Mobile Security - PowerPoint PPT Presentation

About This Presentation
Title:

Mobile Security

Description:

'The wireless telegraph is not difficult to understand. ... Check Books. Credit Cards. PKI. Encryption. Authentication. Public Key Infrastructure(PKI) ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 20
Provided by: ABre
Learn more at: http://www.oasis-pki.org
Category:

less

Transcript and Presenter's Notes

Title: Mobile Security


1
Mobile Security
2
Security is Hard
  • Just this year
  • Denial of service
  • Credit card compromise
  • I Love you
  • Cost to manage security quickly becomes
    prohibitive
  • How do we do it?

3
Wireless is Complex
  • The wireless telegraph is not difficult to
    understand. The ordinary telegraph is like a
    very long cat. You pull the tail in New York,
    and it meows in Los Angles The wireless is the
    same only without the cat.
  • Albert Einstein

4
Speed is Everything
GROSS PROFIT
TIME LATE TO MARKET
Source McKinsey Co
5
Recommendations
  • Consolidate as much as possible the security
    mechanisms necessary to perform commerce
  • Standards-based, vendor neutral, global scope,
    legal framework
  • Leverage the work already done in e-Business,
    e-Security
  • After all, wireless is just an extension of
    technology

6
Trust in the Digital World
Passports
Check Books
Credit Cards
PKI
Encryption
Authentication
Trust in the Physical World
Trust in the Digital World
7
Public Key Infrastructure(PKI)
  • Allow unknown parties to communicate securely
  • Parties can be
  • Employees
  • Devices
  • Suppliers
  • Partners
  • And most importantly, PKI can scale to millions
    of customers . . .

8
Market is Huge
Source IDC, 2000
9
Infrastructure Investments Yield Benefits Beyond
Commerce
  • Cisco realized 825 million in financial benefits
    in 1999
  • Customer Service 269
  • E-Commerce 37
  • Supply Chain 444
  • Employee Resources 55
  • Dell enjoying similar rewards
  • Dell generates more working capitol than it
    consumes
  • Customers pay for product before Dell pays
    suppliers
  • Inventory turns over 60 times/year, 6 times/year
    in 1994

10
Wireless Network Architecture
Internet
Network Operator
Users
E-businesses
11
Evolution of WAP Security
12
WTLS Layer in WAP Stack
WTLS is the wireless equivalent of SSL/TLS
13
Web WAP Architecture
14
Web WAP Session Security
15
WTLS Authentication Levels
  • Three levels of authentication
  • All levels have privacy and integrity
  • Class I- Anonymous
  • No authentication
  • Class II
  • Server authentication only
  • Class III
  • Client and server authentication

16
Which Certificates Do I Use for Authentication?
  • WAP gateways/server need to provide WAP
    certificates for authentication
  • Need to obtain WTLS certificate
  • Web servers use X.509
  • The same ones they use today
  • Mobile users use X.509
  • Wireless PKI

X.509
X.509
WTLS
WAP Gateway
Web Server
Mobile User
17
How to Achieve End-to-End Security
  • Move everything to a secure domain
  • WAP end-to-end security solution
  • SIM toolkit-based solution
  • WAP application layer security

18
Baltimore Telepathy WAP Solution
19
Conclusion
  • Partner with a leader who has the completeness of
    vision and the ability to execute
  • PKI solutions can help move security from
    enterprise to extranet, high value customers and
    suppliers, and m-Commerce world
Write a Comment
User Comments (0)
About PowerShow.com