Professional Documents
Culture Documents
Modul 2020 TDWMT Sesi 5 v2
Modul 2020 TDWMT Sesi 5 v2
(CMA201)
MODUL 5
SECURITY ISSUES IN WIRELESS AND MOBILE
COMMUNICATIONS
DISUSUN OLEH
Dr. Gerry Firmansyah ST MKom
Confidentiality
Confi dentiality of transmitted data can be provided by encrypting the
information fl ow between the communicating parties, and the encryption can
take place end-to-end between the communicating parties or, alternatively, on
separate legs in the communication path. In GSM networks for example, only
the radio link between the mobile terminal and the base station is encrypted,
whereas, the rest of the network transmits data in clear-text. Radio link confi
dentiality in GSM is totally transparent from the users point of view.
Mechanisms for implementing confi dentiality of traffi c, location and
addresses will depend on the technology used in a particular mobile network.
Authentication
Authentication of transmitted data is an asymmetric service, meaning
for example that when A and B are communicating, the authentication of A
data by B is independent from the authentication of B data by A. The types
of authentication available will depend on the security protocol used. In the
Internet for example, SSL (Secured Socket Layer) allows encryption with
four different authentication options—1) server authentication, 2) client
authentication, or 3) both server and client authentication or 4) no
authentication, i.e. providing confi dentiality only.
Support of Roaming
Most mobile communication systems support “roaming” of users,
wherein the user is provided service even if he/she moves into a region
Equipment Identifiers
In systems where the account information is separated (both logically
and physically) from the handset (which is the case in all current mobile
communication systems), stolen personal equipment and its resale could be
an attractive and lucrative business. To avoid this, all personal equipment
must have a unique identifi cation information that reduces the potential of
stolen equipment to be re-used. This may take the form of “tamper-resistant”
identifi ers permanently plugged into the handsets.
Role-based Security
At the core of role-based security is the concept of collecting permissions in
Roles, which can be granted to Principals (a Principal corresponds to a Login).
For example, imagine a Principal admin-Standard who is granted the Role
Administrator which comes with all the permissions required for a seg- ment
administrator to do his work, or a Principal sales-representative who is
granted the Role which comes with all the Permissions required for a sales
representative to do his work. For better manageability several Principals can
be collected in a Principal Group and roles can be directly attached to
Principal Groups.
Users (e.g., human beings) can be assigned multiple Principals to refl ect the
fact that some users connect to the system in different roles depending on the
tasks at hand. For example, User X might be assigned the Principal head-
Sales (because X is head of sales) as well as the Principal admin-Standard
(because X is also segment administrator). If X wants to work as segment
administrator he/she logs in as Principal admin-Standard, if X wants to work
as head of sales he/she logs in as Principal head-Sales. Credentials (like
passwords, certifi cates, SecureIDs) are attached to Users. Like this, it is
The other role-based scheme called, Role-Based Access Control (RBAC) has
received considerable attention as a promising alternative to traditional
discretionary and mandatory access controls. In RBAC, permissions are
associated with roles, and users are made members of appropriate roles,
thereby acquiring the roles permissions. This greatly simplifi es management
of permissions.
Roles can be created for the various job functions in an organisation and users
then assigned roles, based on their responsibilities and qualifi cations. Users
can be easily reassigned from one role to another. Roles can be granted new
permissions as new applications and systems are incorporated, an permissions
can be revoked from roles as needed. An important characteristic of RBAC is
that by itself it is policy neutral. RBAC is a means for articulating policy
Behaviours-based Security
Traditional network-based security examines traffi c for code patterns, or
signatures, that have been part of past intrusions or virus attacks. If known
malicious code is found, security systems stop the suspect transmission.
Although this approach can be effective, it also has limitations. For example,
signature-based security frequently has trouble recognising new types of
attacks or older kinds, in which known code strings have been altered
somewhat—an approach many hackers use. Behaviour-based security, on the
other hand, learns the normal behaviour of traffi c and systems, and then
continually examines them for potentially harmful anomalies and for
behaviour, that frequently accompanies incidents. This approach recognises
attacks based on what they do, rather than whether their code matches strings
used in a specific past incident. Several vendors are thus beginning to make
behavior-based security widely available to organisations via services,
appliances, and software products. And some ISPs are protecting their entire
networks via behavior-based services. The drawback is—behaviour-based
security software can generate a much higher level of false alerts. The
advantage is—it can spot and block new threats, based on their behaviours,
before a menace is identifi ed and assigned a threat signature and name.
Behaviour-based security products, start by studying behaviour and traffic
patterns for a given system and determining which are normal. Some products
adapt over time to learn new normal behaviors. Generally, the products are
based on an approach which compares system behaviour and actual traffi c to
User-based Security
Organisations often implement these systems as part of ISP’s installed on
individual computers to provide security against attacks, using or targeting
individual applications. These systems look for anomalies in application be
haviour or for changes that applications cause in systems behaviour. Upon fi
Agents-based Security
Intrusion Detection System (IDS) implemented using Mobile Agents (MAs)
is one of the new paradigms for intrusion detection. MAs are a particular type
of software agent, having the capability to move from one host to another.
Intrusion detection is one of the key techniques behind protecting a network
against intruders. An intrusion detection system tries to detect and alert on
attempted intrusions into a system or network, where an intrusion is
considered to be any unauthorised or unwanted activity on that system or
network.
Extensive research has been done in this fi eld and effi cient IDS systems have
been designed for wired networks. These systems usually monitor user,
system and network-level activities continuously, and normally have a
centralised decision-making entity. While these architectures have proven to
be effective, most of the techniques will not produce expected results when
applied to wireless networks, due to some inherent properties of wireless
networks.
Transactions-based Security
Client authentication is a common requirement for modern websites as more
and more personalised and access-controlled services move online.
Unfortunately, many sites use authentication schemes that are extremely
weak and vulnerable to attack. These problems are most often due to careless
use of authenticators stored with the client. For the illustration, consider
mobile commerce transactions.
A tentative defi nition for M-commerce transactions can be stated as follows:
“A mobile E-commerce transaction is any type of business transaction of an
economic value that is conducted using a mobile terminal that communicates
over a wireless telecommunications or personal area network with the E-
commerce infrastructure.”
C. Latihan
1. IDS stand for ?
2. RBAC stand for ?
D. Kunci Jawaban
1. Intrusion Detection System (IDS)
2. Role-Based Access Control (RBAC)
A. Daftar Pustaka
1. Venkataram Pallapa, Wireless and Mobile Network Security. Tata
MCGrawhill, 2010