Cryptology
Cryptography in Mobile Phones
ABSTRACT
As mobile networks expand their bandwidth, mobile phones, as with any other Internet device, become substantially exposed to Internet security vulnerabilities. Public key cryptography is a primary concept in implementing wireless device security. Many papers have been written about public key infrastructure, this paper does not delve into the deeper mechanisms of PKI(public key infrastructure). Instead, it describes the applicative use of PKI in current and future mobile phone applications, and shows how Discretix CryptoCell™ efficient, lightweight and standard-compliant implementation of cryptographic algorithms, enables wireless devices to become PKI-enabled.
SECURITY THREATS IN THE MOBILE ENVIRONMENT Being based on the concept of transferring data through intermediate nodes, the very nature of Transmission Control Protocol/Internet Protocol (TCP/IP), the basic communication protocol over the Internet and intranets, makes it possible for an adversary to interfere with communications. Any TCP/IP session may be interfered with in the following ways:
Eavesdropping - the information privacy is compromised without altering the information itself. Eavesdropping may imply that someone has recorded or intercepted sensitive information (e.g. credit card numbers, confidential business negotiations).
Tampering – the information is altered or replaced and then sent on to the recipient (e.g. change of an order or commercial contract transmitted).
Impersonation – the information is passed from or to a person pretending to be someone else (this is called spoofing, e.g. by using a false email address or web site), or a person who misrepresents himself (e.g. a site pretends to be a books store, while it really just collects payment without providing the goods…).
PUBLIC KEY CRYPTOGRAPHY PROVIDES COUNTERMEASURES Public-key cryptography is a technique, ingrained in well-known standards, that allows taking precautions, by providing:
!
ABSTRACT
As mobile networks expand their bandwidth, mobile phones, as with any other Internet device, become substantially exposed to Internet security vulnerabilities. Public key cryptography is a primary concept in implementing wireless device security. Many papers have been written about public key infrastructure, this paper does not delve into the deeper mechanisms of PKI(public key infrastructure). Instead, it describes the applicative use of PKI in current and future mobile phone applications, and shows how Discretix CryptoCell™ efficient, lightweight and standard-compliant implementation of cryptographic algorithms, enables wireless devices to become PKI-enabled.
SECURITY THREATS IN THE MOBILE ENVIRONMENT Being based on the concept of transferring data through intermediate nodes, the very nature of Transmission Control Protocol/Internet Protocol (TCP/IP), the basic communication protocol over the Internet and intranets, makes it possible for an adversary to interfere with communications. Any TCP/IP session may be interfered with in the following ways:
Eavesdropping - the information privacy is compromised without altering the information itself. Eavesdropping may imply that someone has recorded or intercepted sensitive information (e.g. credit card numbers, confidential business negotiations).
Tampering – the information is altered or replaced and then sent on to the recipient (e.g. change of an order or commercial contract transmitted).
Impersonation – the information is passed from or to a person pretending to be someone else (this is called spoofing, e.g. by using a false email address or web site), or a person who misrepresents himself (e.g. a site pretends to be a books store, while it really just collects payment without providing the goods…).
PUBLIC KEY CRYPTOGRAPHY PROVIDES COUNTERMEASURES Public-key cryptography is a technique, ingrained in well-known standards, that allows taking precautions, by providing:
!