secure application deployment with gprs/edge/umts paper begins with an overview of gprs/edge/umts...

42
Cingular Wireless Developer Program © 2005 Cingular Wireless LLC. All rights reserved. Secure Application Deployment with GPRS/EDGE/UMTS devCentral White Paper Document Number 12792 Revision 6.0 Revision Date 03/28/05

Upload: trananh

Post on 09-Mar-2018

218 views

Category:

Documents


0 download

TRANSCRIPT

Cingular Wireless Developer Program © 2005 Cingular Wireless LLC. All rights reserved.

Secure Application Deployment with GPRS/EDGE/UMTS devCentral White Paper

Document Number 12792 Revision 6.0 Revision Date 03/28/05

devCentral White Paper ii 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Legal Disclaimer

This document and the information contained herein (collectively, the "Information") is provided to you (both the individual receiving this document and any legal entity on behalf of which such individual is acting) ("You" and "Your") by Cingular Wireless II, LLC, on behalf of itself and its affiliates ("Cingular") for informational purposes only. Cingular is providing the Information to You because Cingular believes the Information may be useful to You. The Information is provided to You solely on the basis that You will be responsible for making Your own assessments of the Information and are advised to verify all representations, statements and information before using or relying upon any of the Information. Although Cingular has exercised reasonable care in providing the Information to You, Cingular does not warrant the accuracy of the Information and is not responsible for any damages arising from Your use of or reliance upon the Information. You further understand and agree that Cingular in no way represents, and You in no way rely on a belief, that Cingular is providing the Information in accordance with any standard or service (routine, customary or otherwise) related to the consulting, services, hardware or software industries. CINGULAR DOES NOT WARRANT THAT THE INFORMATION IS ERROR-FREE. CINGULAR IS PROVIDING THE INFORMATION TO YOU "AS IS" AND "WITH ALL FAULTS." CINGULAR DOES NOT WARRANT, BY VIRTUE OF THIS DOCUMENT, OR BY ANY COURSE OF PERFORMANCE, COURSE OF DEALING, USAGE OF TRADE OR ANY COLLATERAL DOCUMENT HEREUNDER OR OTHERWISE, AND HEREBY EXPRESSLY DISCLAIMS, ANY REPRESENTATION OR WARRANTY OF ANY KIND WITH RESPECT TO THE INFORMATION, INCLUDING, WITHOUT LIMITATION, ANY REPRESENTATION OR WARRANTY OF DESIGN, PERFORMANCE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, OR ANY REPRESENTATION OR WARRANTY THAT THE INFORMATION IS APPLICABLE TO OR INTEROPERABLE WITH ANY SYSTEM, DATA, HARDWARE OR SOFTWARE OF ANY KIND. CINGULAR DISCLAIMS AND IN NO EVENT SHALL BE LIABLE FOR ANY LOSSES OR DAMAGES OF ANY KIND, WHETHER DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, SPECIAL OR EXEMPLARY, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF GOODWILL, COVER, TORTIOUS CONDUCT OR OTHER PECUNIARY LOSS, ARISING OUT OF OR IN ANY WAY RELATED TO THE PROVISION, NON-PROVISION, USE OR NON-USE OF THE INFORMATION, EVEN IF CINGULAR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES.

devCentral White Paper iii 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Revision History

All marks, trademarks, and product names used in this document are the property of their respective owners.

Date Revision Description 05/13/03 1.0 Document released. 09/05/03 2.0 New devCentral template applied to document 9/17/03 3.0 Adds references to EDGE. 9/23/03 4.0 Updated Section 1.3, Resources, to include links to referenced

documentation. 07/16/04 5.0 Updated for new IP/APN services, WAP 2.0 and UMTS. 03/28/05 6.0 Updated to Cingular-branded template.

devCentral White Paper iv 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Table of Contents

1. Introduction .............................................................................................................................................1 1.1 Audience.......................................................................................................................................1 1.2 Contact Information ......................................................................................................................1 1.3 Resources.....................................................................................................................................2 1.4 Terms and Acronyms....................................................................................................................3

2. GPRS/EDGE/UMTS Security Overview.................................................................................................5

3. User Authentication ................................................................................................................................9

4. Network Access Authentication ............................................................................................................10

5. Encryption.............................................................................................................................................11 5.1 Comparison with CDPD..............................................................................................................13

6. GPRS/EDGE/UMTS Network Infrastructure ........................................................................................14 6.1 Cingular Wireless Network .........................................................................................................14 6.2 Roaming Scenario ......................................................................................................................14

7. IP Address Management ......................................................................................................................17

8. Security Options for Custom Access Point Names (APNs)..................................................................19 8.1 IP Addressing Options for Custom APNs...................................................................................20 8.2 Firewall Options for Custom APNs .............................................................................................21

9. Commercial Connectivity Services .......................................................................................................23

10. Customer-Supplied VPN ......................................................................................................................25

11. WAP Security........................................................................................................................................27

12. Other Security Topics ...........................................................................................................................36 12.1 Short Message Service (SMS) ...................................................................................................36 12.2 Digital Rights Management ........................................................................................................36 12.3 RIM Blackberry Security .............................................................................................................36 12.4 Application-Level Security ..........................................................................................................37 12.5 SSL-Based Security....................................................................................................................37

Figures Figure 1: End-to-End Security with GPRS/EDGE .................................................................................... 8 Figure 2: GPRS/EDGE Protocol Diagram Showing Encryption ............................................................. 12 Figure 3: GPRS/EDGE Roaming............................................................................................................ 15 Figure 4: Fixed-End Connectivity Options .............................................................................................. 24 Figure 5: WAP1 Security Architecture .................................................................................................... 28

devCentral White Paper v 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Table of Contents

Figure 6: WAP2 Security Architecture .................................................................................................... 31 Figure 7: WAP Protocols as Deployed (on networks formerly owned by AT&T Wireless)..................... 32

Tables Table 1: Terms and Acronyms ................................................................................................................ 3 Table 2: Security Implications of Different IP Addresses ...................................................................... 18 Table 3: Security-Related Options and Implications for Custom APNs ................................................ 19 Table 4: Supported WTLS Protocols (for the networks formerly owned by AT&T Wireless) ................ 29 Table 5: Supported SSL Protocols (for the networks formerly owned by AT&T Wireless) ................... 30 Table 6: Recommended SSL Certificate Authorities (for use with networks formerly owned by AT&T

Wireless ................................................................................................................................... 33

devCentral White Paper 1 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

1. Introduction

This paper explains how you can securely deploy applications that use the GPRS/EDGE and UMTS networks formerly owned by AT&T Wireless. Unlike the vulnerabilities found with some other popular wireless technologies, GPRS/EDGE/UMTS networks employ robust security architecture with comprehensive security mechanisms. This paper describes these in the following security-related areas:

Security mechanisms available with GPRS/EDGE/UMTS technology

Security enhancements that Cingular Wireless offers in its network Security options available to customers Additional measures that customers can deploy themselves to

augment security This paper begins with an overview of GPRS/EDGE/UMTS security that provides sufficient information for any reader who simply wants a high-level understanding of GPRS/EDGE network security. The paper then explores in detail the various security aspects of the network and customer options, including user authentication, network access authentication, encryption of the radio interface, the GPRS network infrastructure, IP address management, custom Access Point Names (APNs), the Commercial Connectivity Services (CCS), and customer-supplied Virtual Private Networks (VPNs).

1.1 Audience

This paper has been developed for independent developers, enterprise developers, Cingular Wireless Alliances, content developers, and system integrators engaged in GPRS/EDGE/UMTS application development and deployment. This paper assumes you have an understanding of GPRS/EDGE/UMTS technology and some understanding of computer and network security concepts.

1.2 Contact Information

E-mail any comments or questions regarding this document to [email protected]. Please reference the title of this document in your e-mail.

Document Author: Peter Rysavy

devCentral White Paper 2 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

1.3 Resources

3GPP Technical Specification TS 33.102; 3G Security; Security Architecture (Release 1999) http://www.3gpp.org/ 3GPP Technical Specification TS 03.60, General Packet Radio Service (GPRS), Service Description http://www.3gpp.org/ 3GPP Technical Specification; Digital Cellular Telecommunications System (Phase 2+); General Packet Radio Service (GPRS); GPRS Ciphering Algorithm Requirements (GSM 01.61 version 8.0.0 Release 1999) http://www.3gpp.org/ftp/Specs/2003-06/R1999/01_series/0161-800.zip 3GPP Technical Specification; Digital Cellular Telecommunications System (Phase 2+); Security Related Network Functions (GSM 3.20 Release 1999) http://www.3gpp.org/ftp/Specs/2003-06/R1999/03_series/0320-810.zip 3GPP Technical Specification 33.102; 3G Security; Security Architecture (Release 1999) http://www.3gpp.org/ftp/Specs/2004-03/R1999/33_series/33102-3d0.zip 3GPP Technical Specification 35.202: Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: Kasumi Algorithm Specification http://www.3gpp.org/ftp/Specs/2004-03/R1999/35_series/35202-312.zip Research in Motion, BlackBerry Security Technical White Paper for Lotus Domino http://www.blackberry.net/support/pdfs/bb_enterprise_server_lotus_domino_technical_wp.pdf Research in Motion, BlackBerry Security Technical White Paper for Microsoft Exchange http://www.blackberry.net/support/pdfs/bb_security_technical_wp_exchange_21.pdf

devCentral White Paper 3 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

1.4 Terms and Acronyms

Table 1 defines terms and acronyms used in this document.

Table 1: Terms and Acronyms

Term or Acronym Definition 3DES Triple DES APN Access Point Name BG Border Gateway BSC Base Station Controller BTS Base Transceiver Station CA Certification Authority CCS Commercial Connectivity Services CDPD Cellular Digital Packet Data DES Digital Encryption Standard DNS Domain Name System DRM Digital Rights Management EDGE Enhanced Data Rates for GSM Evolution FES Fixed End System GEA GPRS Encryption Algorithm GGSN GPRS Gateway Support Node GPRS General Packet Radio Service GRX GPRS Roaming Exchange GSM Global System for Mobile Communications GTP General Packet Radio Service (GPRS) Tunneling Protocol HLR Home Location Register HTML Hypertext Markup Language IETF Internet Engineering Task Force IMSI International Mobile System Identity IP Internet Protocol IPSec Internet Protocol Security LLC Logical Link Control MS Mobile Station (mobile computer plus communications device) MSC Mobile Switching Center MSISDN Mobile Subscriber Integrated Services Digital Network NAT Network Address Translation NDIS Network Driver Interface Specification

devCentral White Paper 4 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

Term or Acronym Definition 3DES Triple DES PDP Packet Data Protocol PIN Personal Identification Number PVC Permanent Virtual Circuit SGSN Serving GPRS Support Node SIM Subscriber Identity Module SSL Secure Sockets Layer TCP Transmission Control Protocol TLS Transport Layer Security UDP User Datagram Protocol UEA1 UMTS Encryption Algorithm1 UMTS Universal Mobile Telecommunications System VPN Virtual Private Network WAE Wireless Application Environment WAP Wireless Application Protocol WDP Wireless Datagram Protocol WML Wireless Markup Language WSP Wireless Session Protocol WTLS Wireless Transport Layer Security XML Extensible Markup Language WLAN Wireless Local Area Network

devCentral White Paper 5 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

2. GPRS/EDGE/UMTS Security Overview

This section provides an overview of the security mechanisms and security options for GPRS/EDGE/UMTS. These are discussed in more detail in subsequent sections.

Cingular Wireless maintains a comprehensive security policy that dictates the requirements and procedures to maintain the security of networks formerly owned by AT&T Wireless, including the GSM/GPRS/EDGE and UMTS networks. Any network security architecture must take into account end-to-end communications, as well as all the individual links and nodes that make up the network. Moreover, security procedures can occur at multiple levels in a network. For example, a network may encrypt a link, but a user application may also encrypt data. Overlapping security measures generally augment the effectiveness of overall security.

GPRS/EDGE is a packet data service for GSM networks. Some security mechanisms (e.g. encryption and authentication) are part of GSM/GPRS/EDGE technology, while other security mechanisms (e.g. firewalls and fixed-end connectivity options) are unique to the GPRS/EDGE networks formerly owned by AT&T Wireless. You can implement a variety of measures such as Virtual Private Networking (VPN) to augment security.

EDGE is a radio technology for GPRS networks that enhances data throughputs. The underlying network infrastructure is the same whether the radio technology used is GPRS or EDGE. All security mechanisms are the same for networks that employ EDGE as those that employ GPRS. EDGE devices operate in GPRS mode in GPRS networks that do not support EDGE, and GPRS devices function identically in an EDGE network as they do in a GPRS network.

UMTS is a third-generation cellular technology that employs a Wideband CDMA (WCDMA) radio interface. It involves a separate radio access network, but shares much of the same infrastructure as the GSM/GPRS/EDGE network. The Cingular Wireless UMTS network has many of the same security mechanisms that are used in the GPRS/EDGE networks formerly owned by AT&T Wireless. Exceptions are noted in this paper.

devCentral White Paper 6 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

The primary components of a secure application that uses GPRS/EDGE or UMTS networks are as follows:

User Authentication: A device (e.g. GPRS or EDGE-capable mobile telephone) can be configured so that a user is prompted to enter a Personal Identification Number (PIN) before being able to use the device. Your application (located on the mobile station or on your network) can also authenticate the user with a password, secure IDs, or biometric approaches.

Network Access Authentication: The network authenticates a user device against information stored in the Subscriber Identity Modules (SIM).

Encryption: GPRS/EDGE encrypts communications between the Mobile Station (MS) and an infrastructure node called the Serving GPRS Support Node (SGSN). UMTS encrypts communications between the MS and an infrastructure node called the Radio Network Controller. In both cases, encryption protects the radio link and a portion of the network infrastructure from eavesdropping.

Private Infrastructure Network: Cingular Wireless employs a well-protected private infrastructure network for transmission of customer data.

Protection of User Identities: GPRS/EDGE/UMTS minimizes instances where MS identity information is sent over the radio interface, and relies on encryption as well as temporary identifiers to protect identities from interception, thus protecting against fraudulent use.

Protection of IP Addresses: IP addresses are never transmitted in the clear (unencrypted) over the air link, reducing the risk of attacks on both mobile and fixed-end systems.

Secure Service Offerings: Many GPRS/EDGE and UMTS service offerings from Cingular Wireless incorporate comprehensive security features. Examples of such offerings include WAP browsing, and the RIM BlackBerry Handhelds.

Flexible IP Address Management and Routing Options. Cingular Wireless offers flexible networking options that can augment security, such as whether user mobile stations can access the Internet.

devCentral White Paper 7 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

Custom Access Point Names (APNs): APNs specify the external networks that the MS can communicate with. Cingular Wireless offers extensive options for customizing the security aspects of these connections. Note that custom APNs are not available for UMTS.

Commercial Connectivity Service: Beyond native Internet connectivity, Cingular Wireless offers two means for you to connect your networks to the GPRS/EDGE networks formerly owned by AT&T Wireless: frame relay and network VPN connections. These connection methods are not available for UMTS.

Customer-Supplied VPN: In addition to the mechanisms listed above, you have the option of using mainstream VPNs, nearly all of which have been tested for operation over GPRS/EDGE/UMTS. You can also use wireless VPNs that are optimized for wireless networking. Customer-supplied VPNs add to security by offering encryption, authentication, and data-integrity checking.

Secure Applications: Beyond VPNs, you also have the option of securing application communication at higher levels. For example, Secure Sockets Layer (SSL) can secure Web-based applications and applications such as Lotus Notes and Microsoft Exchange have digital signing and encryption options.

Figure 1 shows the locations of some of the key security mechanisms within the GPRS architecture.

Note: WAP employs an additional set of security mechanisms that are discussed in the Section 11, WAP Security.

devCentral White Paper 8 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

Figure 1: End-to-End Security with GPRS/EDGE

MobileSwitching

CenterHome

LocationRegister

ServingGPRS

SupportNode

GatewayGPRS

SupportNode

ExternalData Network(e.g.Internet,Frame Relay)

BaseStation

ControllerMobileStation

CircuitSwitched

IP Data

Public SwitchedTelephone Network

GPRS/EDGE Portion

BaseTransceiverSubsystem

BaseTransceiverSubsystem

MobileStation

MobileStation

MobileStation

MobileStation

GSM Network

VisitedLocationRegister

GSM/GPRS Authenticationand Encryption

PrivateNetwork

CommercialConnectivity

OptionCustomer-Supplied VPN

CustomerNetwork

Security for GPRS/EDGE

devCentral White Paper 9 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

3. User Authentication

To gain access to the GPRS/EDGE or UMTS network, a user must have a SIM card for his or her GPRS, EDGE, or UMTS device. Cingular Wireless supplies a SIM card for each user device that it sells. The SIM card contains user identity information.

Requiring the user to enter a PIN can protect SIM cards further. If the user enters an incorrect PIN more than three times, any additional attempts are blocked until the user enters a special code that can only be obtained from Cingular Wireless Customer Service.

Note: Cingular Wireless supplies GSM/GPRS/EDGE/UMTS equipment with the PIN function disabled; however, you can re-enable it.

Beyond these measures, you can protect against lost or stolen mobile equipment using application (or VPN) passwords, hardware tokens, or biometric systems.

devCentral White Paper 10 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

4. Network Access Authentication

This section discusses the process by which the network authenticates a user’s device. Authentication is based on a challenge-response mechanism. This is similar to the GSM voice service authentication, except that it is managed by the Serving GPRS Support Node (SGSN) that is responsible for packet-data service, instead of the Mobile Switching Center (MSC), which is responsible for circuit-switched services.

The steps include the following:

1. The Mobile Station (MS) requests access to the network, identifying itself by the International Mobile Subscriber Identity (IMSI) stored on the SIM card.

2. The SGSN forwards the access request to the appropriate authentication center, hosted on the Home Location Register (HLR).

3. The HLR responds to the access request by sending a random 128-bit number (the challenge) and corresponding 32-bit challenge response (computed with the GSM A3 algorithm) to the SGSN. The SGSN temporarily stores the expected challenge response. The shared secret key is not transmitted to the SGSN or the MS.

4. The MS computes the 32-bit response, based on the 128-bit random number and its individual subscriber authentication key (called the Ki key, which is stored in both the SIM card and the HLR authentication center) using the same GSM A3 algorithm.

5. The SGSN compares the MS challenge response to the challenge response provided by the HLR. If they match the MS is successfully authenticated and is allowed to engage in further communications with the network.

At no point during the authentication process is the individual subscriber authentication key transmitted over any portion of the network. The authentication is one-way only. The MS does not authenticate the network. From a practical perspective, it would be difficult for an attacker to masquerade as a GSM/GPRS/EDGE or UMTS network and to obtain the MS credentials.

The details of the GSM A3 algorithm are not publicly disclosed.

devCentral White Paper 11 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

5. Encryption

An important security mechanism that protects the radio link against eavesdropping is encryption. Encryption protects both user data and network control information. This is referred to as ciphering in the GPRS specification, and it is an option utilized on the networks formerly owned by AT&T Wireless. Not all GPRS operators employ this option.

For GPRS/EDGE connections, encryption occurs between the GPRS or EDGE device and an infrastructure element called the SGSN (a relatively centralized node). Encryption spans not only the radio interface, but a portion of the wireline infrastructure as well and includes Base Transceiver Stations (BTSs), Base Station Controllers (BSCs), and all of the connections leading to the SGSN. For UMTS, encryption is between the UMTS device and the Radio Network Controller (RNC.) For both GPRS/EDGE and UMTS connections, encryption occurs below the IP layer within the MS. You can further protect communications by employing encryption mechanisms at higher layers such as by employing your own VPN or using SSL.

Following authentication, the network and MS calculate a 64-bit encryption key for GPRS/EDGE connections by applying a key-generating algorithm known as A8 to two values: the secret subscriber key and a random number previously used for authentication.

Once the encryption key is derived, communication between the MS and the GPRS/EDGE network is encrypted using an algorithm called GPRS-A5, a modified version of the A5 algorithm used in GSM networks for voice communication. GPRS-A5 is optimized for packet-data communications. This algorithm is also referred to as GPRS Encryption Algorithm (GEA). Both A5 and GPRS-A5 are based on an algorithm called COMP128. The first version of GPRS encryption was called GEA1. The current version is GEA2.

For UMTS connections, Cingular Wireless uses UMTS Encryption Algorithm1 (UEA1), which is based on a mode of operation of a block cipher called Kasumi (see 3GPP technical specification 35.202.)

The protocol level that handles encryption for GPRS/EDGE connections is called the Logical Link Control (LLC) layer. The LLC operates between the MS and SGSN at layer two of the network reference model (see Figure 2). Both signaling (control) information and user data are processed by the LLC layer; therefore, the network keeps both user data and control

devCentral White Paper 12 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

information (such as the user’s location) confidential. Note that the networking protocols used in the UMTS network differ slightly from those shown in the figure. In UMTS, the LLC layer is replaced with a layer called Packet Data Convergence Protocol (PDCP).

Figure 2: GPRS/EDGE Protocol Diagram Showing Encryption

GSM RFMAC

LLC

SNDCP

IP

GSM RFMAC Frame Relay Frame Relay

LLC TCP/UDP

IP

Layer 2

TCP/UDP

IP

Layer 2

IP

MobileStation

Base StationSubsystem

Serving GPRSSupport Node

Gateway GPRSSupport Node

SNDCP: Subnetwork Dependent Convergence ProtocolLLC: Logical Link ControlRLC: Radio Link Control

MAC: Medium Access ControlGSM RF: GSM Radio Frequency LayerBSSGP: Base Station Subsystem GPRS ProtocolGTP: GPRS Tunnel Protocol

RLCRLCRelay

BSSGP BSSGP

Layer 1Layer 1Layer 1Layer 1

SNDCPRelay

GTP GTPEncrypted Communications

Encryption also protects information about user identities. Prior to encryption, the network protects user identities by minimizing transmission of user identity information and by using temporary identifiers.

The encryption key between the MS and the GPRS/EDGE network changes each time the mobile system connects to the network. This means that even if an attacker were to determine the key for one session, the key would be useless for subsequent sessions. In addition, the network can update the keys at periodic intervals.

To eavesdrop on the radio signal, an attacker would first require specialized equipment to extract your data transmission, especially as the radio signal is broken into time slots and the radio carrier may be frequency hopping. Then to decrypt the encrypted data, the attacker would need to launch a significant brute-force attack. At the time of the writing of this document, there are no published reports known to this author

devCentral White Paper 13 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

regarding successful attacks on the encryption of public GSM/GPRS/EDGE networks.

If you have extremely sensitive data and are concerned about the strength of GPRS/EDGE/UMTS encryption, you may also be concerned about data not being encrypted within the GPRS/EDGE and UMTS infrastructure networks. Hence, you should consider encrypting your data sessions on an end-to-end basis using a VPN, at the application level or using other approaches.

Note: GPRS encryption is more secure than the security used in many Wireless Local Area Networks (WLANs) technologies where attackers can eavesdrop simply using subscriber equipment and readily available software.

Details of the GSM/GPRS algorithms, including A5, GPRS-A5, and A8, are not publicly disclosed. However, UMTS algorithms are publicly available.

In the future, carriers will be able to deploy an enhanced GPRS/EDGE encryption system referred to as GEA3, which is based on an algorithm called A5/3, which in turn is based on the Kasumi algorithm, also used in UMTS networks.

5.1 Comparison with CDPD

You may be interested in a comparison of GPRS encryption and the encryption used in Cellular Digital Packet Data (CDPD) networks. GPRS authentication and encryption differs from CDPD networks. With GPRS, authentication precedes derivation of the encryption key, whereas with CDPD, derivation of the encryption key precedes authentication.

The CDPD network formerly owned by AT&T Wireless uses a 128-bit encryption key in conjunction with the RC4 algorithm. The larger encryption key length makes CDPD theoretically more difficult to attack than GPRS; however, GPRS encryption mechanisms should suffice for most applications.

devCentral White Paper 14 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

6. GPRS/EDGE/UMTS Network Infrastructure

Security of the GPRS/EDGE/UMTS network infrastructure involves the home network, as well as any roaming network you may be using. Since different operators can implement different security approaches, the security environment may differ when roaming. This section discusses the network infrastructure first, and then discusses what occurs when roaming.

6.1 Cingular Wireless Network

Cingular Wireless makes security a high priority and employs various mechanisms beyond those specified in the GPRS specifications to help protect customer data, customer networks, customer Mobile Stations, and its own network.

Communication between the SGSN, GGSN, and other GPRS elements occurs over a private IP network. Between the SGSN and GGSN, the network transports user data using the GPRS Tunneling Protocol (GTP) (outlined in Figure 3). GTP itself does not include any security mechanisms.

Other nodes (such as the HLR, which contains subscriber information) are protected by being accessible only through SS7 signaling networks, which are not publicly accessible.

Cingular Wireless takes precautions to protect its network against unauthorized traffic, eavesdropping, and denial of service. For example, Cingular Wireless maintains firewalls that restrict unauthorized traffic in its connections to other networks such as customer networks, the Internet, and other carriers. Any customer traffic directed at GPRS/EDGE and UMTS network elements is discarded. In addition, Cingular Wireless employs intrusion detection.

Although the network employs various means of protecting against unauthorized traffic and eavesdropping, you should consider security measures of your own (such as VPNs) if you have sensitive applications.

6.2 Roaming Scenario

Inter-service-provider (i.e., inter-carrier) security is of concern when an MS operates in a different carrier’s GPRS/EDGE/UMTS network. What are the security implications of an MS operating in this fashion and of the wide-

devCentral White Paper 15 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

area connection between carriers? First, GPRS/EDGE/UMTS carriers must have roaming agreements in place for data service. Second, GPRS/EDGE/UMTS carriers must have their networks interconnected, either through direct links or via an interconnecting network sometimes referred to as a GPRS Roaming Exchange (GRX) (see Figure 3). Note that at this time with current devices, UMTS roaming is not possible because there currently are no other North American UMTS operators, and because Cingular Wireless operates its UMTS network in a different frequency band than UMTS operators in other parts of the world.

The node between the carrier network and the GRX of other carriers is called the border gateway, which has the principal function of blocking unauthorized traffic. The type of traffic that it allows includes user data communications (carried by the GPRS tunneling protocol), domain name service queries, routing protocols (e.g. border gateway protocol), and signaling protocols. However, you should not make any security assumptions about the privacy of their data with inter-carrier connections.

Figure 3: GPRS/EDGE Roaming

SGSNBSCPrivate IP Network

(GPRS/EDGEOperator 1)

BTS

MobileStation

MobileStation

GPRS/EDGE Provider 1SGSN

BG

BG: Border GatewayBTS: Base Transceiver SubsystemBSC: Base Station ControllerGGSN: Gateway GPRS Support NodeSGSN: Serving GPRS Support Node

GGSN,firewall

Internet

GPRS/EDGERoamingExchange

SGSNBSCBTS

MobileStation

MobileStation

GPRS/EDGE Provider 2

Private IP Network(GPRS/EDGE

Operator 2)

BG

GGSN,firewall

PrivateIntranet

GGSN,firewall

PrivateIntranet

devCentral White Paper 16 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

When an MS is operating in a visited carrier’s GPRS/EDGE or UMTS network, the SGSN in the visited carrier’s network serving area authenticates the MS using the same mechanisms as discussed in Section 4, Network Access Authentication. The difference is that the visited carrier’s HLR does not contain the subscription information, so the SGSN obtains this information from the HLR in the subscriber’s home network. This process is similar to voice authentication when roaming. Once authenticated, communication is encrypted between the MS and the SGSN as previously discussed, so long as that carrier supports encryption. As noted previously, not all carriers employ encryption.

Most carriers have configured their networks and accounts so that when operating in another carrier’s area, a user establishes a Packet Data Protocol (PDP) context between their MS and home network GGSN, using their existing Access Point Names (APNs). The result is that the IP address allocated to the customer will be from the same pool as if the customer was in the home network.

All data to and from the MS is routed via the home network GGSN, and any security provisions (e.g. whether or not data can be routed to/from the Internet) will apply (shown with the red line in Figure 3). In addition, all of your services (e.g. optimization server, WAP gateway, and fixed-end connections) remain accessible. The advantage of this approach is that a user has a consistent experience with most of the same security provisions.

In the future, it may be possible to access other APNs (such as direct Internet service via the visited carrier). This may have implications on security that you will need to consider.

With respect to encryption, not all GPRS/EDGE/UMTS carriers employ this option; therefore, if you are relying on GPRS encryption, you should confirm whether it is offered by the roaming partner.

devCentral White Paper 17 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

7. IP Address Management

The GPRS/EDGE and UMTS networks formerly owned by AT&T Wireless are IP-based, and support multiple types of IP addresses. The type of IP address used has various security implications. The default IP address used by the GPRS/EDGE and UTMS networks formerly owned by AT&T Wireless is a private, dynamically assigned IP address. To communicate with public networks, private addresses are translated to public addresses at the boundary of the private network and the public network. This process is called Network Address Translation (NAT). Private IP addresses support most customer applications; however, a number of addressing options are provided beyond this to address specialized circumstances, including public IP addresses, addresses assigned from a pre-designated range, static IP addresses and customer-supplied IP addresses.

The type of address used is determined by the Access Point Name (APN), which also specifies the external network that the MS can access. There are two types of APNs that are used on the networks formerly owned by AT&T Wireless: general purpose APNs and custom APNs. General purpose APNs are designed to meet the basic needs of large numbers of end-users, including both business users and consumers. Custom APNs are designed to address the needs of a specific enterprise business and are only available to end-users of that enterprise. Custom APNs and additional addressing options are discussed in the next section. Custom APNs are not currently available for UMTS.

There are three general purpose APNs: proxy, public, and Internet. With the proxy APN, a user receives a private IP address, and with the public and Internet APNs, a user receives a public IP address. With both proxy and public APNs, network firewalls prevent mobile-terminated traffic. This means any data sent to a mobile station must be in response to previous outgoing traffic originated by the MS. However, mobile-terminated traffic from the Internet is allowed with the Internet APN. Only the proxy and public APNs are currently available for UMTS.

The security implications of these addresses are summarized in Table 2.

devCentral White Paper 18 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

Table 2: Security Implications of Different IP Addresses

Type of IP Address Security Implications Private IP Address (default, uses proxy APN)

The network firewall prevents mobile-terminated traffic. More difficult for external attackers to reach mobile stations because network address-translation function is a firewall that masks the internal private IP addresses. Some VPNs may need to be configured appropriately to function with network address translation that is employed with private IP addresses.

Public IP Address (uses public APN)

The network firewall prevents mobile-terminated traffic. Allows all VPNs to function.

Public IP Address (using Internet APN)

Mobile-terminated traffic allowed from the Internet. Traffic from other MS allowed if those MS also can route to the Internet. Dynamic DNS allows you (and others) to obtain the IP address of the MS based on its name (e.g. phone number).

Custom IP Addressing Options (requires custom APN)

Discussed in Section 8 Security Options for Custom Access Point Names (APNs).

The IP address assigned to the MS is pseudo-random, pulled from a pool of addresses configured in the network infrastructure for each designated APN (including custom APNs). With static IP addresses, the network always assigns the same IP address to an MS.

Since the Internet APN allows traffic from the Internet, you need to consider suitable protection at the MS against attacks such as viruses, worms, and denial of service.

How the GPRS/EDGE network formerly owned by AT&T Wireless manages IP addresses (including such topics as APNs and dynamic DNS) is explained in detail in the IP and APN Management in the Cingular Wireless GPRS/EDGE/UMTS Network white paper, available for download from the Cingular Wireless devCentral Web site http://cingular.developer.com/.

devCentral White Paper 19 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

8. Security Options for Custom Access Point Names (APNs)

In addition to specifying the external networks that a mobile station can access, the APN also defines the type of IP address to use, security mechanisms to invoke, available value-added services, redundancy, and the type of fixed-end connection.

Custom APNs provide significant flexibility in specifying the security aspects of communications with the Mobile Station and with communications with your enterprise network. Cingular Wireless provides a wide range of options in this area. Note that custom APNs are not currently available for UMTS.

APNs are defined as part of a subscriber account and provisioned in Home Location Register and in the Subscriber Identity Module (SIM). An MS can have access to more than one APN, though each PDP Context specifies a specific APN to use. Section 7 IP Address Management discusses the security implications of the public, proxy, and Internet APNs.

Table 3 summarizes the custom APN options that have security implications. Subsequent sections discuss the options in greater detail.

Table 3: Security-Related Options and Implications for Custom APNs

Category Options Comments Public or private Customer can specify whether to use a public or

private IP addresses. Specified range - customer provided

Allows customer to filter on source address. MS cannot communicate with the Internet other than through customer’s infrastructure network.

Specified range - Cingular Wireless provided

Allows customer to filter on source address. MS can optionally communicate with the Internet through the Cingular Wireless Internet gateway.

Static Static IP addresses result in the same public IP address being assigned to a device for each PDP context. This simplifies firewall filtering and device identification.

IP Addressing

Dynamic DNS Dynamic DNS allows you (and others) to obtain the IP address of the MS based on its name (e.g. phone number.) You can change the name to increase privacy.

devCentral White Paper 20 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

Category Options Comments Block Internet Gateway

Customer can specify whether MS can communicate with the Internet through the Cingular Wireless gateway. (Note that Internet access is not available for customer-supplied IP addresses or for private addresses.)

MS to Commercial Connectivity Services (CCS) routing

Customer can specify whether only their MS can reach their CCS connection (typical case), or whether any MS can do so (rare and unusual case.)

CCS to CCS routing

Never allowed.

CCS to Internet routing

Never allowed.

Mobile termination Customer can specify whether mobile termination is allowed (typically needed for push applications like dispatch.) If enabled, MS is more vulnerable to attacks.

Firewall

MS to MS Only allowed for MS where mobile-terminated is enabled. If Internet communications is disabled for the custom APN, source MS can only be another MS using the same custom APN. Otherwise, source MS can be any MS able to communicate with the Internet.

8.1 IP Addressing Options for Custom APNs

With a custom APN, you can choose either private IP addresses or a public IP address. This choice may have security advantages depending on your internal network infrastructure. Since in most cases a custom APN involves a dedicated fixed-end connection between the GPRS/EDGE network formerly owned by AT&T Wireless and your network, custom APNs use public IP addresses as this facilitates network routing. See Section 9, Commercial Connectivity , for more information on fixed-end connections.

An important addressing option is to use a specified range of IP addresses (in contiguous blocks) for your mobile devices. There is no one-to-one correspondence between devices and IP addresses, but the specified range allows your firewall to filter based on the source address of the MS. The blocks of addresses can be assigned either by you or by Cingular Wireless. Cingular Wireless-supplied IP addresses can optionally route to the Internet, whereas IP addresses supplied by you (customer-supplied IP

devCentral White Paper 21 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

addresses) will only route to your network. Usually, IP addresses supplied by you are public, but they can also be private addresses.

Another important option is static IP addresses, where the network assigns the same public IP address being for each PDP context. This simplifies firewall filtering and device identification. However, having the same long-term IP address does make an MS slightly more vulnerable to attack because its identity remains the same.

8.2 Firewall Options for Custom APNs

Cingular Wireless allows you to specify the allowable routes for IP traffic. As mentioned in the previous section regarding IP addressing options, you can specify whether the IP the MS can communicate with the Internet using the Cingular Wireless Internet gateway. However, Internet access is not available for customer supplied IP addresses, other than via your network.

Most custom APNs involve the Commercial Connectivity Services (CCS) (see Section 9 for a discussion of CCS), which is a network connection between the GPRS/EDGE network formerly owned by AT&T Wireless and your network. You can specify whether only your MS can reach your CCS connection, or whether any MS can do so. The typical case is that only your MS can do so, but a content provider might want to make the CCS connection available to any MS.

Firewall rules prevent communications between CCS connections and between CCS connections and the Internet.

You can also specify whether to allow mobile terminated traffic. This is important for applications such as dispatch that need to push data to the MS. With the public and proxy APNs mobile termination is never allowed, meaning that any traffic directed at the MS must be in response to traffic originated by the MS. Mobile-termination, however, is allowed for the Internet APN. Mobile termination does make the MS vulnerable to attacks from external network. It is your responsibility to protect against such attacks.

Note: With custom APNs, mobile-terminated traffic can originate only via your fixed-end connection. Cingular Wireless does not allow access to its Internet gateway when mobile termination is enabled (except for the Internet APN).

devCentral White Paper 22 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

In general, for custom APNs the network prevents direct MS-to-MS communications. It is only allowed for the MS where mobile-terminated is enabled. If Internet communications are disabled for the custom APN, the source MS can only be another MS using the same custom APN. Otherwise, the source MS can be any MS able to communicate with the Internet, including those using the general-purpose proxy and public APNs.

devCentral White Paper 23 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

9. Commercial Connectivity Services

As important as the radio interface in determining overall security is the connection between the GPRS/EDGE network formerly owned by AT&T Wireless and your network. This is called the fixed-end connection. There are a number of options for the FES connection:

1. Commercial Connectivity Service, Frame Relay: Cingular Wireless offers a service that employs frame relay Permanent Virtual Circuits (PVCs) between the GPRS/EDGE network and your network. Though frame relay connections do not encrypt data, they are relatively private and operate over a layer two switching network that does not route to the Internet. The advantage of this approach is that it offers privacy, predictable bandwidth, and low latency. The disadvantage is that it often involves additional networking elements and higher operating costs.

2. Commercial Connectivity Service, Network VPN: This option consists of a VPN connection between the GPRS/EDGE network formerly owned by AT&T Wireless and your network that traverses the Internet, using the GPRS/EDGE Internet gateway formerly owned by AT&T Wireless and your connection to the Internet. This is a server-to-server VPN connection, as opposed to a client-to-server VPN connection that might be installed by a customer on their MS. The VPN secures communication using the IPSec security specification, which includes 3DES (triple data encryption standard) and shared keys. The advantage of this approach is that you can leverage your existing Internet connection as well as an existing IPSec VPN Appliance. This approach usually costs less than frame relay. A CCS Network VPN connection can also serve as a backup for frame relay.

3. Native Internet: User data traffic can traverse via the Internet from the GPRS/EDGE and UMTS networks, which have a connection to the Internet, and your network, which also has a connection to the Internet. You must configure your firewalls appropriately, and typically use your own VPN to secure communications. Section 10 Customer-Supplied VPN explores customer-supplied VPNs in greater detail.

The connectivity options are shown in Figure 4. Options A and B are not available for UMTS.

devCentral White Paper 24 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

Figure 4: Fixed-End Connectivity Options

GPRS/EDGENetwork

(formerly owned byAT&T Wireless)

Internet

Frame RelayNetwork

(formerly owned byAT&T Wireless)

Customer CNetwork

Customer ANetwork

Customer BNetwork

CCS NetworkVPN

Customer VPN

A custom APN is almost always used with a CCS connection.

devCentral White Paper 25 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

10. Customer-Supplied VPN

You may choose to deploy your own VPN solution, consisting of two components: client VPN software installed on the MS, and a VPN server/router located on your network. Since GPRS provides an IP-based communications service, virtually all VPN solutions can be used. Many organizations have already deployed VPN systems to provide workers with remote access to their networks either via dial-up connections or through the workers’ ISP connections. These same VPN systems can be used with GPRS, providing you the following benefits:

A consistent VPN for all remote access The ability to use the Internet for back-end communications that

takes advantage of your existing Internet connection User authentication, encryption, protection against tampering, and

for some VPNs, access control Secure communications that span from the MS to your network Protection against attacks on the MS such as personal firewalls

offered with some VPNs Your VPN can also be used in conjunction with a CCS connection, though this may result in more privacy protection than most customers need.

Cingular Wireless has conducted in-depth testing of mainstream VPN products to ensure compatibility with GPRS/EDGE/UMTS, to measure performance characteristics, and to determine optimal VPN configurations. Testing so far has included products from all the major VPN suppliers: Checkpoint Technologies, Cisco Systems, IBM, Lucent, Microsoft, NetMotion Wireless, and Nortel. Results of such testing have been uniformly positive.

Some VPN products, such as NetMotion Mobility, are designed specifically for wireless connectivity and provide some unique advantages, including bandwidth optimization through compression and session maintenance in the event of temporary loss of connection or change in an underlying IP address.

Note: When using a VPN, data over the radio interface is encrypted twice, once by the VPN and again by GPRS/EDGE/UMTS. This is also the case when using SSL connections.

devCentral White Paper 26 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

There are some items that you need to consider when using VPNs, particularly those not optimized for wireless connections. First, many VPNs impose some amount of communication overhead, which decreases throughput. Typical overheads are in the five to ten percent range. Some VPNs employ compression techniques that, depending on the application, can actually increase throughput.

A temporary loss of connection will generally require the user to restart a tunnel, which typically takes about 20 seconds. Finally, if you are using a private IP address, you may have to configure your VPN appropriately, as the network address translation performed in conjunction with private addresses can interfere with some VPN configurations. You may need to resolve routing issues that could interfere with VPN operation if your network employs private addresses that are the same as the private addresses assigned by the Cingular Wireless network (10.0.0.0 address space.)

These are all relatively minor issues and many customers successfully use their VPNs over GPRS/EDGE/UMTS. It is important to configure the VPN for best operation over GPRS/EDGE/UMTS. In addition to specifying operation with private IP addresses (NAT traversal), there may be timeout values or other items that need to be adjusted. You should check with Cingular Wireless or the VPN vendor for information on how best to use the VPN with GPRS/EDGE/UMTS.

devCentral White Paper 27 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

11. WAP Security

The Wireless Application Protocol (WAP) is an industry specification managed by the Open Mobile Alliance (http://www.openmobilealliance.org/). The objective of this alliance is to bring Internet content and enterprise data to mobile telephones. All phones configured for the GPRS/EDGE/UMTS network formerly owned by AT&T Wireless contain a WAP browser, and may contain other clients that use WAP (e.g. Java applications, messaging clients, and content download clients). Devices such as the Pocket PC using Pocket Internet Explorer can also access WAP content. The networks formerly owned by AT&T Wireless use WAP versions 1.2.1 (WAP1) and 2.0. (WAP2).

The security mechanisms available for GPRS/EDGE/UMTS also apply to WAP communications. The GPRS/EDGE/UMTS network authenticates the mobile telephone and encrypts the radio interface just as it does any other GPRS, EDGE or UMTS device. However, WAP employs additional security mechanisms.

WAP1 consists of a set of protocols between the WAP client and a gateway, and a separate set of protocols between the gateway and what is called the origin server, as shown in Figure 5.

devCentral White Paper 28 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

Figure 5: WAP1 Security Architecture

Non-secure session Non-secure requestusing HTTP Non-Secure site

Secure site

GPRS/EDGE/UMTS

Network(formerly owned by

AT&T Wireless)WAP1

GatewayOrigin (Application)

Server

Internet

WTLS-secured session

Secure HTTP requestSecure or non-secure WSPrequest

Secure or non-secure WSPrequest

SSL-secured connection

The communication between the WAP1 client and the gateway is optimized for the wireless medium, whereas communication between the gateway and the origin server is based on standard Internet protocols.

The key element of WAP1 security is a security protocol called Wireless Transport Layer Security (WTLS), which operates between the WAP browser on the mobile device and the WAP gateway. WTLS is a wireless optimized version of TLS, offering confidentiality through data encryption.

Security for WAP1 client requests is affected by:

The over-the-air WAP session protocol in use by the client, either non-secure WAP using WSP (Wireless Session Protocol) only, or secure WAP using WSP over WTLS

The type of site being accessed, either secure (https://) or non-secure (http://)

devCentral White Paper 29 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

Secure sites can be accessed during non-secure WAP sessions. In this case, only the Internet leg of the connection will be secure. Note that the latest version of the WAP1 protocols do not allow clients to access secure sites within non-secure sessions (a separate, secure session must be established in addition to the non-secure session). However, with focus on deployment of new clients as WAP2, the number of WAP1 clients supporting this standard may be limited.

The WAP Gateway formerly owned by AT&T Wireless supports WTLS security protocols as shown in Table 4.

Note: Devices typically support a subset of these protocols.

Table 4: Supported WTLS Protocols (for the networks formerly owned by AT&T Wireless)

Key-exchange Suites DH_anon_768 DH_anon_512 RSA RSA_768 RSA_512 RSA_anon RSA_anon_768 RSA_anon_512

Bulk-encryption Algorithms RC5_CBC_128 RC5_CBC_56 RC5_CBC_40 NULL

Message Authentications Codes (MAC) SHA_80 SHA_40 SHA

Though WTLS provides additional privacy, its encryption is somewhat redundant with GPRS/EDGE/UMTS encryption and it imposes a performance penalty. This penalty is generally unnoticeable after a secure session has been established because the algorithms are efficient, but the initial session establishment can involve delays of an additional 10 to 20 seconds. For that reason, your devices can have WTLS turned off. However, WTLS is supported in the network and you can easily enable or disable it either through a security on/off menu setting in some phones, or by specifying communications port 9203 to turn it on or port 9201 to turn it off in other phones.

devCentral White Paper 30 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

The WAP1 gateway acts as a proxy on behalf of WAP1 clients, adapting the WAP1 over-the-air protocol to the Internet-standard protocols used by origin servers. Between the gateway and origin server, SSL 3.0 (also called SSLV2) is used to secure communications. SSL includes authentication and encryption mechanisms, as well as support for public-key certificates.

The WAP1 gateway formerly owned by AT&T Wireless supports the SSL protocol options shown in Table 5.

Table 5: Supported SSL Protocols (for the networks formerly owned by AT&T Wireless)

Key-exchange Suites RSA_1024 RSA_2048

Bulk-encryption Algorithms NULL RC4_40 RC4_128 DES_40 DES_56 3DES_168

Message Authentication Code (MAC) Algorithms

MD5 SHA-1

WAP2 is based on standard Internet protocols, including TCP/IP, HTTP, and TLS (Transport Layer Security), defined in RFC2246. TLS 1.0 (also known as SSL 3.1) is the current standard for Internet transport security, and is based upon the Secure Sockets Layer (SSL) 3.0 specification, defined in http://wp.netscape.com/eng/security/SSL_2.html. TLS 1.0 is the primary security protocol for WAP2 devices. Note that because WAP2 is based upon standard Internet protocols, WAP2 network infrastructure (e.g. WAP gateways and content servers) also support SSL-based client security such as used in desktop browsers or other Internet-standard clients.

TLS/SSL can operate either on an end-to-end basis (either direct or via a proxy) or a hop-by-hop basis. Note that hop-by-hop TLS/SSL support is not enabled in the AT&T Wireless WAP2 gateway.

Because WAP2 is based upon standard Internet protocols, operation via a proxy (e.g. WAP gateway) is optional. Phones configured for the networks formerly owned by AT&T Wireless are by default configured to use the

devCentral White Paper 31 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

WAP2 gateway formerly owned by AT&T Wireless as the proxy for the browsing client. Other clients may use the same configuration as the browser, or have their own configuration that does not use the WAP2 gateway formerly owned by AT&T Wireless.

When operating via a proxy, clients use TLS/SSL Tunneling to create a secure end-to-end connection (tunnel) through the proxy as needed, via the Internet-standard HTTP CONNECT method. TLS/SSL Tunneling creates an end-to-end TLS/SSL connection over two TCP links, one between the client and gateway and the other between the gateway and origin server. The WAP gateway has no visibility to any data passed through a TLS/SSL tunnel.

When operating without a proxy, clients establish direct TLS/SSL connections to origin servers as needed.

Figure 6: WAP2 Security Architecture

Non-secure requestusing HTTP

Non-secure requestusing HTTP Non-Secure site

Secure site

GPRS/EDGE/UMTSNetwork

(formerly owned by AT&TWireless) WAP2

Gateway Origin (Application)Server

Internet

Wireless TCP connection Internet TCP connectionSSL/TLS Tunnel

Secure request using HTTP

devCentral White Paper 32 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

Since secure requests in WAP2 are tunneled, for those requests the WAP gateway cannot provide any per-request services such as user identity delivery, content compression, translation, or cookie management. The Cingular Wireless Developer program provides guidelines for secure application development on WAP2 phones that address these issues.

With WAP 1.21, data is decrypted at the gateway from WTLS and re-encrypted using SSL. Cingular Wireless physically protects the gateway. In addition, firewalls limit network access to the WAP gateway. The net result is a secure connection all the way from the WAP phone to the Web server, as shown in Figure 7. You can also install a WAP gateway within your own network; however, no direct support for installation of WAP gateways is provided for the networks formerly owned by AT&T Wireless.

Figure 7: WAP Protocols as Deployed (on networks formerly owned by AT&T Wireless)

ContentProvider

DeviceWAP1 Gateway

WebServer

HTTP 1.1+ PAP

SSL, TLS

TCP

IP

HTTP 1.1+ PAPProxy

SSL, TLS

TCP

IP

WAP1 GatewayWAP Push Proxy Gateway

WSP

WDP

SMS

WTP

WTLS

UDP

IP

WSP Client

WDP

SMS

WTP

WTLS

UDP

IP

WAP1 Client

Device

HTTP 1.1Client

TLS

TCP

IP

WAP2 Client

WSP

WDP

SMS

WAP2 Gateway

HTTP 1.1Proxy

SSL, TLS

TCP

IP

WAP2Gateway

The WAP1 Gatewayprovides all WAP PushProxy Gateway (PPG)service. Most WAP Push(and all to WAP2 phones)is delivered over SMS.

WAP devices require at leasttwo stacks: a connection-oriented stack (WAP1 or WAP2,or both), and a connectionlessstack (WAP1 Push over SMS)

WAP1 security is point-to-point: WTLS (an optimizedTLS) over-the-air, and SSLbetween the gateway andweb server. This results inthe “WAP Gap” at the WAPgateway.

Although WAP2 provides aconnection-oriented Pushservice (OTA-HTTP), supportfor it is not yet deployed

With WAP1, WTLS and SSL operate independently. SSL will be invoked between the WAP gateway and the origin server whenever the browser uses an URL of the form https://, regardless of whether WTLS is used between the client and WAP gateway. Similarly, it is possible for WTLS to

devCentral White Paper 33 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

be engaged, but for the WAP1 gateway to not use SSL in communications with the origin server.

You can optionally use a CCS connection between your network and the GPRS/EDGE network formerly owned by AT&T Wireless, though for many applications the SSL/TLS security is sufficient.

If you need to install firewall rules to enable access from the network formerly owned by AT&T Wireless Services, Cingular Wireless can supply the source IP addresses of its WAP gateways.

With respect to public-key certificates, Cingular Wireless installs VeriSign client SSL certificates on the WAP1 gateway servers. SSL-enabled Web servers serving secure content to WAP1 clients must have a certificate issued by specific commercial certificate authorities. Cingular Wireless does not allow SSL connections to hosts with self-signed certificates. Certificates signed by Certificate Authorities (CAs) other than those appearing below will not be accepted. WAP1 client requests to secure links at hosts with SSL certificates not signed by one of the CAs in the list below will fail.

For WAP2 clients, the CA root certificates below are recommended to device vendors for pre-installation. Note that since WAP2 devices support varying numbers of root certificates, and each device vendor arranges pre-installation of the certificates with each CA, the set supported by each device will vary. Currently, WAP2 devices do not generally support the download of new root certificates. Generally, if a WAP2 client cannot validate a server certificate against the pre-installed set of root certificates, the SSL connection setup will not fail, but the user will receive a warning and be given the option to proceed upon each connection to the secure server.

Table 6: Recommended SSL Certificate Authorities (for use with networks formerly owned by AT&T Wireless

Certificate Authority Root Certificates In WAP1 Gateway In WAP2 Devices (recommendation)

Thawte Premium Server CA Yes Yes

Thawte Server CA Yes Yes

RSA Secure Server Certification Authority Yes Yes

VeriSign Class 1 Public Primary Certification Authority Yes No

devCentral White Paper 34 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

Certificate Authority Root Certificates In WAP1 Gateway In WAP2 Devices (recommendation)

VeriSign Class 2 Public Primary Certification Authority Yes No

VeriSign Class 3 Public Primary Certification Authority Yes Yes

VeriSign Class 1 Public Primary Certification Authority—G2 Yes No

VeriSign Class 2 Public Primary Certification Authority—G2 Yes No

VeriSign Class 3 Public Primary Certification Authority—G2 Yes Yes

VeriSign Class 4 Public Primary Certification Authority—G2 Yes No

VeriSign Class 1 Public Primary Certification Authority—G3 Yes No

VeriSign Class 2 Public Primary Certification Authority—G3 Yes No

VeriSign Class 3 Public Primary Certification Authority—G3 Yes Yes

VeriSign Class 4 Public Primary Certification Authority—G3 Yes No

Baltimore CyberTrust Root No Yes

GTE CyberTrust Global Root No Yes

RSA Security 1024 V3 No Yes

Entrust.net Certification Authority (2048) No Yes

Entrust.net Secure Server Certification Authority No Yes

GlobalSign Root CA No Yes

The networks formerly owned by AT&T Wireless also support WTLS certificates for WTLS Class 2 authentication of the WAP gateway (server authentication). WTLS server authentication requires a WTLS Class 2 CA root certificate to be installed in the WAP phone. Phones that were sold by and provisioned for the network formerly owned by AT&T Wireless were delivered with this certificate pre-installed. Phones not sold by or configured in this manner may not have the correct certificate (Entrust.net WAP CA), which then must be acquired by the customer from Entrust (http://www.entrust.com/). Cingular Wireless provides no direct support for user installation of WTLS Class 2 CA root certificates.

For highly sensitive applications, Cingular Wireless does not recommend the use of Class 1 or 2 certificates from VeriSign. Meanwhile, Class 4 certificates are intended for future usages so Cingular Wireless recommends that customers use Class 3 certificates. Each CA has a certification practice statement that describes the different certificate levels. Customers should read these to ensure that their security

devCentral White Paper 35 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

implementations are met. For example, mobile commerce applications may demand higher security levels than applications that exchange information with little economic value. As a minimum, Cingular Wireless recommends 1024-bit security.

In some cases, the fingerprint of the CA may differ from the certificate authority installed by Cingular Wireless, since in some cases there are multiple instances of each CA (e.g. VeriSign Class 3 Public Primary Certification Authority). SSL CA fingerprints are available from Cingular Wireless upon request.

devCentral White Paper 36 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

12. Other Security Topics

There are a variety of other security topics that pertain to using GPRS/EDGE/UMTS. These include RIM BlackBerry security, SSL-based security, and application-level security.

12.1 Short Message Service (SMS)

GSM technology allows an SMS to be delivered using either GSM or GPRS channels. The network formerly owned by AT&T Wireless uses GSM channels. SMS messages are protected against eavesdropping using the same A5 encryption algorithm as used for GSM voice communications.

12.2 Digital Rights Management

Digital Rights Management (DRM) refers to the protection of content, and is supported by many phones. An example is Forward Lock, where a content server can package a media object such that when it is downloaded by the phone, the phone will ensure that the object never leaves the phone. Several current phones also support Combined Delivery, which adds the ability to include absolute timestamps, elapsed times, and/or play counts that cause the object to become unusable after the applicable condition has been met. Refer to Cingular Wireless devCentral at http://developer.cingular.com/ for further information.

12.3 RIM Blackberry Security

In addition to GSM/GPRS network-level security, RIM BlackBerry service employs additional security through the encryption of communications between the device and the BlackBerry Enterprise Server. Encryption is based on Triple Data Encryption Standard (Triple-DES). Further information is available in: BlackBerry Security Technical White Paper for Lotus Domino, and BlackBerry Security Technical White Paper for Microsoft Exchange referenced in Section 1.3.

devCentral White Paper 37 03/28/05 12792 Rev. 6.0 © 2005 Cingular Wireless LLC

Secure Application Deployment with GPRS/EDGE/UMTS

12.4 Application-Level Security

In addition to the security mechanisms provided by the GPRS/EDGE and UMTS networks formerly owned by AT&T Wireless and the VPNs that you may choose to deploy, many applications employ security features that can augment network level security solutions. For instance, both Microsoft Exchange and Lotus Notes have digital signing and encryption options. You should investigate whether your applications have similar security options.

12.5 SSL-Based Security

If you are deploying a Web-based application, you can secure communications at the transport layer using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), which are supported by most browsers and Web servers. Securing communications at the transport layer is complementary with the GSM/GPRS security architecture.

In addition, there is a trend for VPNs to use SSL, as this leverages already-installed browsers and obviates the need for VPN client software at the mobile station. This approach also allows secure end-to-end connections to be established between the mobile client and the application server, as opposed to traditional VPN approaches where the VPN terminates at the edge of your network.