption of the GSM radio interface takes place via the A5 algorithm

Figure 2.12 The 3GPP security architecture. The symbols of the figure refer to the following: (A) network access security; (B) provider domain security; (C) user domain security; and (D) application security

Figure 2.13 The role of the UMTS interfaces in 3GPP security procedures.

Figure 2.14 The principle of the 3G authentication vector generation as described in 3GPP TS 33.102

Figure 2.15 The principle of the vendor certificate process

Figure 2.16 The eNB protocol stacks with embedded IPSec layer

Figure 2.17 LTE Key hierarchy concept

Figure 2.18 Key handling procedure in handover

Figure 2.19 The mutual authentication procedure of LTE

Figure 2.20 The architecture of the combined IPSec and PKI. The light dotted line indicates signalling, and solid line represents user plane data flow. The thick dotted line symbolizes the IPSec tunnel. The communication between SecGW as well as Operations Administration and Maintenance (OAM) can be done via Transport Layer Security (TLS) or Secure HTTP (HTTPS)

Figure 2.21 The PKI design with the architecture and interfaces

Figure 2.22 An integration example for the gateway attached to the access router

Figure 2.23 The security zone principle

Figure 2.24 The MBMS reference architecture.

Figure 2.25 The eMBMS reference architecture.

Figure 2.26 The elements and key management procedures for ME‐based eMBMS security as described in 3GPP TS 33.246. The events in the radio interface are the following: (1) HTTP Digest authentication with the MRK key; (2) MIKEY MSK key distribution which is protected with the MUK key; (3) MIKEY MTK key distribution which is protected by the MSK key; and (4) user data which is protected via the MTK key.

Figure 2.27 The protocol layers of FLUTE

Figure 2.28 The flowchart of successful EAP authentication

Figure 2.29 The LTE‐UE states and the inter‐RAT mobility procedures with the GSM network as interpreted from Ref. [38].

Figure 2.30 The LTE‐UE states and the inter‐RAT mobility procedures with the UMTS network as interpreted from Ref. [38].

Figure 2.31 Mobility procedures between E‐UTRA and CDMA2000 as interpreted from Ref. [38].

Figure 2.32 Enhanced Packet System (EPS) architecture for CSFB and SMS over

SGs

interface

Figure 2.33 Wi‐Fi Offload architecture

Figure 2.34 Femtocell architecture

Chapter 03

Figure 3.1 IoT consists of devices that are able to perform functions such as measurements and data processing, as stated in Refs. [1,2]. The connectivity can be based on all known data transfer techniques, including mobile communications networks, local wireless and wired networks, and even direct connectivity. IoT may have communications with other consumer devices, and furthermore, part of the devices can act as hubs to connect the local equipment to the Internet

Figure 3.2 Individuals using the Internet [16]

Figure 3.3 The main components of IoT

Figure 3.4 The IoT environment is developing along with the technological enablers, each phase or wave influencing the further planning of the enablers in an iterative way

Figure 3.5 An example of the potential LTE spectrum plans of Latin America

Figure 3.6 Typical LTE/LTE‐A band scenarios and potential carrier aggregation deployment in the rest of the world

Figure 3.7 High‐level examples of wireless connectivity solutions with respective coverage and data rate

Figure 3.8 The RFID system architecture

Figure 3.9 The principle of the TSM

Figure 3.10 The principle of the SD

Figure 3.11 SG model as interpreted from the IEEE 2030‐2011

Chapter 04

Figure 4.1 The physical connections of the UICC

Figure 4.2 Physical interfaces of the 8‐PIN UICC based on ISO, SWP and USB

Figure 4.3 The 1FF of SIM cards (dimensions in mm), which is also called ID‐1. The thickness is 0.76 mm. The ID‐1 is used in practice only for delivering the plug‐in units which are further snapped out from the card body when inserting them to mobile devices

Figure 4.4 SIM card’s 2FF, 3FF and 4FF plug‐in units (dimensions in mm)

Figure 4.5 The plug‐in units of 2FF or 3FF can be delivered within a single ID‐1 card body. This eases the logistics and enhances user experience upon inserting the plug‐in units into mobile devices.

Figure 4.6 The physical building blocks of a smartcard. The ID‐1 card body can be of plastics or recyclable materials, while the frame material of the plug‐in needs to comply with typically stricter mechanical and environmental requirements making plastics the most feasible material

Figure 4.7 An example of the system level building blocks of a multi‐application card based on the UICC. The applications may also include other subscription containers like RUIM for CDMA systems, and applets for many areas such as transit access and payments

Figure 4.8 The eUICC logical architecture as interpreted from ETSI TS 103 383

Figure 4.9 Some ETSI eUICC use cases for redundant subscription management

Figure 4.10 The embedded UICC architecture of GSMA as interpreted from Ref. [33]

Figure 4.11 Some examples of the physically embedded SEs. At present, the MFF2 is the only standardized variant of embedded UICC. The smallest ones are typically based on wafer‐level which can be very small in volume, such as the WLCSP which can measure, e.g., 2.7 × 2.5 × 0.4 mm

3

, depending on each chip manufacturer’s own specifications

Figure 4.12 Typical use cases for NFC

Figure 4.13 The block diagram of the UICC

Figure 4.14 The overall principle of the file structure of the smartcard

Figure 4.15 The principle of ADFs

Figure 4.16 The format of the Command and Response APDU

Chapter 05

Figure 5.1 The development of mobile payment

Figure 5.2 An example of the QR code with embedded web link leading to further information about this

Wireless Security

book

Figure 5.3 Example of the architecture of an NFC device. The NFC radio interface is connected to payment associations such as Visa, MasterCard, AmEx and Discover via the merchant processor

Figure 5.4 The NFC architecture as defined by the NFC Forum

Figure 5.5 NFC device based on SE in microSD form and NFC chip residing within the device

Figure 5.6 Device without NFC functionality can be used with microSD that is equipped with NFC antenna, NFC chip and SE

Figure 5.7 Some options for mobile payment solutions

Chapter 06

Figure 6.1 An example of the utilization of the UICC or eUICC as a part of the mobile payment service

Figure 6.2 The NFC payment architecture based on the SE or eSE

Figure 6.3 Examples of the TSM models

Figure 6.4 An example of the TEE architecture based on ARM TrustZone t‐Base. The TEE is connected to the external world via communications protocols designed between the TEE and REE which provide the means for the safe execution of the trustlets

Figure 6.5 An example of the t‐Base ecosystem

Figure 6.6 An example of the TEE secured application OTA lifecycle management

Figure 6.7 The payment application of the cloud service can be, in its basic form, within the SW‐based OS located outside of the SE

Figure 6.8 Example of HCE‐based payment architecture

Figure 6.9 Comparison of selected protection mechanisms

Chapter 07

Figure 7.1 An example of ODA as described in Ref. [17]

Figure 7.2 The high‐level signalling flow of the real‐time provisioning procedure as applied in the SmartTrust SmartAct solution

Figure 7.3 An example of the UICC activation, i.e., provisioning by utilizing a POS card reader

Figure 7.4 The principle of SIM OTA messaging

Figure 7.5 Data exchange as defined in ETSI TS 102 124

Figure 7.6 The OMA DM philosophy

Figure 7.7 OMA Lightweight M2M architecture. The LWM2M communications between the client and the server is optimized via efficient payload, and is able to support interfaces for bootstrapping, registration, object/source access and reporting for very low‐cost devices

Figure 7.8 Remote eUICC provisioning architecture for M2M environment as defined by GSMA (version 2.1).

Figure 7.9 The contents of eUICC in GSMA remote provisioning systems.

Figure 7.10 The contents of a GSMA profile.

Figure 7.11 The mapping of the card entities with the provisioning system.

Figure 7.12 The ISD‐P stages of GSMA remote provisioning eUICC. The transitions may be triggered by ISD‐R or ISD‐P itself. There also is a fall‐back (FB) mechanism

Figure 7.13 The evolved GSMA subscription management architecture (version 4) that includes the consumer environment

Figure 7.14 The GSMA RSP V1 architecture

Chapter 08

Figure 8.1 The principle of CEIR. Each of the connected operator‐specific EIRs is synchronized upon the reporting of devices in their black lists

Figure 8.2 The original Phase 1 GSM system’s protocol stack from the 1990s, added by the GPRS functionality of Release 97 from the early 2000s

Figure 8.3 The principle of the spoof GSM BTS may be based on the minimum set of the radio interface protocol stack as well as the essential protocols in connectivity and mobility management layers. In this way, all the additional functionality like encryption, frequency hopping etc. can be eliminated from the connection while the interception and relaying of the clear‐code call can be done, e.g., via a separate VoIP call

Figure 8.4 The LTE/SAE security chain includes various aspects

Figure 8.5 The C‐plane security principle of LTE/SAE

Figure 8.6 The U‐plane security principle of LTE/SAE

Figure 8.7 The M‐plane security principle of LTE/SAE

Figure 8.8 The S‐plane security principle of LTE/SAE

Figure 8.9 The correct timing for the equipment ordering has impact on the RoI

Figure 8.10 General principles of equipment manufacturing

Figure 8.11 An example of a real‐world scenario which sometimes may experience delays in commercial market entrance due to issues that are identified too late prior to launch

Figure 8.12 Issues resulting in delayed market entrance can be minimized via preliminary testing activities as soon as the equipment prototypes are ready

Figure 8.13 Process for the error ticket opening applicable to LTE/LTE‐A UE and network elements. The optimal way is to assess deeply the background information prior to the error ticket opening in order to speed up corrections

Chapter 09

Figure 9.1 An example of CGN firewall deployment based on Check Point

Figure 9.2 An example of Check Point deployment in an IPSec gateway mode, delivering the S1‐MME signalling (SCTP) and S1‐U traffic (GTP‐U over UDP)

Figure 9.3 An example of Check Point acting as a roaming gateway

Figure 9.4 An example of Check Point protecting roaming networks

Figure 9.5 The configuration for the MME intercept

Figure 9.6 The configuration for the HSS intercept

Figure 9.7 The configuration for the S‐GW and P‐GW intercept

Figure 9.8 Write‐Replace warning procedure

Figure 9.9 Kill procedure

Chapter 10

Figure 10.1 LTE‐A and WiMAX2 are the result of their own evolution paths, but can be used in a cooperative environment via data offloading and inter‐working

Guide

Cover

Table of Contents

Begin Reading

Pages

iv

xii

xiii

xiv

xv

xvi

xvii

xviii

xix

xx

xxi

xxii

xxiii

xxiv

xxv

xxvi

xxvii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

WIRELESS COMMUNICATIONS SECURITY

SOLUTIONS FOR THE INTERNET OF THINGS

 

 

Jyrki T. J. Penttinen

Giesecke & Devrient, USA

 

 

 

 

 

 

 

 

 

 

 

This edition first published 2017© 2017 John Wiley & Sons, Ltd

Registered OfficeJohn Wiley & Sons, Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom

For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com.

The right of the author to be identified as the author of this work has been asserted in accordance with the Copyright, Designs and Patents Act 1988.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. It is sold on the understanding that the publisher is not engaged in rendering professional services and neither the publisher nor the author shall be liable for damages arising herefrom. If professional advice or other expert assistance is required, the services of a competent professional should be sought.

The advice and strategies contained herein may not be suitable for every situation. In view of ongoing research, equipment modifications, changes in governmental regulations, and the constant flow of information relating to the use of experimental reagents, equipment, and devices, the reader is urged to review and evaluate the information provided in the package insert or instructions for each chemical, piece of equipment, reagent, or device for, among other things, any changes in the instructions or indication of usage and for added warnings and precautions. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read. No warranty may be created or extended by any promotional statements for this work. Neither the publisher nor the author shall be liable for any damages arising herefrom.

Library of Congress Cataloging‐in‐Publication data applied for

ISBN: 9781119084396

A catalogue record for this book is available from the British Library.

About the Author

Dr Jyrki T. J. Penttinen, the author of this Wireless Communications Security book, started working in the mobile communications industry in 1987 evaluating early stage NMT‐900, DECT and GSM radio network performance. After having obtained his MSc (EE) grade from Helsinki University of Technology (HUT) in 1994, he continued with Telecom Finland (Sonera and TeliaSonera Finland) and with Xfera Spain (Yoigo) participating in 2G and 3G projects. He also established and managed the consultancy firm Finesstel Ltd in 2002–03 operating in Europe and the Americas, and afterwards he worked with Nokia and Nokia Siemens Networks in Mexico, Spain and the United States in 2004–2013. During his time working with mobile network operators and equipment manufacturers, Dr Penttinen was involved in a wide range of operational and research activities performing system and architectural design, investigation, standardization, training and technical management with special interest in the radio interface of cellular networks and mobile TV such as GSM, GPRS/EDGE, UMTS/HSPA and DVB‐H. Since 2014, in his current Program Manager’s position with Giesecke & Devrient America, Inc, his focus areas include mobile and IoT security and innovation.

Dr Penttinen obtained his LicSc (Tech) and DSc (Tech) degrees in HUT (currently known as Aalto University, School of Science and Technology) in 1999 and 2011, respectively. In addition to his main work, he is an active lecturer, has written dozens of technical articles and authored telecommunications books, the recent ones being The LTE‐Advanced Deployment Handbook (Wiley, 2016), The Telecommunications Handbook (Wiley, 2015) and The LTE/SAE Deployment Handbook (Wiley, 2011). More information about his publications can be found at www.tlt.fi.

Preface

This Wireless Communications Security book summarizes key aspects related to radio access network security solutions and protection against malicious attempts. As such a large number of services depend on the Internet and its increasingly important wireless access methods now and in the future, proper shielding is of the utmost importance. Along with the popularization of wireless communications systems such as Wi‐Fi and cellular networks, the utilization of the services often takes place via wireless equipment such as smartphones and laptops supporting short and long range radio access technologies. Threats against these services and devices are increasing, one of the motivations of the attackers being the exploitation of user credentials and other secrets to achieve monetary benefits. There are also plenty of other reasons for criminals to attack wireless systems which thus require increasingly sophisticated protection methods by users, operators, service providers, equipment manufacturers, standardization bodies and other stakeholders.

Along with the overall development of IT and communications technologies, the environment has changed drastically over the years. In the 1980s, threats against mobile communications were merely related to the cloning of a user’s telephone number to make free phone calls and eavesdropping on voice calls on the unprotected radio interface. From the experiences with the relatively poorly protected first‐generation mobile networks, modern wireless communications systems have gradually taken into account security threats in a much more advanced way while the attacks are becoming more sophisticated and involve more diversified motivations such as deliberate destruction of the services and ransom‐type threats. In addition to all these dangers against end‐users, security breaches against the operators, service providers and other stakeholder are on the rise, too. In other words, we are entering a cyber‐world, and the communications services are an elemental part of this new era.

The Internet has such an integral role in our daily life that the consequences of a major breakdown in its services would result in chaos. Proper shielding against malicious attempts requires a complete and updated cyber‐security to protect the essential functions of societies such as bank institutes, energy distribution and telecommunications infrastructures. The trend related to the Internet of Things (IoT), with estimations of tens of billions of devices being taken into use within a short time period, means that the environment is becoming even more challenging due to the huge proportion of the cheaper IoT devices that may often lack their own protection mechanisms. These innocent‐looking always‐connected devices such as intelligent household appliances – if deployed and set up improperly – may expose doors deeper into the home network, its services and information containers, and open security holes even further into the business networks. This is one of the key areas in modern wireless security preparation.

As my good friend Alfredo so well summarized, the Internet can be compared to nuclear power; it is highly useful while under control, but as soon as security threats are present, it may lead to major disaster. Without doubt, proper protection is thus essential. This book presents the solutions and challenges of wireless security by summarizing typical, currently utilized services and solutions, and paints the picture for the future by presenting novelty solutions such as advanced mobile subscription management concepts. I hope you find the contents interesting and relevant in your work and studies and obtain an overview on both the established and yet‐to‐be‐formed solutions of the field. In addition to this book, the contents are available in eBook format, and you can find additional information and updates from the topics at www.tlt.fi, which complement the overall picture of wireless security. As has been the case with my previous books published by Wiley, I would be glad to receive your valuable feedback about this Wireless Communications Security book directly via my email address: [email protected]

Jyrki T. J. PenttinenMorristown, NJ, USA

Acknowledgements

It has been a highly interesting task to collect all this information about wireless security aspects into a single book. I reckon many of the presented solutions tend to develop extremely fast as the threats become increasingly sophisticated and innovative. The challenge is, of course, to maintain the relevancy of the written material. It is perhaps equally difficult for the stakeholders to ensure proper shielding of the wireless communications networks, devices, mobile apps and services along with all the advances in consumer and machine‐to‐machine domains – not forgetting the overall development of the Internet of Things (IoT), which is currently experiencing major interest. Even so, I believe that the foundations are worth describing in a book format, while the latest advances of each presented field can be checked via the identified key references and root sources of information.

An important part of this book, that is, describing the basics, is something I have been involved with throughout my career when I was working with mobile network operators as well as network and device vendors, while the rest of the contents complete the picture by presenting the most recent advances such as embedded SIM and respective subscription management which will be highly relevant in the near future for the most dynamic ways of utilizing consumers’ mobile and companion devices as well as the ever growing amount of IoT equipment. I thank all my good colleagues I have had the privilege to work with and to exchange ideas related to mobile security. I want to especially mention the important role of Giesecke & Devrient in offering me the possibility to focus on the topic in my current position.

I warmly thank the Wiley team for the professional work and firm yet tender ways for ensuring the book project and schedules advanced according to the plans. Special thanks belong to Mark Hammond, Sandra Grayson, Tiina Wigley and Nithya Sechin, as well as Tessa Hanford, among all the others who helped me to make sure this book was finalized in good order.

I also want to express my warmest gratitude to the Finnish Association of Non‐fiction Writers for their most welcomed support.

Finally, I thank Elva, Stephanie, Carolyne, Miguel, Katriina and Pertti for all their support.

Jyrki T. J. PenttinenMorristown, NJ, USA

Abbreviations

3DES

Triple‐Data Encryption Standard

3GPP

3

rd

Generation Partnership Program

6LoWPAN

IPv6 Low power Wireless Personal Area Network

AAA

Authentication, Authorization and Accounting

AAS

Active Antenna System

ACP

Access Control Policy

ADF

Application Dedicated File

ADMF

Administration Function

ADSL

Asymmetric Digital Subscriber Line

ADT

Android Developer Tool

AES

Advanced Encryption Standard

AF

Authentication Framework

AID

Application ID

AIDC

Automatic Identification and Data Capture

AIE

Air Interface Encryption

AK

Anonymity Key

AKA

Authentication and Key Agreement

ALC

Asynchronous Layered Coding

AMF

Authenticated Management Field

AMI

Advanced Metering Infrastructure

AMPS

Advanced Mobile Phone System

ANDSF

Access Network Discovery and Selection Function

ANSI

American National Standards Institute

AOTA

Advanced Over‐the‐Air

AP

Access Point

AP

Application Provider

APDU

Application Protocol Data Unit

API

Application Programming Interface

AR

Aggregation Router

ARIB

Association of Radio Industries and Businesses

AS

Access Stratum

AS

Authentication Server

ASIC

Application‐Specific Integrated Circuit

ASME

Access Security Management Entity

ASN.1

Abstract Syntax Notation One

ATCA

Advanced Telecommunications Computing Architecture

ATR

Answer to Reset

ATSC

Advanced Television Systems Committee

AuC

Authentication Centre

AUTN

Authentication Token

AV

Authentication Vector

AVD

Android Virtual Device

BAN

Business/Building Area Network

BCBP

Bar Coded Boarding Pass

BCCH

Broadcast Control Channel

BE

Backend

BGA

Ball Grid Array

BIN

Bank Identification Number

BIP

Bearer‐Independent Protocol

BLE

Bluetooth, Low‐Energy

BM‐SC

Broadcast – Multicast Service Centre

BSC

Base Station Controller

BSP

Biometric Service Provider

BSS

Billing System

BSS

Business Support System

BTS

Base Transceiver Station

C2

Command and Control

CA

Conditional Access

CA

Carrier Aggregation

CA

Certificate Authority

CA

Controlling Authority

CAT

Card Application Toolkit

CAT_TP

Card Application Toolkit Transport Protocol

CAVE

Cellular Authentication and Voice Encryption

CB

Cell Broadcast

CBEFF

Common Biometric Exchange Formats Framework

CC

Common Criteria

CC

Congestion Control

CCM

Card Content Management

CCMP

Counter‐mode Cipher block chaining Message authentication code Protocol

CCSA

China Communications Standards Association

CDMA

Code Division Multiple Access

CEIR

Central EIR

CEPT

European Conference of Postal and Telecommunications Administrations

CFN

Connection Frame Number

CGN

Carrier‐Grade NAT

CHV

Chip Holder Verification

CI

Certificate Issuer

CK

Cipher Key

CL

Contactless

CLA

Class of Instruction

CLF

Contactless Frontend

CLK

Clock

CMAS

Commercial Mobile Alert System

CMP

Certificate Management Protocol

CN

Core Network

CoAP

Constrained Application Protocol

CoC

Content of Communication

CPU

Central Processing Unit

CS

Circuit Switched

CSFB

Circuit Switched Fallback

CSG

Closed Subscriber Group

CSS7

Common Signaling System

CVM

Cardholder Verification Method

DBF

Database File

DD

Digital Dividend

DDoS

Distributed Denial‐of‐Service

DE

Data Element

DES

Data Encryption Standard

DF

Dedicated File

DFN

Dual‐Flat, No leads

DHCP

Dynamic Host Configuration Protocol

DL

Downlink

DM

Device Management

DM

Device Manufacturer

DMO

Direct Mode Operation

DNS

Domain Name System

DoS

Denial‐of‐Service

DPA

Data Protection Act

DPI

Deep Packet Inspection

DRM

Digital Rights Management

DS

Data Synchronization

DSS

Data Security Standard

DSSS

Direct Sequence Spread Spectrum

DTLS

Datagram Transport Layer Security

DTMB

Digital Terrestrial Multimedia Broadcast

DVB

Digital Video Broadcasting

EAL

Evaluation Assurance Level

EAN

Extended Area Network

EAP

Extensible Authentication Protocol

EAPoL

Extensible Authentication Protocol over Local Area Network

EAP‐TTLS

Extensible Authentication Protocol‐Tunneled Transport Layer Security

ECASD

eUICC Controlling Authority Secure Domain

eCAT

Encapsulated Card Application Toolkit

ECC

Elliptic Curve Cryptography

ECDSA

Elliptic Curve Digital Signature Algorithm

ECO

European Communications Office

EDGE

Enhanced Data Rates for Global Evolution

EEM

Ethernet Emulation Mode

EEPROM

Electrically Erasable Read‐Only Memory

EF

Elementary File

EGAN

Enhanced Generic Access Network

EID

eUICC Identifier

EIR

Equipment Identity Register

E‐MBS

Enhanced Multicast Broadcast Service

EMC

Electro‐Magnetic Compatibility

EMF

Electro‐Magnetic Field

EMI

Electro‐Magnetic Interference

EMM

EPS Mobility Management

EMP

Electro‐Magnetic Pulse

eNB

Evolved Node B

EPC

Enhanced Packet Core

EPC

Evolved Packet Core

EPS

Electric Power System

EPS

Enhanced Packet System

ERP

Enterprise Resource Planning

ERTMS

European Rail Traffic Management System

eSE

Embedded Security Element

eSIM

Embedded Subscriber Identity Module

ESN

Electronic Serial Number

ESP

Encapsulating Security Payload

ETSI

European Telecommunications Standards Institute

ETWS

Earthquake and Tsunami Warning System

eUICC

Embedded Universal Integrated Circuit Card

EUM

eUICC Manufacturer

E‐UTRAN

Enhanced UTRAN

EV‐DO

Evolution Data Only/Data Optimized

FAC

Final Approval Code

FAN

Field Area Network

FCC

Federal Communications Commission

FDD

Frequency Division Multiplex

FDT

File Delivery Table

FEC

Forward Error Correction

FF

Form Factor

FICORA

Finnish Communications Regulatory Authority

FID

File‐ID

FIPS

Federal Information Processing Standards

FLUTE

File Transport over Unidirectional Transport

FM

Frequency Modulation

FPGA

Field Programmable Gate Array

GAA

Generic Authentication Architecture

GBA

Generic Bootstrapping Architecture

GCSE

Group Communication System Enabler

GEA

GPRS Encryption Algorithm

GERAN

GSM EDGE Radio Access Network

GGSN

Gateway GPRS Support Node

GMSK

Gaussian Minimum Shift Keying

GoS

Grade of Service

GP

GlobalPlatform

GPRS

General Packet Radio Service

GPS

Global Positioning System

GRX

GPRS Roaming Exchange

GSM

Global System for Mobile Communications

GSMA

GSM Association

GTP

GPRS Tunnelling Protocol

GUI

Graphical User Interface

HAN

Home Area Network

HCE

Host Card Emulation

HCI

Host Controller Interface

HE

Home Environment

HF

High Frequency

HFN

Hyperframe Number

HIPAA

Health Insurance Portability and Accountability Act

HLR

Home Location Register

HNB

Home Node B

HRPD

High Rate Packet Data

HSPA

High Speed Packet Access

HSS

Home Subscriber Server

HTTPS

HTTP Secure

HW

Hardware

I/O

Input/Output

I

2

C

Inter‐Integrated Circuit

IAN

Industrial Area Network

IANA

Internet Assigned Numbers Authority

IARI

IMS Application Reference ID

ICAO

International Civil Aviation Organization

ICC

Integrated Circuit Card

ICCID

ICC Identification Number

ICE

In Case of Emergency

ICE

Intercepting Control Element

ICIC

Inter Cell Interference Control

ICT

Information and Communication Technologies

IDE

Integrated Development Environment

IDEA

International Data Encryption Algorithm

ID‐FF

Identity Federation Framework

IDM

Identity Management

IDS

Intrusion Detection System

ID‐WSF

Identity Web Services Framework

IEC

International Electrotechnical Commission

IEEE

Institute of Electrical and Electronics Engineers

IETF

Internet Engineering Task Force

IF

Intermediate Frequency

IK

Integrity Key

IKE

Internet Key Exchange

IMEI

International Mobile Equipment Identity

IMEISV

IMEI Software Version

IMS

IP Multimedia Subsystem

IMSI

International Mobile Subscriber Identity

IOP

Interoperability Process

IoT

Internet of Things

IOT

Inter‐Operability Testing

IP

Internet Protocol

IPS

Intrusion Prevention System

IPSec

IP Security

IR

Infrared

IRI

Intercept Related Information

ISD

Issuer Security Domain

ISDB‐T

Terrestrial Integrated Services Digital Broadcasting

ISD‐P

Issuer Security Domain Profile

ISD‐R

Issuer Security Domain Root

ISIM

IMS SIM

ISO

International Organization for Standardization

ISOC

Internet Society

ITSEC

Information Technology Security Evaluation Criteria

ITU

International Telecommunications Union

IWLAN

Interworking Wireless Local Area Network

JBOH

JavaScript‐Binding‐Over‐HTTP

JTC

Joint Technical Committee

K

User Key

KASME

Key for Access Security Management Entity

KDF

Key Derivation Function

LA

Location Area

LAN

Local Area Network

LBS

Location Based Service

LCT

Layered Coding Transport

LEA

Law Enforcement Agencies

LEAP

Lightweight Extensible Authentication Protocol

LEMF

Law Enforcement Monitoring Facilities

LF

Low Frequency

LI

Legal/Lawful Interception

LIF

Location Interoperability Forum

LIG

Legal Interception Gateway

LLCP

Logical Link Control Protocol

LOS

Line‐of‐Sight

LPPM

Location‐Privacy Protection Mechanism

LTE

Long Term Evolution

LTE‐M

LTE M2M

LTE‐U

LTE Unlicensed

LUK

Limited Use Key

LWM2M

Lightweight Device Management of M2M

M2M

Machine‐to‐Machine

MAC

Medium Access Control

MAC

Message Authentication Code

MBMS

Multimedia Broadcast and Multicast Service

MC

Multi Carrier

MCC

Mobile Country Code

MCPTT

Mission Critical Push To Talk

ME

Mobile Equipment

ME ID

Mobile Equipment Identifier

MF

Master File

MFF2

Machine‐to‐Machine Form Factor 2

MGIF

Mobile Gaming Interoperability Forum

MIM

Machine Identity Module

MIMO

Multiple In Multiple Out

MITM

Man in the Middle

MM

Mobility Management

MME

Mobility Management Entity

MMS

Multimedia Messaging

MNC

Mobile Network Code

MNO

Mobile Network Operator

MPLS

Multiprotocol Label Switching

MPU

Multi Processing Unit

MRTD

Machine Readable Travel Document

MSC

Mobile services Switching Centre

MSISDN

Mobile Subscriber’s ISDN number

MSP

Multiple Subscriber Profile

MST

Magnetic Secure Transmission

MT

Mobile Terminal

MTC

Machine‐Type Communications

MVNO

Mobile Virtual Network Operator

MVP

Minimum Viable Product

MWIF

Mobile Wireless Internet Forum

NAA

Network Access Application

NACC

Network Assisted Call Control

NAF

Network Application Function

NAN

Neighborhood Area Network

NAS SMC

NAS Security Mode Command

NAS

Non‐Access Stratum

NAT

Network Address Translation

NB

Node B

NCSC‐FI

National Cyber Security Centre of Finland

NDEF

NFC Data Exchange Format

NDS

Network Domain Security

NE ID

Network Element Identifier

NFC

Near Field Communications

NGMN

Next Generation Mobile Network

NH

Next Hop

NHTSA

National Highway Transportation and Safety Administration

NIS

Network and Information Security

NIST

National Institute of Standards and Technology

NMS

Network Monitoring System

NMT

Nordic Mobile Telephony

NP

Network Provider

NPU

Numerical Processing Unit

NTP

Network Time Protocol

NWd

Normal World

OAM

Operations, Administration and Management

OBU

Onboard Unit

OCF

Open Card Framework

OCR

Optical Character Recognition

ODA

On‐Demand Activation

ODM

Original Device Manufacturer

OEM

Original Equipment Manufacturer

OFDM

Orthogonal Frequency Division Multiplexing

OM

Order Management

OMA

Open Mobile Alliance

OP

Organizational Partner

OPM

OTA Provisioning Manager

OS

Operating System

OSPT

Open Standard for Public Transport (Alliance)

OTA

Over‐the‐Air

OTT

Over‐the‐Top

PAN

Personal Account Number

PAN

Personal Area Network

PC/SC

Personal Computer/Smart Card

PCC

Policy and Charging Control

PCI

Payment Card Industry

PCI‐DSS

Payment Card Industry Data Security Standard

PDA

Personal Digital Assistant

PDCP

Packet Data Convergence Protocol

PDN

Packet Data Network

PDP

Packet Data Protocol

PDPC

Packet Data Convergence Protocol

PDS

Packet Data Services

PDU

Protocol/Packet Data Unit

PED

PIN‐Entry Device

PGC

Project Coordination Group

P‐GW

Proxy Gateway

PICC

Proximity ICC

PIN

Personal Identification Number

PITA

Portable Instrument for Trace Acquisition

PIV

Personal Identity Verification

PKI

Public Key Infrastructure

PLI

Physical Layer Identifier

PLMN

Public Land Mobile Network

PMR

Private Mobile Radio

PNAC

Port‐based Network Access Control

POS

Point‐of‐Sales

PP

Protection Profile

PTM

Point‐to‐Multipoint

PTP

Point‐to‐Point

PTS

PIN Transaction Security

PTS

Protocol Type Selection

PUK

Personal Unblocking Key

PWS

Public Warning System

QoS

Quality of Service

QR

Quick Read

RA

Registration Authority

RAM

Random Access Memory

RAM

Remote Application Management

RAN

Radio Access Network

RANAP

RAN Application Protocol

RAND

Random Number

RAT

Radio Access Technology

RCS

Rich Communications Suite

REE

Rich Execution Environment

RES

Response

RF

Radio Frequency

RFID

Radio Frequency Identity

RFM

Remote File Management

RLC

Radio Link Control

RN

Relay Node

RNC

Radio Network Controller

RoI

Return on Investment

ROM

Read‐Only Memory

RPM

Remote Patient Monitoring

RRC

Radio Resource Control

RRM

Radio Resource Management

RSP

Remote SIM Provisioning

RTC

Real Time Communications

RTD

Record Type Definition

RTT

Radio Transmission Technology

RUIM

Removable User Identity Module

SA

Security Association

SA

Services and System Aspects

SaaS

Software‐as‐a‐Service

SAE

System Architecture Evolution

SAR

Specific Absorption Rate

SAS

Security Accreditation Scheme

SAT

SIM Application Toolkit

SATCOM

Satellite Communications

SBC

Session Border Controller

SC

Sub‐Committee

SCD

Signature‐Creation Data

SCP

Secure Channel Protocol

SCQL

Structured Card Query Language

SCTP

Stream Control Transmission Protocol

SCWS

Smart Card Web Server

SD

Secure Digital

SD

Security Domain

SDCCH

Stand Alone Dedicated Control Channel

SDK

Software Development Kit

SDS

Short Data Services

SE

Secure Element

SE

Service Enabler

SEG

Security Gateway

SEI

Secure Element Issuer

SES

Secure Element Supplier

SFPG

Security and Fraud Prevention Group

SG

Smart Grid

SGSN

Serving GPRS Support Node

S‐GW

Serving Gateway

SIM

Subscriber Identity Module

SIP

Session Initiation Protocol

SiP

Silicon Provider

SM

Short Message

SMC

Security Mode Command

SM‐DP

Subscription Manager, Data Preparation

SMG

Special Mobile Group

SMS

Short Message Service

SMSC

Short Message Service Centre

SM‐SR

Subscription Manager, Secure Routing

SN ID

Serving Network's Identity

SN

Sequence Number

SN

Serving Network

SoC

System on Chip

SON

Self‐Organizing Network

SP

Service Provider

SPI

Serial Peripheral Interface

SQN

Sequence Number

SRES

Signed Response

SRVCC

Single Radio Voice Call Continuity

SS

Service Subscriber

SSCD

Secure Signature‐Creation Device

SSD

Shared Secret Data

SSDP

Simple Service Discovery Protocol

SSID

Service Set Identifier

SSL

Secure Sockets Layer

SSO

Single Sign On

SubMan

Subscription Management

SVLTE

Simultaneous Voice and LTE

SVN

Software Version Number

SW

Software

SWd

Secure World

SWP

Single Wire Protocol

TAC

Type Approval Code

TACS

Total Access Communications System

TC

Technical Committee

TCAP

Transaction Capabilities Application Part

TCP

Transmission Control Protocol

TDD

Time Division Multiplex

TDMA

Time Division Multiple Access

TE

Terminal Equipment

TEDS

TETRA Enhanced Data Service

TEE

Trusted Execution Environment

TETRA

Terrestrial Trunked Radio

TIA

Telecommunications Industry Association

TKIP

Temporal Key Integrity Protocol

TLS

Transport Layer Security

TMO

Trunked Mode Operation

TMSI

Temporary Mobile Subscriber Identity

TOE

Target of Evaluation

ToP

Timing over Packet

TPDU

Transmission Protocol Data Unit

TSC

Technical Sub‐Committee

TSG

Technical Specification Group

TSIM

TETRA Subscriber Identity Module

TSM

Trusted Service Manager

TTA

Telecommunications Technology Association

TTC

Telecommunications Technology Committee

TTLS

Tunneled Transport Layer Security

TUAK

Temporary User Authentication Key

TZ

Trusted Zone

UART

Universal Asynchronous Receiver/Transmitter

UDP

User Data Protocol

UE

User Equipment

UHF

Ultra High Frequency

UICC

Universal Integrated Circuit Card

UIM

User Identity Module

UL

Uplink

UMTS

Universal Mobile Telecommunications System

UN

United Nations

UP

User Plane

URI

Uniform Resource Identifier

USAT

USIM Application Toolkit

USB

Universal Serial Bus

USIM

Universal Subscriber Identity Module

UTRAN

Universal Terrestrial Radio Access Network

UWB

Ultra‐Wide Band

UX

User Experience

VLAN

Virtual Local Area Network

VLR

Visitor Location Register

VoIP

Voice over Internet Protocol

VoLTE

Voice over LTE

VPLMN

Visited PLMN

VPN

Virtual Private Network

WAN

Wide Area Network

WAP

Wireless Access Protocol

WCDMA

Wideband Code Division Multiplexing Access

WEP

Wired Equivalent Privacy

WG

Working Group

WIM

Wireless Identity Module

WISPr

Wireless Internet Service Provider roaming

WLAN

Wireless Local Area Network

WLCSP

Wafer‐Level re‐distribution Chip‐Scale Packaging

WPA

Wi‐Fi Protected Access

WPA2

Wi‐Fi Protected Access, enhanced

WPS

Wi‐Fi Protected Setup

WRC

World Radio Conference

WSN

Wireless Sensor Network

WWW

World Wide Web

XOR

Exclusive Or

XRES

Expected Response

1Introduction

1.1 Introduction

Wireless Communications Security: Solutions for the Internet of Things presents key aspects of the mobile telecommunications field. The book includes essential background information of technologies that work as building blocks for the security of the current wireless systems and solutions. It also describes many novelty and expected future development options and discusses respective security aspects and protection methods.

This first chapter gives an overview to wireless security aspects by describing current and most probable future wireless security solutions, and discusses technological background, challenges and needs. The focus is on technical descriptions of existing systems and new trends like the evolved phase of Internet of Things (IoT). The book also gives an overview of existing and potential security threats, presents methods for protecting systems, operators and end‐users, describes security systems attack types and the new dangers in the ever‐evolving mobile communications networks and Internet which will include new ways of data transfer during the forthcoming years.

Chapter 1 presents overall advances in securing mobile and wireless communications, and sets the stage by summarizing the key standardization and statistics of the wireless communications environment. This chapter builds the base for understanding wireless network security principles, architectural design, deployment, installation, configuration, testing, certification and other security processes at high level while they are detailed later in the book. This chapter also discusses the special characteristics of the mobile device security, presents security architectures and gives advice to fulfil the regulatory policies and rules imposed. The reader also gets an overview about the pros and cons of different approaches for the level of security.

In general, this book gives the reader tools for understanding the possibilities and challenges of wireless communications, the main weight being on typical security vulnerabilities and practical examples of the problems and their solutions. The book thus functions as a practical guide to describe the evolvement of the wireless environment, and how to ensure the fluent continuum of the new functionalities yet minimize potential risks in the network security.

1.2 Wireless Security

1.2.1 Background and Advances

The development of wireless communications, especially the security aspects of it, has been relatively stable compared to the overall issues in the public Internet via fixed access until early 2000. Nevertheless, along with the enhanced functionalities of smart devices, networks and applications, the number of malicious attacks has increased considerably. It can be estimated that security attacks, distribution of viruses and other illegal activities increase exponentially in a wireless environment along with the higher number of devices and users of novelty solutions. Not only are payment activities, person‐to‐person communications and social media types of utilization under constant threat, but furthermore one of the strongly increasing security risks is related to the Machine‐to‐Machine (M2M) communications which belong in the IoT realm. An example of a modern threat is malicious code in an Internet‐connected self‐driving car. In the worst case, this may lead to physically damaging the car’s passengers.

There is a multitude of ideas to potentially change the role of the current Subscriber Identity Module (SIM), or Universal Integrated Circuit Card (UICC) which has traditionally been a solid base for the 3rd Generation Partnership Program (3GPP) mobile communications as it provides a highly protected hardware‐based Secure Element (SE). Alternatives have been presented for modifying or for replacing the SIM/UICC concept with, e.g., cloud‐based authentication, authorization and payment solutions. This evolution provides vast possibilities for easing the everyday life of end‐users, operators, service providers and other stakeholders in the field, but it also opens unknown doors for security threats. The near future will show the preferred development paths, one of the logical possibilities being a hybrid solution that keeps essential data like keys within hardware‐protected SEs such as SIM/UICC cards while, e.g., mobile payment would benefit from the flexibility of the cloud concept via dynamically changing tokens that have a limited lifetime.

In the near future, the penetration of autonomously operated devices without the need for human interactions will increase considerably, which results in much more active automatic communication, e.g., the delivery of telemetric information, diagnostics and healthcare data. The devices act as a base for value‐added services for vast amounts of new solutions that are still largely under development or yet to be explored. Nevertheless, the increased share of such machines attached to networks may also open new security threats if the respective scenarios are not taken into account in early phases of the system, hardware (HW) and software (SW) development.

The field of new subscription management, along with the IoT concept, automatised communications and other new ways of transferring wireless data, will evolve very quickly. The updated information and respective security mechanisms are highly needed by the industry in order to understand better the possibilities and threats, and to develop ways to protect end‐users and operators against novelty malicious attempts. Many of the solutions are still open and under standardization. This book thus clarifies the current environment and most probable development paths interpreted from the fresh messages of industry and standardization fields.

1.2.2 Statistics

In the mobile communications, wireless Local Area Networks (LANs) are perhaps the most vulnerable to security breaches. Wi‐Fi security is often overlooked by both private individuals and companies. Major parts of wireless routers have been equipped in advance with default settings in order to offer fluent user experience for installation especially for non‐technical people. Nevertheless, this good aim of the vendors leads to potential security holes for some wireless routers and access points in businesses and home offices due to poor or non‐existing security. According to Ref. [21], around 25% of wireless router installations may be suffering from such security holes. From tests executed, Ref. [21] noted in 2011 that 61% of the studied cases (combined 2133 consumer and business networks) had a proper security set up either via Wi‐Fi Protected Access (WPA) or Wi‐Fi Protected Access, enhanced (WPA2). For the rest of the cases, 6% did not have security set up at all while 19% used low protection of Wired Equivalent Privacy (WEP), 11% used default credentials, and 3% used hidden Service Set Identifier (SSID) without encryption.

Ref. [26] presents recent statistics of Internet security breaches, and has concluded that the three most affected industries are public, information and financial services. Typical ways for illegal actions include the following:

Phishing

. Typically in the form of email, the aim is to convince users to change their passwords for banking services via legitimate‐looking web pages. The investigations of Ref. [26] shows that phishing is nowadays more focused and continues being successful for criminals as 23% of users opened the phishing email, and 11% clicked the accompanying attachments.

Exploitation of vulnerabilities

. As an example, half of the common vulnerabilities and exposures during 2014 fell within the first two weeks which indicates the high need for addressing urgent breaches.

Mobile

. Ref. [26] has noted that Android is clearly the most exploited mobile platform. Not necessarily due to weak protection as such, but 96% of malware was focused on Android during 2014. As a result, more than 5 billion downloaded Android apps are vulnerable to remote attacks, e.g., via JavaScript‐Binding‐Over‐HTTP (JBOH) which provides remote access to Android devices. Nevertheless, even if the mobile devices are vulnerable to breaches, after filtering the low‐grade malware, the amount of compromised devices has been practically negligible. An average of only 0.03% of smartphones per week in the Verizon network during 2014 were infected with higher grade malicious code.

Malware

. Half of the participating companies discovered malware events during 35 or fewer days during the period of 2014. Malware is related to other categories like phishing which is the door for embedding malicious code to user’s devices. Depending on the industry type, the amount of malware varies, so, e.g., financial institutes protect themselves more carefully against phishing emails which indicates a low malware proportion.

Payment card skimmers and Point‐of‐Sale (POS) intrusions

. This breach type has gained big headlines in recent years as there have been tens of millions of affected users per compromised retailer.

Crimeware

. The recent development indicates the increase of Denial‐of‐Service (DoS) attacks, with Command and Control (C2) continuing to defend its position in 2014.

Web app attacks

. Virtually all the attacks in this set, with 98% share, have been opportunistic in nature. Financial services and public entities are the most affected victims. Some methods related to this area are the use of stolen credentials, use of backdoor or C2, abuse of functionality, brute force and forced browsing.

Distributed Denial‐of‐Service (DDoS) attacks

. This breach type is heavily increasing. Furthermore, DDoS attacks are being prepared increasingly via malware. The attacks rely on improperly secured services like Network Time Protocol (NTP), Domain Name System (DNS) and Simple Service Discovery Protocol (SSDP) which provide the possibility to spoof IP addresses.

Physical theft and insider misuse

. These are related to human factors; in general, this category belongs to the ‘opportunity makes theft’, which is very challenging to remove completely as long as the chain of trust relies on key personnel who might have the possibility and motivation to compromise or bypass security. Detecting potential misuse by insiders is thus an important role to prevent and reveal fraudulent attempts early enough. This detection can be related to deviation of the data transfer patterns, login attempts, time‐based utilization and, in general, time spent in activities that may indicate dissatisfaction at the working place.

Cyber espionage

. According to Ref. [26], especially manufacturing, government and information services are noted to be typical targets of espionage. Furthermore, the most common way to open the door for espionage seems to be the opening of an email attachment or link.

Any other errors that may open doors for external or internal misuse.

More detailed information about data breach statistics and impacts in overall IT and wireless environments can be found in Ref. [26].

1.2.3 Wireless Threats

1.2.3.1 General

Wireless communications systems provide a functional base for vast opportunities in the area of IoT including advanced multimedia and increasingly real‐time virtual reality applications. Along with the creation and offering of novelty commercial solutions, there also exist completely new security threats that are the result of such a fast developing environment such that users and operators have not yet fully experienced the real impacts. Thus, there is a real need for constant efforts to identify the vulnerabilities and better protect any potential security holes. The following sections present some real‐world examples of the possibilities and challenges of wireless communications, the weight being in the discussion of security vulnerabilities and their solutions.

Protection in the wireless environment largely follows the principles familiar from fixed networks. Nevertheless, the radio interface especially, which is the most important difference from the fixed systems, opens new challenges as the communications are possible to capture without physical ‘wire‐tapping’ to the infrastructure. Knowledgeable hackers may thus try to unscramble the contents either in real time or by recording the traffic and attacking the contents offline without the victims’ awareness. The respective protection level falls to the value of the contents – the basic question is how much end‐users, network operators and service providers should invest in order to guarantee the minimum, typical or maximum security. As an example, the cloud storage for smart device photos would not need to be protected too strongly if a user uploads them to social media for public distribution. The scenery changes, though, if a user stores highly confidential contents that may seriously jeopardize privacy if publicly exposed. There are endless amounts of examples about such incidences and their consequences, including the stealing and distribution of personal photos of celebrities. Regardless of the highly unfortunate circumstances of these security breaches, they can also work as very useful lessons. Some of the easiest means to minimize the damage is to apply additional application‐layer security by encrypting the contents via a separate password, and simply to reconsider the uploading of the most sensitive data to external data storages.

The selection of the security level, whether it is done by the end‐user, network operator or service provider, can be optimized by balancing the cost of the protection and the fluency of the utilization. This easy user experience may be an important aspect because a highly secured service may require such complicated procedures to authenticate and protect the contents that it is not practical for the average user. One of the most reliable yet fluent ways is to utilize two‐fold authentication, e.g., based on permanent user ID and password as well as a one‐time code that is sent to the user via an alternative route such as mobile communications messaging. Along with increasing mobile device penetration, the majority of users already have some kind of mobile device, so one of the most logical bearers for such messaging authentication is based on the robust, widespread Short Message Service (SMS).

1.2.3.2 Wireless Environment

First‐generation mobile communications systems, such as the Nordic Mobile Telephone (NMT), British Total Access Communications System (TACS) and American Advanced Mobile Phone System (AMPS), were analogue and based on Frequency Modulated (FM) radio channels for solely voice communications. The conversations of users could be intercepted by tuning a simple commercial‐grade radio scanner to the utilized frequencies of the base station and mobile device as there was no contents protection mechanism applied against potential eavesdropping. Also, copying and reutilization of the device credentials such as the telephone number was possible via the non‐protected radio interface and Common Signaling System (CSS7) messages. The analogue mobile communications networks have been obsolete for many years, but these early experiences about security breaches have been educational for developing more advanced systems.