The advent of any new fangled technology is marked by new promises and
challenges. Be it the customer, operator or investor, everyone aims to pocket
huge profits through these technologies. However, there are certain fraudsters
and cyberpunks using the same technologies for illegal purposes. And sadly,
despite the increasing level of cyber crime in India, security of information is
mired in a slough of ignorance.
There is no denying that the mass adoption of wireless technologies such as
WiMax and 3G among enterprises will have plenty of advantages like cost savings.
However, given ease of accessibility of IT networks and thus data-from a meeting
room to hotel, café or a parking zone-the concerns of corporates cannot be taken
lightly.
Sophistication Magnified
In the past couple of years there has been a substantial addition in the
usage of smartphones in the corporate sector. This has been largely driven by
anytime, anywhere connectivity and access to various other online services.
According to industry experts and estimates, the number of malwares targeting
smartphones has increased significantly since the last few years.
“The data-centric approach of 3G and other associated services persuades us
to think whether the attacks experienced by data networks over many years are
also applicable to 3G networks. The answer could be affirmative in some cases,”
says Ajay Masur, CIO, Hirco.
Imagine the consequences if a hacker parcels out a malware infected version,
in a widely used application, on to a 3G/WiMax-based device and uses the
infected device to launch (DoS) Denial of Service attack against any target
area. Or start spreading the malware using P2P protocols?
“Are 3G users ready for the attacks/breaches? The answer is no. Many users
still do not believe that their phones can be targeted. For broadband
connectivity, we still prefer leased lines because of the reliability, speed and
time-proven architecture,” added Masur.
Get Ready for More
The recent terrorist attacks demonstrated the kind of threat unsecured
wireless networks can produce. Also, there are concerns from industry bodies
that if we fail to build a strong security mechanism, the country could face a
new level of cyber war where the entire corporate and business development could
be null and void in a fraction of a second.
Elucidating his concerns, Vikas Desai, lead technology consultant, India &
SAARC, RSA says, “After RBI's plans for inclusion of the bottom of the pyramid
for banking, more and more money-related transactions will happen over the
mobile. And except for how the compromise is done for these networks, the
threats are exactly the same-identity theft, fraudulent transactions, malware
distribution, etc.”
Security appliances and software sold to service providers to protect their
mobile networks will reach $889 mn in worldwide sales by 2011, says a recent
report by Infonetics. The report further states that the emerging adoption of
smartphones, iPhones and Windows mobile phones would be driven by consolidation
in the OS market, becoming a large target for hackers.
By adopting new breeds of technologies enterprises benefit by connecting
every branch, partner and customer at a very low cost. Also, as employees'
laptops and smartphones are connected using high speed wireless broadband, it
enables them to create a virtual office. In addition, experts believe that it's
also possible to deploy 3G as an alternate backup link to the existing high
speed links. However, a comprehensive security policy and effective safeguards
should be the key priority of enterprises.
“The situation is complicated by the fact that 3G is backward compatible with
GSM. Thus, even if 3G has its own security features, a customer who leaves a 3G
network and travels into a GSM network is exposed to the same security threats
of the GSM networks,” says Avi Basu, founder and CEO, Connectiva Systems.
Third generation networks use KASUMI block crypto rather than the older A5/1
stream cipher. However, a number of concerns in the KASUMI cipher have been
identified in the past few years. KASUMI is basically a block cipher being used
to maintain the privacy and integrity of algorithms.
 |
 |
| With more and more
usage of technology, the probability of e-hafta is also likely to develop
Pavan Duggal, practicising
advocate and cyber law expert, Supreme Court
of India |
WiMax is a network
based on Internet protocol, and is subject to the vulnerabilities of any IP
network Vikas Desai,
lead, technology consultant, India & SAARC, RSA,
a security division
of EMC |
In addition, attacks possible on the telecom network, including DDOS, BOTS,
virus, worms, etc, are also possible on the mobile handsets. And it is therefore
important to implement the security on mobile handsets.
In the case of WiMax networks, the Privacy and Key Management (PKM) protocol
in authenticity mechanism is weak (where there is no base station or service
provider authentication) which makes it susceptible to cyber attacks. Some
industry experts also show concerns about the possibility of attackers using
legacy management frames to forcibly disconnect legitimate stations.
“While comparing with traditional 802.11x networks, 3G networks certainly
perform better on the security front. However, by intentional capacity overload
for a particular cell site, and possible DoS attack can be achieved using some
sophisticated devices,” says Dhiren Savla, CIO, Kuoni Travel Group, India.
One of the key security issue in WiMax network is the 'man-in-the-middle'
where impersonation of the base station or a two-way imitation between the
subscriber and base station is possible. Also, operators need to adopt proper
security measures over concerns such as theft of service, physical denial of
evidence and protocol denial of evidence. If we compare both these technologies,
data encryption used by 3G seems to be highly advanced with relatively lesser
chance for intruders to sniff or steal data.
“WiMax is a network based on the Internet protocol, and is subject to the
vulnerabilities of any IP network,” says Vikas Desai, lead technology
consultant, India & SAARC, RSA, a security division of EMC.
Commenting on the adoption of the technology, Shirish Patwardhwan, CIO, KPIT
Cummins Infosystems says, “WiMax is better suited for campus application which
has large coverage but is still limited to a boundary and its investments
upfront are cheaper than 3G. Also, we don't know whether we can install the 3G
equipment and use the band as private.”
Page(s) 1 2
Print
Comment
Email
Digg
Del.icio.us
Reddit
