Compaq Evo n800c Wireless Security - Page 19

Security Specific to WWAN Carrier Technologies

Get Compaq Evo n800c - Notebook PC PDF manuals and user guides View all Compaq Evo n800c manuals
Add to My Manuals
Save this manual to your list of manuals

Page 19 highlights

Wireless Security White Paper 19 The following VPN products, however, are available from third parties for the Compaq iPAQ Pocket PC: movianVPN by Certicom: • Based on IPSec • Uses Certicom ECC for IKE • Connects to back-end VPN products from: Alcatel, Check Point, Cisco, Intel, Nortel, Radguard, Symantec Check Point VPN Client: • In development • Not based on IPSec • Will support only Check Point VPN products VGate by V-One: • Works only with V-One VPN appliance gateway • Supports many strong, third-party authentication schemes SecureTunnel by Traxit: • Provides VPN functionality by performing packet switching at remote hosting center • Designed to provide direct, end-to-end connectivity and authentication (mobile client directly to application server) Security Specific to WWAN Carrier Technologies All digitized mobile telephone and wireless packet data networks use some form of encryption. GSM uses a smart card to protect its keys. The smart card contains both the international mobile subscriber identity (IMSI) and the subscriber identification key. When the user makes a connection with a mobile base station, a session key is negotiated and all transmissions, both voice and data are encrypted. GSM documents specify the rough functional characteristics of its protocols, including the secure encryption of transmitted digital messages. However, apart from the protocols, details of the algorithms are kept secret. Most security specialists will argue that secrecy is not an effective approach, since only the close scrutiny of a large set of experts can ensure that there are no obvious weaknesses in the technique. Nonetheless, GSM contains three secret algorithms that are given only to vendors with established need-to-know, such as carriers and handset manufacturers. The three algorithms are: • A3: Authentication algorithm • A5: Ciphering/Deciphering algorithm (currently A5/1,A5/2, provides over-the-air voice privacy) • A8: Cipher Key Generator (essentially a one-way function), and session key generation The smart card contains A3, A5 and A8; the base station is equipped with A5 encryption, and is connected to an authentication center using A3 and A8 algorithms to authenticate the mobile participant and generate a session key.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
Wireless Security White Paper
19
The following VPN products, however, are available from third parties for the Compaq
iPAQ
Pocket PC:
movianVPN by Certicom:
Based on IPSec
Uses Certicom ECC for IKE
Connects to back-end VPN products from: Alcatel, Check Point, Cisco, Intel, Nortel,
Radguard, Symantec
Check Point VPN Client:
In development
Not based on IPSec
Will support only Check Point VPN products
VGate by V-One:
Works only with V-One VPN appliance gateway
Supports many strong, third-party authentication schemes
SecureTunnel by Traxit:
Provides VPN functionality by performing packet switching at remote hosting center
Designed to provide direct, end-to-end connectivity and authentication (mobile client directly
to application server)
Security Specific to WWAN Carrier Technologies
All digitized mobile telephone and wireless packet data networks use some form of encryption.
GSM uses a smart card to protect its keys. The smart card contains both the international mobile
subscriber identity (IMSI) and the subscriber identification key. When the user makes a
connection with a mobile base station, a session key is negotiated and all transmissions, both
voice and data are encrypted.
GSM documents specify the rough functional characteristics of its protocols, including the secure
encryption of transmitted digital messages. However, apart from the protocols, details of the
algorithms are kept secret. Most security specialists will argue that secrecy is not an effective
approach, since only the close scrutiny of a large set of experts can ensure that there are no
obvious weaknesses in the technique. Nonetheless, GSM contains three secret algorithms that are
given only to vendors with established need-to-know, such as carriers and handset manufacturers.
The three algorithms are:
A3: Authentication algorithm
A5: Ciphering/Deciphering algorithm (currently A5/1,A5/2, provides over-the-air voice
privacy)
A8: Cipher Key Generator (essentially a one-way function), and session key generation
The smart card contains A3, A5 and A8; the base station is equipped with A5 encryption, and is
connected to an authentication center using A3 and A8 algorithms to authenticate the mobile
participant and generate a session key.