Types of Security Threats
As you design security into your enterprise wireless applications, make sure to take into account the most common types of threats:
- Threats to identity
- Threats to confidentiality
- Threats to data integrity
- Threats from intrusion
- Threats to continuity of service
The next sections describe each of these types of threats in detail.
Threats to Identity
Identity refers to the association between a specific user and a unique identifier. The most common identifiers are as follows:
In Global System for Mobile Communications (GSM) environments, identifiers include the International Mobile Equipment Identity (IMEI) and Subscriber Identity Module (SIM). This system of identifiers is the wireless standard used by AT&T and most carriers worldwide.
In Code Division Multiple Access environments, the primary identifier is the Electronic Serial Number.
Secure authentication ensures that all parties in a communication are who they claim to be and that they have the proper access rights to participate in the communication.
If an attacker successfully impersonates a user, the attacker can, for example, fraudulently make calls and conduct data sessions through the user's device. Securing identity is a critical first step in minimizing the risk of other types of security attacks.
Threats to Confidentiality
Confidentiality in wireless communications means that only the sender and the intended recipient of a message will be able to read the message's contents. This requires taking measures to prevent unauthorized access to data on the wireless device, to data in transit over the network, and to customer data stored on the carrier network.
Compromises of confidentiality are often highly visible and tend to draw a lot of negative press attention. News accounts of compromised voice mail and email as well as of credit card data stolen from financial institutions and Web businesses have made the public aware of this type of threat, so it¿s important to implement measures that assure users about the confidentiality of their communications.
Threats to Data Integrity
Data integrity is closely related to confidentiality, but instead of protecting a message from being read or overheard, the challenge is to prevent an attacker from changing a message while it is in transit between the sender and receiver. Although less common than confidentiality threats, attacks that involve changing a message open a wider range of criminal and fraudulent activities.
Threats from Intrusion
Intrusion is the unauthorized access to data or devices, whether by a human attacker or by malware such as a virus or worm. Protecting against intrusion is becoming especially important as more malware threats emerge and as richer operating systems and more valuable data make wireless devices a more attractive target.
There are effective measures that IT departments can take to reduce the risk of intrusion into mobile devices, just as they have already done for notebook computers. AT&T will be adding more security features to devices in the future to help enterprises in this effort.
Threats to Continuity of Service
Wireless users expect their services, devices, and applications to be available 24x7. In a denial-of-service attack, network elements or wireless devices become unable to function. These attacks can be launched from wireless devices over-the-air or from wired devices on a corporate intranet, and they can be either localized or widespread.
A localized attack affects only devices in a small area. An example of this is putting up a jamming device that interferes with devices attempting to connect to the network. Widespread attacks are more complex because they attack the broader network rather than simply interfere with a signal.
The Role of Zombies in Denial-of-Service Attacks
A classic denial-of-service attack is the "zombie", an application or process left on a mobile device or PC by a virus or worm. The zombie sleeps until a predetermined time or until it receives a signal. When it awakens, it starts broadcasting meaningless requests or large numbers of SMS text messages, for example, to the network without the user's knowledge.
In a coordinated attack, thousands of signals might be sent simultaneously either from mobile devices over the air or from PCs over the Internet, potentially overtaxing the network's capacity and causing service disruptions. These attacks can be very costly to a carrier.