The contemporary world is characterized by an increased use of wireless communication. Such communication entails the use of smart phones and iPods in our daily communications. The use of wireless communication has become very essential which has greatly enhanced sharing of information greatly. Security of the information transmitted over wireless communication and especially in a mobile phone transmission is often considered as a very sensitive issue. This is because mobile phones communications are known to have similar characteristics with the tradition wired networks that are highly vulnerable to security threats. Wireless network has been associated with many advantages such as eradication of the high cabling cost and enhanced user mobility. Nevertheless, wireless communication and especially the mobile phone communications have been faced with great threats of data insecurity. Whereas the wired network entails physical transmission networks that are easy to secure, the wireless networks use air as their medium of communication which makes them difficult to secure (Borisov, Goldberg & Wagner, n.d).
To be able to understand the security concerns of mobile phone transmissions, it is important to first look at how a mobile phone operates in its environment. A mobile phone environment consists of a mobile station (MS) that is also referred as a mobile terminal. A mobile station is the garget that is used by a customer to get services from the mobile network. Mobile phone users utilize this equipment to link to their mobile networks when they are within their service providers’ coverage range. They use the cell antennae to link their mobile station to their service providers. The work of cell antennae is to offer network facility to mobile stations that are within the coverage range. Another important feature in mobile phones communications is a base station controller (BSC) that regulates a group of cell antennae. BSC is the one that is accountable for setting calls for MS and ensuring the continuity of the call when one antennae moves from one cell antennae coverage to another. The work of a Mobile Switching Center (MSC) is to connect the base stations, relay messages and any communication signal to and from MS using the same network. The location register is used to give information about the location and subscription of a mobile user in its domain. Lastly the Authentication server is an important feature in mobile phone communication as it is used to keep confidential information such as the keys of mobile phone users. It is generally physically protected for security reasons (Samfat, Molve & Asokan, 1995).
The BSC, MSC, location registers and authentication server are often regarded as domain servers. Immediately a MS registers with a server, then that server automatically becomes its home server. The domain that is given by a home server is commonly referred as the home domain. The MS can move from one region to another within the home domain or go outside its domain and enjoy the same services provided it is within its network coverage. When the MS moves away from its home domain to its visiting domain, the MS gets its services from the serving network since the new network is the one that is providing services to the that region. The serving network first queries the MS home network in order to ascertain authentication for security reasons.
Mobile phones use the open air as their medium of communication which is highly exposed to both active and passive attacks. Wireless communication and especially communications transmitted over mobile phones are very susceptible to insecurity. The reason behind the high insecurity in wireless communication is because the transmitted data moves directly between a mobile user and the base station. This makes it easy to copy the conveyed message as it is being relayed in the air. There exists a security weak spot when setting a wireless communication channel that entails exposure of the physical location of the mobile phone user to some bodies that are able to view this routing information. This becomes a very risky situation for those mobile phone users that require keeping their locations private such as those mobile phone users that work for the military or for security intelligences organs. The risk involved here is that imposers may try to track these mobile users and hack into their network and get unauthorized access to sensitive information that was meant only to be available to the intended users (Samfat, Molve & Asokan, 1995).
There are some security threats that are highly associated with wireless communications. They include; the Passive and active attacks. Active attacks subvert the transmission by deleting, injecting, altering or replaying messages. On the other hand a passive attack involves eavesdropping and accessing the transmitted message by positioning themselves within the region of the cell.
Masquerading involves instances where an entity receives illegal access in a wires network. The masquerading user uses this privilege to cheat the receiver about their real identity. The unauthorized use of resources occurs when an illegal user access a wireless network and use the network resources for personal gains. There are instances when unauthorized changes of resources and information happen within a wireless network. This attack occurs simultaneously with other attacks such as replay of messages. The replay attack entails replaying part of the original messages in order to yield unauthorized effect. The threat also encompasses the removal of resources from or into the network (Samfat, Molve & Asokan, 1995).
Active attacks are also equally dangerous as the passive attacks. One form of active attack involves a hacker faking the access point by prompting the communications of real users so that to establish associations. The attacker then collects information or executes a MITM attacks. When an attacker fails to achieve either of the above, the hacker may decide to use another attack strategy of denial of service attacks. Such attacks lower down the performances of a network that further disrupts the network services. The attacker can achieve the same effect by using two other methods which entails using physical destructions that involve either destroying an AP or destroying the antennae. The use of interference is the other method that a hacker can opt for. The 802.11b code that uses 2.4 GHz ISM band is generally open and freely available for public use. Hackers can disrupt the 802.11b signal with the help of a wireless phone or the microwave in the kitchen. These attacks generally entail illegal denial of services whereby attackers restrict resources or services reaching the intended users. This occurs when hackers intercept information relayed over the network and delete them or regenerate more messages that distort the real message (Bellovin, 1996).
Mobile phones are designed as being generally small and light to enhance their portability. In addition, they are known to be battery powered which greatly affects their usage time. The transmission of data by mobile phones entails the use of energy that is delivered from the mobile phone battery. Addition of more complex encryption algorithms in the mobile phone will require them to use more power that will be supplied by the same battery to power them which will greatly reduce their usage time span (Schneier, 1996). This is one reason why mobile phones manufacturers have not succeeded in incorporating stronger security systems in the mobile phones to safe guard the message they transmit. In addition, incorporating of security features within the mobile system is limited by their small size. Therefore lack of effective security measures in mobile phones have made security of mobile phones become highly compromised. The security issues of mobile phones become more aggravated when users are authorized to cross security domains. Moreover, their ability to be recharged at any location and at any moment exacerbate the security issues among their potential users. To eradicate this concern there is a need to implement regulations that will specify who and when a legal user should receive such services. The flexibility of mobile users to use resources at various localities that are offered by diverse service providers makes the issue of mobile phone security complex to control and manage (Pitzmann & Köhntopp, 2001).
The mobile phone can adapt appropriate measures to counteract its insecurity issues accordingly. One method it can use is the use of authentication. Authentication helps to control illegal users from accessing protected networks. Authentication is important as it helps in verifying an entities identity and right. The degree of trust of an entity depends on the results of the authentication process. Authentication of a user should be established transparently without interfering with the users’ current activity. Authentication assists an entity from illegal intrusion. Mobile stations are known to manually authenticate their servers. This authentication has two benefits. One advantage is that authentication stops any malicious station acting as if it is the real base station. The other merit is that authentication helps the mobile station to select the service of a certain base station among many networks. In many instances, most of authentication protocols require the server authentication to be informed before or during implementation of the procedure (Rivest, 1992). It is noted that establishment of authentication is difficult when many mobile phone users enter into foreign domains. In such cases the authentication depends on the quality of the link between the mobile phone home domain and that of the visited domain.
In most cases such situations are unpredictable and thus not guaranteed. Because of this failure some professionals have advocated for the use of certificates instead of contacting the users home authentication server. This method also has a weak point as it brings the assumption that the certifying authority operates globally and is trusted by all stakeholders involved which is not true. The use of certification is also deemed to fail since there are instances where one user visits foreign domains unplanned and thus not able to get certificate of use from the home domain. Similarly, the use of certificates is questionable as it does not reflect the current status of user such as current balance of bank account; neither does it reflect the users’ behaviors in the previously visited domains. In addition, the inability to protect the user from altering the information contained in the certificate is another issue for consideration. Moreover, it will be a difficult task in cases of revocation of certificates due to the high scalability associated with mobile usage as cell phone users are known to move more frequently and some worldwide. Engineering very effective authentication for cell phone systems will require more efficient authentication protocols that expose very minimal information about the principles involved in executing the protocols involved (Arbaugh, William, Shanker & Wan, 2001).
Security of mobile phone can be enhanced by adaption of the concept of anonymity which involves the idea of not being identified within a set of guideline. Privacy is a necessity for any form of communication. The most sensitive information that mobile users should be allowed to keep private include users’ identity, their current locations and movement trends. This is because mobile communications are more vulnerable to eavesdropping making it very easier for hackers to tap useful information. Mobile telecommunication is well known in storing a lot of information about the mobile users. This makes information of mobile users widely spread and highly available. The risky that is associated with storing of this information is that there is no security guarantee of the data stored. To enhance anonymity other parties should be prevented from making associations with messages received or sent. This will help to make sure that there is privacy of the user movements and his/her current locations. Making sure that privacy of users’ activities is guaranteed which can be achieved by hiding the users’ relationship with their previously visited domains is also important. Likewise, the users’ home domains should be kept secret. The uses of concept of anonymity enables mobile users avoid attacks such as service denials. The most effective mechanism that can guarantee anonymity should be the use of nick name while referring to the real user. Alternatively, encryption of the real identity is also an effective strategy of establishing anonymity (Park, 2000).
Mobile devices are manufactured as very small and light gargets that make them more portable. Nevertheless, these characteristics make mobile phones become more susceptible to being stolen and misplaced. Though one can easily replace them once lost, the greatest loss occurs when mobile phone users loses all the information that is stored in them. The situation becomes worse when one is denied access to one’s account in cases where the mobile phone is used as the control device to these facilities. In cases where the mobile phone is stolen there is an increased risk of unauthorized access of the users’ accounts which can result to unwarranted purchases or withdrawals. Thus to counter such effects, mobile phones should be well secured and all information they store being encrypted to protect it from illegal use (Gillian, 2000).
Security domain represents a set of network bodies that use a common security policy as their administrative authority. Boundary crossing happens when a mobile phone user leaves a particular domain and enters another one. The trustworthiness of the entered domain environment is ascertained by the both the new domain and the mobile user. This trustworthiness is generally realized by mutual authentication from the two. The degree of future trust is based on the level of trust established that controls future decisions and security related activities. Generally, a domain screens its new users so that to uphold its brand as a safe domain so that to attract more users to migrate to it as mobile users will tend to migrate to domains that guarantees security (Joos & Tripathi 1997).
List of References
Arbaugh, William A., Shanker, N. and Y.C. J. Wan, Y.C., 2001. Your 802.11 Wireless Network Has No Clothes. Web.
Bellovin, M., 1996.Problem areas for the IP security protocols. New Yolk: Prentice Hall.
Borisov, N, Goldberg, I. and Wagner, D., n.d.Intercepting Mobile Communications: The Insecurity of 802.11. Web.
Gillian, S., 2000. Vulnerabilities within the Wireless Application Protocol. Web.
Joos, R. R., and Tripathi A.,1997. Mutual Authentication in Wireless Networks, Technical Report, Computer Science Department, University of Minnesota.
Park, C. S., 2000. Authentication Protocol Providing User Anonymity and Untreacibility in Wireless Mobile Communications Systems. Web.
Pitzmann, A., and Köhntopp, M., 2001. Anonymity, Unobservability, and Pseudonymity. A Proposal for Terminology, Designing Privacy Enhancing.
Rivest, R.L., 1992. The RC4 Encryption Algorithm.RSA Data Security. London: Oxford University Press.
Samfat, D., R. Molve, and Asokan, N., 1995. Untreacibility in Mobile Networks, Proc. of ACM Int. Conf. on Mobile Computing and Networking, Berkeley, CA. Technologies, LNCS. Springer: Verlag.
Schneier, B., 1996. Applied Cryptography: Protocols, Algorithms and Source Code in C. New York: John Wiley and Sons.