HP Armada m300 Wireless Security - Page 19
Security Specific to WWAN Carrier Technologies
View all HP Armada m300 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
Wireless Security White Paper 19 The following VPN products, however, are available from third parties for the Compaq iPAQ Pocket PC: movianVPN by Certicom: • Based on IPSec • Uses Certicom ECC for IKE • Connects to back-end VPN products from: Alcatel, Check Point, Cisco, Intel, Nortel, Radguard, Symantec Check Point VPN Client: • In development • Not based on IPSec • Will support only Check Point VPN products VGate by V-One: • Works only with V-One VPN appliance gateway • Supports many strong, third-party authentication schemes SecureTunnel by Traxit: • Provides VPN functionality by performing packet switching at remote hosting center • Designed to provide direct, end-to-end connectivity and authentication (mobile client directly to application server) Security Specific to WWAN Carrier Technologies All digitized mobile telephone and wireless packet data networks use some form of encryption. GSM uses a smart card to protect its keys. The smart card contains both the international mobile subscriber identity (IMSI) and the subscriber identification key. When the user makes a connection with a mobile base station, a session key is negotiated and all transmissions, both voice and data are encrypted. GSM documents specify the rough functional characteristics of its protocols, including the secure encryption of transmitted digital messages. However, apart from the protocols, details of the algorithms are kept secret. Most security specialists will argue that secrecy is not an effective approach, since only the close scrutiny of a large set of experts can ensure that there are no obvious weaknesses in the technique. Nonetheless, GSM contains three secret algorithms that are given only to vendors with established need-to-know, such as carriers and handset manufacturers. The three algorithms are: • A3: Authentication algorithm • A5: Ciphering/Deciphering algorithm (currently A5/1,A5/2, provides over-the-air voice privacy) • A8: Cipher Key Generator (essentially a one-way function), and session key generation The smart card contains A3, A5 and A8; the base station is equipped with A5 encryption, and is connected to an authentication center using A3 and A8 algorithms to authenticate the mobile participant and generate a session key.