379,99 zł
This book describes the current and most probable future wireless security solutions. The focus is on the technical discussion of existing systems and new trends like Internet of Things (IoT). It also discusses existing and potential security threats, presents methods for protecting systems, operators and end-users, describes security systems attack types and the new dangers in the ever-evolving Internet. The book functions as a practical guide describing the evolvement of the wireless environment, and how to ensure the fluent continuum of the new functionalities, whilst minimizing the potential risks in network security.
Ebooka przeczytasz w aplikacjach Legimi na:
Liczba stron: 684
Cover
Title Page
About the Author
Preface
Acknowledgements
Abbreviations
1 Introduction
1.1 Introduction
1.2 Wireless Security
1.3 Standardization
1.4 Wireless Security Principles
1.5 Focus and Contents of the Book
References
2 Security of Wireless Systems
2.1 Overview
2.2 Effects of Broadband Mobile Data
2.3 GSM
2.4 UMTS/HSPA
2.5 Long Term Evolution
2.6 Security Aspects of Other Networks
2.7 Interoperability
References
3 Internet of Things
3.1 Overview
3.2 Foundation
3.3 Development of IoT
3.4 Technical Description of IoT
References
4 Smartcards and Secure Elements
4.1 Overview
4.2 Role of Smartcards and SEs
4.3 Contact Cards
4.4 The SIM/UICC
4.5 Contents of the SIM
4.6 Embedded SEs
4.7 Other Card Types
4.8 Contactless Cards
4.9 Electromechanical Characteristics of Smartcards
4.10 Smartcard SW
4.11 UICC Communications
References
5 Wireless Payment and Access Systems
5.1 Overview
5.2 Wireless Connectivity as a Base for Payment and Access
5.3 E‐commerce
5.4 Transport
5.5 Other Secure Systems
References
6 Wireless Security Platforms and Functionality
6.1 Overview
6.2 Forming the Base
6.3 Remote Subscription Management
6.4 Tokenization
6.5 Other Solutions
References
7 Mobile Subscription Management
7.1 Overview
7.2 Subscription Management
7.3 OTA Platforms
7.4 Evolved Subscription Management
References
8 Security Risks in the Wireless Environment
8.1 Overview
8.2 Wireless Attack Types
8.3 Security Flaws on Mobile Networks
8.4 Protection Methods
8.5 Errors in Equipment Manufacturing
8.6 Self‐Organizing Network Techniques for Test and Measurement
References
9 Monitoring and Protection Techniques
9.1 Overview
9.2 Personal Devices
9.3 IP Core Protection Techniques
9.4 HW Fault and Performance Monitoring
9.5 Security Analysis
9.6 Virus Protection
9.7 Legal Interception
9.8 Personal Safety and Privacy
References
10 Future of Wireless Solutions and Security
10.1 Overview
10.2 IoT as a Driving Force
10.3 Evolution of 4G
10.4 Development of Devices
10.5 5G Mobile Communications
References
Index
End User License Agreement
Chapter 01
Table 1.1 OMA DM specifications as of December 2015
Table 1.2 ISO/IEC 7816 standard definitions
Table 1.3 Some of the most important IEEE standards related to encryption
Table 1.4 Some of the key 3GPP security specifications
Table 1.5 The complete list of 3GPP security‐related 33‐series documents
Table 1.6 The EAL classes of CC
Table 1.7 Comparison of ciphering techniques relevant for mobile communications
Chapter 02
Table 2.1 Variables used by AKA in UMTS
Table 2.2 Comparison of MBMS security solutions
Table 2.3 Current security solutions for Wi‐Fi/WLAN connectivity
Chapter 03
Table 3.1 The key WLAN IEEE 802 standards
Table 3.2 The theoretical distances of Bluetooth devices per class
Chapter 04
Table 4.1 The ISO/IEC 7816‐2 ICC contacts
Table 4.2 Consumer‐grade SIM FF
Table 4.3 The environmental classification; the main categories for M2M UICCs
Table 4.4 UICC environmental classes and required values
Table 4.5 File types of smartcards
Table 4.6 Some of the key commands of the SIM/UICC
Table 4.7 An example of the SIM/UICC card response messages. The complete list can be found in ISO/IEC 7816‐4 documentation
Chapter 06
Table 6.1 Comparison of SE, TEE and HCE
Table 6.2 Comparison of mobile security solutions
Chapter 07
Table 7.1 The options for the NAA as defined in Ref. [21]
Chapter 09
Table 9.1 Key roles of DPI
Chapter 01
Figure 1.1 The contents of this handbook
Chapter 02
Figure 2.1 The statistics of data consumption of mobile laptop and smartphone users
Figure 2.2 The general trends of 3G and 4G data rates. The planned 5G will offer considerably higher speeds
Figure 2.3 The app ecosystem depends on the available technologies and services
Figure 2.4 The development procedure for Android app development
Figure 2.5 The main elements of 3GPP networks. The evolution of LTE brings new elements for, e.g., eMBMS, as well as cell extensions like relay nodes and Home eNB elements, while LTE also extends to unlicensed bands (LTE‐U) and is optimized for IoT/M2M environment (LTE‐M)
Figure 2.6 The signalling chart for the delivery of triplets from the AuC/HLR to VLR
Figure 2.7 The subscriber‐specific Ki, as well as the A3 and A8 algorithms are stored in the SIM and the AuC for the authentication, authorization and session key creation. The A5 algorithm is stored, in turn, in the HW of the Mobile Terminal (MT) and in the Base Transceiver Station (BTS) equipment for protecting the radio interface
Figure 2.8 By utilizing Ki, A3 and A8, the AuC calculates the triplet, i.e., values for the Kc, RAND and SRES. The triplet is stored in the VLR
Figure 2.9 The authentication and authorization is done by A3, RAND and Ki
Figure 2.10 Kc is calculated with the A8 algorithm, based on Ki stored permanently within SIM, and RAND produced in the AuC/VLR
Figure 2.11 The encryption of the GSM radio interface takes place via the A5 algorithm
Figure 2.12 The 3GPP security architecture. The symbols of the figure refer to the following: (A) network access security; (B) provider domain security; (C) user domain security; and (D) application security
Figure 2.13 The role of the UMTS interfaces in 3GPP security procedures.
Figure 2.14 The principle of the 3G authentication vector generation as described in 3GPP TS 33.102
Figure 2.15 The principle of the vendor certificate process
Figure 2.16 The eNB protocol stacks with embedded IPSec layer
Figure 2.17 LTE Key hierarchy concept
Figure 2.18 Key handling procedure in handover
Figure 2.19 The mutual authentication procedure of LTE
Figure 2.20 The architecture of the combined IPSec and PKI. The light dotted line indicates signalling, and solid line represents user plane data flow. The thick dotted line symbolizes the IPSec tunnel. The communication between SecGW as well as Operations Administration and Maintenance (OAM) can be done via Transport Layer Security (TLS) or Secure HTTP (HTTPS)
Figure 2.21 The PKI design with the architecture and interfaces
Figure 2.22 An integration example for the gateway attached to the access router
Figure 2.23 The security zone principle
Figure 2.24 The MBMS reference architecture.
Figure 2.25 The eMBMS reference architecture.
Figure 2.26 The elements and key management procedures for ME‐based eMBMS security as described in 3GPP TS 33.246. The events in the radio interface are the following: (1) HTTP Digest authentication with the MRK key; (2) MIKEY MSK key distribution which is protected with the MUK key; (3) MIKEY MTK key distribution which is protected by the MSK key; and (4) user data which is protected via the MTK key.
Figure 2.27 The protocol layers of FLUTE
Figure 2.28 The flowchart of successful EAP authentication
Figure 2.29 The LTE‐UE states and the inter‐RAT mobility procedures with the GSM network as interpreted from Ref. [38].
Figure 2.30 The LTE‐UE states and the inter‐RAT mobility procedures with the UMTS network as interpreted from Ref. [38].
Figure 2.31 Mobility procedures between E‐UTRA and CDMA2000 as interpreted from Ref. [38].
Figure 2.32 Enhanced Packet System (EPS) architecture for CSFB and SMS over
SGs
interface
Figure 2.33 Wi‐Fi Offload architecture
Figure 2.34 Femtocell architecture
Chapter 03
Figure 3.1 IoT consists of devices that are able to perform functions such as measurements and data processing, as stated in Refs. [1,2]. The connectivity can be based on all known data transfer techniques, including mobile communications networks, local wireless and wired networks, and even direct connectivity. IoT may have communications with other consumer devices, and furthermore, part of the devices can act as hubs to connect the local equipment to the Internet
Figure 3.2 Individuals using the Internet [16]
Figure 3.3 The main components of IoT
Figure 3.4 The IoT environment is developing along with the technological enablers, each phase or wave influencing the further planning of the enablers in an iterative way
Figure 3.5 An example of the potential LTE spectrum plans of Latin America
Figure 3.6 Typical LTE/LTE‐A band scenarios and potential carrier aggregation deployment in the rest of the world
Figure 3.7 High‐level examples of wireless connectivity solutions with respective coverage and data rate
Figure 3.8 The RFID system architecture
Figure 3.9 The principle of the TSM
Figure 3.10 The principle of the SD
Figure 3.11 SG model as interpreted from the IEEE 2030‐2011
Chapter 04
Figure 4.1 The physical connections of the UICC
Figure 4.2 Physical interfaces of the 8‐PIN UICC based on ISO, SWP and USB
Figure 4.3 The 1FF of SIM cards (dimensions in mm), which is also called ID‐1. The thickness is 0.76 mm. The ID‐1 is used in practice only for delivering the plug‐in units which are further snapped out from the card body when inserting them to mobile devices
Figure 4.4 SIM card’s 2FF, 3FF and 4FF plug‐in units (dimensions in mm)
Figure 4.5 The plug‐in units of 2FF or 3FF can be delivered within a single ID‐1 card body. This eases the logistics and enhances user experience upon inserting the plug‐in units into mobile devices.
Figure 4.6 The physical building blocks of a smartcard. The ID‐1 card body can be of plastics or recyclable materials, while the frame material of the plug‐in needs to comply with typically stricter mechanical and environmental requirements making plastics the most feasible material
Figure 4.7 An example of the system level building blocks of a multi‐application card based on the UICC. The applications may also include other subscription containers like RUIM for CDMA systems, and applets for many areas such as transit access and payments
Figure 4.8 The eUICC logical architecture as interpreted from ETSI TS 103 383
Figure 4.9 Some ETSI eUICC use cases for redundant subscription management
Figure 4.10 The embedded UICC architecture of GSMA as interpreted from Ref. [33]
Figure 4.11 Some examples of the physically embedded SEs. At present, the MFF2 is the only standardized variant of embedded UICC. The smallest ones are typically based on wafer‐level which can be very small in volume, such as the WLCSP which can measure, e.g., 2.7 × 2.5 × 0.4 mm
3
, depending on each chip manufacturer’s own specifications
Figure 4.12 Typical use cases for NFC
Figure 4.13 The block diagram of the UICC
Figure 4.14 The overall principle of the file structure of the smartcard
Figure 4.15 The principle of ADFs
Figure 4.16 The format of the Command and Response APDU
Chapter 05
Figure 5.1 The development of mobile payment
Figure 5.2 An example of the QR code with embedded web link leading to further information about this
Wireless Security
book
Figure 5.3 Example of the architecture of an NFC device. The NFC radio interface is connected to payment associations such as Visa, MasterCard, AmEx and Discover via the merchant processor
Figure 5.4 The NFC architecture as defined by the NFC Forum
Figure 5.5 NFC device based on SE in microSD form and NFC chip residing within the device
Figure 5.6 Device without NFC functionality can be used with microSD that is equipped with NFC antenna, NFC chip and SE
Figure 5.7 Some options for mobile payment solutions
Chapter 06
Figure 6.1 An example of the utilization of the UICC or eUICC as a part of the mobile payment service
Figure 6.2 The NFC payment architecture based on the SE or eSE
Figure 6.3 Examples of the TSM models
Figure 6.4 An example of the TEE architecture based on ARM TrustZone t‐Base. The TEE is connected to the external world via communications protocols designed between the TEE and REE which provide the means for the safe execution of the trustlets
Figure 6.5 An example of the t‐Base ecosystem
Figure 6.6 An example of the TEE secured application OTA lifecycle management
Figure 6.7 The payment application of the cloud service can be, in its basic form, within the SW‐based OS located outside of the SE
Figure 6.8 Example of HCE‐based payment architecture
Figure 6.9 Comparison of selected protection mechanisms
Chapter 07
Figure 7.1 An example of ODA as described in Ref. [17]
Figure 7.2 The high‐level signalling flow of the real‐time provisioning procedure as applied in the SmartTrust SmartAct solution
Figure 7.3 An example of the UICC activation, i.e., provisioning by utilizing a POS card reader
Figure 7.4 The principle of SIM OTA messaging
Figure 7.5 Data exchange as defined in ETSI TS 102 124
Figure 7.6 The OMA DM philosophy
Figure 7.7 OMA Lightweight M2M architecture. The LWM2M communications between the client and the server is optimized via efficient payload, and is able to support interfaces for bootstrapping, registration, object/source access and reporting for very low‐cost devices
Figure 7.8 Remote eUICC provisioning architecture for M2M environment as defined by GSMA (version 2.1).
Figure 7.9 The contents of eUICC in GSMA remote provisioning systems.
Figure 7.10 The contents of a GSMA profile.
Figure 7.11 The mapping of the card entities with the provisioning system.
Figure 7.12 The ISD‐P stages of GSMA remote provisioning eUICC. The transitions may be triggered by ISD‐R or ISD‐P itself. There also is a fall‐back (FB) mechanism
Figure 7.13 The evolved GSMA subscription management architecture (version 4) that includes the consumer environment
Figure 7.14 The GSMA RSP V1 architecture
Chapter 08
Figure 8.1 The principle of CEIR. Each of the connected operator‐specific EIRs is synchronized upon the reporting of devices in their black lists
Figure 8.2 The original Phase 1 GSM system’s protocol stack from the 1990s, added by the GPRS functionality of Release 97 from the early 2000s
Figure 8.3 The principle of the spoof GSM BTS may be based on the minimum set of the radio interface protocol stack as well as the essential protocols in connectivity and mobility management layers. In this way, all the additional functionality like encryption, frequency hopping etc. can be eliminated from the connection while the interception and relaying of the clear‐code call can be done, e.g., via a separate VoIP call
Figure 8.4 The LTE/SAE security chain includes various aspects
Figure 8.5 The C‐plane security principle of LTE/SAE
Figure 8.6 The U‐plane security principle of LTE/SAE
Figure 8.7 The M‐plane security principle of LTE/SAE
Figure 8.8 The S‐plane security principle of LTE/SAE
Figure 8.9 The correct timing for the equipment ordering has impact on the RoI
Figure 8.10 General principles of equipment manufacturing
Figure 8.11 An example of a real‐world scenario which sometimes may experience delays in commercial market entrance due to issues that are identified too late prior to launch
Figure 8.12 Issues resulting in delayed market entrance can be minimized via preliminary testing activities as soon as the equipment prototypes are ready
Figure 8.13 Process for the error ticket opening applicable to LTE/LTE‐A UE and network elements. The optimal way is to assess deeply the background information prior to the error ticket opening in order to speed up corrections
Chapter 09
Figure 9.1 An example of CGN firewall deployment based on Check Point
Figure 9.2 An example of Check Point deployment in an IPSec gateway mode, delivering the S1‐MME signalling (SCTP) and S1‐U traffic (GTP‐U over UDP)
Figure 9.3 An example of Check Point acting as a roaming gateway
Figure 9.4 An example of Check Point protecting roaming networks
Figure 9.5 The configuration for the MME intercept
Figure 9.6 The configuration for the HSS intercept
Figure 9.7 The configuration for the S‐GW and P‐GW intercept
Figure 9.8 Write‐Replace warning procedure
Figure 9.9 Kill procedure
Chapter 10
Figure 10.1 LTE‐A and WiMAX2 are the result of their own evolution paths, but can be used in a cooperative environment via data offloading and inter‐working
Cover
Table of Contents
Begin Reading
iv
xii
xiii
xiv
xv
xvi
xvii
xviii
xix
xx
xxi
xxii
xxiii
xxiv
xxv
xxvi
xxvii
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
Jyrki T. J. Penttinen
Giesecke & Devrient, USA
This edition first published 2017© 2017 John Wiley & Sons, Ltd
Registered OfficeJohn Wiley & Sons, Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom
For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com.
The right of the author to be identified as the author of this work has been asserted in accordance with the Copyright, Designs and Patents Act 1988.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. It is sold on the understanding that the publisher is not engaged in rendering professional services and neither the publisher nor the author shall be liable for damages arising herefrom. If professional advice or other expert assistance is required, the services of a competent professional should be sought.
The advice and strategies contained herein may not be suitable for every situation. In view of ongoing research, equipment modifications, changes in governmental regulations, and the constant flow of information relating to the use of experimental reagents, equipment, and devices, the reader is urged to review and evaluate the information provided in the package insert or instructions for each chemical, piece of equipment, reagent, or device for, among other things, any changes in the instructions or indication of usage and for added warnings and precautions. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read. No warranty may be created or extended by any promotional statements for this work. Neither the publisher nor the author shall be liable for any damages arising herefrom.
Library of Congress Cataloging‐in‐Publication data applied for
ISBN: 9781119084396
A catalogue record for this book is available from the British Library.
Dr Jyrki T. J. Penttinen, the author of this Wireless Communications Security book, started working in the mobile communications industry in 1987 evaluating early stage NMT‐900, DECT and GSM radio network performance. After having obtained his MSc (EE) grade from Helsinki University of Technology (HUT) in 1994, he continued with Telecom Finland (Sonera and TeliaSonera Finland) and with Xfera Spain (Yoigo) participating in 2G and 3G projects. He also established and managed the consultancy firm Finesstel Ltd in 2002–03 operating in Europe and the Americas, and afterwards he worked with Nokia and Nokia Siemens Networks in Mexico, Spain and the United States in 2004–2013. During his time working with mobile network operators and equipment manufacturers, Dr Penttinen was involved in a wide range of operational and research activities performing system and architectural design, investigation, standardization, training and technical management with special interest in the radio interface of cellular networks and mobile TV such as GSM, GPRS/EDGE, UMTS/HSPA and DVB‐H. Since 2014, in his current Program Manager’s position with Giesecke & Devrient America, Inc, his focus areas include mobile and IoT security and innovation.
Dr Penttinen obtained his LicSc (Tech) and DSc (Tech) degrees in HUT (currently known as Aalto University, School of Science and Technology) in 1999 and 2011, respectively. In addition to his main work, he is an active lecturer, has written dozens of technical articles and authored telecommunications books, the recent ones being The LTE‐Advanced Deployment Handbook (Wiley, 2016), The Telecommunications Handbook (Wiley, 2015) and The LTE/SAE Deployment Handbook (Wiley, 2011). More information about his publications can be found at www.tlt.fi.
This Wireless Communications Security book summarizes key aspects related to radio access network security solutions and protection against malicious attempts. As such a large number of services depend on the Internet and its increasingly important wireless access methods now and in the future, proper shielding is of the utmost importance. Along with the popularization of wireless communications systems such as Wi‐Fi and cellular networks, the utilization of the services often takes place via wireless equipment such as smartphones and laptops supporting short and long range radio access technologies. Threats against these services and devices are increasing, one of the motivations of the attackers being the exploitation of user credentials and other secrets to achieve monetary benefits. There are also plenty of other reasons for criminals to attack wireless systems which thus require increasingly sophisticated protection methods by users, operators, service providers, equipment manufacturers, standardization bodies and other stakeholders.
Along with the overall development of IT and communications technologies, the environment has changed drastically over the years. In the 1980s, threats against mobile communications were merely related to the cloning of a user’s telephone number to make free phone calls and eavesdropping on voice calls on the unprotected radio interface. From the experiences with the relatively poorly protected first‐generation mobile networks, modern wireless communications systems have gradually taken into account security threats in a much more advanced way while the attacks are becoming more sophisticated and involve more diversified motivations such as deliberate destruction of the services and ransom‐type threats. In addition to all these dangers against end‐users, security breaches against the operators, service providers and other stakeholder are on the rise, too. In other words, we are entering a cyber‐world, and the communications services are an elemental part of this new era.
The Internet has such an integral role in our daily life that the consequences of a major breakdown in its services would result in chaos. Proper shielding against malicious attempts requires a complete and updated cyber‐security to protect the essential functions of societies such as bank institutes, energy distribution and telecommunications infrastructures. The trend related to the Internet of Things (IoT), with estimations of tens of billions of devices being taken into use within a short time period, means that the environment is becoming even more challenging due to the huge proportion of the cheaper IoT devices that may often lack their own protection mechanisms. These innocent‐looking always‐connected devices such as intelligent household appliances – if deployed and set up improperly – may expose doors deeper into the home network, its services and information containers, and open security holes even further into the business networks. This is one of the key areas in modern wireless security preparation.
As my good friend Alfredo so well summarized, the Internet can be compared to nuclear power; it is highly useful while under control, but as soon as security threats are present, it may lead to major disaster. Without doubt, proper protection is thus essential. This book presents the solutions and challenges of wireless security by summarizing typical, currently utilized services and solutions, and paints the picture for the future by presenting novelty solutions such as advanced mobile subscription management concepts. I hope you find the contents interesting and relevant in your work and studies and obtain an overview on both the established and yet‐to‐be‐formed solutions of the field. In addition to this book, the contents are available in eBook format, and you can find additional information and updates from the topics at www.tlt.fi, which complement the overall picture of wireless security. As has been the case with my previous books published by Wiley, I would be glad to receive your valuable feedback about this Wireless Communications Security book directly via my email address: [email protected]
Jyrki T. J. PenttinenMorristown, NJ, USA
It has been a highly interesting task to collect all this information about wireless security aspects into a single book. I reckon many of the presented solutions tend to develop extremely fast as the threats become increasingly sophisticated and innovative. The challenge is, of course, to maintain the relevancy of the written material. It is perhaps equally difficult for the stakeholders to ensure proper shielding of the wireless communications networks, devices, mobile apps and services along with all the advances in consumer and machine‐to‐machine domains – not forgetting the overall development of the Internet of Things (IoT), which is currently experiencing major interest. Even so, I believe that the foundations are worth describing in a book format, while the latest advances of each presented field can be checked via the identified key references and root sources of information.
An important part of this book, that is, describing the basics, is something I have been involved with throughout my career when I was working with mobile network operators as well as network and device vendors, while the rest of the contents complete the picture by presenting the most recent advances such as embedded SIM and respective subscription management which will be highly relevant in the near future for the most dynamic ways of utilizing consumers’ mobile and companion devices as well as the ever growing amount of IoT equipment. I thank all my good colleagues I have had the privilege to work with and to exchange ideas related to mobile security. I want to especially mention the important role of Giesecke & Devrient in offering me the possibility to focus on the topic in my current position.
I warmly thank the Wiley team for the professional work and firm yet tender ways for ensuring the book project and schedules advanced according to the plans. Special thanks belong to Mark Hammond, Sandra Grayson, Tiina Wigley and Nithya Sechin, as well as Tessa Hanford, among all the others who helped me to make sure this book was finalized in good order.
I also want to express my warmest gratitude to the Finnish Association of Non‐fiction Writers for their most welcomed support.
Finally, I thank Elva, Stephanie, Carolyne, Miguel, Katriina and Pertti for all their support.
Jyrki T. J. PenttinenMorristown, NJ, USA
3DES
Triple‐Data Encryption Standard
3GPP
3
rd
Generation Partnership Program
6LoWPAN
IPv6 Low power Wireless Personal Area Network
AAA
Authentication, Authorization and Accounting
AAS
Active Antenna System
ACP
Access Control Policy
ADF
Application Dedicated File
ADMF
Administration Function
ADSL
Asymmetric Digital Subscriber Line
ADT
Android Developer Tool
AES
Advanced Encryption Standard
AF
Authentication Framework
AID
Application ID
AIDC
Automatic Identification and Data Capture
AIE
Air Interface Encryption
AK
Anonymity Key
AKA
Authentication and Key Agreement
ALC
Asynchronous Layered Coding
AMF
Authenticated Management Field
AMI
Advanced Metering Infrastructure
AMPS
Advanced Mobile Phone System
ANDSF
Access Network Discovery and Selection Function
ANSI
American National Standards Institute
AOTA
Advanced Over‐the‐Air
AP
Access Point
AP
Application Provider
APDU
Application Protocol Data Unit
API
Application Programming Interface
AR
Aggregation Router
ARIB
Association of Radio Industries and Businesses
AS
Access Stratum
AS
Authentication Server
ASIC
Application‐Specific Integrated Circuit
ASME
Access Security Management Entity
ASN.1
Abstract Syntax Notation One
ATCA
Advanced Telecommunications Computing Architecture
ATR
Answer to Reset
ATSC
Advanced Television Systems Committee
AuC
Authentication Centre
AUTN
Authentication Token
AV
Authentication Vector
AVD
Android Virtual Device
BAN
Business/Building Area Network
BCBP
Bar Coded Boarding Pass
BCCH
Broadcast Control Channel
BE
Backend
BGA
Ball Grid Array
BIN
Bank Identification Number
BIP
Bearer‐Independent Protocol
BLE
Bluetooth, Low‐Energy
BM‐SC
Broadcast – Multicast Service Centre
BSC
Base Station Controller
BSP
Biometric Service Provider
BSS
Billing System
BSS
Business Support System
BTS
Base Transceiver Station
C2
Command and Control
CA
Conditional Access
CA
Carrier Aggregation
CA
Certificate Authority
CA
Controlling Authority
CAT
Card Application Toolkit
CAT_TP
Card Application Toolkit Transport Protocol
CAVE
Cellular Authentication and Voice Encryption
CB
Cell Broadcast
CBEFF
Common Biometric Exchange Formats Framework
CC
Common Criteria
CC
Congestion Control
CCM
Card Content Management
CCMP
Counter‐mode Cipher block chaining Message authentication code Protocol
CCSA
China Communications Standards Association
CDMA
Code Division Multiple Access
CEIR
Central EIR
CEPT
European Conference of Postal and Telecommunications Administrations
CFN
Connection Frame Number
CGN
Carrier‐Grade NAT
CHV
Chip Holder Verification
CI
Certificate Issuer
CK
Cipher Key
CL
Contactless
CLA
Class of Instruction
CLF
Contactless Frontend
CLK
Clock
CMAS
Commercial Mobile Alert System
CMP
Certificate Management Protocol
CN
Core Network
CoAP
Constrained Application Protocol
CoC
Content of Communication
CPU
Central Processing Unit
CS
Circuit Switched
CSFB
Circuit Switched Fallback
CSG
Closed Subscriber Group
CSS7
Common Signaling System
CVM
Cardholder Verification Method
DBF
Database File
DD
Digital Dividend
DDoS
Distributed Denial‐of‐Service
DE
Data Element
DES
Data Encryption Standard
DF
Dedicated File
DFN
Dual‐Flat, No leads
DHCP
Dynamic Host Configuration Protocol
DL
Downlink
DM
Device Management
DM
Device Manufacturer
DMO
Direct Mode Operation
DNS
Domain Name System
DoS
Denial‐of‐Service
DPA
Data Protection Act
DPI
Deep Packet Inspection
DRM
Digital Rights Management
DS
Data Synchronization
DSS
Data Security Standard
DSSS
Direct Sequence Spread Spectrum
DTLS
Datagram Transport Layer Security
DTMB
Digital Terrestrial Multimedia Broadcast
DVB
Digital Video Broadcasting
EAL
Evaluation Assurance Level
EAN
Extended Area Network
EAP
Extensible Authentication Protocol
EAPoL
Extensible Authentication Protocol over Local Area Network
EAP‐TTLS
Extensible Authentication Protocol‐Tunneled Transport Layer Security
ECASD
eUICC Controlling Authority Secure Domain
eCAT
Encapsulated Card Application Toolkit
ECC
Elliptic Curve Cryptography
ECDSA
Elliptic Curve Digital Signature Algorithm
ECO
European Communications Office
EDGE
Enhanced Data Rates for Global Evolution
EEM
Ethernet Emulation Mode
EEPROM
Electrically Erasable Read‐Only Memory
EF
Elementary File
EGAN
Enhanced Generic Access Network
EID
eUICC Identifier
EIR
Equipment Identity Register
E‐MBS
Enhanced Multicast Broadcast Service
EMC
Electro‐Magnetic Compatibility
EMF
Electro‐Magnetic Field
EMI
Electro‐Magnetic Interference
EMM
EPS Mobility Management
EMP
Electro‐Magnetic Pulse
eNB
Evolved Node B
EPC
Enhanced Packet Core
EPC
Evolved Packet Core
EPS
Electric Power System
EPS
Enhanced Packet System
ERP
Enterprise Resource Planning
ERTMS
European Rail Traffic Management System
eSE
Embedded Security Element
eSIM
Embedded Subscriber Identity Module
ESN
Electronic Serial Number
ESP
Encapsulating Security Payload
ETSI
European Telecommunications Standards Institute
ETWS
Earthquake and Tsunami Warning System
eUICC
Embedded Universal Integrated Circuit Card
EUM
eUICC Manufacturer
E‐UTRAN
Enhanced UTRAN
EV‐DO
Evolution Data Only/Data Optimized
FAC
Final Approval Code
FAN
Field Area Network
FCC
Federal Communications Commission
FDD
Frequency Division Multiplex
FDT
File Delivery Table
FEC
Forward Error Correction
FF
Form Factor
FICORA
Finnish Communications Regulatory Authority
FID
File‐ID
FIPS
Federal Information Processing Standards
FLUTE
File Transport over Unidirectional Transport
FM
Frequency Modulation
FPGA
Field Programmable Gate Array
GAA
Generic Authentication Architecture
GBA
Generic Bootstrapping Architecture
GCSE
Group Communication System Enabler
GEA
GPRS Encryption Algorithm
GERAN
GSM EDGE Radio Access Network
GGSN
Gateway GPRS Support Node
GMSK
Gaussian Minimum Shift Keying
GoS
Grade of Service
GP
GlobalPlatform
GPRS
General Packet Radio Service
GPS
Global Positioning System
GRX
GPRS Roaming Exchange
GSM
Global System for Mobile Communications
GSMA
GSM Association
GTP
GPRS Tunnelling Protocol
GUI
Graphical User Interface
HAN
Home Area Network
HCE
Host Card Emulation
HCI
Host Controller Interface
HE
Home Environment
HF
High Frequency
HFN
Hyperframe Number
HIPAA
Health Insurance Portability and Accountability Act
HLR
Home Location Register
HNB
Home Node B
HRPD
High Rate Packet Data
HSPA
High Speed Packet Access
HSS
Home Subscriber Server
HTTPS
HTTP Secure
HW
Hardware
I/O
Input/Output
I
2
C
Inter‐Integrated Circuit
IAN
Industrial Area Network
IANA
Internet Assigned Numbers Authority
IARI
IMS Application Reference ID
ICAO
International Civil Aviation Organization
ICC
Integrated Circuit Card
ICCID
ICC Identification Number
ICE
In Case of Emergency
ICE
Intercepting Control Element
ICIC
Inter Cell Interference Control
ICT
Information and Communication Technologies
IDE
Integrated Development Environment
IDEA
International Data Encryption Algorithm
ID‐FF
Identity Federation Framework
IDM
Identity Management
IDS
Intrusion Detection System
ID‐WSF
Identity Web Services Framework
IEC
International Electrotechnical Commission
IEEE
Institute of Electrical and Electronics Engineers
IETF
Internet Engineering Task Force
IF
Intermediate Frequency
IK
Integrity Key
IKE
Internet Key Exchange
IMEI
International Mobile Equipment Identity
IMEISV
IMEI Software Version
IMS
IP Multimedia Subsystem
IMSI
International Mobile Subscriber Identity
IOP
Interoperability Process
IoT
Internet of Things
IOT
Inter‐Operability Testing
IP
Internet Protocol
IPS
Intrusion Prevention System
IPSec
IP Security
IR
Infrared
IRI
Intercept Related Information
ISD
Issuer Security Domain
ISDB‐T
Terrestrial Integrated Services Digital Broadcasting
ISD‐P
Issuer Security Domain Profile
ISD‐R
Issuer Security Domain Root
ISIM
IMS SIM
ISO
International Organization for Standardization
ISOC
Internet Society
ITSEC
Information Technology Security Evaluation Criteria
ITU
International Telecommunications Union
IWLAN
Interworking Wireless Local Area Network
JBOH
JavaScript‐Binding‐Over‐HTTP
JTC
Joint Technical Committee
K
User Key
KASME
Key for Access Security Management Entity
KDF
Key Derivation Function
LA
Location Area
LAN
Local Area Network
LBS
Location Based Service
LCT
Layered Coding Transport
LEA
Law Enforcement Agencies
LEAP
Lightweight Extensible Authentication Protocol
LEMF
Law Enforcement Monitoring Facilities
LF
Low Frequency
LI
Legal/Lawful Interception
LIF
Location Interoperability Forum
LIG
Legal Interception Gateway
LLCP
Logical Link Control Protocol
LOS
Line‐of‐Sight
LPPM
Location‐Privacy Protection Mechanism
LTE
Long Term Evolution
LTE‐M
LTE M2M
LTE‐U
LTE Unlicensed
LUK
Limited Use Key
LWM2M
Lightweight Device Management of M2M
M2M
Machine‐to‐Machine
MAC
Medium Access Control
MAC
Message Authentication Code
MBMS
Multimedia Broadcast and Multicast Service
MC
Multi Carrier
MCC
Mobile Country Code
MCPTT
Mission Critical Push To Talk
ME
Mobile Equipment
ME ID
Mobile Equipment Identifier
MF
Master File
MFF2
Machine‐to‐Machine Form Factor 2
MGIF
Mobile Gaming Interoperability Forum
MIM
Machine Identity Module
MIMO
Multiple In Multiple Out
MITM
Man in the Middle
MM
Mobility Management
MME
Mobility Management Entity
MMS
Multimedia Messaging
MNC
Mobile Network Code
MNO
Mobile Network Operator
MPLS
Multiprotocol Label Switching
MPU
Multi Processing Unit
MRTD
Machine Readable Travel Document
MSC
Mobile services Switching Centre
MSISDN
Mobile Subscriber’s ISDN number
MSP
Multiple Subscriber Profile
MST
Magnetic Secure Transmission
MT
Mobile Terminal
MTC
Machine‐Type Communications
MVNO
Mobile Virtual Network Operator
MVP
Minimum Viable Product
MWIF
Mobile Wireless Internet Forum
NAA
Network Access Application
NACC
Network Assisted Call Control
NAF
Network Application Function
NAN
Neighborhood Area Network
NAS SMC
NAS Security Mode Command
NAS
Non‐Access Stratum
NAT
Network Address Translation
NB
Node B
NCSC‐FI
National Cyber Security Centre of Finland
NDEF
NFC Data Exchange Format
NDS
Network Domain Security
NE ID
Network Element Identifier
NFC
Near Field Communications
NGMN
Next Generation Mobile Network
NH
Next Hop
NHTSA
National Highway Transportation and Safety Administration
NIS
Network and Information Security
NIST
National Institute of Standards and Technology
NMS
Network Monitoring System
NMT
Nordic Mobile Telephony
NP
Network Provider
NPU
Numerical Processing Unit
NTP
Network Time Protocol
NWd
Normal World
OAM
Operations, Administration and Management
OBU
Onboard Unit
OCF
Open Card Framework
OCR
Optical Character Recognition
ODA
On‐Demand Activation
ODM
Original Device Manufacturer
OEM
Original Equipment Manufacturer
OFDM
Orthogonal Frequency Division Multiplexing
OM
Order Management
OMA
Open Mobile Alliance
OP
Organizational Partner
OPM
OTA Provisioning Manager
OS
Operating System
OSPT
Open Standard for Public Transport (Alliance)
OTA
Over‐the‐Air
OTT
Over‐the‐Top
PAN
Personal Account Number
PAN
Personal Area Network
PC/SC
Personal Computer/Smart Card
PCC
Policy and Charging Control
PCI
Payment Card Industry
PCI‐DSS
Payment Card Industry Data Security Standard
PDA
Personal Digital Assistant
PDCP
Packet Data Convergence Protocol
PDN
Packet Data Network
PDP
Packet Data Protocol
PDPC
Packet Data Convergence Protocol
PDS
Packet Data Services
PDU
Protocol/Packet Data Unit
PED
PIN‐Entry Device
PGC
Project Coordination Group
P‐GW
Proxy Gateway
PICC
Proximity ICC
PIN
Personal Identification Number
PITA
Portable Instrument for Trace Acquisition
PIV
Personal Identity Verification
PKI
Public Key Infrastructure
PLI
Physical Layer Identifier
PLMN
Public Land Mobile Network
PMR
Private Mobile Radio
PNAC
Port‐based Network Access Control
POS
Point‐of‐Sales
PP
Protection Profile
PTM
Point‐to‐Multipoint
PTP
Point‐to‐Point
PTS
PIN Transaction Security
PTS
Protocol Type Selection
PUK
Personal Unblocking Key
PWS
Public Warning System
QoS
Quality of Service
QR
Quick Read
RA
Registration Authority
RAM
Random Access Memory
RAM
Remote Application Management
RAN
Radio Access Network
RANAP
RAN Application Protocol
RAND
Random Number
RAT
Radio Access Technology
RCS
Rich Communications Suite
REE
Rich Execution Environment
RES
Response
RF
Radio Frequency
RFID
Radio Frequency Identity
RFM
Remote File Management
RLC
Radio Link Control
RN
Relay Node
RNC
Radio Network Controller
RoI
Return on Investment
ROM
Read‐Only Memory
RPM
Remote Patient Monitoring
RRC
Radio Resource Control
RRM
Radio Resource Management
RSP
Remote SIM Provisioning
RTC
Real Time Communications
RTD
Record Type Definition
RTT
Radio Transmission Technology
RUIM
Removable User Identity Module
SA
Security Association
SA
Services and System Aspects
SaaS
Software‐as‐a‐Service
SAE
System Architecture Evolution
SAR
Specific Absorption Rate
SAS
Security Accreditation Scheme
SAT
SIM Application Toolkit
SATCOM
Satellite Communications
SBC
Session Border Controller
SC
Sub‐Committee
SCD
Signature‐Creation Data
SCP
Secure Channel Protocol
SCQL
Structured Card Query Language
SCTP
Stream Control Transmission Protocol
SCWS
Smart Card Web Server
SD
Secure Digital
SD
Security Domain
SDCCH
Stand Alone Dedicated Control Channel
SDK
Software Development Kit
SDS
Short Data Services
SE
Secure Element
SE
Service Enabler
SEG
Security Gateway
SEI
Secure Element Issuer
SES
Secure Element Supplier
SFPG
Security and Fraud Prevention Group
SG
Smart Grid
SGSN
Serving GPRS Support Node
S‐GW
Serving Gateway
SIM
Subscriber Identity Module
SIP
Session Initiation Protocol
SiP
Silicon Provider
SM
Short Message
SMC
Security Mode Command
SM‐DP
Subscription Manager, Data Preparation
SMG
Special Mobile Group
SMS
Short Message Service
SMSC
Short Message Service Centre
SM‐SR
Subscription Manager, Secure Routing
SN ID
Serving Network's Identity
SN
Sequence Number
SN
Serving Network
SoC
System on Chip
SON
Self‐Organizing Network
SP
Service Provider
SPI
Serial Peripheral Interface
SQN
Sequence Number
SRES
Signed Response
SRVCC
Single Radio Voice Call Continuity
SS
Service Subscriber
SSCD
Secure Signature‐Creation Device
SSD
Shared Secret Data
SSDP
Simple Service Discovery Protocol
SSID
Service Set Identifier
SSL
Secure Sockets Layer
SSO
Single Sign On
SubMan
Subscription Management
SVLTE
Simultaneous Voice and LTE
SVN
Software Version Number
SW
Software
SWd
Secure World
SWP
Single Wire Protocol
TAC
Type Approval Code
TACS
Total Access Communications System
TC
Technical Committee
TCAP
Transaction Capabilities Application Part
TCP
Transmission Control Protocol
TDD
Time Division Multiplex
TDMA
Time Division Multiple Access
TE
Terminal Equipment
TEDS
TETRA Enhanced Data Service
TEE
Trusted Execution Environment
TETRA
Terrestrial Trunked Radio
TIA
Telecommunications Industry Association
TKIP
Temporal Key Integrity Protocol
TLS
Transport Layer Security
TMO
Trunked Mode Operation
TMSI
Temporary Mobile Subscriber Identity
TOE
Target of Evaluation
ToP
Timing over Packet
TPDU
Transmission Protocol Data Unit
TSC
Technical Sub‐Committee
TSG
Technical Specification Group
TSIM
TETRA Subscriber Identity Module
TSM
Trusted Service Manager
TTA
Telecommunications Technology Association
TTC
Telecommunications Technology Committee
TTLS
Tunneled Transport Layer Security
TUAK
Temporary User Authentication Key
TZ
Trusted Zone
UART
Universal Asynchronous Receiver/Transmitter
UDP
User Data Protocol
UE
User Equipment
UHF
Ultra High Frequency
UICC
Universal Integrated Circuit Card
UIM
User Identity Module
UL
Uplink
UMTS
Universal Mobile Telecommunications System
UN
United Nations
UP
User Plane
URI
Uniform Resource Identifier
USAT
USIM Application Toolkit
USB
Universal Serial Bus
USIM
Universal Subscriber Identity Module
UTRAN
Universal Terrestrial Radio Access Network
UWB
Ultra‐Wide Band
UX
User Experience
VLAN
Virtual Local Area Network
VLR
Visitor Location Register
VoIP
Voice over Internet Protocol
VoLTE
Voice over LTE
VPLMN
Visited PLMN
VPN
Virtual Private Network
WAN
Wide Area Network
WAP
Wireless Access Protocol
WCDMA
Wideband Code Division Multiplexing Access
WEP
Wired Equivalent Privacy
WG
Working Group
WIM
Wireless Identity Module
WISPr
Wireless Internet Service Provider roaming
WLAN
Wireless Local Area Network
WLCSP
Wafer‐Level re‐distribution Chip‐Scale Packaging
WPA
Wi‐Fi Protected Access
WPA2
Wi‐Fi Protected Access, enhanced
WPS
Wi‐Fi Protected Setup
WRC
World Radio Conference
WSN
Wireless Sensor Network
WWW
World Wide Web
XOR
Exclusive Or
XRES
Expected Response
Wireless Communications Security: Solutions for the Internet of Things presents key aspects of the mobile telecommunications field. The book includes essential background information of technologies that work as building blocks for the security of the current wireless systems and solutions. It also describes many novelty and expected future development options and discusses respective security aspects and protection methods.
This first chapter gives an overview to wireless security aspects by describing current and most probable future wireless security solutions, and discusses technological background, challenges and needs. The focus is on technical descriptions of existing systems and new trends like the evolved phase of Internet of Things (IoT). The book also gives an overview of existing and potential security threats, presents methods for protecting systems, operators and end‐users, describes security systems attack types and the new dangers in the ever‐evolving mobile communications networks and Internet which will include new ways of data transfer during the forthcoming years.
Chapter 1 presents overall advances in securing mobile and wireless communications, and sets the stage by summarizing the key standardization and statistics of the wireless communications environment. This chapter builds the base for understanding wireless network security principles, architectural design, deployment, installation, configuration, testing, certification and other security processes at high level while they are detailed later in the book. This chapter also discusses the special characteristics of the mobile device security, presents security architectures and gives advice to fulfil the regulatory policies and rules imposed. The reader also gets an overview about the pros and cons of different approaches for the level of security.
In general, this book gives the reader tools for understanding the possibilities and challenges of wireless communications, the main weight being on typical security vulnerabilities and practical examples of the problems and their solutions. The book thus functions as a practical guide to describe the evolvement of the wireless environment, and how to ensure the fluent continuum of the new functionalities yet minimize potential risks in the network security.
The development of wireless communications, especially the security aspects of it, has been relatively stable compared to the overall issues in the public Internet via fixed access until early 2000. Nevertheless, along with the enhanced functionalities of smart devices, networks and applications, the number of malicious attacks has increased considerably. It can be estimated that security attacks, distribution of viruses and other illegal activities increase exponentially in a wireless environment along with the higher number of devices and users of novelty solutions. Not only are payment activities, person‐to‐person communications and social media types of utilization under constant threat, but furthermore one of the strongly increasing security risks is related to the Machine‐to‐Machine (M2M) communications which belong in the IoT realm. An example of a modern threat is malicious code in an Internet‐connected self‐driving car. In the worst case, this may lead to physically damaging the car’s passengers.
There is a multitude of ideas to potentially change the role of the current Subscriber Identity Module (SIM), or Universal Integrated Circuit Card (UICC) which has traditionally been a solid base for the 3rd Generation Partnership Program (3GPP) mobile communications as it provides a highly protected hardware‐based Secure Element (SE). Alternatives have been presented for modifying or for replacing the SIM/UICC concept with, e.g., cloud‐based authentication, authorization and payment solutions. This evolution provides vast possibilities for easing the everyday life of end‐users, operators, service providers and other stakeholders in the field, but it also opens unknown doors for security threats. The near future will show the preferred development paths, one of the logical possibilities being a hybrid solution that keeps essential data like keys within hardware‐protected SEs such as SIM/UICC cards while, e.g., mobile payment would benefit from the flexibility of the cloud concept via dynamically changing tokens that have a limited lifetime.
In the near future, the penetration of autonomously operated devices without the need for human interactions will increase considerably, which results in much more active automatic communication, e.g., the delivery of telemetric information, diagnostics and healthcare data. The devices act as a base for value‐added services for vast amounts of new solutions that are still largely under development or yet to be explored. Nevertheless, the increased share of such machines attached to networks may also open new security threats if the respective scenarios are not taken into account in early phases of the system, hardware (HW) and software (SW) development.
The field of new subscription management, along with the IoT concept, automatised communications and other new ways of transferring wireless data, will evolve very quickly. The updated information and respective security mechanisms are highly needed by the industry in order to understand better the possibilities and threats, and to develop ways to protect end‐users and operators against novelty malicious attempts. Many of the solutions are still open and under standardization. This book thus clarifies the current environment and most probable development paths interpreted from the fresh messages of industry and standardization fields.
In the mobile communications, wireless Local Area Networks (LANs) are perhaps the most vulnerable to security breaches. Wi‐Fi security is often overlooked by both private individuals and companies. Major parts of wireless routers have been equipped in advance with default settings in order to offer fluent user experience for installation especially for non‐technical people. Nevertheless, this good aim of the vendors leads to potential security holes for some wireless routers and access points in businesses and home offices due to poor or non‐existing security. According to Ref. [21], around 25% of wireless router installations may be suffering from such security holes. From tests executed, Ref. [21] noted in 2011 that 61% of the studied cases (combined 2133 consumer and business networks) had a proper security set up either via Wi‐Fi Protected Access (WPA) or Wi‐Fi Protected Access, enhanced (WPA2). For the rest of the cases, 6% did not have security set up at all while 19% used low protection of Wired Equivalent Privacy (WEP), 11% used default credentials, and 3% used hidden Service Set Identifier (SSID) without encryption.
Ref. [26] presents recent statistics of Internet security breaches, and has concluded that the three most affected industries are public, information and financial services. Typical ways for illegal actions include the following:
Phishing
. Typically in the form of email, the aim is to convince users to change their passwords for banking services via legitimate‐looking web pages. The investigations of Ref. [26] shows that phishing is nowadays more focused and continues being successful for criminals as 23% of users opened the phishing email, and 11% clicked the accompanying attachments.
Exploitation of vulnerabilities
. As an example, half of the common vulnerabilities and exposures during 2014 fell within the first two weeks which indicates the high need for addressing urgent breaches.
Mobile
. Ref. [26] has noted that Android is clearly the most exploited mobile platform. Not necessarily due to weak protection as such, but 96% of malware was focused on Android during 2014. As a result, more than 5 billion downloaded Android apps are vulnerable to remote attacks, e.g., via JavaScript‐Binding‐Over‐HTTP (JBOH) which provides remote access to Android devices. Nevertheless, even if the mobile devices are vulnerable to breaches, after filtering the low‐grade malware, the amount of compromised devices has been practically negligible. An average of only 0.03% of smartphones per week in the Verizon network during 2014 were infected with higher grade malicious code.
Malware
. Half of the participating companies discovered malware events during 35 or fewer days during the period of 2014. Malware is related to other categories like phishing which is the door for embedding malicious code to user’s devices. Depending on the industry type, the amount of malware varies, so, e.g., financial institutes protect themselves more carefully against phishing emails which indicates a low malware proportion.
Payment card skimmers and Point‐of‐Sale (POS) intrusions
. This breach type has gained big headlines in recent years as there have been tens of millions of affected users per compromised retailer.
Crimeware
. The recent development indicates the increase of Denial‐of‐Service (DoS) attacks, with Command and Control (C2) continuing to defend its position in 2014.
Web app attacks
. Virtually all the attacks in this set, with 98% share, have been opportunistic in nature. Financial services and public entities are the most affected victims. Some methods related to this area are the use of stolen credentials, use of backdoor or C2, abuse of functionality, brute force and forced browsing.
Distributed Denial‐of‐Service (DDoS) attacks
. This breach type is heavily increasing. Furthermore, DDoS attacks are being prepared increasingly via malware. The attacks rely on improperly secured services like Network Time Protocol (NTP), Domain Name System (DNS) and Simple Service Discovery Protocol (SSDP) which provide the possibility to spoof IP addresses.
Physical theft and insider misuse
. These are related to human factors; in general, this category belongs to the ‘opportunity makes theft’, which is very challenging to remove completely as long as the chain of trust relies on key personnel who might have the possibility and motivation to compromise or bypass security. Detecting potential misuse by insiders is thus an important role to prevent and reveal fraudulent attempts early enough. This detection can be related to deviation of the data transfer patterns, login attempts, time‐based utilization and, in general, time spent in activities that may indicate dissatisfaction at the working place.
Cyber espionage
. According to Ref. [26], especially manufacturing, government and information services are noted to be typical targets of espionage. Furthermore, the most common way to open the door for espionage seems to be the opening of an email attachment or link.
Any other errors that may open doors for external or internal misuse.
More detailed information about data breach statistics and impacts in overall IT and wireless environments can be found in Ref. [26].
Wireless communications systems provide a functional base for vast opportunities in the area of IoT including advanced multimedia and increasingly real‐time virtual reality applications. Along with the creation and offering of novelty commercial solutions, there also exist completely new security threats that are the result of such a fast developing environment such that users and operators have not yet fully experienced the real impacts. Thus, there is a real need for constant efforts to identify the vulnerabilities and better protect any potential security holes. The following sections present some real‐world examples of the possibilities and challenges of wireless communications, the weight being in the discussion of security vulnerabilities and their solutions.
Protection in the wireless environment largely follows the principles familiar from fixed networks. Nevertheless, the radio interface especially, which is the most important difference from the fixed systems, opens new challenges as the communications are possible to capture without physical ‘wire‐tapping’ to the infrastructure. Knowledgeable hackers may thus try to unscramble the contents either in real time or by recording the traffic and attacking the contents offline without the victims’ awareness. The respective protection level falls to the value of the contents – the basic question is how much end‐users, network operators and service providers should invest in order to guarantee the minimum, typical or maximum security. As an example, the cloud storage for smart device photos would not need to be protected too strongly if a user uploads them to social media for public distribution. The scenery changes, though, if a user stores highly confidential contents that may seriously jeopardize privacy if publicly exposed. There are endless amounts of examples about such incidences and their consequences, including the stealing and distribution of personal photos of celebrities. Regardless of the highly unfortunate circumstances of these security breaches, they can also work as very useful lessons. Some of the easiest means to minimize the damage is to apply additional application‐layer security by encrypting the contents via a separate password, and simply to reconsider the uploading of the most sensitive data to external data storages.
The selection of the security level, whether it is done by the end‐user, network operator or service provider, can be optimized by balancing the cost of the protection and the fluency of the utilization. This easy user experience may be an important aspect because a highly secured service may require such complicated procedures to authenticate and protect the contents that it is not practical for the average user. One of the most reliable yet fluent ways is to utilize two‐fold authentication, e.g., based on permanent user ID and password as well as a one‐time code that is sent to the user via an alternative route such as mobile communications messaging. Along with increasing mobile device penetration, the majority of users already have some kind of mobile device, so one of the most logical bearers for such messaging authentication is based on the robust, widespread Short Message Service (SMS).
First‐generation mobile communications systems, such as the Nordic Mobile Telephone (NMT), British Total Access Communications System (TACS) and American Advanced Mobile Phone System (AMPS), were analogue and based on Frequency Modulated (FM) radio channels for solely voice communications. The conversations of users could be intercepted by tuning a simple commercial‐grade radio scanner to the utilized frequencies of the base station and mobile device as there was no contents protection mechanism applied against potential eavesdropping. Also, copying and reutilization of the device credentials such as the telephone number was possible via the non‐protected radio interface and Common Signaling System (CSS7) messages. The analogue mobile communications networks have been obsolete for many years, but these early experiences about security breaches have been educational for developing more advanced systems.