Internet and Wireless Security

C W Blanchard
User expectations for instant communication and ease of use, over terminals which are easily lost or stolen, present a number of unique challenges in implementing security in the mobile environment. As with most other systems, the main objective of security is to maintain integrity, privacy and confidentiality and to prevent fraud and denial of service. Examples of these challenges are:
access and use of the service to avoid or reduce a legitimate charge;
loss of confidentiality and/or integrity of user and operator data;
denial of a user's access to their service;
denial of access by all users to a service.
GSM was designed from the beginning with security in mind and has stood up well to the type of attacks perceived to be likely at the time due to the fact that:
the responsibility for security is with the home environment (HE) operator;
the HE operator can control the use of the system by the provision of the subscriber identity module (SIM) which contains a user identity and authentication key;
the long-life authentication key is not required by the serving network (SN) when roaming, hence this key is neither exposed over the air nor exposed across the interface between the SIM and the mobile;
the level of trust the HE operator needs to place in the user, serving network and manufacturer of the mobile equipment (ME) is kept to the minimum.
The development of a new security architecture for 3G [1, 2] was based on...