Features
Above the Fray
Follow the Money
Market Research
Big Ideas
Technoptions
Developer Insights
Q & A
Opinions

Archives
Calendar of Events
ASP Directory
Other Cahners Pubs

Submit a Release
Meet our Staff
Contact Us
Advertise
Magazine Subscription

Network security: closing the gap

by mark dziatkiewicz
May/June 2001

Recent headlines scrutinizing the so-called “WAP gap” haven’t exactly helped the already-languishing reputation of operators’ networks.

But while it’s true the gap exists, operators are far from the weakest link in wireless security. Responsibility lies with network operators, device manufacturers and application developers, as well as end-users.

A perception lingers that wireless networks are less secure than wired, but “under certain circumstances you have more security in wireless,” says Amit Kapor, vice president of product development for Certicom.

Second-generation wireless networks are inherently secure thanks to digital transmission techniques and embedded protocols. Even the ’80s vintage RAM and ARDIS–now Cingular and Motient–wireless data networks used transmission tech-niques that look a lot like encryption.

So why the big wireless network security flap? Primarily because nothing can ever be 100 percent secure. The WAP gap is real, regardless of how miniscule the probabilities of leveraging it. And all air interface technologies–CDMA, GSM and TDMA–can be compromised by the right mix of effort and equipment.

Much of the responsibility for providing security lies in the laps of enterprise customers. Unfortunately, security isn’t a high priority in the corporate IT budget.

“Security is always last–dead last. It’s an afterthought,” says Mylissa Tsai, research analyst with the Aberdeen Group. She estimates that .01 percent of the entire IT budget goes toward security, with anti-virus protection, firewalls and virtual private networks topping the expenditure list.

That’s not to say security isn’t important to the enterprise customer; it’s actually very important. The issue is how much risk a company can live with on a day-to-day basis. Many are willing to stretch the limits. Others, such as healthcare and financial institutions, implement security solutions to limit their own liability.

There are a variety of solutions to satisfy nearly every wireless security concern. For example, enterprise-side WAP gateways from companies such as Openwave and Ericsson eliminate the WAP gap by extending the WTLS protocol behind the corporate firewall.

Even the WAP standard has been upgraded to incorporate dynamic proxy navigation, allowing standard Internet practices for authentication, says Roger Snyder, director of product management, mobile services infrastructure at Openwave. He expects handsets will incorporate this WTLS Class 2 feature later this year.

Application-level security from companies such as Certicom is another area gaining popularity, but one that is considerably more difficult to implement because processors and memory on most mobile devices are insufficient to handle application security needs without introducing latency.

Encryption and digital signature authentication can add from 700 milli-seconds to 30 seconds in transaction time. But faster processors for mobile devices coming in the next six to ten months should eliminate the problem, according to Shekar Rao, director of technology alliances and partnerships, Aether Systems.

What concerns some wireless developers is the lack of device security. What happens when the user loses the mobile device? Few offer more than simple password protection and stored data is not always encrypted.