Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Security. Security is Hard Just this year: Denial of service Credit card compromise I Love you Cost to manage security quickly becomes prohibitive.

Published byJasmine George Modified over 9 years ago

Similar presentations

Presentation on theme: "Mobile Security. Security is Hard Just this year: Denial of service Credit card compromise I Love you Cost to manage security quickly becomes prohibitive."— Presentation transcript:

1 Mobile Security

2 Security is Hard Just this year: Denial of service Credit card compromise I Love you Cost to manage security quickly becomes prohibitive How do we do it?

3 “The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in New York, and it meows in Los Angles The wireless is the same only without the cat.” Albert Einstein Wireless is Complex

4 Speed is Everything TIME LATE TO MARKET Source: McKinsey & Co GROSS PROFIT %

5 Recommendations Consolidate as much as possible the security mechanisms necessary to perform commerce Standards-based, vendor neutral, global scope, legal framework Leverage the work already done in e-Business, e- Security After all, wireless is just an extension of technology

6 Trust in the Digital World Trust in the Physical World Trust in the Digital World PassportsCheck BooksCredit CardsPKIEncryptionAuthentication

7 Public Key Infrastructure(PKI) Allow unknown parties to communicate securely “Parties” can be: Employees Devices Suppliers Partners And most importantly, PKI can scale to millions of customers...

8 Market is Huge Source: IDC, 2000

9 Infrastructure Investments Yield Benefits Beyond Commerce Cisco realized $825 million in financial benefits in 1999 Customer Service $269 E-Commerce $37 Supply Chain $444 Employee Resources $55 Dell enjoying similar rewards Dell generates more working capitol than it consumes Customers pay for product before Dell pays suppliers Inventory turns over 60 times/year, 6 times/year in 1994

10 Wireless Network Architecture Internet Network Operator Users E-businesses

11 Evolution of WAP Security WTLS 1.1 WIM WTLS 1.2 Wireless PKI Telepathy PKI Validation System Telepathy WAP Security Toolkit Telepathy Digital Signature Toolkit Telepathy WAP Security Gateway Telepathy WAP Certificates Telepathy WAP CA Q1 2000Q3 2000Q4 2000Q3 1999 July JanJulyOct Telepathy PKI Registration System WML Script Crypto Library WAP 1.1WAP 1.2WAP 1.2+

12 WTLS Layer in WAP Stack WTLS is the wireless equivalent of SSL/TLS Wireless Application Environment (WAE) Wireless Application Environment (WAE) Wireless Session Protocol (WSP) Wireless Session Protocol (WSP) Wireless Transaction Protocol (WTP) Wireless Transaction Protocol (WTP) Wireless Transport Layer Security (WTLS) Wireless Transport Layer Security (WTLS) Datagrams (UDP/IP) Application Layer Session Layer Transaction Layer Security Layer Transport Layer Network Layer Datagrams (WDP) PDC-PPCSCDMATDMA W- CDMA Etc.. Wireless Bearer Network Services and Applications HTML/Java/ JavaScript HTTP SSL/TLS TCP/IP Low-level Network Layer OSI Model WAP ModelInternet Model

13 Web & WAP Architecture HTML pages Web HTTP Web Server WML pages WAP Gateway Web Server WML pages

14 Web & WAP Session Security Secure Sockets Layer (SSL) & Transport Layer Security (TLS) Authentication - Integrity - Confidentiality Secure Sockets Layer (SSL) & Transport Layer Security (TLS) Authentication - Integrity - Confidentiality Web Web Server Wireless TLS (WTLS) Authentication - Integrity - Confidentiality Wireless TLS (WTLS) Authentication - Integrity - Confidentiality WAPWAP Gateway/ Server SSL TLS SSL TLS Web Server

15 WTLS Authentication Levels Three levels of authentication All levels have privacy and integrity Class I- Anonymous No authentication Class II Server authentication only Class III Client and server authentication ??  ? 

16 WAP gateways/server need to provide WAP certificates for authentication Need to obtain WTLS certificate Web servers use X.509 The same ones they use today Mobile users use X.509 Wireless PKI WAP GatewayWeb ServerMobile User X.509 WTLS Which Certificates Do I Use for Authentication?

17 How to Achieve End-to-End Security Move everything to a secure domain WAP end-to-end security solution SIM toolkit-based solution WAP application layer security

18 Baltimore Telepathy WAP Solution

19 Conclusion Partner with a leader who has the completeness of vision and the ability to execute PKI solutions can help move security from enterprise to extranet, high value customers and suppliers, and m-Commerce world

Download ppt "Mobile Security. Security is Hard Just this year: Denial of service Credit card compromise I Love you Cost to manage security quickly becomes prohibitive."

Similar presentations

Software Security & Privacy Risks in Mobile E-Commerce Kartikeya Kakarala CSCI 5939-Independent Study Wireless Application Protocols.

Software Security & Privacy Risks in Mobile E-Commerce Kartikeya Kakarala CSCI 5939-Independent Study Wireless Application Protocols.
Mobile Communication MMS.

Mobile Communication MMS.
Mobile IP and Wireless Application Protocol

Mobile IP and Wireless Application Protocol
Cryptography and Network Security

Cryptography and Network Security
Performance and Efficiency in Wireless Security Terry Fletcher, Senior Security Architect Chrysalis-ITS

Performance and Efficiency in Wireless Security Terry Fletcher, Senior Security Architect Chrysalis-ITS
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
 WAP WAP  Foundation Of WAP Foundation Of WAP  Benefits… Benefits…  Architecture… Architecture…  Layers of WAP protocol stack Layers of WAP protocol.

 WAP WAP  Foundation Of WAP Foundation Of WAP  Benefits… Benefits…  Architecture… Architecture…  Layers of WAP protocol stack Layers of WAP protocol.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
A Survey of WAP Security Architecture Neil Daswani

A Survey of WAP Security Architecture Neil Daswani
Principles and Learning Objectives

Principles and Learning Objectives
CSC8530 Distributed Systems, Summer 2002 1 WAP Overview Amarnath Chitti.

"CSC8530 Distributed Systems", Summer WAP Overview Amarnath Chitti.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.

Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.
Wireless Application Protocol Intro (Continued) WebTP Meeting H. Wilson So 28 Feb, 2000.

Wireless Application Protocol Intro (Continued) WebTP Meeting H. Wilson So 28 Feb, 2000.
Wireless Application Protocol John Bollen MBA 651.

Wireless Application Protocol John Bollen MBA 651.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
CM2502 E-Business Mobile Services. Desktop restrictions Mobile technologies Bluetooth WAP Summary.

CM2502 E-Business Mobile Services. Desktop restrictions Mobile technologies Bluetooth WAP Summary.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
WAP: Wireless Application Protocol Mike Mc Ardle ACSG April, 2005.

WAP: Wireless Application Protocol Mike Mc Ardle ACSG April, 2005.

Similar presentations

Ads by Google