dect provides high protection against unauthorized access

Similar documents
Security in Wireless Local Area Network

DECT Security Certification Program and Roadmap. DECT Security at a Glance 2014

CHAPTER 1 INTRODUCTION

Wireless LANs vs. Wireless WANs

GSM and UMTS security

INTRODUCTION... 3 FREQUENCY HOPPING SPREAD SPECTRUM... 4 SECURED WIRELESS COMMUNICATION WITH AES ENCRYPTION... 6

GSM Risks and Countermeasures

What is DECT? DECT stands for Digital Enhanced Cordless Telecommunications.

SecureCom Mobile s mission is to help people keep their private communication private.

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Wireless Network Security

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Applications that Benefit from IPv6

Authentication in WLAN

Wireless Phone Systems for your Organisation

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

GN Bluetooth Wireless Headset for use in the office, at home or even on the move

Chapter 2 Configuring Your Wireless Network and Security Settings

Logitech Advanced 2.4 GHz Technology

WI-FI VS. BLUETOOTH TWO OUTSTANDING RADIO TECHNOLOGIES FOR DEDICATED PAYMENT APPLICATION

WLAN Security Networking with Confidence

BroadSAFE Enhanced IP Phone Networks

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Provide Simple Protection for Bluetooth Connection in Wireless Personal Area Network Mohammad Zaki H. Allayla. Abstract

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

Security & Encryption

Best Practices for Securing IP Telephony

Wireless (Select Models Only) User Guide

NXC5500/2500. Application Note w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015

Wireless Networks. Welcome to Wireless

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

VOIP THE ULTIMATE GUIDE VERSION /23/2014 onevoiceinc.com

User Authentication: A Secure Networking Environment Ellen Bonsall Payoff

Chapter 3 Safeguarding Your Network

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

Securing an IP SAN. Application Brief

SECURE COMMUNICATIONS Crypto products

PM ASSIGNMENT. Security in Mobile Telephony and Voice over IP

Chap. 1: Introduction

An Oracle White Paper December The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks

WHITE PAPER. WEP Cloaking for Legacy Encryption Protection

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

One Time Pad Encryption The unbreakable encryption method

Today s Best Practices: How smart business is protecting enterprise data integrity and employee privacy on popular mobile devices. Your Device Here.

Wireless Local Area. Network Security

Network Security. Chapter 14. Security Aspects of Mobile Communications

Sync Security and Privacy Brief

Logitech Advanced 2.4 GHz Technology With Unifying Technology

Observer Analyzer Provides In-Depth Management

Ingate Firewall/SIParator SIP Security for the Enterprise

Assessing Telehealth Operational and Technology Security Risks to Privacy

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Abstract. Avaya Solution & Interoperability Test Lab

Is Skype Safe for Judges?

Wireless Phone Systems for Your Organization

Evaluation Report. Office of Inspector General

Wireless LAN Security Mechanisms

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

MovieLabs Specification for Enhanced Content Protection Version 1.0

Wireless VPN White Paper. WIALAN Technologies, Inc.

Regulation for wireless telecommunication equipment

Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

AMI security considerations

Configuration Notes Trapeze Networks Infrastructure in Ascom VoWiFi System

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

Topics in Network Security

1. What is the main difference between the X3 micro and other Bluetooth headsets? 3. How does the X3 micro use the Bluetooth technology?

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

Three attacks in SSL protocol and their solutions

Wireless Local Area Network Deployment and Security Practices

Industrial Communication. Securing Industrial Wireless

Chapter 6 CDMA/802.11i

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

SCADA SYSTEMS AND SECURITY WHITEPAPER

4. H.323 Components. VOIP, Version 1.6e T.O.P. BusinessInteractive GmbH Page 1 of 19

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

DECT. DECT Density. Wireless Technology. and WHITE PAPER

Frequently Asked Questions

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Authentication and Security in Mobile Phones

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

Integrated Health Systems. Enterprise Wireless LAN Security for Long Term Care. Integrated Systems, Inc. (866)

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

Chapter 17. Transport-Level Security

Mobile Office Security Requirements for the Mobile Office

The Basics of Wireless Local Area Networks

AirStation One-Touch Secure System (AOSS ) A Description of WLAN Security Challenges and Potential Solutions

WHITE PAPER. Enterprise Wireless LAN Security

Wireless Encryption Protection

Mobile network security report: Poland

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

T.38 fax transmission over Internet Security FAQ

SS7 & LTE Stack Attack

VOIP Security Essentials. Jeff Waldron

Transcription:

dect provides high protection against unauthorized access

BACKGROUND 2 Wireless communication for voice and data is growing worldwide. The amount of DECT (Digital Enhanced Cordless Telecommunications) and GSM phones, Bluetooth -enabled devices and WLAN equipment in enterprises and private homes has increased enormously in recent years. But in the wake of the wireless revolution, concerns are rising as more and more people experts and laymen - question the security of wireless communication: is it safe from eavesdropping and vandalism? Could unauthorized third parties enter a network and access information to personal or corporate detriment? Answers to these and other securityrelated questions are desperately needed; corporations and their employees are entitled to full assurance that their conversations cannot be hacked and that they are not exposed to any personal or commercial security breach as a consequence of using wireless communication devices. Jabra supplies wireless headsets for DECT-based telecommunication. In this paper we examine the security the DECT protocol offers to give a true and fair view of the actual security levels involved. executive summary The security level towards unauthorized access to DECT voice calls is extremely high. DECT standard security measures ensure a very high level of security. DECT is a certified standard in 110 countries used by millions of people, and is one of the most secure wireless standards for civil use. No matter whether employees use DECT handsets or headsets, protection against wireless intrusion is very high. The possibility that intruders could pick up DECT signals and hack their way to critical information in telephone conversations is unfounded, due to the lack of suitable equipment to perform such an intrusion. Even in the very unlikely scenario of DECT radio signals being picked up by a third party, it would require an enormous amount of computer power and transactions collected over a period of several months to make anything meaningful out of the signals. Should someone obtain direct access to DECT equipment and succeed in pairing a DECT hand-set or headset with a DECT base station, access to conversations on DECT units other than that in their possession would not be possible. Finally, it could be argued that the wireless DECT connection in itself offers a higher security level than a traditional copper line since it is both digital and encrypted. Hence, the more copper lines replaced by DECT connections, the higher the total communication security level becomes. In comparison to such devices as WLAN and Bluetooth, DECT s security routines are embedded in the protocol and cannot be deactivated.

what is dect? 3 DECT is a radio technology ideal for voice, data and networking applications with range requirements of up to a few hundred meters. It is a fully digital communication technology that provides wireless connection between two or more units in residential, corporate and public environments. The DECT standard delivers high speech quality and security against radio interference. Since the introduction of the first ETSI approved standard in 1992 DECT has been most widely used for voice communication in wireless phones and wireless headsets. DECT transforms analog sound (e.g. a conversation) into a digital data stream before transmitting from one DECT unit to another. When the stream reaches the receiving unit it is transformed back to an analog signal and sent to the handset or headset speaker. DECT is a proven technology with great potential for many years to come. In recent years the number of data applications developed for DECT has increased slightly, but voice communication still accounts for the lion s share of DECT traffic. what is security? DECT communication security keeps unwelcome third parties from accessing the content of electronic transactions, in this case voice calls. Wireless security has two main constituents: Authentication and Encryption. Authentication Initial authentication is the process by which the base station and the handset/headset connect with each other for the first time by pairing. They exchange a unique handshake based on specific rules and calculations, unit identities are exchanged, and both base station and handset/headset run a secret authentication key to be used for every following call set-up. The secret key is not transferred over the air and cannot be snatched by an external third party even with physical access to the units involved. Once paired, the two units remember each other and will be able to authenticate each other automatically based on the handshake exchanged when pairing. Pairing can only be done with physical access for the units, as it cannot be activated over the air. During pairing, encryption data unique to the two specific units is also exchanged. This is vital to make the encryption of transactions between the two units work. Encryption Encryption in DECT is a process which deliberately mixes (encrypts) the digital data stream while it is transmitted between two units using an algorithm (a very complex calculation), presenting only a meaningless stream of electronic gobbledygook in the very unlikely event that a third party obtains access to it. When the data stream reaches the rightful receiver it is decrypted (transformed back) to its original format. Conversion is done by a range of factors known only to the paired units. None of the encryption factors are transmitted with the data stream, but are either embedded in the units or authenticated in the initial pairing (see authentication). This means that it is practically impossible for any potential eavesdropper to make anything out of the data stream.

how big is the challenge? 4 DECT is, both in theory and practice, a very secure wireless standard. Jabra is are not aware of any instances of a DECT transaction being compromised since its introduction and we re in the business! DECT security is influenced by the fact that the DECT protocol has primarily been and still is used for voice communication via DECT phones and headsets. Voice transactions (telephone calls) are neither stored in Jabra bases nor in headsets, and the content of a DECT transaction does not exist when a conversation has ended. Hence, an intrusion must be made in real time, while the voice conversation takes place, in order for an intruder to access any information. Today, no commercially available equipment exists that can monitor a DECT line and decrypt data streams to recreate the voice stream. DECT is digital, not analog, and uses a very complex encryption algorithm that is only known by DECT manufacturers. Remote access through wireless equipment modified and debugged for control by a PC was demonstrated by a collaboration of European universities in late 2008. However, the documented eavesdropping was only possible on unencrypted links originating from handsets not taking advantage of the security options in the DECT technology. Proper implementation of authentication and encryption still protects the wireless link against such attacks. Direct or remote access In theory, if a person has direct access to the DECT equipment inside the company, it could be easier to intrude. However, the mandatory pairing prevents intrusion if a third party does not have access to the base station. In the highly unlikely event of someone breaking into a company, getting physical access to a base station, succeeding in pairing a handset or headset with the DECT system and leaving unnoticed, that person will still not be able to access other voice conversations on the DECT system. Hence, there is no risk of eavesdropping even though the person has access to the phone system. If the person has paired a handset with the DECT system, the most critical problem is free calls over the company s switchboard. Remote access through wireless equipment e.g. connected to a PC is as mentioned earlier very unlikely since such equipment is more or less impossible to get hold of. Consequently, neither hard- nor software for DECT monitoring or scanning has ever appeared on the market. Other ways of accessing confidential information are likely to be far less demanding in terms of time and resources. We share the views of other security experts that DECT offers an extremely secure platform for voice communication in fact, it is probably the most secure standard technology for voice communication in residential, corporate and public environments. What s more, hackers often look for data stored on servers or local disc drives which are accessed through a company s LAN rather than the phone system, putting the DECT usage Jabra applies in its wireless portfolio safely beyond their reach.

SECURITY and protection 5 security WHAT IS IT? HOW IS IT HANDLED? SECURITY LEVEL Eavesdropping A third party gains access to a DECT transaction and listens in on a conversation Voice is converted to a digital data stream that is encrypted using 64-bit encryption Equipment that can monitor a digital radio transaction is very hard to obtain, and it is very difficult to develop software that can decrypt a data stream. The combination of the two is very unlikely Virus A virus is sent to the DECT system over the air The DECT standard does not allow execution of code strings, programs or macros VERY It is not possible to interfere with the processing power in DECT equipment, since the DECT standard is not open to foreign code, macros etc. Third party acces equipment Someone gets hold of PC-compatible radio equipment that can access DECT and uses it to break the authentication and encryption DECT has authentication and encryption built-in that prevents unauthorized third parties from accessing the network and its contents Due to DECT s built-in security and the fact that this type of equipment is inaccessible, since it hardly exists Piggy-in-the-middle attack A unit will masquerade as a base station and a handset and place itself between the units it intends to attack. The authentication procedure between the units attacked will take place as normal, with the difference that all data is exchanged via the attacker. In this way an attacker may obtain the information he needs to be able to connect The best way to protect against this type of attack isto use encryption to prevent the attacker from deactivating it or preventing it from activating This is theoretical Free calls A third party succeeds in pairing a handset with a DECT base system and can make unauthorized calls for free Pairing routines provide a very high security level It is very unlikely that an intruder could enter a company unnoticed, get access to a DECT system and pair a handset. Furthermore, the intruder would have to remain in close proximity in order to use the phone VoIP Someone accesses the LAN through a DECT unit supporting VoIP DECT radio communication is secure as described above no matter what carrier is used DECT offers the same high security no matter what type of network protocol is used in the network

dect and security routine in detail 6 THE BLUETOOTH WORD MARK AND LOGOS ARE OWNED BY THE BLOOTOOTH SIG INC. AND ANY USE OF SUCH MARKS BY JABRA/GN NETCOM A/S IS UNDER LICENSE. (DESIGN AND SPECIFICATIONS SUBJECT TO CHANGE WITHOUT NOTICE WP_DECT_50005_V01_1204 As already mentioned, DECT security is based on authentication algorithm) and encryption (a key stream generator). Below you will find a more in-depth description of the security routines in DECT. DECT Authentication DECT uses an authentication algorithm called the DECT Standard Authentication Algorithm (DSAA). The specification for DSAA is not publicly available, only DECT manufacturers have access to it. The authentication works as follows: The base station sends a random number (challenge) to the handset over the air. The handset calculates and sends a response to the base station by using the random number and its own authentication key (exchanged in the initial pairing). The response is checked by the base station against what is expected. If there is a match the base station authenticates the handset. DECT Authentication Handset/headset Calculation Authentication key Challenge Response =? Continue: Yes/No base station Random no Calculation Authentication key DECT Encryption DECT uses the DECT Standard Cipher (DSC) for data encryption. DSC is a stream cipher which uses a 35 bit long initialization vector (IV) and a cipher key as input for generation of the key stream. The DSAA (standard algorithm) for DSC specification is not publicly available. There are two types of cipher key that could be used as input for the key stream generator: - Derived Cipher Key, an output value from an authentication between a base station and handset. If authentication is performed for each call established, a new cipher key will be used for all calls. - Static Cipher Key, this key could be used to establish encryption without going through the authentication process. DECT does not support generation or distribution of this key. The IV will be initialized with the frame number for the frame to be encrypted. For each frame sent the IV will be increased according to that frame number. With the IV and cipher key as input, a key stream is derived by DSC. The key stream will then be XOR-ed with the data field that is going to be sent. Depending on the kind of data field sent some part of the key stream may be discarded in the XORing process. Decryption of the data field is done in the same way as encryption. DECT Encryption handset/headset Cyphering Decryphering air base station Decyphering Cyphering

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information