Cryptography Requirements for Wireless Security
Imagine the confusion if military personnel in the field used wireless devices to update headquarters on an urgent situation, but headquarters ignored it because they believed the incoming message was from a malicious hacker.
Alternatively, what if a hacker intercepted and changed sensitive information that was being transmitted through a wireless device? What would it cost if a disgruntled employee used a handheld device to update erroneous inventory information into a main database?
The advantages of wireless are readily apparent: It allows convenience, productivity and the power to make knowledgeable decision quickly. But, this new infrastructure also has vulnerabilities, many of which are well-known and documented.
To counter these weaknesses, the National Institute of Standards and Technology (NIST), the U.S. Government’s standards organization, specifies security requirements for any system protecting sensitive but unclassified information in the Federal Information Processing Standards (FIPS). These standards, such as FIPS 140-2, are binding for U.S. government agencies. Any product sold to the U.S. government must comply with one or more of the relevant FIPS publications.
The Advanced Encryption Standard (AES) is one security measure that has been introduced through FIPS 197 and has been mandated for use to protect government communications.
However, a heavy user of wireless devices should be aware that AES and FIPS validation is not enough.
Although it is a strong encryption algorithm, there are two main points about AES. First, it is a symmetric algorithm used mainly for confidentiality and integrity of data. AES cannot ensure authentication, the ability to prove the identity of the communicating party, or provide non-repudiation, thus ensuring that a party cannot deny involvement in a transaction — the other elements of a comprehensive security solution.
Referring back to the first example above, it would have been a benign situation if headquarters could have authenticated the sender. Digital signatures and certificates are the means to authenticate users and ensure non-repudiation. Since it is not possible to accomplish these with symmetric algorithms, the main cryptosystem used in digital signatures is asymmetric systems, also known as public key systems.
Second, symmetric key systems means the same key is used to encrypt and decrypt a message so the originator must share that key with the other party so the data can be decrypted. If the transport of this key is not secure, hackers can intercept the key, and then read or alter the message. To establish a secure means of exchanging the keying material, a public key system is needed.
Traditionally, users have had a choice in public key systems. However, with the proliferation of wireless devices and the need for more robust security standards, most public key systems just are not efficient or fast enough for these constrained systems. The keys are too large and tax a device’s performance and battery life.
Elliptic curve cryptography (ECC) on the other hand, has the most strength per bit of any known public key system today and consequently is ideally suited for wireless devices. Recently the National Security Agency (NSA) chose ECC to secure its mission-critical applications — a move that underscores the viability of ECC and highlights the fact that security-conscious employees need to take a closer look at how they secure their data on the device and during transmission.
As cell phones, PDAs and other smart devices become the business tools of choice for government employees, there will be a growing need to make knowledgeable decisions about security features and systems. AES is strong but it is only part of the solution. For strong efficient security, users need to ask for ECC as well.
ROY PEREIRA is vice president of product management, Certicom Corp., Mississauga, Ontario.