HP Evo n180 Wireless Security - Page 13
Public Key Infrastructure
View all HP Evo n180 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 13 highlights
Wireless Security White Paper 13 The discussion that follows concentrates on the segment of the network pipe in which information must travel over public highways and suffer the potential for exposure. Transmission via one of several connectivity technologies from the access device to the carrier (or WWAN access point) is dependent to a certain degree on the type of network used in WWAN connectivity. GSM and CDPD networks are the most secure due to the heavier underlying encryption native to the network technology; that is, the airtime provider supplies the user with encryption of signals, resulting in an inherently more secure system than those where such encryption is not provided. Conversely, CDMA/TDMA networks are slightly less secure since they include only digital encoding without encryption. The following sub-sections discuss these vulnerabilities in more detail and suggest solutions to mitigate risk associated with WWAN connectivity. For simplification, the next section is titled "Eavesdropping," but with the understanding that, as commented above, eavesdropping can lead to or imply a broad range of mischief for a wireless network. This simplification is helpful in describing the two primary technologies that help forestall eavesdropping and its destructive ramifications. Those technologies are encryption and tunneling. Encryption and tunneling effectively "hide" information as it travels by making it unreadable, and thus unusable, to casual or not-so-casual observers. It is necessary at this juncture, however, to be clear that technologies used to secure one piece of the pipe may need to be deployed across multiple points in the pipe. For example, it may be necessary to load software on the device and on the server, as well, to better secure the connectivity channel. Eavesdropping To prevent eavesdropping and its concomitant ills, the information that travels over a wireless network must be rendered unreadable or invisible to observers. Two key technologies make such information unreadable or invisible. Those technologies are encryption and tunneling. These technologies include Public Key Infrastructure (PKI) and Virtual Private Networks (VPNs). Popular PKI vendors like Baltimore Technologies, Inc. and Entrust do not have PKI support for access devices. Smaller companies have point solutions to specific applications that run on the various operating systems. Public Key Infrastructure Most approaches to achieving security for the wireless exchange of information over networks involve the use of public key cryptography, also known as public key encryption. The framework on which public key cryptography is built is known as a public key infrastructure (PKI). Figure 5 illustrates the basics of public key cryptography. In Figure 5 the originator encrypts the data using a public key, so that the data is scrambled when it is sent over the network. The recipient receives the scrambled data and decrypts it using the recipient's private key. Figure 5: Basics of Public Key Cryptography