IntroductionPMOMRSIndependent ICT Consultancy

Practical Considerations when deploying VoIP and Mobile Data

Adrian Garrity – Managing Director

Practical Considerations when deploying VoIP and Mobile DataPresented byTyronne Mexson of

For

Introduction - VoIP

-4-

Introduction - VoIP

• VoIP enables convergence of data, voice, and video onto single network.

• Attractive opportunities

– Reducing costs

– Reducing complexities

– Enabling progressive business gains

• Biggest concern with VoIP is security - steps being taken to secure internet

• Other concerns include Quality of Service

-5-

Introduction - VoIP

• Numerous threats

– Device failures

– Malicious attacks

• Need to guarantee calls as well as data over networks

• Need to guarantee services

– 999 emergency services

– 101 SNEN

-6-

Introduction - VoIP

This presentation will cover the following:

• What is VoIP?

• Security Risks

• Security Solutions

• Future of VoIP

What is VoIP?

-8-

What is VoIP?

• Voice over IP

– Making phone calls using a computer network by transmitting voice signals over an IP network

– Analog signal converted to digital, compressed, broken into packets, sent across network, and converted back to analog at destination

– Packet switched network

– Less cost and more scalability

– No dedicated bandwidth

– Uses standard networking components (routers and switches)

-9-

What is VoIP?

• Voice over IP

– IP phones have Ethernet network interface cards included for internet access

– Dedicated phone line or telephone set not needed any longer

– Need high speed internet connection

– Telephone calls can be made from PC using microphone and speakers

-10-

Network Components

• Four main network components needed:

– IP telephony device

– Call processing manager

– Voice mail system

– Voice gateway

-11-

Network Components

• 1) IP telephony device

– Any device that supports placing calls in an IP telephony network

– IP phones

– System applications using microphones and speakers

-12-

Network Components

• 2) Call Processing Manager

– A.K.A. IP PBX

– Server that provides call control and configuration management for IP telephony devices

– Functions include: call setup and routing calls

-13-

Network Components

• 3) Voice Mail System

– IP voice mail storage

– Provides user directory lookup

– Provides call forwarding

-14-

Network Components

• 4) Voice Gateway

– IP packet routing

– Backup call processing

– Provides access to legacy voice systems for local calls, toll bypass, and WAN backup in case of failures

-15-

Benefits of VoIP

• Ability to combine voice, video, data on same network

• Use existing internet connection for phone calls

• Call anyone, anywhere, at any length

• Same or lower cost

• Increased employee productivity

– Combination of communication channels (telephone, voice mail, fax, e-mail, pagers, mobile phones, PDAs)

– Listen to emails & Check voice mails from internet

-16-

Capabilities

• By using XML capabilities, new IP phones have enhanced user interfaces

– Access to any web-based content

– Access to employee extension numbers

– Administrative and attendance solutions for school districts and universities

– Inventory tracking

– Restaurant listings and reservations

– Emergency notification and audio streaming systems for government and public safety personnel

– Enterprise applications – email, unified messaging, corporate directories, conference room booking, and expense reporting

– Easily accessible for employees anytime, anywhere

-17-

Reliability

• Traditional PBX highly reliable

– 99.999% reliability (5 minutes of outage per year)

– Highly reliable components and built in redundancy

• VoIP

– Relies on gateways and phones that can register on multiple servers

– Uses IP networks – multiple paths

-18-

VoIP QoS

• Voice signals more demanding than data communications

• To ensure quality, attributes must be managed properly:

– Bandwidth

– Number of packets lost

– Round trip delay

– Jitter / variability in delay

• Establish QOS needed for expected traffic

-19-

VoIP QoS - Bandwidth

• Bandwidth

– Generally modest (64 kbps or less)

– Depends on codec and use of silence suppression

• Packet loss

– Should be less then 5%

Codec Rate (kbps)

G.711 64

G.722 48-64

G.729 (A/B) 8

-20-

VoIP QoS - Latency

• Voice quality characteristics

– Clarity: fidelity, clearness, and intelligibility of signal

– Delay: effect on interactivity

– Echo: distracting and confusing

• Latency

– Components: Encoding, Packetisation, Network delay, Receiver buffering, Decoding

– ITU-TG.114 recommends 150ms

One-way Delay Effect on perceived Quality

<100 -150ms Delay not detectable

150 - 200ms Acceptable quality; slight delay or hesitation noticeable

Over 200 - 300ms Unacceptable delay; normal conversation impossible

-21-

VoIP QoS - Jitter

• Jitter

– Smoothed by playback buffers

– Receivers adapt the depth of these buffers

– Sudden changes in jitter may cause loss

Convergence mediation

H.323 and SIP

-24-

H.323

• Recommendation published by ITU

• Ties together a number of protocols to allow multimedia transmission through an unreliable packet-based network

• 1996: approved by ITU

• 2003: Version 5

-25-

H.323 Architecture

• H.323 Terminal

• Gateway

• Gatekeeper

• Multipoint Control Units (MCU)

-26-

H.323 Protocol Stack for VoIP

-27-

G.7xx – Speech (De)Coding

• H.323 systems must support G.711: PCM, 64kbps

• Other codecs: G.729, G.726, …

-28-

RTP

• Realtime Transport Protocol (RFC 3550, July 2003)

• Application layer protocol for transmitting realtime data (audio, video, ...)

• Includes payload type identification, sequence numbering, timestamping, delivery monitoring

• Mostly over UDP

• Supports multicast & unicast

-29-

Control Protocol - RTCP

• RTP Control Protocol (RFC 3550, July 2003)

• Periodic transmission of control packets to all participants in the session

• Main functions:

– provide feedback on quality of data distribution

– carries a persistent transport-level identifier for an RTP source (CNAME)

– each participant sends control packets to all others which independently observe the number of participants

-30-

More Control Protocols in H.323

• H.225 (RAS)

– protocol between terminal and gatekeeper (if present)

– allows terminals to join/leave zone, request/return bandwidth, provide status updates, …

• H.245 (Call Control)

– Media Control Protocol

– Allows terminals to negotiate connection parameters (codec, bit rate, ..)

• Q.931 (Call Signaling)

– Manages call setup and termination

-31-

SIP – Session Initiation Protocol

• Developed by IETF since 1999

• RFC 2543, March 1999 (obsolete)

• RFC 3261, June 2002

• Target: develop simpler and more modular protocol for VoIP than the large and complex H.323 by ITU

-32-

SIP – Session Initiation Protocol

• SIP is a text-based protocol similar to HTTP and SMTP, for initiating interactive communication sessions between users

• SIP is an application-layer control (signaling) protocol for creating, modifying and terminating sessions with one or more participants

• Sessions include Internet Multimedia conferences, Internet Telephone calls and Multimedia distribution

-33-

SIP – Session Initiation Protocol

• SIP can be used with different transport protocols, it doesn't even require reliable transport protocols

• A simple SIP client can be implemented using only UDP

-34-

SIP components

-35-

SIP components

UAC (user agent client) Caller application that initiates and sends SIP requests.

UAS (user agent server) Receives and responds to SIP requests on behalf of clients; accepts, redirects or refuses calls.

SIP Terminal Supports real-time, 2-way communication with another SIP entity. Supports both signalling and media, similar to H.323 terminal. Contains UAC.

Proxy Server Contacts one or more clients or next-hop servers and passes the call requests further. Contains UAC and UAS.

Redirect Server Accepts SIP requests, maps the address into zero or more new addresses and returns those addresses to the client. Does not initiate SIP requests or accept calls.

Location Server Provides information about a callers possible locations to redirect and proxy servers. May be co-located with a SIP server.

-36-

Comparison of H.323 and SIPItem H.323 SIP

Designed by ITU IETF

Compatibility with PSTN Yes Largely

Compatibility with Internet No Yes

Architecture Monolithic Modular

Completeness Full Protocol Stack SIP just handles set-up

Parameter negotiation Yes Yes

Call signaling Q.931 over TCP SIP over TCP or UDP

Message format Binary ASCII

Media Transport RTP/RTCP RTP/RTCP

Multiparty calls Yes Yes

Multimedia conferences Yes No

Addressing Host or Tel Number URL

Call termination Explicit or TCP Release Explicit or timeout

Instant messaging No Yes

Encryption Yes Yes

Size of standards 1400 Pages 250 pages

Implementation Large and Complex Moderate

Status Widely deployed Up and coming

-37-

Disadvantages to VoIP

• Some internet voice services do not work during power outages and do not provide backup power

• Some services difficult to connect with 999 dispatcher

• Some providers do not provide white pages

• SECURITY

Security Risks

-39-

DoS Attack

call

?

-40-

Toll Fraud

Hacker sells your company calling information

Your company gets the bill

-41-

Call Manager OS

-42-

Call Manager OS

?

-43-

Eavesdropping

call

-44-

Recording

call

-45-

Hijacking/Injection Attack

call

-46-

Call Forwarding/Spoofing

call

-47-

Call Forwarding/Spoofing

call

-48-

Call Forwarding/Spoofing

call

?

-49-

Expose private conversations

call

!

-50-

Block certain calls

555-1212999-1213987-6543

?

-51-

Log call activity

call

VoIP Security Concerns

-53-

VoIP Security Concerns

• What is the greatest risk to your organisation when implementing Voice over IP?

-54-

VoIP Security Concerns

• What is the greatest risk to your organisation when implementing Voice over IP?

Loss of use – and resulting loss of business, whether a result of a DoS attack, power failure, or poor management/maintenance of the VoIP systems.

-55-

VoIP Security Concerns

• What are the security risks you are exposing your organisation to when considering Voice over IP (VoIP)?

-56-

VoIP Security Concerns

• What are the security risks you are exposing your organisation to when considering Voice over IP (VoIP)?

Denial of Service, Toll Fraud, O/S Vulnerabilities, Hacking, Recording, Eavesdropping, Hijacking, Spoofing, Call Forwarding, Call Blocking, Call Logging

Security Solutions

-58-

Network Solutions: Security Policy• Establish a corporate security policy

– Acceptable Use Policy

– Analog/Dial-in/ISDN Line Policy

– Anti-Virus Process

– E-mail Policy

» Automatic Forwarding

» Usage

» Retention

– Ethics Policy

– Password Protection Policy

– Patch Management Process

– Router Security Policy

– Server Security Policy

– Risk Assessment Policy

– VPN Security Policy

– Wireless Security Policy

-59-

Security Solutions: Network

Network Design by Cisco Systems

-60-

Security Solutions: DoS

• Provide redundancy through:

– Mesh Corporate WAN design

– Utilising multiple ISPs

– Fallback PSTN Gateway(s)

– Uninterruptible Power Supplies

• Negotiate QoS agreements

-61-

Security Solutions: Hacking

• Segment networks into separate VLANs

– Voice network

– Data network

– Monitoring and control network

-62-

Security Solutions: Hacking

• Maintain VoIP application server updates

– Call manager server(s)

– Voicemail server(s)

– Gateway server(s)

» Install current Operating System patches

» Install current application software patches

-63-

Security Solutions: Spoofing

• Eliminate unknown devices

– DHCP Snooping

– DAI: Dynamic Address Resolution Protocol Inspection

– IP Source Guard

• Eliminate unknown software

– Digital Signatures

-64-

Security Solutions: Threats

• Manage and prevent threats via:

– Stateful Firewalls

– Virus Filters

– Intrusion Detection (NIDS)

– Intrusion Prevention (HIPS)

– Filter unnecessary ports on:

» Routers

» Switches

» PCs

» IP Telephones

» Firewalls

-65-

Security Solutions: Complete

FUTURE OF VoIP

-67-

Wireless VoIP

• 802.11b (WiFi), the current standard, supports raw data rates up to 11Mbps.

• 802.11a & 802.11g standards support 54 Mbps

-68-

Differences between A & G

• Major difference is operating spectrum frequency.

– ‘G’ standard utilises 2.4GHz ISM band (same as ‘B’ standard)

– ‘A’ standard utilises 5.2GHz band

-69-

Advantages

• ‘A’ standard

– No interference because it utilises the 5.2GHz band

– Meets the need for future high-bandwidth applications for wireless video and the like.

• ‘G’ standard

– Extended capability of supporting ‘B’ devices.

– Older ‘B’ mobile units can continue to be used along with any new ‘G’ mobile devices.

– Meets the need for future high-bandwidth applications for wireless video and the like.

-70-

Disadvantages

• ‘A’ standard

– 802.11a wireless voice devices are not readily available on the market.

– Few vendors have announced support of ‘A’ for a wireless VoIP application.

• ‘G’ standard

– ISM band may become too crowded and introduces a possibility of interference problems (e.g., Bluetooth, cordless phones, etc.).

Conclusion

-72-

Conclusion

• “The challenge of VoIP security is not new. History has shown that advances and trends in information technology typically outpace the corresponding realistic security requirements. Such requirements are often tackled only after these technologies have been widely adopted and deployed” – Cable Datacom News

-73-

Major Concern

• With VoIP the Internet becomes the backbone of a company's phone network.

– Hackers

– Worms

– Viruses

– DoS attacks

-74-

Advantages

• Convergence of voice and data into a common infrastructure for wiring, routers, network connectivity.

• Companies will be able to deploy, manage and maintain one network to serve all communication needs, saving on infrastructure costs and resources.

Introduction – Mobile Data

-76-

Introduction – Mobile Data

This presentation will cover the following:

• The Need For Remote Access

• Internet IPVPNs

• Key Customer Wireless Issues

• Considerations for Personal Trusted Devices

The Need For Remote Access

-78-

Is there a need for Remote access?

• Save money on office facilities

• Use of smaller workforce effectively and strategically

• Reach and service more customers

• Flexibility to work force - flexihours

MOBILITY is MONEY

Space to Workforce

lower than 1:3 in many

offices

-79-

Needs of Mobile Workforce

• Corporate Email

– Allows mobile workforce to be in touch

• Access to corporate intranets.

– Marketing/sales collaterals, access KM sites, download forms, generate quotations.

• Access to resources.

– Source code, documents, lab infrastructure, calendaring system, booking meeting rooms.

• Access to enterprise applications

– SAP, Oracle, Lotus notes or other suites for purposes like order processing, tracking, inventory management etc.

• Video and Tele Conferencing

• 24X7 Availability and Support

-80-

Challenges for Enterprises

• Authenticating of the user

• Encrypting data that is sent over the public network

• Tracking the usage of devices

• Protection from Spoofing and Sniffing

• Support for growing list of devices

-81-

Technology Choices available today

• Technology

– IPSec VPN

» Allows complete access to enterprise resources

» Heavy weight protocol, but complete control to user

» Needs software on clients

– Email access

» Accessible through https (secure HTTP)

• Connectivity options

– Ethernet

– GPRS

– WiFi

-82-

Technology trends

• Encrypted Disk drives

– Data is stored in encrypted form

• External security keys

– Stored as USB Dongle or Serial port device

– Used as a key to access enterprise data

– Allows authentication and tracking

• SSL VPN

– Allows any web browser to access enterprise data

– Light weight solution, deployment cost is low

– Access restricted to Web based resources only

• Biometric identification

– Eye (iris) or finger print based identification

-83-

Gaps remaining

• Access of enterprise data at public kiosks

– Caching of information

– Saving of downloaded information

• Theft

– The disks can be read by another device

– Pictures and Messages stored in PDAs/Cell Phones

• Secured Access guarantee by ISPs

• Remote Patch Management

• Enterprise Policy for Remote Work Force

-84-

Suggestions for Enterprises

• Formulate a Policy for Remote Connectivity

• Centralise the maintenance and control of Security Settings

• Standardisation of devices

– Employees should not be allowed to choose devices

• Enforce anti-virus and patch management policy

• Have an approved list of applications to be used remotely

• Encryption of data is a must

IPVPNs

-86-

Internet VPN

An Internet VPN is configured on the customers own equipment e.g. a router. A tunnel is created between two customer sites normally using IP Sec (IP Security) on the customer router and the traffic is routed over the Internet.

It is a very low-cost way of establishing a VPN between two locations.

However, there is no commitment with regard to speed of delivery of the data and at times when the Internet is busy it may not be possible to establish a connection at all or to transmit data with any reasonable speed.

Many corporate customers will not use this type of VPN as it can route over many different service providers' networks and is subject to the same security risks as the www.

-87-

Internet VPN

Sole traders and companies who only need to exchange email and perhaps a small amount of data are the major users of Internet VPNs.

If a customer is comparing the price of an Internet VPN to that of an internet IPVPN it is important not to focus too much on the price of the IPVPN as two totally different services are being compared.

-88-

Internet IPVPN (Tunnelling) Technologies

• VPN technology– GRE

– IP sec

• IP sec standards– AH

– ESP

– IKE

– DES

– Triple DES

– RC4

– X.509 digital certificates

-89-

VPN using GRE Tunnel

GRE (Generic Route Encapsulation) is another method of creating a tunnel which can then form a VPN between two sites.

The most common use of GRE tunnels is to transport legacy i.e. protocols other than IP across MPLS networks.

For example a customer with a fully meshed IPVPN over an MPLS core network could connect two sites using a GRE tunnel and send SNA traffic (i.e. non IP traffic) between the two sites without having to convert the SNA to IP before it entered the IPVPN.

It can also be used as an unsecured internet VPN for non-sensitive traffic.

-90-

VPN using IP sec tunnelling

IP Sec (IP Security) based VPNs use authentication mechanisms to ensure that only valid clients can connect across the tunnel. In addition there are different encryption algorithms that can be applied to IP Sec tunnels to ensure that the data passing through the VPN is not compromised.

An IP Sec VPN is a point to point tunnel that can also be established between two sites that are connected into a multi-site IPVPN with MPLS.

This would be used for example to connect two bank computer sites together where security of data transfer between mainframes is vital.

The two sites would send email over the normal MPLS IPVPN fully meshed VPN and just use the IP Sec tunnel for special data between the two computers.

-91-

IP sec Key features

Authentication

Data Concealment(Encryption)

Mobility

Global

Open Standards Based

Manageability

-92-

IP sec VPN

Mail

Business Partner

Internet

Branch OfficeEthernet

Data

Internal Web Site

Headquarters

Mobile User

Directory

Services and Management Zone

CA

Corporate Infrastructure

VPN Gateway

VPN Gateway

Remote User

Key Customer Wireless Issues

-94-

Key Customer Wireless Issues

Diff erent

Devices

Diff erent Applications Web Content

& Applications

CustomApplications

Email & PIMBusiness

Applications

Diff erent

Needs

Connected "Always On" Intermittent Disconnected

Diff erent

Connections

MultiModal BrowsingView /

Manage Data

Diff erent Interactions Voice

Considerations for Personal Trusted Devices

-96-

The big picture: Convergence of Internet and digital telecom networks

IP Backbone Network

Communityserver

Service provider Server (e.g. GIS)

TV set

Mobile terminal

PC

CAserver

E-commerce server

Mobile NWOperator sphere

-97-

GSMWireline Backbone

("ALL-IP")

BluetoothGSM

UMTS

IEEE802.11

IrDA

WirelessAccess Networks

WiredAccess Networks

ISDN

Analogmodelm

IEEE802.3

Digi-TV/Cable

ServersServers

Mobileterminals

wiredterminals

Digi-TV/AirInterface 4G

The big picture: Access Network technologies

-98-

Some measures for the big picture

• Global wireless infrastructure based on GSM technology is truly global with its roaming capability and coverage.

• At the end of 2002, there were 454 GSM operators worldwide in 182 countries, and they served over 730 million users.

• In 2002, 75 percent of the new mobile customers started to use GSM terminals and services offered by the GSM networks [Nok2003].

• The number of digital telecom handsets has exceeded 1 billion (in 2002, ca. 400 million handsets were sold) and by 2006 perhaps 2 billions.

-99-

Some measures for the big picture

• Of these handsets hundreds of millions are Internet-enabled (WWW, WAP- or I-mode -enabled).

• There are over a hundred million of servers at the server side (in Internet 1) and many in private networks

-100-

What is a Personal Trusted Device?

• When the wireless terminals in the above big picture are capable of supporting seamless communication, authentication and authorisation of users, various kind of contents - including text, voice and video streams, geocoded contents, etc. – and practically any conceivable application or service, one can begin to talk about a Personal Trusted Device (PTD)

• A device where M-commerce transactions can be launched, credit card information stored, access to corporate resources allowed through PTDs now

• A multimedia mobile phone or PDA

• A Laptop with GPRS / WiFi / 3G card

-101-

Functionality of a PTD

-102-

Security and privacy problems of PTDs

• The PTDs are able to host larger and larger amount of data as memories get bigger

• This data is a security risk, because the device could be stolen or lost. So should we minimise the amount of critical data kept at the PTD?

• On the other hand, for guarding against privacy violations it might be wise to store large amounts of data at the PTD

• What is an optimal approach and on what does the optimality depend?

-103-

Security and privacy risks

• Evidently, if there is no risk of losing the device and data then it makes sense to keep as much as possible data, also critical, at the device

• However, on the contrary, if the risk of losing the device to a thief, or if losing the data because of a device crash or any other technical problem is high, it is advisable to minimise the amount of critical data kept at the device

-104-

Assets, risks, threats

• Assets:

– Any data stored at the PTD

• Risks: 

– PTD data lost

» The data stored at PTD is lost for the data owner. There are many threats that result in this, as discussed below. 

– PTD data misused

» The data stored at PTD and subsequently extracted is misused by malicious persons.

-105-

• Threats:

– PTD is destroyed

» In this case no one can use the data any more

– PTD is lost for the owner

» In this case the owner does not get the device or data back; he or she is unsure, whether the data will be misused or not

– PTD is stolen from the owner

» The owner knows that the device is stolen and certainly all the data is lost, and perhaps some or all the data is misused

Assets, risks, threats

-106-

Assets, risks, threats

• Threats (Cont):

– PTD data misused unnoticed

» In this case the data stored at the PTD is extracted and/or altered in a way that the owner does not notice it

» The PTD and the data remains at the disposal of the owner (perhaps, however, altered in some way)

» This case can lead to considerable security threats and damages from the owners point of view (misuse of cyber-identity, passwords, credit card, access to company infrastructure etc.)

» The privacy violation also belongs to this category, if the data provided by or stored at the terminal is misused

-107-

Assets, risks, threats

• Threats (Cont):

– PTD data misused but detected

» This case can result from theft, losing the device and subsequent theft, or disclosure of a misuse attempt from logs or physical traces (cf. Bluetooth/Ir-connection).

» In this case the device owner detects the misuse either when it is evident from the context (theft) or sometimes afterward

» The difference to the previous case is that the device owner can take deliberate countermeasures

-108-

Countermeasures against losing data

• Minimising the amount of critical data stored at PTD

• Full (or partial) data replication at a safe network component,

• Provision of safe “backdoors” to the data for which the legitimate owner has lost access for some reason (encrypted data, lost access to the entire device or to decryption keys, etc.)

-109-

Countermeasures against PTD misuse

• Minimising the amount of critical data stored at the device

• As good as possible physical protection of the PTD

• Reliable access control to the PTD and the data stored at it

• Encryption of the data stored at the device

• Partition of the data and storing it at the device and at another safe location (server, memory card, etc.)

-110-

Countermeasures against PTD misuse

• Self-destruction of the data if misuse attempt is detected by the device

• Privacy related data and algorithms that monitor what combinations of data handed out from the device while using various external services could lead to privacy violations or threats

• Refraining from accessing networked services

• Rroviding full security for communications over the air interface (end-to-end message encryption, end to authentication, authorisation)

-111-

Technical support for the countermeasures at PTD

• Reliable access control and authorisation

– This is a prerequisite for any security and privacy scheme; if a malicious person gets access to the data at the device just by getting hold of it physically, nothing much can be done anymore; Physical security of the PTD is thus a key ingredient in the security field

– The second security sphere is a proper authentication (PIN, biometric authentication, etc.)

– Third sphere is a proper authorisation of data access stored at the device

– Fourth sphere is protecting the device against malicious programs that are run there

-112-

Technical support for the countermeasures

• Categorisation of the data

– Assess risk level of particular piece of data and tell this to the system software (e.g. high, medium, low)

• Minimising the amount of vulnerable data at the PTD

– This can be semiautomatic, based on the risk level and the above categorisation

– If the risk level exceeds a threshold (e.g. due to movement to a high risk area), the vulnerable data is moved away from the device or encrypted in a suitable way

-113-

Technical support for the countermeasures

• Data partitioning

– The idea here is to store only a portion of a particular data half-granule at the PTD and another granule at a network component/other device so that both granules are useless alone, I.e. cannot be used unless first combined; thus grabbing the device or the other half-granule at the network would not yet grant access to the other half-granule

– The problem with the scheme is that if there is no network connection, the legal user can neither use the data, because the half-granules cannot be recombined

– Another problem is the need for wireless capacity

-114-

Technical support for the countermeasures

• Data replication

– This scheme is solely against losing the data for whatever reason (device crash, loss or theft)

– The data granules stored outside the device (at other devices, network components, etc.) function basically as back-up copies that must be refreshed from time to time

– The draw-back of the scheme is that it increases risk of misuse of the data, because the same data is stored in perhaps many places outside the device

– Another drawback is storage and wireless network cost

-115-

Technical support for the countermeasures

• Encryption of data

– Encryption means that even if a malicious person has got hold of the device, he or she should be able do decrypt the data in order to misuse it

– This can be only be done by passing authorisation as a necessary step while accessing the data (PIN or authorising the action by other means)

-116-

Technical support for the countermeasures

• Destruction of the data

– This is an ultimate measure that the device should launch automatically, if it detects a rather clear misuse attempt

– By destruction the misuse is prohibited, but so is the legal use, unless the data is replicated

– How the decision can be done automatically, is by no means clear at the moment

-117-

Conclusions and further research

• Added security and privacy protection tend to decrease the usability of the device and increase power consumption and network capacity requirements

• It is therefore vital that the security and privacy protection policies and methods used in PTDs are in the right proportion to the threats

• Support from the network side is needed in almost all schemes; thus, there must be an integrated overall security and privacy scheme

-118-

Conclusions and further research

• Many problems remain open, such as

– The measures for the threat and for the similarity of the copies.

– A comprehensive analytical model with the help of which one could better assess the impact of the chosen policies and methods to the usability, security and privacy of the PTDs

– These are for further study

-119-

Contact Details

• WWW.HiTexConsulting.Co.UK

• WebInfo@HiTexConsulting.Co.UK

• Tel. 0845 408 2412

• Fax. 0845 223 5158

• Presenters:

– Adrian.Garrity@HiTexConsulting.Co.UK

– Tyronne.Mexson@HiTexConsulting.Co.UK