Chapter 10. Mobile Risk Management: E-finance In The Wireless Environment₆₅

At a Glance

This chapter documents the risks to electronic security via identity theft, hacking, etc. that wireless technologies may present in the context of delivery of financial services. Although the extent of security measures to be taken is not independent of the size of the transactions contemplated, this chapter points out a variety of ways that interactions between technologies create points of vulnerability for security of financial transactions when wireless technology is employed. This chapter lays out a variety of critical actions and measures that system administrators (particularly, in banks) can take in order to mitigate these risks to the largest possible extent and often without great increases in costs of security. The actions suggested in this chapter for mitigating such risks reflect a concerted effort to address what many in the electronic security industry consider to be best practice in regard to electronic security arrangements in the case of use of wireless technologies in the delivery of financial services.

Wireless Technology in Emerging Markets

The rapid growth of wireless technology in many emerging markets and the increasing use of such technologies in coordination with the Internet or on a free standing basis to provide financial services in emerging markets will demand a very careful look at issues related to electronic security. Nowhere is this issue more prevalent in emerging markets than in the area of wireless technology given the extensive spread of cellular technology to many emerging markets. As more and more countries attempt to leapfrog via use of such technologies in the context of providing financial services, it is essential to recognize the potential electronic security breeches that can occur via use of wireless technologies and how market participants and systems administrators at banks or other key providers (e.g., hosting companies or ISPs) can better ensure that problems do not arise. Hence, this chapter attempts to both illustrate how and why electronic security can become a concern and how to mitigate this risk via many actions that may not entail substantial additional costs for providers of financial services. Many of the recommended actions, noted in this chapter related to layered security in the case of wireless applications to provide financial services, represent what can be considered to be best practice in the electronic security industry today. This comes with the important proviso that the rapid changes in technology make this a very difficult area in which to prescribe static guidelines for system administrators within financial service providers.

The chapter is divided into the following sections. Section I introduces the reader to the widespread usage of e-finance and wireless technologies throughout the world. SectionII illustrates the risks that are inherent to the wireless revolution. Section III depicts the vulnerabilities associated with WLANs and the appropriate risk mitigating procedures necessary to secure them. Section IV addresses the evolution of GSM networks and the vulnerabilities that are inherent to them. Section V details the appropriate methods of managing the risk found in GSM networks. Section VI illustrates the best practices for management of risk in the delivery of payment services. Section VII offers a conclusion with a perspective into the future (3G). The purpose of this document is to enunciate a set of security and risk management guidelines for banks and payment services. It aims to provide a framework for security risk assessment applicable to the wireless environment.

I. Overview of e-finance₆₆

65 See the World Bank paper by Tom Kellermann "Mobile Risk Management: e-Finance for the Wireless Environment (2002)," via link at: http://wbln0018.worldbank.org/html/FinancialSectorWeb.nsf/SearchGeneral?openform&E-Security/E-Finance&Publications

66 For more detailed analysis of the e-security dilemma, refer to "E-security Risk Mitigation for Financial Transactions" authored by Glaessner T., T. Kellermann, and V. McNevin, 2002.

Electronic financial services, whether delivered online or through remote mechanisms, have spread rapidly. Countries and consumers are increasingly getting connected. These new technologies not only allow countries to leapfrog in connectivity, they also open new channels for delivering e-financial services.67 Since the mid-90s investment in banking technology has focused upon online68 banking and brokerage services to increase convenience. E-finance has lowered the costs of providing financial services. The Internet eliminates many processing steps and labor costs, while avoiding the fixed costs of branch development and maintenance. A typical customer transaction through a branch or phone call costs about $1 in the U.S., but that transaction costs just $0.02 online. The lower costs for providing financial services have also allowed greater access to financial services. Internet-based services are sometimes as popular in emerging markets as industrialized ones. For example, online banking is nearly as widespread in Brazil as in the United States. Due to the apparent lack of fixed line infrastructure in many developing nations, most financial institutions have implemented wireless e-financial platforms to expand access to their services. Concurrent with these realities, four new technology related industry trends have occurred: outsourcing, open architecture, integrated strategies, and new methods of e-payment.69

E-finance is comprised of four primary channels. These are: electronic funds transfers, "EFT"; electronic data interchange, "EDI"; electronic benefits transfers, "EBT"; and electronic trade confirmations, "ETC". EFT is the oldest form of electronic money transmittal, beginning in the early 1960s. There is a huge amount of EFT worldwide among and between banks. The U.S. Treasury estimates the figure to be $2 trillion/day or $700 trillion/year. A significant part of banking EFT via the SWIFT network is actually carried out via international satellite. Currently, half of the world's 200 countries obtain Internet and "Wide Area Intranet" connection via satellite links. Although these are typically the nations with the most developed economies, this involves a significant amount of digital traffic and E- finance operations. This is a major concern in terms of vulnerability.70

By 2005, the share of online banking could rise from 8.5 percent to 50 percent in industrial countries, and from 1 to 10 percent in emerging markets. Online banking transactions with better connectivity in emerging markets could rise even further to 20 percent by 2005. There could be more than 6 trillion dollars of business-to-business (B2B) transactions online by 2005.₇₁

Another trend is moving in tandem with this growth in e-finance: the widespread usage of wireless communications technologies in the developing and developed countries of the world. This relatively new medium is quickly becoming the medium of choice for e-commerce and e-finance. The migration of business from paperbased systems of commerce to Internet-based platforms is profound. As services migrate from these "land lines" to more accessible wireless technologies, the subsequent negative externalities (e.g., war driving) of this phenomenon are beginning to proliferate as well.

Mobile devices are considered to be the developing world’s technological springboard. In 1990, there were just 11 million72 mobile phone subscribers worldwide. By 1999, the proliferation of wireless technologies had exploded to over 500 million. Now that number has almost doubled. One developing country typifies the possibilities of leapfrogging73 using mobile devices. With a fixed-line network, obliterated after more than 20 years of civil war, Cambodia became connected via the widespread adoption of wireless technology. Within one-year wireless penetration of mobile subscribers outnumbered fixed telephones. Cambodia with one of the world’s lowest per capita incomes surpasses 31 countries in overall telephone penetration, including countries with much higher incomes. Rather than spending the vast amount of resources and time to establish fixed-line infrastructure to facilitate telecommunications, countries around the world are substituting hard-wired infrastructure for the relatively cheap and easy to develop cellular towers. There are, however, certain risks related to security associated with such leapfrogging.

Continued economic integration and the new delivery channels for financial services, such as the wireless protocols, will increase opportunities for banks to deliver financial services to remote areas. However, these opportunities are not limited to the formal economy. The underground (criminal) economy of the world have adopted technology as well. Integration of financial services across the wireless medium has created an opportunity for identity theft, fund transfer, and extortion.

67 Glaessner, T., S. Claessens, and D. Klingebiel. 2001. " E-finance in Emerging Markets: Is Leapfrogging Possible?"

68 Goldman Sachs and Boston Consulting Group Statistics, 2000.

69 Gilbride, Edward. Emerging Bank Technology and the Implications for E-crime Presentation. September 3, 2001.

70 Dr. Joseph N. Pelton, "Satellite Communications 2001: The Transition to Mass-Consumer Markets, Technologies, and Systems".

II. E-finance on Wireless Networks: The Danger

With the benefits of new technology also come risks. Technology facilitates new methods of fraud and theft. Impersonation, remote access, high quality graphics and printing, and new multipurpose tools and platforms create this cornucopia of crime online. With the spread of dial-up-ATMs that provide customer access to money in underdeveloped locations, criminals can manipulate the wireless connection between the dial-up-ATM and the parent bank, thus compromising all transactions that move in and out of the dial-up-ATM. The art of online penetrations (e.g., hacking) was once a very skilled and sophisticated trade. The information age has cultivated a breeding ground for underground hacker websites that now supply dubious individuals with the multi- faceted tools necessary to break into financial platforms. Websites like www.astalavista.box.sk and www.attrition.org supply complex malicious code and viruses that allow novice users to penetrate banking systems. The Internet Data Corporation (IDC) recently reported that over 57 percent74 of all hack attacks last year were targeted in the financial sector.

The traditional risks of yester-year have been reshaped. Historically, frauds were paper based or people based. In the electronic environment there are new opportunities for e-financial crime. In 2001, more than one fourth (27 percent) of banking and financial databases were breached.75 Eastern European organized hacker rings have penetrated hundreds of banks worldwide. Hacking has become a business model for organized crime. The FBI’s computer crimes division notes that presently many banks are paying off extortion demands for fear of reputation risk and the potential loss of their customer base to competitors. The Egghead hacking incident of last year is a prime example of extortion. Hackers penetrated a database containing 10,000 credit card numbers and then demanded that the company pay them a large sum of cash, in order to protect those numbers from being posted in a chat room. In reality, on Christmas Eve, every one of those compromised cards was charged a minimal sum. Thus the threat goes beyond financial and reputational loss. One forecast suggests that reported incidents of identity theft in the United States will more than triple, from $700,00076 last year to $1.7 million in 2005, and the costs to financial institutions will increase 30 percent each year, to more than $8 billion in 2005.₇₇

Trends in cyber-crime reveal significant growth. Attacks on servers doubled in 2001 compared to 2000, and nearly 90 percent of companies surveyed have been infected with worms or viruses despite having antivirus software installed, according to the Information Security Industry Survey.78 The 2001 CSI/FBI Computer Crime and Security Survey stated that over $377 million in total annual losses occurred due to hacking in the United States last year.79

The issue of non-reporting is at the heart of why this serious issue has not been dealt with appropriately worldwide.80 Financial entities and corporations are fearful of reporting their losses due to the public image ramifications and thus remain complacent to the presence of the threat. If it becomes known that a financial provider has fallen victim to a computer crime or fraud, there is the assumption that their customers will lose confidence in them and their ability to protect information. It’s essential for financial service providers to maintain control of their systems mitigate compromises to their security. The wireless medium, which is proliferating worldwide, is not a secure medium. The haste by which countries have adopted wireless platforms for the purposes of e-finance has created a significant quandary.

III. Wireless Local Area Networks (WLANs)

Wireless networks are currently available in three basic formats: wireless LANs (WLANs) using the 802.11b protocol; CDMA/TDMA/GSM (cellular and PCS) networks used for wireless phones and personal digital assistants (PDAs); and high powered microwave systems used by telephone companies for long haul, line-of-sight communications. While all of these are common throughout the world, they all suffer from the same basic security flaw; they use radio frequency (RF) technology to transmit their information. This can result in their transmissions being compromised.

Wireless networks (WLANS) have seen explosive growth in their deployment. With cost savings at an all time high and with the simplicity of installation, WLANs have been deployed rapidly, especially by financial institutions. Wireless networks were supposed to do what traditional Ethernet LANs do without cables. Convenience for the customer is paramount in the proliferation of wireless. Currently wireless technology is built around the 802.11b IEEE standard in the United States and the GSM standard in Europe. When designing a wireless network, there are important security concerns one should keep in mind.

71 Jupiter Communications, 2001.

72 Box 1 of "E-Finance in Emerging Markets: Is Leapfrogging Possible?" Claessens. S, T. Glaessner, D. Klingebiel, 2001.

73 Leapfrogging is defined as the phenomenon when developing countries build a hi-tech wireless communications infrastructure rather than under taking the massive project of creating a fixed-line infrastructure within their borders.

74 www.idc.com.

75 Evans Data Corp. Survey

76 This figure represents a yearly trend within the United States of America only.

77 Published in a 2001 report by Celent Communications. The projections were made using FTC data.

78 http://www.infosecuritymag.com/articles/october01/images/survey.pdf.

79 James Savage, Special Agent in Charge, Secret Service, Financial Crimes division, stated that: " This figure represents critical infrastructure losses that the business community is willing to admit having suffered." He suggested that this figure may represent only a minuscule fraction of the actual damage incurred to the U.S. business community. October 3, 2001.

80 Cornelius Tate, Special Agent, CERT depicted the lack of reporting:" I think the dollar loss is actually higher than what is being reported. In my experience, I see companies not reporting or downplaying their compromises or losses. I think, a lot of the reduced reporting comes down to the company attempting to reduce the "shock" to the stockholders and the public. I think, you will see noticeable increase in the dollar amount from year to year (although the number of respondents remain consistent) because companies are more aware of the fact that everyone is susceptible to being a victim, and to be a victim has become acceptable and does not equate to a loss of ‘public confidence.’" (October 4, 2001).

There are seven basic categories of wireless network security risks:81

1. Insertion Attacks – The intruder attempts to insert traffic into your network, typically through an unsecured mobile access point.

2. Session Hijacking—Also known as the man in the middle attack, it is possible to hijack a wireless session based upon the reality that the phone authenticates itself to the base station but not vice versa. It is possible to emulate the base station and thus hijack a phones session.

3. Jamming – This is a DoS (Denial of Service) attack where the attacker tries to flood the radio frequency (RF) spectrum of your wireless network by broadcasting packets at the same frequency as your network.

4. Encryption Attacks – The IEEE 802.11b wireless network standard uses an WEP (Wired Equivalent Privacy) encryption method. This standard uses weak encryption and Initialization Vectors (IVs) and has been cracked successfully many times.

5. Traffic Interception and Monitoring (War Driving) – Wireless packets using the 802.11b standard have an approximate transmission distance of 300 feet. This means that anyone with the proper standard equipment can receive that signal if they are in transmission range. Equipment to further extend that range is easily available, so the area of interception can be quite large and hard to secure properly.

6. Mobile Node to Mobile Node – Most mobile nodes (laptops, PDA’s) are able to communicate directly with each other if file sharing or other TCP/IP services are running. This means that any mobile node can transfer a malicious file or program rapidly throughout your network.

7. Configuration Issues – Any wireless device, service, or application that is not correctly configured before installation and use can leave an entire network at risk. Most wireless devices and applications are pre-configured to accept any request for services or access. This means any passing mobile client can request and receive telnet sessions or ftp.

8. Brute Force Attacks – Most wireless access points use a shared password or key for all devices on that network. This makes wireless access points vulnerable to brute force dictionary attacks against passwords.

81 Chris Bateman of CERT Analysis Center contributed the seven wireless vulnerabilities.

War driving

Industrial espionage and white-collar crime has reached new heights with the advance of new technologies. War dialing, the hacking practice of phoning up every extension of a corporate phone network until the number associated with the firm’s modem bank is hit upon, has been replaced by war driving. War driving involves motoring targeted financial institutions and corporate headquarters with a laptop fitted with a WLAN cardand trying to record network traffic (sniffing). According to Dave Thomas, the Chief Investigator of the FBI Computer Crimes Division, war driving is a widespread phenomenon that jeopardizes the security of all institutions and corporations who implement WLANs.

When testing and deploying WLANs, a network administrator may find that their laptops can only connect to the access points within a certain distance and therefore assume that the signals don’t travel beyond this point. This is a flawed assumption. In fact, these signals may travel for a several thousand meters given there is nothing in the way to deflect or interrupt the signal. The reason for this misconception is that the small antennae in the laptops cannot detect the weaker signals. However, using external antennae, the range can be vastly extended. The wireless segment is usually omni directional so a potential adversary need not gain physical access to the segment to sniff (or record) the packet traffic. As a result WLANs are susceptible to message interception, alteration, and jamming.

The above considerations raise the issue of how to better secure wireless networks. This will be as critical as securing fixed- line Internet systems in the emerging markets as highlighted above. Each of these security breaches and associate risks can be minimized or negated with the proper use of security policy and practices, network design, system security applications, and the correct configuration of security controls. The last chapter of Part 3 includes information on how to secure WLANs.

IV. The European Cellular Standard: GSM

GSM is the world’s most widely deployed and fastest growing digital cellular standard. Currently, there are nearly 600 million GSM subscribers worldwide, more than two thirds of the world’s digital mobile population.82

And this figure is increasing by four new users per second. GSM covers every continent, being the technology of choice for 400 operators in over 170 countries. But this is only the beginning of the wireless revolution. The industry predicts that there will be over 1.4 billion GSM customers by the end of 2005. GSM phones have a small smart card inside them, which holds the identity of the cell phone. This small smart card is called Subscriber Identification Module (SIM). The SIM must keep the identity inside secret and uses cryptography to protect it. The SIM card may be seen as a strength and a weakness of the GSM technology.

82 The North American GSM system currently operates at 1900mhz in conjunction with digital PCS services. The data services associated with GSM are Short Message Service (SMS), Analog Cellular Switched Data (CSD), and General Packet Radio Service (GPRS).40 Most of European Cellular Carriers use a form of GSM, in either 900mhz or 1800mhz.41 Europeans also have the option of using High Speed Circuit Switched Data (HSCSD), which combines several channels into a single channel capable of 38.4 KBPS. GPRS is also available in most countries.

GSM Vulnerabilities

The SIM Card Vulnerability

In both European and American GSM systems, the network access method is the same. Removable smart cards in the phone (SIM cards) are used to store phone numbers, account information, and additional software such as wireless web browsers. The data on the cards are encrypted, but the COMP128 algorithm that protects the information on the card has been compromised, thus making these cards susceptible to duplication. War driving is not a substantial issue for cellular subscribers utilizing GSM. Regardless of frequency, cellular signals can easily be jammed. There is a widely known method forrecovering the key for an encrypted GSM conversation in less than a second using a PC with 128 MB of RAM and 73 GB of hard drive space.

The security of GSM phone technology is circumspect. It is possible to clone GSM SIM cards. The hack attack is possible because critical algorithms are flawed making it possible to dump the contents of the SIM cards and then emulate them using a PC.43 This latest problem could render GSM phone conversations totally insecure. For a bank there are other issues. For example, a remote teller machine could be tricked into communicating with a fake mobile tower because it cannot reach a real one. This would allow the perpetrator to remotely control the transmissions of funds via the teller machine.

The SMS Vulnerability45

GSM offers Short Message Services (SMS). SMS is used in GSM systems for many reasons, such as voice-mail notification, updating the subscriber’s SIM, sending short text messages, and communicating with e-mail gateways. Whereas these services are convenient, they pose an additional risk to the security of the network. SMS is a store and forward service that is inherently insecure because the messages that are transmitted in clear text and subsequently stored in clear text at the SMS center before being forwarded to their intended recipients. SMS also suffers from latency problems. Time critical transactions should not rely on this channel. There is freely available software that can spoof SMS messages, send SMS bombs both to handsets and SMS gateways (used to communicate between devices both on and off the network), and corrupt SMS packets that can crash the software on most handsets.

SIM Toolkit technology (STK) can be used to provide encryption security through the SMS channel. However, this is a transport layer security mechanism, and it does not provide end-to-end confidentiality for the customer PIN. Additional procedures for improving SMS security might include customers checking their personal assurance messages and the service provider, in turn, verifying the registered phone numbers of customers.

The GPRS Vulnerability

General Packet Radio Service (GPRS) is an IP packet-based service that allows an always-on connection to the Internet. The main problem with this is that it still relies on SMS for WAP push requests. A spoofed (cloned) SMS packet can be sent to the phone requesting a redirected site and fooling users into entering their information into what they believe is a secure order form, but is really a fake site. Many GPRS enabled phones also support Bluetooth. Each Bluetooth device has a unique address, allowing users to have some trust in the person at the other end of the transmission. Once this ID is associated with a person, by tracking the unscrambled address sent with each message, individuals can be traced and their activities easily logged. For Bluetooth devices to communicate, an initialization process uses a PIN for authentication. While some devices will allow you to punch in an ID number, you can also store a PIN in the device's memory or on a hard disk. This is highly problematic if the physical security of the device cannot be guaranteed. Also most PINs use four digits and half the time they are"0000."

The security of Bluetooth is based on keeping the encryption key a secret shared only between participants in the network. But imagine you and I are having a conversation using our Bluetooth cell phones. To keep the conversation secure, I use your secret key to encrypt his/her information. Later that day, a friend calls you again and you use your key. Knowing your key, I can use a faked device address, determine the encryption, and listen to your phone conversations. I could also masquerade as you or your friend. Bluetooth only authenticates devices, not users.

WAP Weaknesses

The common flaw in any of these devices, no matter what network, is the Wireless Application Protocol standard, which also includes Wireless Markup Language (WML) and Handheld Device Markup Language (HDML). For the sake of convenience, developers try to require the least amount of keystrokes when entering in credit card number, personal, or account information. This means that most of this information is still stored on a server, but the password to access that server is stored in a cookie on the handheld device, requiring only a PIN or sometimes nothing at all to shop online or transfer funds. This leaves the actual mechanism used to transport sensitive information end to end in these untrusted public cellular networks, which is left to Wireless Transport Layer Security (WTLS).

Unless 128 bit SSL for mobile commerce or IPSEC for Enterprise access is being used (which most handsets can’t support due to lack of processing power and bandwidth), there will be a weak link somewhere in the network that can be exploited. Even then, this only pushes the weakness out to the end devices that are communicating, and can be easily lost. GSM uses the Wired Application Protocol (WAP) and also the Wireless Transport Layer Security (WTLS). This is equal to Secure Socket Layer (SSL) but has weaker encryption algorithms. WTLS is not compatible with SSL, which is the industry standard. Wireless messages travel through a "gateway" which channels them to a wired network for retransmission to their ultimate destination. At the gateway the WTLS message is converted to SSL. For a few seconds, the message is unencrypted inside the gateway, which in turn makes the communication vulnerable to interception.

V. Security Solutions for GSM

The inherent problems affecting GSM are not easily corrected. The telephones and PDA’s that utilize GSM technology typically cannot upload protective firmware and software. Users are at the mercy of the telephone developer. Whereas GSM is not vulnerable to war driving like its American counterpart, 802.11, it is suffering from four core vulnerabilities. The 802.11 standard is geared towards computers not hand-helds and thus security can be improved much more drastically for 802.11 than for the GSM protocol. Virtual Private Networks are the common thread between the two. The establishment of VPNs is commonly referred to as the solution for the existing vulnerabilities of GSM and 802.11. However when it comes to proper layered security there are no magic bullets. Further information on securing wireless networks may be found at the end of Part 3 and in Part 5: Security for Technical Administrators.

VI. Banking Security Practices83

As a result of the widespread usage of GSM for the delivery of e-financial services, there are certain control and security standards that financial providers should adhere to when providing wireless access to payment systems.

Payments through Third Parties

As a general rule, banks should directly authenticate their own customers in respect of the wireless payment transactions made. Customers may, however give their banks specific standing authorizations to accept payment debits from specified providers or third parties to charge the customers’ accounts. Such arrangements could, for example, be made through Direct Debit Authorization agreements. However, when operating under these arrangements, third parties should neither obtain nor store the customers’ personal banking IDs or PINs for the purpose of raising debit transactions against the customers’ bank accounts.

Stored Value Accounts (SVA)

SVAs are utilized by customers who transfer funds into these accounts for the purpose of making periodic payments. SVAs may reside in mobile devices. No bank account should be accessed in making a payment. Bank accounts should be used only for replenishing SVAs at the customer’s direction.

Close Proximity Wireless Payments

Close proximity wireless payment services are typically intended for over-the-counter retail payments. Such transactions should be completed only after customers have given explicit authorizations at points-of-sale. In the absence of such authorizations, it is possible that customer’s funds may be involuntarily deducted from their SVA. Thus, explicit authorization should be mandatory for any payment request.

Interactive Voice Response (IVR)

Mobile IVR services are vulnerable to eavesdropping through the interception of calls. IVR systems should not be used for high-risk and/or value services. All IVR sessions should be recorded including the caller’s phone number, the sequence of transactions made by a customer. Pin or authentication data should not be logged.

83 Section provided by Tony Chew, Director, Technology and Risk Supervision of the Monetary Authority of Singapore.

Customer Education

Banks should educate the consumer of mobile e- financial services in the following ways:

• Customers should be advised to use different PINs for different online services.

• Instructions should be provided to customers on how to configure their mobile devices to access mobile banking and payment applications in a safe manner.

• Customers should be advised as to the appropriate dispute handling, reporting procedures, and the expected time for resolution of complaints.

A View into the Future: 3G Technology

3G s signifies third generation of wireless communication technology. It refers to pending improvements in wireless data and voice communications through any of a variety of proposed standards. The immediate goal is to raise transmission speeds from9.5K to 2M bit/sec. In systems and communications security the goal is not to design a flawless system, but a system that can adapt to security enhancements as the need for them is identified. Several of the attacks that were possible on 2G and 2.5G networks have been addressed and eliminated in the 3G environment.

The Strengths of 3G’s Security Structure

3G security was based on GSM security, with the following important changes:

• A change was made to defeat the false base station attack. The security mechanisms include a sequence number that ensures that the mobile can identify the network.

• Key lengths were increased to allow for the possibility of stronger algorithms for encryption and integrity.

• Mechanisms were included to support security within and between networks.

• Security is based within the switch rather than the base station as in GSM. Therefore, links are protected between the base station and switch.

• Integrity mechanisms for the terminal identity (IMEI) have been designed in from the start, rather than that introduced late into GSM.

• The authentication algorithm has not been defined, but guidance on choice will be given.

• When roaming between networks, such as between a GSM and 3GPP, only the level of protection supported by the smart card will apply. Therefore, a GSM smart card will not be protected against the false base station attack when in a 3GPP network.

The 3G system is far more secure than her GSM counterpart. That being said, the ingenuity of nefarious individuals should never be underestimated. Given this, there are certain attacks that are theoretically possible on a 3G network. They are described below.

Camping on a False Base Station

An attack that requires a modified Base Station/Mobile Station (BS/MS) and exploits the weakness that a user can be enticed to camp on a false base station. A false BS/MS can act as a repeater for some time and can relay some requests in between the network and the target user, but subsequently modify or ignore certain service requests and/or paging messages related to the target user.

The security architecture does not prevent a false BS/MS relaying messages between the network and the target user, neither does it prevent the false BS/MS ignoring certain service requests and/or paging requests. Integrity protection of critical message may however help to prevent some denial of service attacks, which are induced by modifying certain messages. Again, the denial of service in this case only persists for as long as the attacker is active unlike the above attacks, which persist beyond the moment where intervention by the attacker stops. These attacks are comparable to radio jamming which is very difficult to counteract effectively in any radio system.

Forcing Unencrypted Communications

This attack requires a modified BS/MS. While the target user camps on the false base station, the intruder pages the target user for an incoming call. The user then initiates the all set-up procedure, which the intruder allows to occur between the serving network and the target user, modifying the signaling elements such that for the serving network it appears as if the target user wants not enable encryption. After authentication the intruder cuts the connection with the target user, and subsequently uses the connection with the network to make fraudulent calls on the target user’s subscription.

Integrity protection of critical signaling messages protects against this attack. More specifically, data authentication and replay inhibition of the connection set- up request allows the serving network to verify that the request is legitimate. In addition, periodic integrity protected messages during a connection helps protect against hijacking of unenciphered connections after the initial connection establishment. However, hijacking the channel between periodic integrity protection messages is still possible, although this may be of limited use to attackers. In general, connections with ciphering disabled will always be vulnerable to some degree of channel hijacking.

Again it should be pointed out that these attack profiles are theoretical in nature based on an understanding of how the technology will be deployed. All in all, 3G systems have enhanced and improved security technology in place, but continued vigilance is necessary to maintain their security to set-up a mobile originated call.

VII. Conclusion

The most distributed networks are the most vulnerable to interception and unauthorized access. There is often maximum vulnerability to interception at the point where there is interconnection between fiber, coax, satellite, and terrestrial wireless systems. Air interface standards are but one example where modern telecommunications and IT systems are open to interception.

The market has followed the trend of the so-called Pelton Merge84 that calls for continued improvement of "seamless interface standards" that allows the smooth interconnection of fiber, coax, terrestrial wireless, satellites, and other new and evolving technologies, such as high altitude platforms. The challenge is to develop standards that allow easy and reliable interconnection and also protect security.

One possible solution might be to re-examine the ISO seven layer model of telecommunications and, in particular, to consider the creation of a new layer that provides truly secure based on a 256 or even 1024 bit code that is constantly updateable. Further study would need to be given to whether the ultimate solution is a separate layer or the re-engineering of part of an existing layer that could be devoted to this task. Nonetheless, the risks associated with e- finance are great.

The confidentiality and integrity threat posed by the GSM and 802.11 protocols can be mitigated to an extent. Beyond the use of VPNs, the protection of the gateway and the correspondent servers is essential. It is important for banking institutions to comprehend the various methods that may help to protect the network resources themselves while the VPN technology protects the authorized payload. Banks and their correspondent telecom partners should begin to institute proper layered security measures particularly at the "gateway" level. Mitigation of the risk associated with mobile communications will become more critical as commerce and finance increasingly are conducted over what amount to vulnerable, integrated technologies. The widespread adoption of WLANs and GSM technologies by financial institutions around the world has weakened the security of the payment system. These porous mediums were not developed for the movement of digital assets. As the apparent trends of e- finance continue, "mobile risk management" is going to become increasingly more important to the banking industry in the years ahead.

84 Contributed by Dr. Pelton, Executive Director of the Clarke Institute.