Compaq Evo n800c Wireless Security - Page 13

Public Key Infrastructure

Get Compaq Evo n800c - Notebook PC PDF manuals and user guides View all Compaq Evo n800c manuals
Add to My Manuals
Save this manual to your list of manuals

Page 13 highlights

Wireless Security White Paper 13 The discussion that follows concentrates on the segment of the network pipe in which information must travel over public highways and suffer the potential for exposure. Transmission via one of several connectivity technologies from the access device to the carrier (or WWAN access point) is dependent to a certain degree on the type of network used in WWAN connectivity. GSM and CDPD networks are the most secure due to the heavier underlying encryption native to the network technology; that is, the airtime provider supplies the user with encryption of signals, resulting in an inherently more secure system than those where such encryption is not provided. Conversely, CDMA/TDMA networks are slightly less secure since they include only digital encoding without encryption. The following sub-sections discuss these vulnerabilities in more detail and suggest solutions to mitigate risk associated with WWAN connectivity. For simplification, the next section is titled "Eavesdropping," but with the understanding that, as commented above, eavesdropping can lead to or imply a broad range of mischief for a wireless network. This simplification is helpful in describing the two primary technologies that help forestall eavesdropping and its destructive ramifications. Those technologies are encryption and tunneling. Encryption and tunneling effectively "hide" information as it travels by making it unreadable, and thus unusable, to casual or not-so-casual observers. It is necessary at this juncture, however, to be clear that technologies used to secure one piece of the pipe may need to be deployed across multiple points in the pipe. For example, it may be necessary to load software on the device and on the server, as well, to better secure the connectivity channel. Eavesdropping To prevent eavesdropping and its concomitant ills, the information that travels over a wireless network must be rendered unreadable or invisible to observers. Two key technologies make such information unreadable or invisible. Those technologies are encryption and tunneling. These technologies include Public Key Infrastructure (PKI) and Virtual Private Networks (VPNs). Popular PKI vendors like Baltimore Technologies, Inc. and Entrust do not have PKI support for access devices. Smaller companies have point solutions to specific applications that run on the various operating systems. Public Key Infrastructure Most approaches to achieving security for the wireless exchange of information over networks involve the use of public key cryptography, also known as public key encryption. The framework on which public key cryptography is built is known as a public key infrastructure (PKI). Figure 5 illustrates the basics of public key cryptography. In Figure 5 the originator encrypts the data using a public key, so that the data is scrambled when it is sent over the network. The recipient receives the scrambled data and decrypts it using the recipient's private key. Figure 5: Basics of Public Key Cryptography

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
Wireless Security White Paper
13
The discussion that follows concentrates on the segment of the network pipe in which information
must travel over public highways and suffer the potential for exposure. Transmission via one of
several connectivity technologies from the access device to the carrier (or WWAN access point)
is dependent to a certain degree on the type of network used in WWAN connectivity.
GSM and CDPD networks are the most secure due to the heavier underlying encryption native to
the network technology; that is, the airtime provider supplies the user with encryption of signals,
resulting in an inherently more secure system than those where such encryption is not provided.
Conversely, CDMA/TDMA networks are slightly less secure since they include only digital
encoding without encryption.
The following sub-sections discuss these vulnerabilities in more detail and suggest solutions to
mitigate risk associated with WWAN connectivity.
For simplification, the next section is titled "Eavesdropping," but with the understanding that, as
commented above, eavesdropping can lead to or imply a broad range of mischief for a wireless
network. This simplification is helpful in describing the two primary technologies that help
forestall eavesdropping and its destructive ramifications. Those technologies are encryption and
tunneling. Encryption and tunneling effectively "hide" information as it travels by making it
unreadable, and thus unusable, to casual or not-so-casual observers. It is necessary at this
juncture, however, to be clear that technologies used to secure one piece of the pipe may need to
be deployed across multiple points in the pipe. For example, it may be necessary to load software
on the device and on the server, as well, to better secure the connectivity channel.
Eavesdropping
To prevent eavesdropping and its concomitant ills, the information that travels over a wireless
network must be rendered unreadable or invisible to observers. Two key technologies make such
information unreadable or invisible. Those technologies are encryption and tunneling. These
technologies include Public Key Infrastructure (PKI) and Virtual Private Networks (VPNs).
Popular PKI vendors like Baltimore Technologies, Inc. and Entrust do not have PKI support for
access devices. Smaller companies have point solutions to specific applications that run on the
various operating systems.
Public Key Infrastructure
Most approaches to achieving security for the wireless exchange of information over networks
involve the use of public key cryptography, also known as public key encryption. The framework
on which public key cryptography is built is known as a public key infrastructure (PKI).
Figure 5 illustrates the basics of public key cryptography. In Figure 5 the originator encrypts the
data using a public key, so that the data is scrambled when it is sent over the network.
The
recipient receives the scrambled data and decrypts it using the recipient’s private key.
Figure 5: Basics of Public Key Cryptography