A white-paper related to securing future mobile networks
With the development of fourth generation mobile networks, mobile devices will be able to access and take advantage of an array of different network transmission types, which will allow users to have network access from virtually anywhere. These systems can be described as self-aware and adaptive in that they are constantly searching for transmission services that can improve upon their connection and allows for constant network availability. Due to the nature of these devices, security is a topic of interest among network professionals. Because of the abundance of network types and resources being used in conjunction with one another, it is apparent why security needs to be put into the forefront of planning and development. Wireless systems use very different proprietary technologies and security protocols, thus it is difficult to create a general security policy for devices that will use multiple protocols. Current mobile access systems will be evaluated as to their security protocols and issues related to their heterogeneous usage in a 4G system will be discussed. The issues related to both low-layer and high-layer architectures will also be considered. Systems will be proposed that attempt to bridge the current security and accessibility gap to create a scalable, manageable, and adaptive solutions for future systems.
History of Mobile Networks
The deployment of NMT, or the Nordic mobile telephony in 1981 is considered to be the beginning of mobile networks. Throughout the 1980’s new protocols were developed and standards were created in an attempt to breed more efficient networks. Groups were developed in countries around the world, especially in European regions, for the purpose of creating these standards for a universal system. Frequency bands were defined and reserved for GSM usage at 900MHz, 1900 MHz and 1900MHz. In 1991, these system specifications were put into production to develop the first commercial GSM system, thus bringing into light 2G. This was the first entirely digital solution, bringing to the forefront many improvements to other cellular technologies. It ensured better efficiency related to frequency utilization, security of transmissions, quality of voice, and a reduction in the cost of phones. A new, important feature was the ability for a users’ device to switch mobile networks when they are located outside of their provider’s coverage area, allowing for constant system use and availability. As soon as the 2G system was put into place, the International Telecommunications Union was already selecting frequency ranges for the next generation system.
The third generation of mobile networks were intended to provide better voice applications in wide-range voice channels and more efficient data services, however it was found to have much less of an impact on user experiences as it was predicted to. Compared to the development of wired networks, the increase in performance for wireless networks has been significantly slower. Data rate is not the only downfall of mobile networks; high network latency also plagues many users. It is not uncommon to see round-trip latency times of over 600 milliseconds. These speeds make it impossible to develop for certain application types, such as VoIP and other conferencing technologies and interactive games. A large investment is needed on a per-location basis to bring 3G networks to the point it was expected to be at the time of development. Due to this, the fourth generation of mobile networks is being highly anticipated so that it is able to accommodate a wider array of usages and business applications.
3G to 4G
The transition period towards a fourth generation network is coming to an end. Preceding mobile network transitions took place over to a 10 year period. If 4G follows the same pattern, commercial systems should be in the implementation phase by 2013. Business applications may be the biggest proponent of a new generation of systems that that fulfill the needs of managing mobile personnel, instant high-speed multimedia streaming, reduction of cost overhead, and other features that take into account the global business. Private users also have an interest in developing new systems that allow for better eCommerce interaction, head-to-head gaming, and streaming communications. 3G was initially developed with the intention of creating a standard around the world for communication, which has not happened. Flexible standards need to be developed that allow for communications to be established for world-wide service availability. The development of communications systems that integrate into wireless devices has been rapid in recent years. Through communications systems such as personal area networks, LAN protocols and device-to-device transfers, users can create extended LAN-like communications in mobile areas. The vision for 4G networks is that it will allow users to access data independently from an in-use device, for example, a user on a hand-set will be able to use their phone-book stored on their personal PC to dial a number. Thus bidirectional communications allow for users to create a personal intranet that they can access from any location. This network system must be secure and reliable, allowing for use of the best connection in the immediate vicinity. Existing mobile networks do not allow for this. The idea is to attempt to integrate 3G and WLAN’s to provide a system that is fast, mobile, secure, and vast in coverage.
When looking back on the development of 2G and 3G infrastructures, it is apparent where many of the pitfalls are during development. 4G architecture must have certain characteristics to make it successful. It must allow for the highest percentage of infrastructure reuse. A goal of 4G needs to be to ensure that there is no risky reliance on a particular technology, so that in the future there is flexibility as to a particular protocol. The best solution would allow for the system to utilize an array of services in any manner necessary, thus being reliant on the user’s needs, not any factor related to technology. First and second generation systems were developed for use primarily with voice telecommunications, thus the systems design was aimed at providing a single service. Due to this, the infrastructure was heavily circuit-concentrated and the network was developed only with voice requirements in mind, thus it is very efficient at providing voice services, however it is very difficult to provide reuse for these and other services. Thus, this framework is not scalable. With digital architecture it is better to reuse resources from the same infrastructure to combine services. Access networks in 4G should be able to deliver different service types based on a user-centric design that allow heterogeneous access to networks. This could also allow for providers to have free choice of technologies. Allowing for this flexibility comes at a cost, as previous network technologies concentrate on a single service.
Allowing for more services within a single architecture will make it difficult to ensure that the quality of service is adequate. Moving towards a type of user-oriented architecture that diversifies the protocols involved in providing internet access. Network management must be at the forefront of development as organizing the different technologies will be difficult. With 4G, the improvement is developed through the ability of users to utilize the services that they select. The integration of different technologies is essential to success. This open type of architecture should be operated by multiple providers working in conjunction to provide different network functions. These provider networks are the core of network communications; however they must also support different access network technologies that will allow users to communicate on a more personal level.
Handling 4G Security Issues
Two issues that will be at the forefront of 4G development are the verification of users and the limitation of network access in the heterogeneous architecture. Other vulnerabilities involve providers utilizing different systems and the basis of user-centered design, which allows users to select their preferred connection method. Due to their shared nature, naturally broadcasted states, unclear perimeters, and invisible access; wireless networks are treated as having more vulnerabilities than wired networks. Many different aspects must be taken into account when developing for wireless networks, such as performance on systems with limited capabilities, battery charge issues, and different user states and requirements. Due to the heterogeneous nature of the proposed network, this adds an additional vulnerability requirement for the system. Because the system will allow for multiple available connectionss, a potential attacker will have more systems to evaluate, giving them a better chance of finding vulnerabilities. Finding a systems exploit in one protocol might give access to another, thus complex management systems are necessary that can provide control systems and signaling for devices. Because devices will be connected to different interfaces and through multiple providers, the device will be exposed to attacks from each connection. The device will be exposed at different intervals to attacks based on code related to drivers, communication protocols, transportation and signaling stacks, file-sharing, update features, and other installed applications. Physical security should also be considered with these applications. Device deactivation and erasure are all necessary features for a device that will be utilized on so many fronts. It is difficult to quantify the security risks of 4G when it has yet to be developed, however it is essential that developers find a definable way to find a balance between practical applications and the necessary security levels involved with the network.
Finding the balance between creating practical applications and secure systems will yield the most difficult problems for developers. With the heterogeneous makeup of the 4G system, it will be necessary to ensure that each security measure is universally utilized across each type of network. Thus, the security measure have to be technology-independent, meaning that they will be applied in a top-down nature and be overlaid upon the entire system, not necessarily one of the specific networks, however this often comes at a price. It is considered to be inefficient to secure applications through overlay technologies, which is why previous systems have enforced security through device measures to protect revenues through access controls. This is usually applied through the networks interface hardware. Because of access networks in 4G, such as terminals for local access, it would be best kept as a hardware authentication system so that authentication would be processed on the first network chosen by the user and so that user devices, such as those detailed earlier for access networks, would be authenticated by the device and secure. Each type of network allowed by device will have much different requirements when authenticating user identifies and handling sessions.
Types of Authentication
Typical pre-authentication methods have complex risks associated with them, such as denial of service vulnerabilities, resource consumption from unpaid users and difficult to manage user sessions regarding tracking and localization principles. From this, it is apparent that a user-authentication method is desired so that reliable controls can be placed on systems’ access and resource allocation. Network authentication helps to eliminate man-in-the-middle attacks by ensuring that network identity information is received in its original state and trust is established with the provider. The most difficult authentication procedures will take place with what are known as L2 networks, such as 802.11 and other physical devices commonly used in many everyday wireless networking situation. 802.11 utilizes a handshake protocol that is hardwired into the interface of the network. Only the interface and device are authorized, thus access points do not play a role in authentication and no materials are created, such as keys. How will 4G be integrated with systems, such as these when their authentication protocols vary so widely for each network type? If a given technology is going to be used in 4G devices and networks, then they must fulfill common goals with regards to authentication or else the technology will be considered ill-equipped for 4G. The reason for this is so that overhead related to creating security profiles for each individual device will be minimized in an attempt to stop problems that have plagued the preceding generations of mobile networks. Requirements for the L2 systems authentication methods lie in ensuring strong cryptographic strength, dynamic creation of keys to protect future sessions and system mutuality. Key integration must utilize perfect forward secrecy so if an attack on the key was successful, no user credentials should be divulged and no location tracking information will be provided. Above all the 4G authentication system must be developed in a way that acknowledges that it should be easily up-datable. With so many differing systems being utilized, we can predict that eventually an authentication vulnerability will be found and a patch will need to be implemented. The system should also diminish round-trip times for re-authentication and implement some type of pre-authentication method so that when switching network interfaces, there is no noticeable connection lag.
Encryption and Data Integrity
The majority of current wireless technologies utilize different encryption methods and integrity systems for each of their functions. Often, shared-key systems are implemented for link-encryption and network/data integrity. This key is taken from the authentication system created when the device first joins the network.. In previous systems, proprietary technologies were utilized in these areas, providing information for potential attackers to use, such as known weak keys, encryption format and key length. These functions must be used throughout the entire phone and network session, thus aspects such as power usage and systems resource consumption need to be taken into account. Due to this, it would be best if the function is developed into the network adapter on a hardwired base that communicates with software based firmware. These functions should utilize the authentication session keys and support fast key re-authentication with a strong cryptographic base. If any flaw or attack is detected on the network interface, this rapid re-keying will allow for keys to be changed quickly.
Planning for 4G Security
An important aspect when planning to create a new mobile network, or any network for that matter, is virtualization, which is the principle of ensuring that flexibility is taken into account during the development and planning phases. It helps to visualize aspects of the system by providing information pertaining to what the system should do, not necessarily how to do it. This will benefit the 4G system in many ways, most notably by ensuring that code is freed from specific logic and that it is able to be flexible when choosing which methods to use. For example, instead of dictating how to authenticate a user, a virtualization plan would provide information related to controlling, transporting, and evaluating frames, thus an array of authentication methods may be used by systems as long as they follow a typical plan. Another aspect that should be considered is adaptation related to changes within different communicating networks and devices. This would relate specifically to access network and terminal security in different environments. This is a new aspect that can be brought to mobile networks with the idea of virtual SPN’s that work to fulfill different users’ expectations based on their differing requirements when attempting to locate the correct network interface. This is an idea that will work to eliminate issues caused between usage of different access networks. On the terminal access network, adaptation can be used to help where the shortcomings of the different access networks become apparent. Through a set of criteria, the terminal can utilize adaptation to verify active network interfaces, its active measures, and it can factor in information related to vulnerabilities of user input and secure networking channels to process information in a secure manner despite its inherent flaws.
Standardization of components and functions will be necessary to ensure a strong base for 4G mobile security. The use of standardization will help to avoid the 3G pitfalls caused by different providers and regions using protocols that do not integrate with each other. This, however does not come without its own concerns. If everything in completely standard, then we move away from the entire purpose of 4G, which is one of a technology-opportunistic vision where different technologies work together. Thus, we must work to ensure that the proper decisions are made to ensure that an understanding is made with regards to what should be standardized and what should be left for the technology to make decisions regarding. When creating a standardization plan, it is important to follow virtualization and separate what goes into 4G and how it will be carried out. A signaling standard should be developed to provide strong adaptation so that overlay solutions are not necessary. From this standard protocol, access and data protection could be standardized and these technologies could be used across all systems as the primary method of data transportation.
What 4G will develop into is still a looming question regarding mobile networks. There is no single vision for 4G that allows for a specific plan to be developed, however it is apparent that these questions must be thought of and standardized so that common problems from other mobile networks are not repeated. The ideas and formats outlined herein are considered to be a prediction of what the systems architecture of a new 4G system will be comprised of and the problems that are likely to be encountered. The vision of 4G presented here focuses on a system of heterogeneous networks and user-centric access systems utilizing multiple terminals and access networks. If 4G network systems are able to provide the necessary virtualization, adaptation, and standardization presented earlier, it has a chance to provide the functionality and performance necessary in future mobile networks.