Mobile Computing – Part 1 Guest Speaker: Will Cardillo Major Account Manager Verizon Wireless - Government Solutions Team Special Guest Speaker: Sylvia Hernandez Director, Network Services GSA – Integrated Technology Services
AGENDA Architecture Integration Security Connectivity COOP Integration (Presented by GSA) Q & A
ARCHITECTURE
It’s All About The Network
Opt. VoIP Evolution of Technology Standards CDMA = Code Division Multiple Access DL = Down Link (Forward Link) HSDPA = High Speed Downlink Packet Adapter HSUPA = High Speed Uplink Packet Adapter LTE = Long Term Evolution OFDM = Orthogonal Frequency Division Multiplexing TDM = Time Division Multiplexing UL = Up Link (Reverse Link) MIMO = Multiple Input-Multiple Output OFDM* OFDMA/MIMO/SDMA CDMA/TDM CDMA TDM IS856 Rev 0 (1xEV-DO) IS A (EBCMCS) IS856 Rev A (1xEV-DO) IS856 Rev B (1xEV-DO) IS (BCMCS) Mobility IS2000 (CDMA2000 1X) OFDM Interop? IS856 Rev C (1xEV-DO) Mobility OFDM Interop? LTE Opt. VoIP Rel'7 (E-HSDPA) Init. VoIP Opt. VoIP TBD Mobility Init. VoIP (WiMax) e+ (WiMax) Date TBD Dates shown are estimated timelines “Initial VoIP” not as spectrally efficient as “Optimized VoIP”. “Optimized VoIP” for is TBD. “Mobility” indicates when each particular standard supports mobility inter-operability between the terminal and BTS. R'99 (UMTS) Rel'5 (HSDPA) Rel'6 (EDCH, MBMS) e (WiMax) LTE a (WiMax) d (WiMax) LTE IS856 Rev A (1xEV-DO) Opt. VoIP IS856 Rev A (1xEV-DO)
Wireless QOS Peak Rate (20 MHz) Mbps downlink Mbps uplink - Latency <10 ms - IMS - End-to-end QoS Peak Rate (5 MHz) - 9.2/14.7 Mbps downlink Mbps uplink Peak Rate (20 MHz) Mbps downlink - 27 Mbps uplink Peak Rate (1.25 MHz) Mbps Mbps - Lower latency - VoIP 1xEV-DO Rev B 1xEV-DO Rev C EV-DO Rev A EV-DO Rev 0 1xRTT IS-95 Peak Rate (1.25 MHz) Mbps downlink kbps uplink - All IP - Handoff to 1X Peak Rate ( MHz) Mbps downlink Mbps uplink - Latency <10 ms - IMS - End-to-end QoS LTE
4G Around the Corner
What is 4G? New Technology Advancements –Radio Technology Orthogonal Frequency-Division Multiplexing (OFDM) –Antenna Multiple Input-Multiple Output (MIMO) Improved Performance –Speed –Latency Broader Device Portfolio –Ultra Mobile PC –Cars –Appliances –Cameras, etc. Expanded Service Options –Machine-to-machine –Real-time video, etc. UMB LTE WiMAX 4G Options
INTEGRATION
Wireless Private Network
Wireless Private Network - Benefits Solution establishes a private, direct connection between enterprise networks and the Wireless Carrier Broadband Data Network. Routes data to the enterprise through an IP tunnel. Traffic segregation helps reduce risk of unprotected public networks and public gateways. Improved data response times. Direct connection lets agencies securely and reliably communicate with mobile workforces. Enhances workforce mobility by providing flexibility, ease of management, with a secure connection in a single turnkey network solution.
WPN - Pro’s & Con’s OptionsPro’sCon’sComments VPN over Internet Low Cost Secure Some Redundancy Complexity No Control on Internet Not all VPN vendors supported Single Direct Circuit Secure Full Routing Control Low Redundancy Requires Static or BGP routing Router needs Access Control List for Security Dual-Direct Circuits Secure Full Routing Control Redundant Higher Cost Routing Requires Static or BGP routing Complex Access Control List on both sides
Extending The PBX Voice Continuity Single Number Reach Single Integrated Voice Mail Extends PBX Functionality to Remote Devices Seamless Call Mobility/Call Reconnect
Gobi Be Prepared To Operate Away From Your Office When Disaster Strikes Support Your COOP & Telework Plans with Embedded Notebook Computer Deployment Deploy notebook computers with the NEW “Gobi TM” embedded module as part of your overall Continuity of Business Operations (COOP) and Telework Plan: Replace desktop computers with laptops and docking stations Gobi™ is a multi-mode embedded module developed by Qualcomm Incorporated: –Leading laptop vendors will be integrating Gobi into laptop models shipping in 2008 –Can be used on the two main 3G Carrier Networks around the world: 1.HSPA (High-speed Packet Access): –HSDPA: High-Speed Downlink Packet Access & –HSUPA: High-Speed Uplink Packet Access) –850 MHz, 1900 MHz, 2100 MHz w/ diversity in all bands 2.1xEVDO (Evolution Data Optimized) Revision A –850 MHz, 1900 MHz w/ diversity in both bands –Includes GPS (Global Positioning System) hardware
Gobi “Software Defined Radio” Firmware Sits Outside the Module in Flash Memory on the Laptop –Images Get Loaded Via Connection Manager Update, a Laptop Update (similar to a BIOS update), or.MSI push to laptops IT Administrator Decides When to Update the Image Image Posted on Laptop Manufacturer Site, VZEnterprise Site, Upgrade from VZAM, and Link from VZW to Laptop Site –Module Supports Multiple Carrier Images (22+ images) –Each Carrier has a Gobi “Image” to Support their Network –Laptop Manufacturer Decides How Many Images Will be Loaded onto the Laptop Fully Generic with All Carriers, or Carrier Specific –Connection Manager Controls Loading and Switching of Carrier Images
SECURITY
How Big is the Problem?
Device and Data Security Security Policy – 1st Line Defense –Restricting device features (Camera, Bluetooth, IR ports), –Restraining component modification –Controlling sensitive information or software that can be installed. –FIPS Authentication – 2nd Line Defense ID and Password Authentication 1-Factor Personnel Identification Verification 2-Factor Biometrics Smart-cards Tokens Patterns, Signature, Behavior NIST Encryption – 3rd Line Defense At-Rest or In-Transit Encrypted (S/MIME) Encryption Software Classified Standards (Type 1, etc.) FIPS 197 AES Antivirus Device Management VPNs and Applications PKI and Encryption Network, Security and Asset Management
Risks and Threats Devices can be stolen and reveal sensitive information. Security remedies have not kept pace with the exponential increase of processing power, memory and storage capability of handhelds. Data synchronization with PCs require different security mechanisms. Multiple access points such as Bluetooth, IR ports, , CDMA, GPRS and public wireline connectivity. Opening access through Firewalls, because the application requires it. Download programs from un-trusted sources or bypass corporate firewalls. Mobile Devices eludes physical security measures because of small size. Inadvertent or intentional bypass of security measures to simply get the job done. Hijacking Data Leakage Eavesdropping Audio/Video Physical Attack Man in the Middle DoS Attacks Spamming Jammers Spoofing PhishingTHREATS RISKS
What to Protect Network Public Internet Public/Private Intranet Private or Virtual Private Network Asset (Device) 2–Factor Authentication Encrypt Data on the Device Device and Laptop Kill Prevention Retrieval Data – Information – Knowledge 2-Factor Authentication Encrypt Data At-Rest and Data In-Transit People Location Responsibility
Standards FIPS Level 1: The lowest level of security. No physical security mechanisms are required in the module beyond the requirement for production-grade equipment Level 2: Tamper evident physical security or pick resistant locks. Level 2 provides for role-based authentication. It allows software cryptography in multi-user timeshared systems when used in conjunction with a C2 or equivalent trusted operating system Level 3: Tamper resistant physical security. Level 3 provides for identity-based authentication Level 4: Physical security provides an envelope of protection around the cryptographic module. Also protects against fluctuations in the production environment Source:
Standards NIST Special Publication Level 1 – Single Factor Encrypted Password Level 2 – Single Factor Authentication Token Methods of Levels 3 and 4, Passwords and PINS, Identity Proofing Required, Transmission Encryption Required Level 3 – Two Factor Primary Token Encryption, Soft Or Hard Cryptographic Tokens or One-time Password Device Tokens Level 4 – Two-factor Hard Tokens Only, Critical Data Transfers Authenticated via a key bound to Authentication Process, Cryptographic Modules FIPS Level 2 or Higher with FIPS Level 3 Physical Security. Source:
Device Security Solutions Security Application Providers Control BlueTooth Lock Down Cameras Manage SD Slots Audit Laptops i.e.. USB Ports Encrypt - Data at-Rest in-Transit Device Kill
CONNECTIVITY
Methods Wireless Handset – Over the Air / Tethering - Blackberry - Windows Mobile Device Broadband Access Cards - PCMCIA - Express Card - USB - Imbedded (GOBI) Wireless Router - Back-up (COOP – BCDR) - Mobile Deployment Cisco Enzo HWIC-EVDO-rx Digi ConnectPort WAN
Access Manager Minimum Requirements: Easy–to–Use, Customizable Interface - Push upgrades and policies to your end users - Provide efficiency for administrator Customization - Sub-Branding - Pre-connect message capability - Helpdesk information Complete Integration with Access & Security Services: - Fully integrated with Enterprise Services Management - Simplify Enterprise Mobility – Dial Access connectivity and Intranet (VPN secured) Access - Optional customer provided Integrated personal firewall - Easy access to Verizon’s world wide Wi-Fi coverage - Easy setup of custom application; launched before or after connection
Access Manager Continued
Broadband Access Connect Turn a BlackBerry, Smartphone, or Select Voice Handsets into a Broadband Access Connection. Using a simple USB Connection Cable or Bluetooth ® technology you’ll enjoy: Voice service — Make and Receive Calls Data Access — Check , PIM, or Access Applications. Access Manager = Back-Up Mobile Connectivity + Connection cable or +
Application Based Oil & Gas (fixed) Gas Correctors Regulators Flow Meters Wellhead Measurement Remote Terminal Units Programmable Logic Controllers Fleet Management (mobile) Waste Industry Cable/Utilities Regional Trucking Public Safety Limousines Mobile Computing Electric Utility (fixed) Switch Control Substation Backup Pole Top Routing Control Power Restoration Services Data Collection Water Management (fixed) Water Quality Data Loggers Tank Depth Pressure of Sewage Flow of Sewage Gray Water /Storm Drain Runoff Black Water Levels Traffic Management (fixed) Changeable Message Signs Traffic Cameras Loop counters Traffic Controllers Transit Systems Security Systems Public safety Mobile Command Center Emergency Management Criminal tracking House Arrest Red Light cameras/speed traps
Q & A Guest Speaker: Will Cardillo Major Account Manager Verizon Wireless - Government Solutions Team Special Guest Speaker: Sylvia Hernandez Director, Network Services GSA – Integrated Technology Services