On Sunday, January 6, 2002, at 02:53 , Michael Whitten wrote:
> Of course. However, you need an authentication scheme that actually
> works.
> 802.11b is inherently insecure.
The point is that the authentication sits on top of 802.11b, just like
SSL travels on top of IP in the public internet. It doesn't need to be
built into the transport or session layers, it can sit on top of the
application layer.
>> cellular networks authenticate mobiles. Services such as telephony
>> could
>> require the use of a SIM card which is authenticated by the issuer of
>> the card or one could use RF fingerprints (no two radios have the same
>> RF signature, Corsair have a technology based on this to identify
>> cellphones).
>>
> This would work, however, there actually needs to be some kind of
> cross-platform protocol to do this. Or in the case of a SIM card, you
> would
> need a reader. How would you connect this reader to, say, and iBook?
> The RF
> sig would actually work if it is incorporated in to a protocol of some
> kind.
> Currently there is no such protocol that actually does this.
A SIM card reader can be incorporated into the transceiver unit, i.e.
WiFi card. This is the case with GSM data cards that do not require an
external phone but are self contained radios.
The RF signature (in Corsair's technology) is detected by the base
station by way of measuring the RF of the mobile. When a mobile tries to
sign on, the exchange queries a so called HLR (a database with
subscriber details and service parameters). The HLR either holds the RF
signature of authorised users or it has access to an external database
that holds the RF signature. As part of the sign on process the base
station transmits the observed RF signature to the HLR where it is
compared with the signature on file. If the two match up sign-on is
allowed otherwise rejected.
In a WiFi environment all that is needed is the ability by the base
station to
a) detect the RF signature by measuring the incoming radio signal
b) communicate the measured data to a remote database/authentication
node over its backbone
the protocol to communicate with the remote database can be anything and
may as well be proprietary, but would obviously use encryption in order
to protect the transmitted RF signature from eavesdropping and to make
sure that the base station knows who it is talking to.
Also, there are protocols for authenticating mobile terminals. GSM, for
example uses GSM-MAP over SS7 and authentication is based on SIM cards.
AMPS uses IS41-MAP over SS7 and some networks (i.e. AT&T Wireless) use
Corsair's proprietary RF fingerprint add-ons.
In any event, it doesn't matter what protocol you use for authentication
to obtain a particular service. The mobile can be signed on to the
general IP service without authentication. What matters is that when
that mobile wants to use the VoIP portal, then it will be required to
authenticate for that service. As the mobile will need a specific
software to use the VoIP portal (some telephony software) the
authentication procedure can be built in to that software. Without
authentication the mobile will still be online, but it won't be able to
use the VoIP portal. Hence, there is no need to fiddle with the
transport layer.
BTW, this is similar to using online banking over the internet. You can
be online and visit any web sites without your bank taking any interest.
However, when you want to use your bank's online banking service, then
you will need some form of authentication for that particular service,
but not for the rest of the internet. You can still go online without
being authenticated by your bank.
rgds
bk
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
-- This is the Newtontalk mailinglist - http://www.newtontalk.net To unsubscribe or manage: visit the above link or mailto:newtontalk-request_at_newtontalk.net?Subject=unsubscribe
This archive was generated by hypermail 2.1.2 : Fri Feb 01 2002 - 16:01:57 EST