Data Security In Wireless Networks
Published on Aug 15, 2016
Wireless Wide Area Networks (WAN) are a popular method of wirelessly accessing data over the Internet. A major concern for many corporate users of wireless WANs is data security and how to protect data that is transmitted over these wireless networks.
There are many features of these wireless networks, which provide user and data security. This paper discusses the security features for CDPD, CDMA, and GPRS networks, as well as an introduction to virtual private networks (VPN) and how these applications can be used to enhance the overall security of data on wireless networks.
CELLULAR DIGITAL PACKET DATA (CDPD)
CDPD is a secure, proven, and reliable protocol that has been used for several years by law enforcement, public safety, and mobile professionals to securely access critical, private information. CDPD has several features to enhance the security of the mobile end user's data and these are discussed below.
OPERATION OF CDPD: -
A brief overview of the operation of the CDPD network is as follows:
A wireless modem (or Mobile End System-M-ES) communicates by radio with the Mobile Data Base Station (MDBS). The MDBS transfers this data by landline and microwave to the Mobile Data Intermediate Systems (MD-IS), which processes and sends the information, by Intermediate System gateways (routers), to the appropriate destination.
In order to prevent piracy and "cloning" of CDPD devices, and thus fraudulent network use and billing, the CDPD standard provides sophisticated mechanisms for NEI authentication and verification. It can confirm that only the authorized modem, with the assigned NEI, is using that NEI.
Using the Diffie-Hellman Electronic Key Exchange mechanism, the authentication process uses three numbers: the NEI, the Authentication Sequence Number (ASN), and the Authentication Random Number (ARN), which together form the credentials of that modem. Although a subscriber can determine their NEI, they cannot obtain the ASN or ARN.
When a subscriber's modem performs the authentication procedure during network registration, the MD-IS checks these credentials against the current values of the ASN and ARN. If the stored values do not match those provided by the modem, then the modem is not allowed to connect.
From time to time, the MD-IS generates a new (random) value for the ARN, and it then increments the ASN by one. The MD-IS delivers the new ARN to the modem in the final step of the encrypted registration process. The modem stores this ARN internally and increments its local ASN by one.