It all started with an email account you accessed through your laptop, and now sometimes it is really hard to track all the digital profiles you own, plus we tend to pay little attention about accessing our digital assets in secure “wireless domains”, these factors combined form a scenario where security breaches can really hurt your digital self as it exists. It is clear that wireless communications has allowed us to adopt technology in a new way; we can use digital tools without being tied to a location, but the fact is that when you use technology everywhere you are exposing yourself to that “everywhere”. Popularity of wireless technology has shifted the usage of digital tools, your mobile device is amazingly powerful and networks are growing in complexity to cope with better services. All this power makes it difficult on the user to keep a track of the myriad of vulnerabilities and possible security exploits.
As mentioned above we have in our hands a complex scenario; from one side we have an exponential growth and success of the wireless technology plus an increasing exposure of personal sensitive data to the digital world plus more physical spaces where we can use the technology that at the same time increases the number of personal and social contexts involved in our interactions with technology. On the other side we have a user that is still adapting to the rapid shift, possibly meaning that he is less conscious of how various factors come together to form the service, and it is how we find the first weak link in the chain; the lack of knowledge. Another factor is the fierce competition among industry stakeholders; they are working isolated pushing their own agendas, creating a non-cohesive framework of security for the wireless industry. On the contrary, threats and bad-intentioned people usually beneficiate upon gathered knowledge of collaborative open communities through the Internet.
Taking ction to be ore secure
From the user perspective, the main action must be to increase knowledge of the technology. For example, where to tune security configurations on the device or what information is being accessed on your device by the apps installed. It is also important to know the risks of using a non-secure WLAN network. In the final part of this blog I summarize various security tips you can find on the Internet and my personal recommendation.
Application developers must commit more responsibly to security and inform the customer about their efforts on the matter, especially considering privacy of user sensitive information and its management; aspects like the length of conservation of user information even after the user has uninstalled the app or the permissions of sharing personal information with third parties. Regarding the OS developers, it is expected that SW threats are addressed not only for the new releases of the product but also previous versions must be covered, and somehow frequency of security updates or patches must be increased.
Other contributors to the industry take action: like national government’s initiative to extend EIR databases beyond countries frontiers to discourage device theft, or the effort countries are making, to oblige Internet giants to comply with international policies of user’s personal data handling. Academia presents innovative testing techniques against security breaches including fuzzy logic and genetic algorithms to simulate real life environments. New wireless applications like NFC and M2M also pose big questions and challenges to the industry that are being addressed; solutions like data encryption while being transferred or stored are being integrated into architectures and regulations, but the main path the industry must take is an improvement of the vision about security. Seurity threats cannot be avoided - they can only be managed and management must start with a plan to achieve a clear goal.
A Framework to Achieve a More Secure Wireless Ecosystem
If security threats can only be managed at the most, then, a base framework can be formulated to then build a plan or strategy to efficiently manage wireless security. CTIA has made a pretty good effort formulating such a framework in which the elements are:
Under its view CTIA proposes five cornerstones, around which security actions are executed and efforts should be built around:
My Personal View on Wireless Security
Image courtesy of Paola Buelvas (firstname.lastname@example.org)
As mentioned above, a framework is only useful if there is some intention to develop something around that baseline, and in the introduction of this post I mentioned that industry main stakeholders tend to work isolated in a non-collaborative way, so I agree with some proposals about a push towards a multisource intelligence environment. In order to accomplish such an environment a Multisource Intelligent System could be the center tool to allow a collaborative effort of this kind. And so, the industry will have a transnational, multivendor, multi-technology tool, containing well documented security threats, problem workarounds, countermeasures and possible patches and solutions against known security breaches; all this following the best of the bread practices in IT management to organize, produce, control and store the flow of information that comes from solving engineering problems related to security in the wireless industry.
This multi-collaborative industry repository will be accessible to all accredited members of the wireless industry and/or active contributors of security assets construction within the ecosystem. They will feed, maintain and update the content of this tool. Through the use of guidelines contained in international bodies of knowledge for IT handling, it will be possible to ensure the appropriate privacy for each industry stakeholder regarding industrial secret information, while still helping the development of solutions from already known threats and those foreseen by academia. The main objectives for an endeavor of this kind would be:
Finally, I think that future technologies, like Context Aware networks can help to create a more secure environment for the user, allowing the execution of a counter action at the precise instant of technology usage and at the precise moment where a security threat becomes obvious, and without the need for the user to know or be prepared to all existent risks of his ongoing wireless transaction or service at a random space and time combination. All while at the same time optimizing the resources of the network devoted to protect the user against threats. For example, if the network detects that certain user is connecting through its own VPN client, a network base VPN solution flow can be allocated for another user.
A Look into the Future of Wireless Security
Fields for further study: BSN and BAN give security a totally new meaning, because this technology puts information concerning your own body into networks that today cannot be considered totally secured; so if this field of the industry is set for any success then security must be further developed and strengthen. Now MTC (Machine Type Communications) where human intervention is not required also needs an intelligent non supervised scheme that can ensure the basics of a secure communication network: Confidentiality, Integrity, Authentication, Non Repudiation, Access Control, Availability and Privacy.
Security future concepts: like beneficial viruses, SW that in the same line of DRM remain inactive but when found in unauthorized digital environments then proceed to delete themselves and the information attached to them. Another concept is the Active sentinel SW that contrary to a regular antivirus this SW adapts to a certain extent to identify the threat even if is not specified in the database but that follows a suspicious activity pattern against predefine rules. New biometric authentication methods like brain wave authentication that is really unique and fast.
Summarized Tips for the Wireless User
As promised, here is a list of “do's” and “don'ts” for the user of wireless technology.
For more, follow me on Twitter @jomaguo
Read this blog post in Spanish.
For all blog posts written by Jorge Guzman Olaya, please visit his Community Profile.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.