Introduction to Wi-Fi

Wireless Fidelity – popularly known as Wi-Fi, developed on IEEE 802.11 standards, is the recent technology advancement in wireless communication. As the name indicates, WI-FI provides wireless access to applications and data across a radio network. WI-FI sets up numerous ways to build up a connection between the transmitter and the receiver such as DSSS, FHSS, IR – Infrared and OFDM. The development on WI-FI technology began in 1997 when the Institute of Electrical and Electronic Engineers (IEEE) introduced the 802.11 technology that carried higher capacities of data across the network. This greatly interested some of major brands across the globe such as the world famous Cisco Systems or 3COM. Initially, the price of Wi-Fi was very high but around in 2002, the IT market witnessed the arrival of a break through product that worked under the new 802.11 g standards. In 2003, IEEE sanctioned the standard and the world saw the creation of affordable Wi-Fi for the masses.

Wi-Fi provides its users with the liberty of connecting to the Internet from any place such as their home, office or a public place without the hassles of plugging in the wires. Wi-Fi is quicker than the conventional modem for accessing information over a large network. With the help of different amplifiers, the users can easily change their location without disruption in their network access. Wi-Fi devices are compliant with each other to grant efficient access of information to the user. Wi-Fi location where the users can connect to the wireless network is called a Wi-Fi hotspot. Through the Wi-Fi hotspot, the users can even enhance their home business as accessing information through Wi-Fi is simple. Accessing a wireless network through a hotspot in some cases is cost-free while in some it may carry additional charges. Many standard Wi-Fi devices such as PCI, miniPCI, USB, Cardbus and PC card, ExpressCard make the Wi-Fi experience convenient and pleasurable for the users. Distance from a wireless network can lessen the signal strength to quite an extent; some devices such as Ermanno Pietrosemoli and EsLaRed of Venezuela Distance are used for amplifying the signal strength of the network. These devices create an embedded system that corresponds with any other node on the Internet.

The market is flooded with various Wi-Fi software tools. Each of these tools is specifically designed for different types of networks, operating systems and usage type. For accessing multiple network platforms, Aircrack-ng is by far the best amongst its counterparts. The preferred Wi-Fi software tools list for Windows users is: KNSGEM II, NetStumbler, OmniPeek, Stumbverter, WiFi Hopper, APTools. Unix users should pick any of the following: Aircrack, Aircrack-ptw, AirSnort, CoWPAtty,Karma . Whereas, Mac users are presented with these options: MacStumble, KisMAC, Kismet. It is imperative for users to pick out a Wi-Fi software tool that is compatible with their computer and its dynamics.

Wi-Fi uses radio networks to transmit data between its users. Such networks are made up of cells that provide coverage across the network. The more the number of cells, the greater and stronger is the coverage on the radio network. The radio technology is a complete package deal as it offers a safe and consistent connectivity. Radio bands such as 2.4GHz and 5GHz depend on wireless hardware such Ethernet protocol and CSMA. Initially, Phase Shift Keying (PSK), a modulation method for conveying data was used, however now it has been replaced with CCK. Wi-Fi uses many spectrums such as FHSS and DSSS. The most popular Wi-Fi technology such as 802.11b operates on the range of 2.40 GHz up to 2.4835 GHz band. This provides a comprehensive platform for operating Bluetooth strategy, cellular phones, and other scientific equipments. While 802.11a technology has the range of 5.725 GHz to 5.850 GHz and provides up to 54 Mbps in speed. 802.11g technology is even better as it covers three non-overlapping channels and allows PBCC. 802.11e technology takes a fair lead by providing excellent streaming quality of video, audio, voice channels etc.

Wireless Standards:

The official name for the specification is IEEE 802.11, and it is comprised of more than 20 different standards, each of which is denoted by a letter appended to the end of the name. The most familiar standards are 802.11b and 802.11g (Wireless B and G) which are used in the majority of commercial Wi-Fi devices. Both of these standards operate in the 2.4 GHz band, and the only major difference between the two is the transfer rate.

Some consumer electronics, however, use a different standard—Wireless A. These devices operate within the 5 GHz range and have transfer rates equivalent to 802.11g. However, since they operate on different frequencies, devices using the 802.11a standard cannot communicate with B and G-enabled devices. For this reason, it is important to check the compatibility of components with your wireless network prior to purchasing them.

Comparison of standards:

The table below provides a brief overview of the three most popular current 802.11 standards, as well as information about the next version of Wi-Fi — 802.11n.

Advantages of Wi-Fi
Now that we've covered the basics of the technology, let's check out some of the advantages Wi-Fi has over its wireless (and wired) competition.

Unparalleled mobility and flexibility:
If you've ever installed a multi-room stereo and had to run wires through a wall, you know the amount of time and effort it requires, not to mention the permanence of your installation. If you want to move the receiver to another room, the wiring has to be completely redone, and the holes patched.
Thanks to Wi-Fi, users are no longer confined by the cords that link their devices, enabling new levels of connectivity without sacrificing function or design options. Many new products, called music streamers, are being introduced that utilize Wi-Fi technology to wirelessly broadcast your music to speakers located throughout your house. Some systems are different than others, but typically you can listen to the same, or different music in each room, play music from the server or any computer attached to the network, and even listen to internet radio.

Quick, easy setup

Setting up a wireless network may sound like a daunting task, but it's actually a pretty straightforward process. Wi-Fi networks don't require professional installation, and, best of all, there are no holes to drill or wires to run through walls. Many new routers are "plug-and-play," meaning you just connect them to a power outlet, plug in an Ethernet cord, your network has been created. Unfortunately, wireless security doesn't automatically configure itself, so it's important to remember to enable it via a personal computer once a connection to the wireless network has been established.

Fast data transfer rates:

With transfer speeds up to 54 megabits (Mb) per second (6.75 megabytes), 802.11g is currently the fastest commercially available Wi-Fi protocol on the market. It is important to note that this is the maximum theoretical transfer rate, not that which one should expect on a daily basis. Nonetheless, typical 802.11g networks are more than capable of handling the demands of streaming standard-definition TV signals, as well as CD-quality audio.

Limitations of Wi-Fi:

Security and interference are the main issues with current Wi-Fi standards, as well as its inability to reliably stream high definition audio and video.

Security concerns:
Though typically very easy to set up, securing your Wi-Fi network requires more effort. Wi-Fi access points do not come with encryption straight out of the box; you have to do it from your computer once the network is up and running. An unsecured wireless network is susceptible to attacks from hackers, potentially giving them access to all of the information stored by the devices on your network. In addition, "friendly," yet unauthorized computers will also be able to connect to your network, occupying the bandwidth and hindering overall network performance.

Interference from other devices:

Wi-Fi transmissions take place primarily within the 2.4 GHz spectrum, making them susceptible to interference from Bluetooth® wireless enabled devices, cordless telephones, microwave ovens, baby monitors, and other household devices. The farther your Wi-Fi devices are located from these known interferers—and the closer they are to one another—the more robust your signal will be, so keep that in mind during setup.

If you live in an apartment complex or in close proximity to your neighbors, their wireless network can also be a source of interference. However, many newer routers automatically select the channel with the least amount of interference, ensuring that you get the best possible connection.

Lack of support for high-quality media streaming:

Even the fastest current Wi-Fi standards are pushed beyond their limit when trying to handle some of today's high-end media. High-definition audio and video files are bandwidth and timely-delivery-intensive, and typical wireless networks have neither the transfer speeds nor the consistency to transfer them flawlessly. This problem is further compounded if there are multiple devices connected to the same access point because the bandwidth must be divided between all of the equipment.

Securing your Wi-Fi network

The best choice for wireless network encryption is currently Wi-Fi Protected Access (WPA2). Most newer access points support WPA2 encryption, and it can be configured once your network has been set up. For more security tips, check out our article on creating a home network.

Bluetooth® wireless technology, on the other hand, has security built in, and it automatically requires devices to enter a passkey in order to connect to the network.

Wi-Fi's Future: 802.11n

When completed (currently scheduled for late 2009), wireless specification 802.11n should open the door to a vast assortment of new applications. Though the final specifications have not been determined, transfer speeds are reportedly 10 times faster than current standards (540 Mbps as opposed to 802.11g's 54 Mbps). That's more than enough bandwidth to support even the most demanding transfers, enabling users to stream high-definition audio and video, play games, and surf the internet with no delays or quality loss.

Pre-N products
Unable to wait for the 802.11n standard to be finalized, some manufacturers have released "pre-N" routers and wireless cards. With 600% speed increases over 802.11g, they are capable of handling streaming HDTV signals and audiophile-grade audio. In addition, pre-N routers reportedly offer an 800% increase in wireless network coverage, adding both range and stability. For home theater enthusiasts who have to have the newest technology, pre-N routers offer a glimpse of the future, and they're pretty reasonably priced, with both routers and wireless cards in the $100 neighborhood.

Interoperability remains a question mark for pre-N products, since no official standard has been approved, but manufacturers claim their products not only have no problems communicating with devices using other standards, they actually increase their performance as well. Whether or not the pre-N devices will be compliant with the 802.11n standard when it is released is still unknown, and we probably won't know for sure until the first 802.11n products begin rolling off the shelves in late 2009.

High-quality media streaming finally a reality
The main advantage of 802.11n is the interconnectedness it creates between components on the same network. Internet speeds are restricted by numerous factors (including the speed of the access point, the quality of the internet connection, and the memory on your computer). While the step from G to N will not typically lead to drastic improvement in internet download speeds, internal data transfer rates are not restricted by the same factors, allowing the full potential of the technology to be realized. Since 802.11n devices are ten times faster than current standards, devices will be able to transfer ten times the information in the same amount of time. If the standard is approved, and transfer rates remain at their speculated levels, reliable, high-definition streaming media may finally become a reality.

The ability to transfer data internally, between the devices on your personal network, is where 802.11n differentiates itself from previous standards. It will be interesting to see the creative new products that are made possible by the certification of the new standard.

WiMax -> What is WiMax (Part-I)?

WiMAX is a wireless industry coalition whose members organized to advance IEEE 802.16 standards for broadband wireless access (BWA) networks. WiMAX 802.16 technology is expected to enable multimedia applications with wireless connection and, with a range of up to 30 miles, enable networks to have a wireless last mile solution.

WiMAX was formed in April 2001, in preparation for the original 802.16 specification published in December of that year. According to the WiMAX forum, the group's aim is to promote and certify compatibility and interoperability of devices based on the 802.16 specification, and to develop such devices for the marketplace. Members of the organization include Airspan, Alvarion, Analog Devices, Aperto Networks, Ensemble Communications, Fujitsu, Intel, Nokia, OFDM Forum, Proxim, and Wi-LAN.

WiMax -> Why WiMax

The hot network technology is WiMax, an informal term that covers two emerging broadband wireless standards for metropolitan-area networking. WiMax promises alternate routes to land lines for disaster recovery and relief from the price and service tyranny of the incumbent local-exchange carriers. It also has a compelling high-speed mobile component.

WiMax has the potential for what Carlton O'Neal, vice president of marketing at Tel Aviv-based broadband wireless manufacturer Alvarion Ltd., describes as "high-quality broadband everywhere that mirrors your connectivity experience in the office."

To the casual observer, WiMax backhaul services might not seem substantially different from today's broadband wireless access (BWA) services, though speed and coverage range are expected to improve. However, having standards for non-line-of-sight (NLOS) BWA products will create economies of scale and vendor interoperability, which should help WiMax-based services proliferate beyond the niches where BWA services can currently be found. This means that the benefits of BWA as a land-line alternative should theoretically become available to more sites and users.

"Fixed" access services and products will emerge in early 2006, followed by the mobile flavor a year or so later. There are two corresponding WiMax standards:

• IEEE 802.16-2004 for fixed point-to-point and point-to-multipoint wireless access. It's akin to a faster, airborne version of Digital Subscriber Line (DSL) or cable-modem services and became the industry's first NLOS BWA standard last June.
• IEEE 802.16e, for mobile wireless access from laptops and handhelds. It's analogous to a faster version of third-generation telecommunications technology. WiMax proponent Intel Corp. has promised 802.16e-enabled laptops by early 2007.
  

Intel is also involved in the 802.16-2004 standard effort. The vendor says it's providing silicon to Alvarion, Proxim Corp. and Redline Communications Inc., which are manufacturing last-mile fixed products for the carrier market.

The technologies based on the two standards operate in licensed and unlicensed frequency bands below 11 GHz. The standards are being overseen from a market-acceleration standpoint by a 230-company consortium called the WiMax Forum.

Enterprise Impact

WiMax is being deployed from the top down as a carrier technology first, which means that schedules for service availability are dependent on widespread testing and buy-in. WiMax product standards certification and interoperability testing, overseen by the WiMax Forum and to be conducted by independent test lab Cetecom Spain in Malaga, is slated to begin in July.

Once services become available, growing business sites should gain inexpensive broadband access with speeds between T1 and T3 line capabilities. And because they're airborne, these services can be quickly deployed—often in a day's time—and bypass lengthy ILEC lead times.

"Every enterprise struggles with the cost of [local] access, which is often 40%" of a telecommunications bill, says David Willis, an analyst at research firm Meta Group Inc. "The natural monopolies have starved out local competition. But WiMax doesn't require dealing with lobbyists or tariffs."

Adds Alan Menezes, vice president of marketing at Aperto Networks Inc., a maker of BWA products in Milpitas, Calif., "Enterprises gain alternatives to the [regional Bell operating companies] and backups to terrestrial T1 and fiber links that can be cut at the same time." In addition, WiMax comes ready-made with provisions for quality of service, so many prestandard services already support voice over IP, unlike many DSL and cable-modem options.

And standards-based technology should drive down customer premises equipment (CPE) costs for fixed connections, from about $800 today to $300 to $400 in 2006 or 2007, says Bob Egan, president of Mobile Competency Inc., a consultancy in Providence, R.I. Meta Group is even more bullish: Willis says he expects WiMax CPE to drop to $70 by 2007.

Finally, businesses can buy WiMax-certified products to install in their campus-area networks as alternatives to private fiber connections and more-complex wireless bridging options.

GSM -> GSM Vs CDMA

One of the most contentious battles being waged in the wireless infrastructure industry is the debate over the efficient use and allocation of finite airwaves. For several years, the world's two main methods -- Code-Division Multiple Access (CDMA) and Global System for Mobile communications (GSM) -- have divided the wireless world into opposing camps. Ultimately, the emergence of a victorious technology may owe more to historical forces than the latest wireless innovation, or the merits of one standard over the other.

CDMA'War II Foundationss World

CDMA, put into an historical context, is a recently patented technology that only became commercially available in the mid-1990s, but had its roots in pre-World War II America.In 1940, hollywood actress turned inventor, Hedy Lamarr, and co-inventor George Antheil, with World War II looming, co-patented a way for torpedoes to be controlled by sending signals over multiple radio frequencies using random patterns. Despite arduous efforts by the inventors to advance the technology from experiment to implementation, the U.S. Navy discarded their work as architecturally unfeasible. The idea, which was known as frequency-hopping, and later as frequency-hopping spread-spectrum technology (FHSS), remained dormant until 1957 when engineers at the Sylvania Electronic Systems Division, in Buffalo, New York took up the idea, and after the Lamarr-Antheil patent expired, used it to secure communications for the U.S. during the 1962 Cuban Missile Crisis. After becoming an integral part of government security technology, the U.S. military, in the mid-80s, declassified what has now become CDMA technology, a technique based on spread-spectrum technology.

What interested the military soon caught the eye of a nascent wireless industry. CDMA, incorporating spread-spectrum, works by digitizing multiple conversations, attaching a code known only to the sender and receiver, and then dicing the signals into bits and reassembling them. The military loved CDMA because coded signals with trillions of possible combinations resulted in extremely secure transmissions.

Qualcomm, which patented CDMA, and other telecommunications companies, were attracted to the technology because it enabled many simultaneous conversations, rather than the limited stop-and-go transmissions of analog and the previous digital option.

CDMA was not field tested for commercial use until 1991, and was launched commercially in Hong Kong in 1995. CDMA technology is currently used by major cellular carriers in the United States and is the backbone of Sprint's Personal Communications System (PCS). Along with Sprint, major users of CDMA technology are Verizon and GTE.

Advantages of CDMA include:

• Increased cellular communications security.
• Simultaneous conversations.
• Increased efficiency, meaning that the carrier can serve more subscribers.
• Smaller phones.
• Low power requirements and little cell-to-cell coordination needed by operators.
• Extended reach - beneficial to rural users situated far from cells.
  

Disadvantages of CDMA include:

• Due to its proprietary nature, all of CDMA's flaws are not known to the engineering community.
• CDMA is relatively new, and the network is not as mature as GSM.
• CDMA cannot offer international roaming, a large GSM advantage.

The Euro-Asian Alternative: GSM

Analysts consider Qualcomm's major competitive disadvantage to be its lack of access to the European market now controlled by Global System for Mobile communications (GSM). The wireless world is now divided into GSM (much of Western Europe) and CDMA (North America and parts of Asia).

Bad timing may have prevented the evolution of one, single global wireless standard. Just two years before CDMA's 1995 introduction in Hong Kong, European carriers and manufacturers chose to support the first available digital technology - Time Division Multiple Access (TDMA). GSM uses TDMA as its core technology. Therefore, since the majority of wireless users are in Europe and Asia, GSM has taken the worldwide lead as the technology of choice.

Mobile Handset manufacturers ultimately split into two camps, as Motorola, Lucent, and Nextel chose CDMA, and Nokia and Ericsson eventually pushed these companies out and became the dominant GSM players.

Advantages of GSM:

• GSM is already used worldwide with over 450 million subscribers.
• International roaming permits subscribers to use one phone throughout Western Europe.
• CDMA will work in Asia, but not France, Germany, the U.K. and other popular European destinations.
• GSM is mature, having started in the mid-80s. This maturity means a more stable network with robust features. CDMA is still building its network.
• GSM's maturity means engineers cut their teeth on the technology, creating an unconscious preference.
• The availability of Subscriber Identity Modules, which are smart cards that provide secure data encryption give GSM m-commerce advantages.

In brief, GSM is a "more elegant way to upgrade to 3G," says Strategis Group senior wireless analyst Adam Guy.

Disadvantages of GSM:

• Lack of access to burgeoning American market.

Conclusion

Today, the battle between CDMA and GSM is muddled. Where at one point Europe clearly favored GSM and North America, CDMA, the distinct advantage of one over the other has blurred as major carriers like AT&T Wireless begin to support GSM, and recent trials even showed compatibility between the two technologies.

GSM still holds the upper hand however. There's the numerical advantage for one thing: 456 million GSM users versus CDMA's 82 million.

GSM Network Aspects

SIM Information System (PTA) (Please click to view your information)

1. Handover
2. Location updating and call
3. Authentication and security

Ensuring the transmission of voice or data of a given quality over the radio link is only half the problem in a cellular mobile network. The fact that the geographical area covered by the network is divided into cells necessitates the implementation of a handover mechanism. Also, the fact that the mobile can roam nationally and internationally in GSM requires that registration, authentication, call routing and location updating functions exist in the GSM network.
The signalling protocol in GSM is structured in three layers , shown in Figure 3. Layer 1 is the physical layer, which uses the channel structures discussed above. Layer 2 is the data link layer. Across the Um interface, the data link layer uses a slight modification of the LAPD protocol used in ISDN, called LAPDm. Across the A interface, the lower parts of Signalling System Number 7 are used. Layer 3 is subdivided into 3 sublayers.

Radio Resources Management
controls the setup, maintenance, and termination of radio channels
Mobility Management
manages the location updating, handovers, and registration procedures, discussed below
Connection Management
handles general call control, similar to CCITT Recommendation Q.931, and provides supplementary services.

Signalling between the different entities in the network, such as between the HLR and VLR, is accomplished throught the Mobile Application Part (MAP). Application parts are the top layer of Signalling System Number 7. The specification of the MAP is complex. It is one of the longest documents in the GSM recommendations, said to be over 600 pages in length . Described below are the main functions of the Mobility Management sublayer.

1. Handover

Handover, or handoff as it is called in North America, is the switching of an on­going call to a different channel or cell. There are four different types of handover in the GSM system, which involve transferring a call between

• channels (time slots) in the same cell,
• cells (Base Transceiver Stations) under the control of the same Base Station Controller (BSC),
• cells under the control of different BSCs, but belonging to the same Mobile services Switching Center (MSC)
• cells under the control of different MSCs.
  

The first two types of handover, called internal handovers, involve only one Base Station Controller (BSC). To save signalling bandwidth, they are managed by the BSC without involving the Mobile service Switching Center (MSC), except to notify it at the completion of the handover. The last two types of handover, called external handovers, are handled by the MSCs involved. Note that call control, such as provision of supplementary services and requests for further handoffs, is handled by the original MSC.

Handovers can be initiated by either the mobile or the MSC (as a means of traffic load balancing). During its idle time slots, the mobile scans the Broadcast Control Channel of up to 16 neighboring cells, and forms a list of the six best candidates for possible handover, based on the received signal strength. This information is passed to the BSC and MSC, and is used by the handover algorithm.

The algorithm for when a handover decision should be taken is not specified in the GSM recommendations. There are two basic algorithms used, both closely tied in with power control. This is because the BSC usually does not know whether the poor signal quality is due to multipath fading or to the mobile having moved to another cell. This is especially true in small urban cells.

The algorithm for when a handover decision should be taken is not specified in the GSM recommendations. There are two basic algorithms used, both closely tied in with power control. This is because the BSC usually does not know whether the poor signal quality is due to multipath fading or to the mobile having moved to another cell. This is especially true in small urban cells.

The 'power budget' method uses handover to try to maintain or improve a certain level of signal quality at the same or lower power level. It thus gives precedence to handover over power control. It avoids the 'smeared' cell boundary problem and reduces co­channel interference, but it is quite complicated.

2. Location updating and call routing

The MSC provides the interface between the GSM mobile network and the public fixed network. From the fixed network's point of view, the MSC is just another switching node. However, switching is a little more complicated in a mobile network since the MSC has to know where the mobile is currently roaming - and in GSM it could even be roaming in another country. The way GSM accomplishes location updating and call routing to the mobile is by using two location registers: the Home Location Register (HLR) and the Visitor Location Register (VLR).

Location updating is initiated by the mobile when, by monitoring the Broadcast Control Channel, it notices that the location­area broadcast is not the same as the one previously stored in the mobile's memory. An update request and the IMSI or previous TMSI is sent to the new VLR via the new MSC. A Mobile Station Roaming Number (MSRN) is allocated and sent to the mobile's HLR (which always keeps the most current location) by the new VLR. The MSRN is a regular telephone number that routes the call to the new VLR and is subsequently translated to the TMSI of the mobile. The HLR sends back the necessary call­control parameters, and also sends a cancel message to the old VLR, so that the previous MSRN can be reallocated. Finally, a new TMSI is allocated and sent to the mobile, to identify it in future paging or call initiation requests.

With the above location­updating procedure, call routing to a roaming mobile is easily performed. The most general case is shown in Figure 4, where a call from a fixed network (Public Switched Telecommunications Network or Integrated Services Digital Network) is placed to a mobile subscriber. Using the Mobile Subscriber's telephone number (MSISDN, the ISDN numbering plan specified in the ITU­T E.164 recommendation), the call is routed through the fixed land network to a gateway MSC for the GSM network (an MSC that interfaces with the fixed land network, thus requiring an echo canceller). The gateway MSC uses the MSISDN to query the Home Location Register, which returns the current roaming number (MSRN). The MSRN is used by the gateway MSC to route the call to the current MSC (which is usually coupled with the VLR). The VLR then converts the roaming number to the mobile's TMSI, and a paging call is broadcast by the cells under the control of the current BSC to inform the mobile.

2. Authentication and security

Since the radio medium can be accessed by anyone, authentication of users to prove that they are who they claim to be, is a very important element of a mobile network. Authentication involves two functional entities, the SIM card in the mobile, and the Authentication Center (AC). Each subscriber is given a secret key, one copy of which is stored in the SIM card and the other in the Authentication Center. During authentication, the AC generates a random number that it sends to the mobile. Both the mobile and the AC then use the random number, in conjuction with the subscriber's secret key and a ciphering algorithm called A3, to generate a number that is sent back to the AC. If the number sent by the mobile is the same as the one calculated by the AC, the subscriber is authenticated.

The above calculated number is also used, together with a TDMA frame number and another ciphering algorithm called A5, to encipher the data sent over the radio link, preventing others from listening in. Enciphering is an option for the very paranoid, since the signal is already coded, interleaved, and transmitted in a TDMA manner, thus providing protection from all but the most persistent and dedicated eavesdroppers.

Another level of security is performed on the mobile equipment, as opposed to the mobile subscriber. As mentioned earlier, each GSM terminal is identified by a unique International Mobile Equipment Identity (IMEI) number. A list of IMEIs in the network is stored in the Equipment Identity Register (EIR).

EIR is one of the following:

white­listed
The terminal is allowed to connect to the network
grey­listed
Under observation from the network, possible problems
black­listed
The terminal has either been reported as stolen, or it is not type approved (the correct type of terminal for a GSM network). The terminal is not allowed to connect to the network.

Global System for Mobile Communication (GSM) Part-IIb

Speech coding

GSM is a digital system, so speech signals, inherently analog, have to be digitized. The method employed by ISDN, and by current telephone systems for multiplexing voice lines over high speed trunks and optical fiber lines, is Pulse Coded Modulation (PCM). The output stream from PCM is 64 kbps, too high a rate to be feasible over a radio link. The 64 kbps signal contains much redundancy, although it is simple to implement. The GSM group studied several voice coding algorithms on the basis of subjective speech quality and complexity (which is related to cost, processing delay, and power consumption once implemented) before arriving at the choice of a Regular Pulse Excited - Linear Predictive Coder (RPE­LPC) with a Long Term Predictor loop. Basically, information from previous samples, which does not change very quickly, is used to predict the current sample. The coefficients of the linear combination of the previous samples, plus an encoded form of the residual, the difference between the predicted and actual sample, represent the signal. Speech is divided into 20 millisecond samples, each of which is encoded as 260 bits, giving a total bit rate of 13 kbps.

Due to natural or man­made electromagnetic interference, the encoded speech or data transmitted over the radio interface must be protected as much as is practical. The GSM system uses convolutional encoding and block interleaving to achieve this protection. The exact algorithms used differ for speech and for different data rates. The method used for speech blocks will be described below.

Recall that the speech codec produces a 260 bit block for every 20 ms speech sample. From subjective testing, it was found that some bits of this block were more important for perceived speech quality than others. The bits are thus divided into three classes:

Class Ia 50 bits - most sensitive to bit errors

Class Ib 132 bits - moderately sensitive to bit errors

Class II 78 bits - least sensitive to bit errors

Class Ia bits have a 3 bit Cyclic Redundancy Code added for error detection. If an error is detected, the frame is judged too damaged to be comprehensible and it is discarded. It is replaced by a slightly attenuated version of the previous correctly received frame. These 53 bits, together with the 132 Class Ib bits and a 4 bit tail sequence (a total of 189 bits), are input into a 1/2 rate convolutional encoder of constraint length 4. Each input bit is encoded as two output bits, based on a combination of the previous 4 input bits. The convolutional encoder thus outputs 378 bits, to which are added the 78 remaining Class II bits, which are unprotected. Thus every 20 ms speech sample is encoded as 456 bits, giving a bit rate of 22.8 kbps.

To further protect against the burst errors common to the radio interface, each sample is diagonally interleaved. The 456 bits output by the convolutional encoder are divided into 8 blocks of 57 bits, and these blocks are transmitted in eight consecutive time­slot bursts. Since each time­slot burst can carry two 57 bit blocks, each burst carries traffic from two different speech samples.

Recall that each time­slot burst is transmitted at a gross bit rate of 270.833 kbps. This digital signal is modulated onto the analog carrier frequency, which has a bandwidth of 200 kHz, using Gaussian­filtered Minimum Shift Keying (GMSK). GMSK was selected over other modulation schemes as a compromise between spectral efficiency, complexity of the transmitter, and limited spurious emissions. The complexity of the transmitter is related to power consumption, which should be minimized for the mobile station. The spurious radio emissions, outside of the allotted bandwidth, must be strictly controlled so as to limit adjacent channel interference, and allow for the co­existence of GSM and the older analog systems (at least for the time being).

Multipath equalization

At the 900 MHz range, radio waves bounce off everything - buildings, hills, cars, airplanes, etc. Thus many reflected signals, each with a different phase, can reach an antenna. Equalization is used to extract the desired signal from the unwanted reflections. Equalization works by finding out how a known transmitted signal is modified by multipath fading, and constructing an inverse filter to extract the rest of the desired signal. This known signal is the 26­bit training sequence transmitted in the middle of every time slot burst. The actual implementation of the equalizer is not specified in the GSM specifications.

Frequency hopping

The mobile station already has to be frequency agile, meaning it can move between a transmit, receive, and monitor time slot within one TDMA frame, which may be on different frequencies. GSM makes use of this inherent frequency agility to implement slow frequency hopping, where the mobile and BTS transmit each TDMA frame on a different carrier frequency. The frequency hopping algorithm is broadcast on the Broadcast Control Channel. Since multipath fading is (mildly) dependent on carrier frequency, slow frequency hopping helps alleviate the problem. In addition, co­channel interference is in effect randomized

Discontinuous transmission

Minimizing co­channel interference is a goal of any cellular system, since it allows better service for a given cell size, or the use of smaller cells, thus increasing the overall capacity of the system. Discontinuous transmission (DTX) is a method that takes advantage of the fact that a person speaks less that 40 percent of the time in normal conversation , by turning the transmitter off during silence periods. An added benefit of DTX is that power is conserved at the mobile unit.

The most important component of DTX is, of course, Voice Activity Detection. It must distinguish between voice and noise inputs, a task that is not as trivial as it appears, considering background noise. If a voice signal is misinterpreted as noise, the transmitter is turned off and a very annoying effect called clipping is heard at the receiving end. If, on the other hand, noise is misinterpreted as a voice signal too often, the efficiency of DTX is dramatically decreased. Another factor to consider is that when the transmitter is turned off, there is a very silent silence heard at the receiving end, due to the digital nature of GSM. To assure the receiver that the connection is not dead, comfort noise is created at the receiving end by trying to match the characteristics of the transmitting end's background noise.

Discontinuous reception

Another method used to conserve power at the mobile station is discontinuous reception. The paging channel, used by the base station to signal an incoming call, is structured so that the mobile station knows when it needs to check for a paging signal. In the time between paging signals, the mobile can go into sleep mode, when almost no power is used.

Power control

There are five classes of mobile stations defined, according to their peak transmitter power, rated at 20, 8, 5, 2, and 0.8 watts. To minimize co­channel interference and to conserve power, both the mobiles and the Base Transceiver Stations operate at the lowest power level that will maintain an acceptable signal quality. Power levels can be stepped up or down in steps of 2 dB from the peak power for the class down to a minimum of 13 dBm (20 milliwatts).

The mobile station measures the signal strength or signal quality (based on the Bit Error Ratio), and passes the information to the Base Station Controller, which ultimately decides if and when the power level should be changed. Power control should be handled carefully, since there is the possibility of instability. This arises from having mobiles in co­channel cells alternatingly increase their power in response to increased co­channel interference caused by the other mobile increasing its power. This in unlikely to occur in practice but it is (or was as of 1991) under study.

Global System for Mobile Communication (GSM) Part-IIa

During the early 1980s, analog cellular telephone systems were experiencing rapid growth in Europe, particularly in Scandinavia and the United Kingdom, but also in France and Germany. Each country developed its own system, which was incompatible with everyone else's in equipment and operation. This was an undesirable situation, because not only was the mobile equipment limited to operation within national boundaries, which in a unified Europe were increasingly unimportant, but there was a very limited market for each type of equipment, so economies of scale, and the subsequent savings, could not be realized.

The Europeans realized this early on, and in 1982 the Conference of European Posts and Telegraphs (CEPT) formed a study group called the Groupe Spécial Mobile (GSM) to study and develop a pan­European public land mobile system. The proposed system had to meet certain criteria:

• good subjective speech quality


• low terminal and service cost


• support for international roaming


• ability to support handhald terminals


• support for range of new services and facilities


• spectral efficiency, and ISDN compatibility

In 1989, GSM responsibility was transferred to the European Telecommunication Standards Institute (ETSI), and phase I of the GSM specifications were published in 1990. Commercial service was started in mid­1991, and by 1993 there were 36 GSM networks in 22 countries, with 25 additional countries having already selected or considering GSM . This is not only a European standard - South Africa, Australia, and many Middle and Far East countries have chosen GSM. By the beginning of 1994, there were 1.3 million subscribers worldwide . The acronym GSM now (aptly) stands for Global System for Mobile telecommunications.

The developers of GSM chose an unproven (at the time) digital system, as opposed to the then­standard analog cellular systems like AMPS in the United States and TACS in the United Kingdom. They had faith that advancements in compression algorithms and digital signal processors would allow the fulfillment of the original criteria and the continual improvement of the system in terms of quality and cost. The 8000 pages of the GSM recommendations try to allow flexibility and competitive innovation among suppliers, but provide enough guidelines to guarantee the proper interworking between the components of the system. This is done in part by providing descriptions of the interfaces and functions of each of the functional entities defined in the system.

GSM -> Services Provided by GSM

From the beginning, the planners of GSM wanted ISDN compatibility in services offered and control signalling used. The radio link imposed some limitations, however, since the standard ISDN bit rate of 64 kbps could not be practically achieved.

Using the ITU­T definitions, telecommunication services can be divided into bearer services, teleservices, and supplementary services. The digital nature of GSM allows data, both synchronous and asynchronous, to be transported as a bearer service to or from an ISDN terminal. Data can use either the transparent service, which has a fixed delay but no guarantee of data integrity, or a non­transparent service, which guarantees data integrity through an Automatic Repeat Request (ARQ) mechanism, but with a variable delay. The data rates supported by GSM are 300 bps, 600 bps, 1200 bps, 2400 bps, and 9600 bps .

The most basic teleservice supported by GSM is telephony. There is an emergency service, where the nearest emergency­service provider is notified by dialling three digits (similar to 911).

Group 3 fax, an analog method described in ITU­T recommendation T.30, is also supported by use of an appropriate fax adaptor. A unique feature of GSM compared to older analog systems is the Short Message Service (SMS). SMS is a bidirectional service for sending short alphanumeric (up to 160 bytes) messages in a store­and­forward fashion. For point­to­point SMS, a message can be sent to another subscriber to the service, and an acknowledgement of receipt is provided to the sender. SMS can also be used in a cell­broadcast mode, for sending messages such as traffic updates or news updates. Messages can be stored in the SIM card for later retrieval .

Supplementary services are provided on top of teleservices or bearer services, and include features such as caller identification, call forwarding, call waiting, multi­party conversations, and barring of outgoing (international) calls, among others.

Mobile Station

The mobile station (MS) consists of the physical equipment, such as the radio transceiver, display and digital signal processors, and a smart card called the Subscriber Identity Module (SIM). The SIM provides personal mobility, so that the user can have access to all subscribed services irrespective of both the location of the terminal and the use of a specific terminal. By inserting the SIM card into another GSM cellular phone, the user is able to receive calls at that phone, make calls from that phone, or receive other subscribed services.

The mobile equipment is uniquely identified by the International Mobile Equipment Identity (IMEI). The SIM card contains the International Mobile Subscriber Identity (IMSI), identifying the subscriber, a secret key for authentication, and other user information. The IMEI and the IMSI are independent, thereby providing personal mobility. The SIM card may be protected against unauthorized use by a password or personal identity number.

Base Station Subsystem

The Base Station Subsystem is composed of two parts, the Base Transceiver Station (BTS) and the Base Station Controller (BSC). These communicate across the specified A­bis interface, allowing (as in the rest of the system) operation between components made by different suppliers.

The Base Transceiver Station houses the radio tranceivers that define a cell and handles the radio­link protocols with the Mobile Station. In a large urban area, there will potentially be a large number of BTSs deployed. The requirements for a BTS are ruggedness, reliability, portability, and minimum cost.

The Base Station Controller manages the radio resources for one or more BTSs. It handles radio­channel setup, frequency hopping, and handovers, as described below. The BSC is the connection between the mobile and the Mobile service Switching Center (MSC). The BSC also translates the 13 kbps voice channel used over the radio link to the standard 64 kbps channel used by the Public Switched Telephone Network or ISDN.

Network Subsystem

The central component of the Network Subsystem is the Mobile services Switching Center (MSC). It acts like a normal switching node of the PSTN or ISDN, and in addition provides all the functionality needed to handle a mobile subscriber, such as registration, authentication, location updating, handovers, and call routing to a roaming subscriber. These services are provided in conjuction with several functional entities, which together form the Network Subsystem. The MSC provides the connection to the public fixed network (PSTN or ISDN), and signalling between functional entities uses the ITU­T Signalling System Number 7 (SS7), used in ISDN and widely used in current public networks.

The Home Location Register (HLR) and Visitor Location Register (VLR), together with the MSC, provide the call­routing and (possibly international) roaming capabilities of GSM. The HLR contains all the administrative information of each subscriber registered in the corresponding GSM network, along with the current location of the mobile. The current location of the mobile is in the form of a Mobile Station Roaming Number (MSRN) which is a regular ISDN number used to route a call to the MSC where the mobile is currently located. There is logically one HLR per GSM network, although it may be implemented as a distributed database.

The Visitor Location Register contains selected administrative information from the HLR, necessary for call control and provision of the subscribed services, for each mobile currently located in the geographical area controlled by the VLR. Although each functional entity can be implemented as an independent unit, most manufacturers of switching equipment implement one VLR together with one MSC, so that the geographical area controlled by the MSC corresponds to that controlled by the VLR, simplifying the signalling required. Note that the MSC contains no information about particular mobile stations - this information is stored in the location registers.

The other two registers are used for authentication and security purposes. The Equipment Identity Register (EIR) is a database that contains a list of all valid mobile equipment on the network, where each mobile station is identified by its International Mobile Equipment Identity (IMEI). An IMEI is marked as invalid if it has been reported stolen or is not type approved. The Authentication Center is a protected database that stores a copy of the secret key stored in each subscriber's SIM card, which is used for authentication and ciphering of the radio channel.

GSM -> Radio Links

• structure


• Speech coding


• Channel coding and modulation
  
• Multipath equalization
  
• Frequency hopping
  
• Discontinuous transmission


• Discontinuous reception


• Power control
  

The International Telecommunication Union (ITU), which manages the international allocation of radio spectrum (among other functions) allocated the bands 890-915 MHz for the uplink (mobile station to base station) and 935-960 MHz for the downlink (base station to mobile station) for mobile networks in Europe. Since this range was already being used in the early 1980s by the analog systems of the day, the CEPT had the foresight to reserve the top 10 MHz of each band for the GSM network that was still being developed. Eventually, GSM will be allocated the entire 2x25 MHz bandwidth. Since radio spectrum is a limited resource shared by all users, a method must be devised to divide up the bandwidth among as many users as possible. The method chosen by GSM is a combination of Time­ and Frequency­Division Multiple Access (TDMA/FDMA). The FDMA part involves the division by frequency of the total 25 MHz bandwidth into 124 carrier frequencies of 200 kHz bandwidth. One or more carrier frequencies are then assigned to each base station. Each of these carrier frequencies is then divided in time, using a TDMA scheme, into eight time slots. One time slot is used for transmission by the mobile and one for reception. They are separated in time so that the mobile unit does not receive and transmit at the same time, a fact that simplifies the electronics.

In the rest of this section, the procedure involved in digitally transmitting a voice signal in a GSM network is examined, along with some of the features, such as discontinuous transmission and reception, used to improve voice quality, reduce the mobile unit's power consumption, and increase the overall capacity of the network.

Channel structure

The structure of the most common time­slot burst is shown in Figure 2. A total of 156.25 bits is transmitted in 0.577 milliseconds, giving a gross bit rate of 270.833 kbps. There are three other types of burst structure for frame and carrier synchronization and frequency correction. The 26­bit training sequence is used for equalization, as described below. The 8.25 bit guard time allows for some propagation time delay in the arrival of bursts.

Each group of eight time slots is called a TDMA frame, which is transmitted every 4.615 ms. TDMA frames are further grouped into multiframes to carry control signals. There are two types of multiframe, containing 26 or 51 TDMA frames. The 26­frame multiframe contains 24 Traffic Channels (TCH) and two Slow Associated Control Channels (SACCH) which supervise each call in progress. The SACCH in frame 12 contains eight channels, one for each of the eight connections carried by the TCHs. The SACCH in frame 25 is not currently used, but will carry eight additional SACCH channels when half­rate traffic is implemented. A Fast Associated Control Channel (FACCH) works by stealing slots from a traffic channel to transmit power control and handover­signalling messages. The channel stealing is done by setting one of the control bits in the time slot burst.

In addition to the Associated Control Channels, there are several other control channels which (except for the Stand­alone Dedicated Control Channel) are implemented in time slot 0 of specified TDMA frames in a 51­frame multiframe, implemented on a non­hopping carrier frequency in each cell. The control channels include:

• Broadcast Control Channel (BCCH): Continually broadcasts, on the downlink, information including base station identity, frequency allocations, and frequency­hopping sequences.


• Stand­alone Dedicated Control Channel (SDCCH): Used for registration, authentication, call setup, and location updating. Implemented on a time slot, together with its SACCH, selected by the system operator.


• Common Control Channel (CCCH): Comprised of three control channels used during call origination and call paging.


• Random Access Channel (RACH): A slotted Aloha channel to request access to the network


• Paging Channel (PCH): Used to alert the mobile station of incoming call.
  
• Access Grant Channel (AGCH): Used to allocate an SDCCH to a mobile for signalling, following a request on the RACH.

Global System for Mobile Communication (GSM) Part-I

Global system for mobile communication (GSM) is a globally accepted standard for digital cellular communication. GSM is the name of a standardization group established in 1982 to create a common European mobile telephone standard that would formulate specifications for a pan-European mobile cellular radio system operating at 900 MHz. It is estimated that many countries outside of Europ will join the GSM Partnership.

1. Introduction: The Evolution of Mobile Telephone Systems
Cellular is one of the fastest growing and most demanding telecommunications applications. Today, it represents a continuously increasing percentage of all new telephone subscriptions around the world. Currently there are more than 45 million cellular subscribers worldwide, and nearly 50 per cent of those subscribers are located in the United States. It is forecasted that cellular systems using a digital technology will become the universal method of telecommunications. By the year 2005, forecasters predict that there will be more than 100 million cellular subscribers worldwide. It has even been estimated that some countries may have more mobile phones than fixed phones by the year 2000.
Cellular Subscriber Growth Worldwide

The concept of cellular service is the use of low-power transmitters where frequencies can be reused within a geographic area. The idea of cell-based mobile radio service was formulated in the United States at Bell Labs in the early 1970s. However, the Nordic countries were the first to introduce cellular services for commercial use with the introduction of the Nordic Mobile Telephone (NMT) in 1981. Cellular systems began in the United States with the release of the advanced mobile phone service (AMPS) system in 1983. The AMPS standard was adopted by Asia, Latin America, and Oceanic countries, creating the largest potential market in the world for cellular. In the early 1980s, most mobile telephone systems were analog rather than digital, like today's newer systems. One challenge facing analog systems was the inability to handle the growing capacity needs in a cost-efficient manner. As a result, digital technology was welcomed. The advantages of digital systems over analog systems include ease of signaling, lower levels of interference, integration of transmission and switching, and increased ability to meet capacity demands.

The Development of Mobile Telephone Systems

2. GSM
Throughout the evolution of cellular telecommunications, various systems have been developed without the benefit of standardized specifications. This presented many problems directly related to compatibility, especially with the development of digital radio technology. The GSM standard is intended to address these problems. From 1982 to 1985 discussions were held to decide between building an analog or digital system. After multiple field tests, a digital system was adopted for GSM. The next task was to decide between a narrow or broadband solution.

3. The GSM Network
GSM provides recommendations, not requirements. The GSM specifications define the functions and interface requirements in detail but do not address the hardware. The reason for this is to limit the designers as little as possible but still to make it possible for the operators to buy equipment from different suppliers. the base station system (BSS), and the operation and support system (OSS). The basic GSM network elements.

GSM Network Elements

Indonesia will become the 4th largest world’s mobile market by the end of 2013

According to the information released in the News paper, In Indonesia, Telecom will be the Asian highest fixed growth in the next 5 years and will become the world’s 4th largest mobile market.Indonesian population is 228 million people, It is the the world's fourth largest country and is doing strategic growth markets in Asia. However, Indonesia’s population is one of the least connected in the region with other countries connected in the region with fixed, mobile and Internet penetration rates as low as 13.4%, 62.7% and 1.1% respectively at the end of March 2009. Its level of connectivity is poorly with neighbouring countries such as Singapore where fixed, mobile and Internet penetration are as high as 37.9%, 129.4% and 98.4%, and Malaysia, were mobile penetration stands at 94.8%.

Indonesia has a low fixed line proliferation, with 30.8 million fixed and fixed-wireless subscribers at the end of March 2009. This is mainly due to poor network development in rural areas, high poverty level and accelerating mobile substitution. The introduction of fixed-wireless technology has however drastically improved network development in the last 4 years. Fixed-wireless customers, now represent 71.9% of all fixed connections, compared with 16.4% at the end of 2004.
With the expansion of the fixed-wireless network in rural areas and the introduction of competition and foreign investments, the number of fixed subscribers is forecasted to grow at a Compounded Annual Growth Rate (CAGR) of 12.3% over the next 5 years, bringing the number of fixed lines to 52.4 million at the end of 2013, which would represent a penetration rate of 20.8%. “Indonesia should therefore enjoy by far one of Asia highest fixed growth in the next 5 years” HOT TELECOM’s president Isabelle Paradis said.

The mobile market on the other hand is continuing its expansion, with an average growth of 49.8% between 2003 and the end of 2008. At the end of 2008, the country boasted 138.8 million mobile customers, representing an increase of 49.2% in that year alone. The growth trend is likely to continue in the double-digits until 2011, with a forecasted CAGR of 12.3% in the next 5 years, bringing the number of mobile customers to 246.1 million at the end of the forecasted period, representing a penetration rate of 97.8%. At that time, Indonesia will have become the world’s 4rth largest mobile market behind China, India and the United States. At the end of March 2009, Indonesia’s mobile subscribers stood at an estimated 143.6 million.

With a penetration rate of 1.1%, Indonesia’s Internet development is far behind most Asian countries. At the end of March 2009, the country had an estimated 2.4 million subscribers and 28.5 million users. The advent of broadband, wireless Internet and the proliferation of the fixed-wireless network in rural areas should however stimulate growth in the next 5 years with a forecasted CAGR of 7.8%. Broadband proliferation is still well behind most major Asian countries, however operators are now focusing on developing high speed networks, and projects in that realm is becoming a priority. The introduction of wireless broadband should also stimulate this sector greatly. The number of broadband subscribers is therefore forecasted to have reached 3.2 million at the end of 2013 and at that time, the service should connect 93.6% of all Internet subscribers.

With a penetration rate of 1.1%, Indonesia’s Internet development is far behind most Asian countries. At the end of March 2009, the country had an estimated 2.4 million subscribers and 28.5 million users. The advent of broadband, wireless Internet and the proliferation of the fixed-wireless network in rural areas should however stimulate growth in the next 5 years with a forecasted CAGR of 7.8%. Broadband proliferation is still well behind most major Asian countries, however operators are now focusing on developing high speed networks, and projects in that realm is becoming a priority. The introduction of wireless broadband should also stimulate this sector greatly. The number of broadband subscribers is therefore forecasted to have reached 3.2 million at the end of 2013 and at that time, the service should connect 93.6% of all Internet subscribers.

FIVE STEPS TO SECURE MOBILE DATA

Mobile and wireless technology is revolutionizing how businesses use and profit from information. Employees outfitted with mobile devices, such as laptops and PDAs, can access valuable enterprise information when they're away from the office, which improves productivity, streamlines operations, and creates new revenue sources. But security is lacking.

While mobility is a competitive advantage, it means your data can travel beyond your secure LAN firewall and over public networks. Your security strategy needs to address the managing and securing of pervasive mobile data from end to end: whether it's stored on a mobile device, traveling over a wired or wireless network, or being sent back to the enterprise.
Organizations need to carefully consider mobile data security as a part of their mobile application development plans and work carefully with technology vendors that offer a complete security infrastructure for protecting mobile data, wherever that data may be. You should consider these five mobile security issues when developing and implementing mobile business solutions:

1. Protect against unauthorized users:

The cornerstone of any security strategy, mobile or not, is user authentication. Any device attempting to exchange information with your corporate systems needs to have its identity verified. Each time the user goes deeper into a new area of sensitivity or functionality, your application and middleware infrastructure should know who they are, and whether they should be there.

Only the chosen may enter:

A password should be required before a mobile user can synchronize with a back-end database or browse information stored on a company server--no exceptions. Use mobile device management software to ensure that users have not circumvented security measures or stored their password in a file on their device.

Rights and privileges:

Define what clients can and cannot do. Depending on the application, specific rights and permissions are configured on a per-user basis. For example, a sales force automation application might allow a sales representative to submit orders, but not approve them. A sales manager's password would carry with it the authorization to view orders and approve or deny them.

2. Protect data transmissions

You might not be paranoid, but they are out to get you. Mobile applications require an exchange of information across a public network that is full of potential predators. When transmitting data, you need to ensure that it is secure from end-to-end. Any mobile middleware solution should operate on a secure connection for both data synchronization and client/server communications. Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols allow a client application to verify the identity of a server, and ensure that they communicate only with servers they trust.

Tales from the encrypt:

One of the simplest ways for someone to gain access to your data is to simply read the data stream between the mobile device and your server. Leverage strong 128-bit communications encryption to protect the confidentiality, integrity, and authentication of data packets as they pass between the client device and the server. This way, an identity thief who is reading a mobile banking customer's communications will hear only noise, not her bank balance, address, and PIN.

Know who you're talking to:

How do you know that it's your bank on the other end, and not a server set up by a 16 year-old? Be certain that only authorized clients can connect to your server and that clients are connected to the correct server. During synchronization, or client/server connection through a browser, a password entered by the user indicates to the back-end system that they are an authorized user. A certificate on the internal database server tells the user's device that it is connected to the correct bank or hospital system. If your middleware doesn't provide this sort of functionality, it's like broadcasting your credit card information over the radio.

3. Protect data on lost devices

Mobile devices are small and expensive, so they are easily lost or left in taxis, and are a favorite target for thieves. If you don't want the new owner to have access to your corporate systems or view sensitive data, precautions must be taken.

Persistent data needs persistent protection:

There are two precautions that you can take to prevent disclosure of the data stored on a mobile device: encrypting sensitive data, and encrypting the entire file system (this may be useful when using data outside of a database, such as in a spreadsheet). Protect data that is stored on hard disks, in persistent memory, or on removable flash cards (whether they are in or out of the device).

Always on duty:

Even if the data store is protected, you risk exposing the information to unauthorized users if the application has cached data. Data that is stored in an application's memory is more difficult to access, but may also be exposed. Further, if your application sends updates that appear on-screen, the data contained in them may be available to anyone who turns on the device. Include a password-protected timeout in your applications but do not store it on the device; otherwise, anyone who has access to the device may be able to access your data.

4. Protect mobile assets

Safeguard your mobile assets such as your machines, devices, and data through centralized management. From a central location, you can simplify the enforcement of your security policy on devices that are beyond the reach of traditional wired LAN management techniques.

The enemy within:

Often the biggest threat to the security of your corporate systems and data are your own users, who disable security mechanisms and configurations in order to save a few seconds when logging in or synchronizing data. Protect and enforce system configurations by automatically identifying and correcting devices where users have defeated password protection by storing the password on the device, or changing security configuration options.

Stay up-to-date:

Mobile devices that send and receive data such as e-mail are just as susceptible to destructive viruses as desktop machines. However, it's difficult to get busy mobile workers to stop working long enough to download virus updates and security patches, especially on a slow connection. You require a management tool that will push out virus updates and security upgrades, and automate their installation without the need for user intervention.

Gone, but not forgotten:

Data encryption is not the only safeguard against unauthorized data access on lost devices. Fight back with your centralized management software by enabling a self-destruct policy that destroys confidential data on a lost device.

5. Protect your existing security investment

Whether you are creating new mobile applications or extending the reach of existing systems, your mobile deployment should be as secure as applications running on your corporate LAN. Integrate your mobile applications with existing security infrastructures through open standards and flexible architecture.

Another brick in the firewall:

Any mobile application should work with your current firewall, virtual private network (VPN), and PKI technology to integrate user authentication and permission functions with your existing systems. Browser-based communications between handheld devices and corporate systems should be encrypted using wireless transport layer security.

Regardless of protocol:

Your wireless application server technology should enable secure synchronization, encryption, and server-side authentication over whichever wireless protocol you choose.

The e-mail of the species:

E-mail is one of the most frequent points of entry for potential security threats, whether inside or outside the office. As you do with desktop e-mail systems, encrypt all incoming and outgoing messages between your corporate e-mail server and mobile devices that are outside your company's firewall. Your mobile mail application should also enforce password entry, and harmonize security configurations with LAN e-mail systems.

SECURITY FOR WIRELESS DEVICES AND WIRELESS NETWORKS

Many organizations and users have found that wireless communications and devices are convenient, flexible, and easy to use. Users of wireless local area network (WLAN) devices have flexibility to move their laptop computers from one place to another within their offices while maintaining connectivity with the network. Wireless personal networks allow users to share data and applications with network systems and other users with compatible devices, without being tied to printer cables and other peripheral device connections. Users of handheld devices such as personal digital assistants (PDAs) and cell phones can synchronize data between PDAs and personal computers and can use network services such as wireless email, web browsing, and Internet access. Further, wireless communications can help organizations cut their wiring costs.

While wireless networks are exposed to many of the same risks as wired networks, they are vulnerable to additional risks as well. Wireless networks transmit data through radio frequencies, and are open to intruders unless protected. Intruders have exploited this openness to access systems, destroy or steal data, and launch attacks that tie up network bandwidth and deny service to authorized users. Another risk is the theft of the small and portable devices themselves.

NIST Guidance on Security of Wireless Networks and Devices

The National Institute of Standards and Technology, Information Technology Laboratory, has published recommendations to improve the security of wireless networks in NIST Special Publication (SP) 800-48, Wireless Network Security, 802.11, Bluetooth, and Handheld Devices. Written by Tom Karygiannis and Les Owens, NIST SP 800-48 discusses three aspects of wireless security:
security issues associated with wireless local area networks (WLANs) that are based on Institute of Electrical and Electronics Engineers (IEEE) standards 802.11;
security issues related to wireless personal area networks based on the Bluetooth specifications, which were developed by an industry consortium; and
security of wireless handheld devices.

The Risk Environment

Wireless networks and handheld devices are vulnerable to many of the same threats as conventional wired networks. Intruders who gain access to information systems via wireless communications can bypass firewall protection. Once they have accessed systems, intruders can launch denial of service attacks, steal identities, violate the privacy of legitimate users, insert viruses or malicious code, and disable operations. Sensitive information that is transmitted between two wireless devices can be intercepted and disclosed if not protected by strong encryption. Handheld devices, which are easily stolen, can reveal sensitive information.

Before establishing wireless networks and using handheld devices, organizations should use risk management processes to assess the risks involved, to take steps to reduce the risks to an acceptable level, and to maintain that acceptable level of risk. Using risk management processes, managers can protect systems and information in a cost-effective manner by balancing the operational and economic costs of needed protective measures with the gains in mission capability to be achieved through the application of new technology.

Wireless Technology and Standards

Wireless devices communicate through radio transmissions, without physical connections and without network or peripheral cabling. Wireless systems include local area networks, personal networks, cell phones, and devices such as wireless headphones, microphones, and other devices that do not process or store information. Other wireless devices being widely used include infrared (IR) devices such as remote controls, cordless computer keyboards, mouse devices, and wireless hi-fi stereo headsets, all of which require a direct line of sight between the transmitter and the receiver.

Two standards for wireless technologies are discussed in NIST SP 800-48. One is the IEEE 802.11 group of standards for WLANs, which were developed by a voluntary industry standards committee. The IEEE 802.11 standards provide specifications for high-speed networks that support most of today’s applications. The Bluetooth standard, which was developed by a computer and communications industry consortium, specifies how mobile phones, computers, and PDAs interconnect with each other, with home and business phones, and with computers using short-range wireless connections.

As wireless technology evolves, new devices are being developed to provide more features, functions, portability and ease of use. Mobile phones can provide multiple services including voice, email, text messaging, paging, web access, and voice recognition services. Newer mobile phones incorporate PDA, wireless Internet, email, and global positioning system (GPS) capabilities.

Recommendations for Secure Wireless Networks

The trends in use of information technology point to increased implementation of wireless communications networks and use of wireless devices. Each new development will present new security risks, which must be addressed to ensure that critical assets remain protected. Actions that organizations should take to protect the confidentiality, integrity, and availability of all systems and information include:

Assess risks, test and evaluate system security controls for wireless networks more frequently than for other networks and systems. Maintaining secure wireless networks is an ongoing process that requires greater effort than that required for other networks and systems.

Steps that can be taken to improve the management of wireless networks include:


Maintain a full understanding of the topology of the wireless network.
Label and keep inventories of the fielded wireless and handheld devices.
Create backups of data frequently.
Perform periodic security testing and assessment of the wireless network.
Perform ongoing, randomly timed security audits to monitor and track wireless and handheld devices.
Apply patches and security enhancements.
Monitor the wireless industry for changes to standards that enhance security features and for the release of new products.
Monitor wireless technology for new threats and vulnerabilities.

Perform a risk assessment, develop a security policy, and determine security requirements before purchasing wireless technologies.

The risks associated with the use of wireless technologies are considerable, and many products provide inadequate protection. Organizations should plan to protect their essential operations before they adopt wireless technologies. Common administration problems include installing equipment with “factory default” settings, failing to control or inventory access points, not implementing the security capabilities provided, and not developing or installing security architectures that are suitable to the wireless environment. The use of firewalls between wired and wireless systems should be considered. Other good practices are to block unneeded services and ports, and to use strong cryptography. Often the risks can be addressed, but the tradeoffs between technical solutions and costs must be considered as well. Organizations may want to postpone the installation of wireless networks until more robust, open, and secure products are available.

Organizations should perform security assessments prior to implementation of wireless technologies to determine the specific threats and vulnerabilities that wireless networks will introduce in their environments. In performing the assessment, they should consider existing security policies, known threats and vulnerabilities, legislation and regulations, safety, reliability, system performance, the life-cycle costs of security measures, and technical requirements. Once the risk assessment is complete, the organization can begin planning and implementing the measures that it will put in place to safeguard its systems and lower its security risks to a manageable level. The organization should periodically reassess the policies and measures that it puts in place because computer technologies and malicious threats are continually changing.

Apply security management practices and controls to maintain and operate secure wireless networks.

Organizations should identify their information system assets, and develop, document and implement policies, standards, procedures, and guidelines to ensure confidentiality, integrity, and availability of information system resources. NIST recommends the following steps:

The information system security policy should directly address the use of 802.11, Bluetooth, and other wireless technologies.
Configuration/change control and management practices should ensure that all equipment has the latest software release, including security feature enhancements and patches for discovered vulnerabilities.
Standardized configurations should be employed to reflect the security policy, and to ensure change of default values and consistency of operations.
Security training is essential to raise awareness about the threats and vulnerabilities inherent in the use of wireless technologies.
Robust cryptography is essential to protect data transmitted over the radio channel, and theft of equipment is a major concern.