While the security of wireless LANs has been a serious concern for many people, networking professionals are more confident about the security of the cellular network.
There are good reasons for that. “”The networks themselves have encryption that is inherent in their transport,”” says Alan Panezic,
director of the Blackberry solutions group at Research in Motion Inc. in Waterloo, Ont. David Neale, vice-president of new product development at Rogers Wireless Inc., says the Subscriber Identification Module (SIM) cards in mobile devices respond to challenges from the network to ensure that any device using the network is what it claims to be.
But security is still worth considering when transmitting data over the public cellular network.
“”The first question that most people will actually ask is: secure from where to where?”” Panezic says. Data may be encrypted throughout its journey, but if at some point along the way it is decrypted and then encrypted again — at a carrier’s server, for instance — then you have to trust someone.
A double level of encryption
In some services, Panezic says, a business may send encrypted data from its servers to a wireless carrier’s server, where it must be decrypted and then re-encrypted in a different way to travel over the carrier’s wireless network. The problem here, he says, is that the business must trust that while the data is decrypted on that carrier’s server, it is safe. A better approach is to make sure data is never in the clear between the business’s own server and the mobile device.
One way to do this is a second level of encryption. “”We always recommend, particularly with data applications … that the customer can take the extra precautions by making sure that data is encrypted at the application level,”” Neale says.
The other safeguard many organizations use is a virtual private network (VPN), which is essentially a secure tunnel running over a public network. This approach is popular for remote access over all sorts of networks, wired or wireless. Neale calls it “”the best way to manage secure data.””
The Montreal Police recently finished implementing a system that will allow officers in all of its roughly 500 patrol cars to receive emergency dispatch information and check data such as license plates and investigation reports from their vehicles. It works over the cellular network, and Andre Bernard, systems administrator for the Montreal Police, says it uses a VPN for security. Integrating the VPN, the cellular network, the police force’s computer-aided dispatch system and other systems was a complex job, Bernard says, but the system is working smoothly now.
Emerging cellular standards such as Enhanced Data rate for GPRS Evolution (EDGE) and CDMA2000 1X Evolution — Data Only (EV-DO) don’t directly increase security. However, Neale notes, because new standards offer more bandwidth, they help indirectly by making the overhead of encryption less of a concern.