by Andreas Bonnard*
Table of Contents
Trust is the Key to Mobile Business...... 1
Security and Privacy for wireless data services still in its infancy........ 1
Mobile business must follow example set by security standards in wireline e-business 1
Mobile business lagging behind in terms of security.. 2
No PKIs in mobile business for some time to come.......... 2
Security – the picture remains blurred... 3
Customer trust paramount for mobile business... 3
Mobile Web Privacy Needs......... 3
Summarized Security and Privacy Requirements................. 4
The analysts agree: WAP (Wireless Application Protocol) and the new mobile communications generation GPRS (General Packer Radio System) will lead to a surge in mobile participation in e-commerce. Durlacher expects the European market for mobile business to skyrocket from just 3 billion at present to 30 billion in the year 2003. In its “Wireless Internet” study ARC forecasts that there will be more mobile than wireline participants in e-commerce by the end of 2002.
However, even if each new analyst forecast for mobile business tops the last, none of them will become reality unless security in WAP communications is brought into line with the standards set in wireline e-business as soon as possible. Almost all security gaps in wireline e-business have now been closed by an industry standard. Version 3 of SSL (Secure Socket Layer) secures the encryption processes and the related keys for two-way partner/system authentication. Both symmetrical and asymmetrical encryption methods (a combination of public and private keys) are used for this two-way authentication. Interfaces to certification authorities defined in SSL 3.0 allow a neutral party to check whether the e-business participant is the lawful owner of the key on the basis of a certificate. For the secure transmission of the e-business data, including credit card and account numbers and PINs and TANs, SSL 3.0 then uses symmetrical encryption with a key of up to 160 bits in length. Time stamps and synchronized transaction numbers, again defined in SSL 3.0, prevent information sent during e-business data transfer from being resent by third parties unnoticed.
Provided that companies engaged in e-business implement them, all these security mechanisms help to build consumer confidence because
Ø they guarantee the authenticity of the sender;
Ø they ensure data integrity as the transferred data cannot be modified by unauthorized third parties;
Ø data remain confidential because they cannot be read by unauthorized third parties;
Ø data cannot be resent by unauthorized third parties during transfer.
Nonetheless, there are still potential risks in wireline e-business involving such aspects as the generation, handling and storage of keys and the choice of encryption methods and key lengths. Both of these fields are still in need of standardization. In addition, e-business providers and participants also have to rely on the trustworthiness of certification authorities that are responsible for checking and certifying the authenticity of the keys used. Overall, however, the security framework for safe e-business communications is in place.
The present security framework for mobile business providers and participants is much less auspicious. There are already immanent security gaps on the network level. While wireline connections using standards such as the IETF’s (Internet Engineering Task Force) IPsec and TLS (Transport Layer Security) ensure a secure connection between the PC and Web server, GSM/GPRS communication can only offer encryption of the data between the mobile phone and the transmitter. UMTS will have the same security level. All individuals and systems having access to the network elements and transmission links thus automatically have access to the business data. As a result, data could potentially be viewed and manipulated not only by employees of telecommunications network operators but also to an increasing degree by service providers.
This makes the need for mobile business providers and customers to close the wide security gap between the mobile phone and the WAP gateway, i.e. the supplier of WML (Wireless Markup Language) pages, on an application level, all the more urgent. The problem is that the current W3C (World Wide Web Consortium) standard, WAP 1.1, which uses WTLS (Wireless Transport Layer Security), merely offers two security levels between the WAP phone and the WAP gateway. Level 1 only permits encryption of the transferred data using a method comparable to the first version of SSL (Secure Socket Layer). How the encryption processes and the related keys for the two-way authentication of partners/systems are to be secured is also not defined by WTLS. And what would be the point? Level 2 only supports server certificates which tell the mobile business participants whether they are connected to the right WAP gateway. The client certificates for two-way authentication of the WAP gateway and WAP phone are therefore lacking. Nor does WTLS regulate key management, which means that this process is not transparent for the mobile business participant. And it gets worse: most mobile phones in the market are only WAP 1.0 compatible and will remain so. This is because the manufacturers have not even included a software update option in their mobile phones, preferring instead to sell new WAP 1.1 compatible mobile phones.
WAP 1.2 will see the introduction of client certificates in mobile phones, which will allow two-way authentication between the WAP gateway and the mobile phone. This two-way authentication will be performed by the WIM (Wireless Identification Module) in WAP 1.2. This standard, which is soon to be adopted, will also define the choice of various encryption methods and key lengths. It will be some time, however, until secure WAP 1.2 compatible mobile phones become sufficiently established in the market. Manufacturers will continue to market their WAP 1.1 compatible mobile phones before the combination of WAP 1.2 compatible mobile phones and GPRS transmission technology allows secure mobile business communication to take foot in the market. This will not occur before the end of 2001.
A suitable interface to a PKI (Public Key Infrastructure) will be required in practice in order to reach the level of security of wireline e-business. This infrastructure will allow the use of digital signatures - the legal equivalent of a personal signature for the conclusion of a mobile business transaction - for the purpose of authentication. The reason why PKIs have got off to a late start in mobile business is that in the WAP 1.2 standard the key is installed in the mobile phone without protection instead of being protected on the SIM (Subscriber Identity Module) card. This opens the door to manipulation of security applications, especially for mobile phones that have their own RAM, processor and memory. Successful pilot projects using keys contained in the SIM card have been running for about a year in Scandinavia. At the same time, manufacturers such as Sonera SmartTrust, AcrossWireless and Brokat are fast becoming the driving force behind PKI compatible mobile business. Seen overall, however, this process is still in its infancy.
Alternatively, the encryption process could be performed securely by a PKI on a chip card integrated in the mobile phone. But again, this will be left to the WAP 1.3 standard. Manufacturers will not begin to include a second slot that can be used to address the chip card in their mobile phones until this standard has been adopted. This is unlikely to happen any earlier than mid-2002.
Until the widely acclaimed mobile business reaches safe waters, providers and participants alike will have to make do with an obscure conglomeration of security mechanisms and a lower level of security. The providers of mobile banking services are a good example. The financial services provider Comdirect, for instance, has stated that it does not use WTLS. Sparda Bank, 1822 direkt, Consors and Direkt Anlage Bank say that their mobile banking solutions operate on the basis of WTLS. However, for WTLS to work, the institutes stress that customers have to use new WAP 1.1 compatible mobile phones of certain manufacturers or providers such as Viag Interkom. But even if WTLS works for new mobile phones, mobile business participants at all these institutes still have to make do with a lean version of WTLS. Only the transferred data are encoded often using just a 40-bit key agreed with the customer. This procedure leaves the customer in the dark over key management.
At present, mobile business poses a security problem for the customer especially when the provider decides to outsource such services. The WAP gateway is then located at the service provider, which means that WTLS-secured communication ends after half the distance. A secure connection from the gateway to the provider’s application server then has to be established via a fixed line. The incoming data also have to be decrypted by the WAP gateway and then reencrypted using the TLS Internet standard for wireline transfer. The problem is that there are no binding rules for this procedure. In addition, this encryption/decryption logic calls for a hermetically sealed WAP gateway – and the customer can never be sure how well the service provider actually protects this gateway. With this constellation there can be no talk of end-to-end security that really deserves this name.
Against this backdrop and in view of the forthcoming establishment of UMTS technology it is obvious that mobile business providers and service providers will have to start showing greater commitment to the issue of security in order for WAP services to appeal to consumers. If anything, greater commitment is required because WTLS and WIM leave too much scope for implementation, e.g. with respect to the choice of encryption methods, key lengths and the design of key management. WTLS does not even prescribe authentication. Last but not least, the course towards mobile business and PKIs has to be charted at an early stage.
Just what level of security is required in each case and what means can be used to achieve added security can only be determined through testing and certification by an independent auditing firm. This neutral certification of an appropriate level of security will open the door to the mobile business market. Ultimately, business using this means of communication will stand or fall with the degree of trust that consumers place in its security.
Considering the existing security features and the means in mobile business to actively locate the mobile handheld there is a strong need for privacy of end users. Many business models in mobile business are based on the intensive usage of location information. User profiles showing moving history data can lead to an exposure to threatening scenarios. Therefore, standardization bodies, governments and industries should develop technologies which give the end user the choice to actively accept on a transaction basis the usage of location specific information. Mobile service providers should agree to accept restrictions on the usage of user location information.
In summary the following security and privacy requirements can be formulated on behalf of our clients:
• Secure Key Management
• Real End-to-End Security
• Filtering Tools at Mobiles (Personal Mobile Firewalls)
• Public Key Infrastructure compliant to law
• Digital Signatures Compliant to Law
• Mutual authentication mandatory
• Strong Encryption
• Application Specific Security Choices
• Industry restrictions on usage of location specific user data
• Means for anonymous usage of mobile data services
• Mandatory certification of security and privacy means of mobile services by independent trusted third parties (e.g. technology oriented international audit firms).
Bonnard is a Manager in the field of Telecommunications with the Technology
Risk Consulting Practice of Arthur Andersen in Eschborn/Frankfurt am Main.