User Requirements for Security in

Wireless Mobile Systems Derek Babb,

Director, Hoadlands
Abstract that the portable device used by end users is Consultants Ltd 20
sharing its wireless interface space with Hoadlands, Petersfield,
Security of wireless mobile systems other users. This is one of the most widely Hampshire, GU31 4PF,
continues to be a hot topic; now generating discussed aspects of security on wireless UK. Email
its own conferences and platforms, such as systems. As reported in earlier issues of this derek@hoadlands.co.uk,
the recent 2nd IEE Secure Mobile journal and elsewhere, wireless systems in web
Communications held by the IEE on 23 some scenarios also raise the issues of www.hoadlands.co.uk
September 2004. The general discussion on identity management and user location.
Hoadlands Consultants
security in wireless systems takes place in
Ltd offers a specialist
technical fora, and while this is a totally This paper looks at mobile wireless
Consultancy in Wireless
valid discussion, it sometimes seems to be systems (a European view) and tries to
Technology, Research and
taking place in isolation. From the user extract some user requirements which
Development. Derek has
perspective the wireless system usually actually apply to both the wireless systems
over 20 years research,
forms part of a larger, interconnected and the end to end system. Some
technology and
system. This paper raises the question, requirements for wireless systems are
engineering experience in
“What about the user?” and offers some derived from their nature, and the fact that
mobile and wireless
views on the user requirements on this most wireless communications take place in
telecommunication
important part of system design where open, shared space.
systems, mainly in
people are one end of the chain which
user/mobile equipment
involves wireless and other systems. 2. The user equipment wireless technology. He
has had roles in all parts
1. Introduction I am going to start this paper with a
of product development
quick overview of the equipment that an
life cycles from research
The world of wireless connectivity for users end user may use, and a brief look at the
through to customer
continues to grow, both in the domain of features offered by such equipment, before
support. His previous
wireless public telecommunications (mobile moving in to a more detailed look at the
employers include
phones) and wireless hot spots (such as User Requirements for security.
Samsung Electronics
802.11 Wireless LANs), which can either be
Research Institute,
public, such as those provided in hotels, The term “User Equipment” has a
Ericsson Mobile
coffee shops and other public places; or specific meaning as defined by the Third
Platforms, Plessey
private, as seen in homes and offices. The Generation Partnership Project (3GPP)
Military Communications
first security problem that is introduced by which is – User Equipment: A device
and the BBC.
these types of wireless system in general is allowing a user access to network services.

Table 1: Examples of mobile user equipment

Standard mobile phone

Wireless systems The possibilities here are growing, and start with Public Land Mobile systems
(any one of, or usually a combination of 2G, 2.5G and 3G).
Many devices also have Bluetooth.and some now have been announced that
will also have WLAN (IEEE 802.11).

Possible uses (features) Voice calls, message calls (such as SMS/text messages), data calls, download
audio clips, video clips, ring tones and screen savers/wallpapers. Play audio
(typically MP3) and video clips. Play single user and multi user games. Take
pictures with in built camera, send and receive digital images (photographs).

Picture courtesy SonyEricsson

1363-4127/04/© 2004, Elsevier Ltd 51

Mobile Security
Advanced Mobile Phone or PDA
Wireless systems
Possible uses (features)
Pictures courtesy SonyEricsson and Dell Inc
Standard Notebook Computer
Wireless systems
Possible uses (features)
Picture courtesy Dell Inc
52 Information Security Technical Report. Vol. 9, No. 4
These two devices are now becoming very close as the product
technologies start to merge.
The mobile phone derived PDA would always have the relevant Public
Land Mobile systems (i.e.2G, 2.5G and / or 3G), and usually
Bluetooth.
The PDA which comes from the non mobile phone market would
typically have either WLAN (IEEE 802.11) and / or Bluetooth, but the
possibilities here are growing, and from the user perspective
differentiation of some of these products is difficult.
The main features of these products are that they are essentially
small PCs with limited functions. You would expect the user interface
to be supplied via a small windows type environment such as
Symbian OS, Nokia Series 60/80, Palm OS, Linux or Microsoft
Windows Mobile for Pocket PC (others exist). This enhances all the
non-telephony features and introduces light versions of standard
applications such as word processors and spreadsheets.
Depending on the heritage of the device, either the mobile phone
part or a WLAN part would be built in as standard, with other
interfaces available as options.
Primarily people associate WLAN (IEEE 802.11) interfaces with
notebooks. Some also have Bluetooth built in or it can be easily added
as a plug in device.
The addition of Public Land Mobile systems (i.e.2G, 2.5G or 3G), is
usually done in one of two ways, either by using your existing mobile
phone as a modem for the notebook OR adding a dedicated hardware
modem card with inbuilt mobile phone.
The prime feature set for this type of device is of course as a portable
PC. As it is portable, the early addition of WLAN was purely to enable
connection to (usually corporate) networks without having to hunt
around for a data cable and network point. For users who left the
office, using mobile phone or fixed line modems to access essential
(again usually corporate) services remotely has been a common
practice. The introduction of both 3G mobile phones and public
WLAN hotspots gives greater flexibility for remote working.
Traditionally voice calls would be made using a phone, but the
introduction of Voice over IP (VoIP) services means that you can now
use this device for making phone calls if you have a network
connection.
 Derek Babb User requirements for security in wireless mobile systems

For the purpose of 3GPP specifications the
interface between the UE and the network is
the radio interface.
The full vocabulary for 3GPP Terms and
Abbreviation can be found by following the
link from the 3GPP home page at
http://www.3gpp.org/ .
make efficient use of the same radio system,
the underlying access protocols have to have
a way of sharing the radio resource between
the users, and this means that at some level
either the system, or the user equipment
(for efficiency, both) have to have some
basic knowledge of other users. This gives
our first user requirement.

3. What changes do wireless User Requirement 1

systems bring?
When conducting a commercial transaction,
either in a shop, over the phone (mobile or
wired) or using a PC on the internet, most
users would view their data as passing
through closed or even private systems.
Some may think a little about the internet
and the possibility of someone looking at
your transaction data (credit card number,
account details etc.) but in general today a
large majority of people tend to trust the
security of our telephony systems, and even
the internet.
Figure 1 below shows a very simple
picture of a single mobile wireless user and
a single mobile phone base station or access
point; at this point I am not concerned
about the rest of the system which sits
behind the base station.
In a wireless system where the underlying
radio protocols have to have some
(technical) knowledge of my user
equipment and status, this knowledge shall
not compromise my personal required
security status (this may include position,
equipment status and other attributes).
But of course, that is not the entire
picture, particularly for mobile phone
systems, where actually there are many base
stations and a single user would normally
be in range of several of these. So in the
final figure, Figure 3 below, we are getting
closer to reality, the dotted lines show a
possible second base station and its

In reality, however, there will be many

users using the same wireless system in the
same geographic area, as shown in Figure 2
below. Note that not all the users can access
the base station or access point in the
diagram below, but their sphere of possible
influence still includes our main user (the
one shown in black outline), and within
that sphere they have the possibility to
perhaps listen to the traffic our user is
sending and receiving.

In simple terms, this leads to an

interesting point about mobile wireless
systems, in order for a number of users to Figure 1 – Simple mobile wireless user view of system

Information Security Technical Report. Vol. 9, No. 4 53

Mobile Security

coverage area, which includes our main user

but only some of the other users. A last
point to note is the way I have drawn these
diagrams, not the usual circles or regular
polygons which are often seen in
presentations, but irregular shapes, which is
more representative of real life. Also these
shapes (areas of radio coverage) may not be
constant either, but that’s a topic for
elsewhere.

To summarise, the interesting property

that wireless mobile systems introduce,
from the security point of view, is that
many users will be sharing the same radio
spectrum and access protocol, and that the
number of users and where they appear in
the radio systems is constantly changing as
the users move around. In theory at least,
anybody who is in the right geographic
place can listen in to the radio system and
record or analyse the data. This leads to our
Figure 2 – complex scenario – multiple users next user requirement.

User Requirement 2

A mobile wireless system shall provide the

user with enough security measures so that
another (rogue) user can not listen to the
radio transmission and find out what the
user is doing (note there are some
government / legal limitations to the extent
of this, and how and where these measures
are applied is not relevant to the user).

4. Current Mobile Wireless

security
A few words on where we are now, in
terms of the widest used systems,
GSM/GPRS and IEE802.11 based WLAN
systems. From most users’ point of view,
GSM/GPRS appears to be pretty secure,
and it’s been around quite a while now, and
while 802.11 WLANs have had a slightly
bumpy ride on the security front, their
Figure 3 – complex scenario – multiple users and multiple base stations widespread use perhaps raises a question

54 Information Security Technical Report. Vol. 9, No. 4

 Derek Babb User requirements for security in wireless mobile systems
about how users view security of
information.
GSM / GPRS and the up coming
European UMTS systems WCDMA have
well documented security systems in place. I
don’t plan to go in to great details here,
except to say that even though the GSM
security mechanism have been (quite
rightly) hailed as a success, even they are
not completely free from threat. This was
discussed at the recent “2nd IEE Secure
Mobile Communications Forum –
Exploring the Technical Challenges in
Secure GSM and WLAN, held by the IEE
on 23 September 2004”.
We all are probably well aware of the
situation that the 802.11 community left us
with when their very brave attempt at
Wireless Equivalence Privacy (WEP) to
make wireless systems, in particularly
802.11 based Wireless LAN’s as safe as a
wired system, was found to be not quite as
good as first thought. However, there is a
fix for this in terms of WiFi Protected
Access (WPA), and there is a follow up
plan in progress which will introduce WiFi
Protected Access 2 (WPA2) also known as
802.11i in the IEEE standards groups
(which can be found via the IEEE pages at
http://www.ieee.org/ ). This will add,
amongst other things, Advanced
Encryption Standard (AES) to the wireless
air interface.
While researching this paper I came
across an interesting fact relating to WEP.
While it does have a problem (which
everybody talks about) it is actually a time
based problem (you have to be in the right
place, locked on to the right radio
frequency and have bit stream
synchronisation to capture and decode a
new user as they log on to an Access Point),
this immediately means that the people who
can do this are probably either:
Information Security Technical Report. Vol. 9, No. 4
• Serious intruders who are spending time
within radio range of the access point
and are intent on stealing data from you;
• People who have time on there hands and
are doing it “because they can”;
I also found many articles from 2004
which were based on people who I would
suggest fit in the second category above,
searching for Wireless LAN Access Points
in urban areas, typically offices. Despite all
the publicity, something between 30% and
50% of the access points found
(depending on which report you read), still
DID NOT have WEP turned on, and were
therefore letting their raw IP based
company data be freely listened to by
anyone who wanted to. There were
secondary reports about the admin login
and password for these Access Points (each
Access Point has its own internal
administration feature which sets up IP
functions, the WEP keys and many other
features), which were not numerically
reported, but leaving the password set at
any default for the manufacturer can only
occur (in my personal experience) if the
unit has been switched on and not
configured at all.
This leads to my next important point;
this paper is all about User Requirements.
My personal view is that WLANs are
great, should be more widely used than
they are, and in commercial use they
should be up to WPA standard BUT they
must be shipped so that these features are
turned on from day one. There are many
issues here; a default security setting is as
bad as no setting at all, as the default
becomes public knowledge very quickly.
Contrast this with the European mobile
phone systems GSM and WCDMA, plug a
SIM (or USIM) card in, switch it on, and
off you go, security systems enabled and
working (as well as the billing and account
55
Mobile Security
settings), additional user features such as a
power on PIN code are about misuse of the
mobile phone, such as theft, not about the
security of the wireless systems!
I don’t think it matters how good the
improved security on the upgrades to 802.11
are, if the users have to do things to enable
it, there will be many who won’t… Even
then I suspect that those who do switch
security on don’t take the second well
documented step of changing settings
regularly to maintain security.
User Requirement 3
Wireless equipment that has security
systems or settings will be automatically
enabled and configured for use from first
use “out of the box” without user
intervention.
User Requirement 4
During normal use of user equipment the
user will not have to make manual
adjustments to security settings.
A final note on this subject, even though
WEP has been given some bad press, this
has had little impact on the sales of WLAN
equipment as various figures showed growth
in WLAN systems of between 30% and
40% in 2003, depending on whether you
measure units shipped or turnover.
Significant growth is predicted in 2004.
5. A quick look at wireless mobile
voice calls
The majority of the early growth of
wireless mobile phones has been in voice
traffic, person to person voice calls.
Certainly in Europe if we concentrate on
GSM then mobile phones have been an
extension of the fixed phone network, and
have been governed by legislation which is
56 Information Security Technical Report. Vol. 9, No. 4
generally an extension of the legislation
used to govern the wired telephony
networks.
There are a number of user scenarios for
voice calls, but they all have some common
elements, they are essentially closed systems
(such as a mobile phone network)
connecting to another closed system (which
could be another mobile network, or one of
the wired telephone networks).
They have some unique features as well,
emergency calls being one feature that we
all take for granted. The second feature is
that we all believe that in general terms
nobody else can in some way tap in to the
systems except with the help of the network
provider (wired or wireless) and a legal
document which has been provided by a
court to allow this “eavesdropping” to
take place.
There is however a large debate going on
about how you implement these features in
Voice over IP systems, which can be
successfully used on a notebook from a
public 802.11 wireless hotspot. What is the
difference between these and using a mobile
phone? User security has to include the
ability of the user to phone for help if you
have any sort of telephony system, so this
one is a personal requirement which is
about consistency.
User Requirement 5
There shall be consistent methods across
mobile wireless voice systems (including
Voice over IP telephony) of sending
emergency calls.
This last requirement could go either of
2 ways in practice, we could perhaps relax
the systems on mobile phones or increase
the systems on VoIP or have a new system.
 Derek Babb User requirements for security in wireless mobile systems
6. Changes in the last 1-2
years
The ability of users to spend money
while mobile has increased dramatically
over the last few years. For mobile
phone users there are new markets
specifically attached to the increased
functions now available in mobile
phones, including colour graphic screens
which support moving images and the
ability to play polyphonic musical tones
rather than just ringing when you receive
an incoming call. Additionally, there is
very successful commercial linkage
between wireless broadcast media
(radio and TV) and mobile phone
users in the introduction of text voting
to supplement standard fixed line
telephone voting. This is a short list
of the ways to spend money with,
and on your mobile phone (should
you choose…):
• Text messaging (including requests to TV
and radio stations);
• Text voting (TV and radio shows);
• Download ring tones;
• Download screens savers;
• Download wallpapers;
• Send and receive email;
• Upload / share / send pictures (digital
photos);
• Download music (digital format MP3
music);
• Download video clips (using digital
media player) such as news, movie clips,
sporting events);
Information Security Technical Report. Vol. 9, No. 4
• Take part in a video phone call, rather
than a voice call;
• Browse the internet.
There are a number of security
considerations here, based on the large
number of accounting options available for
accessing these features. Let’s look at one
example.
6.1 Downloading a new screen
wallpaper
If this is from the mobile service provider,
then typically this is paid for from the same
account as the mobile phone, so in essence
the entire transaction stays within that
mobile network, even though a number of
separate parts of that network will be
involved (including user authentication,
accounting and the web site where the
downloads are being held).
If this is done from a third party
provider, then a commercial transaction has
to take place first, usually providing a credit
card number over the voice channel,
followed by download of the wallpaper.
Another possibility is to browse the web,
order on the web and get them delivered
direct to your mobile.
Which ever way you look at it, a number
of things are going on: selecting the
wallpaper, paying for it, and then delivery
to the mobile phone. The security issues are
about both wireless system security and end
to end security. The user doesn’t want to get
the wrong wallpaper delivered to the wrong
phone and other users don’t want to collect
other people’s charges. This topic alone
expands to a paper in its own right, as the
options and sequences of events for
purchases and charging are large. At the top
level let’s keep it simple, time for a another
user requirement;
57
Mobile Security
User Requirement 6
The wireless mobile systems shall protect
sensitive user data such as credit card and
billing details from being made available to
other or incorrect users or providers.
On a Notebook PC connected to the
internet at a hot spot, a user can pretty well
use all of the features listed for a mobile
phone as well, but has a slightly different
set of security issues which are related more
to the way that accounting is done for
service provision. If you use a PC at a
wireless mobile hot spot, then you currently
pay for the wireless service only, not any
additional services. If you need to download
or upload items, or even make a purchase,
this is typically done via a web browser
using its own secure mode, that very nice
little “padlock” symbol at the bottom right
of a browser. In this sense the security
implications for the user are quite different
when compared to a mobile phone. You
have to make a simple decision; can the
requirements stated in User Requirement 6
above be fulfilled by the WLAN systems,
and the systems behind it? If so, then off
you go!
There is a common problem for vendors
who sell services to people who are using
wireless mobile systems, as previously
noted, this has been addressed elsewhere,
but the question they would like to ask is
“Is it really you?” and “Where are you?”.
This topic has a lot of interesting follow-on
work, again not enough space here.
7. A new scenario for wireless
mobile
I wanted to introduce one new scenario to
mobile wireless users; this is the idea of an
electronic wallet which is being worked on
by the Open Mobile Alliance (OMA, at
http://www.openmobilealliance.org/ ).
58 Information Security Technical Report. Vol. 9, No. 4
This is currently aimed at mobile phones
where the strong authentication provided by
the SIM/USIM phone combination is used
in conjunction with a further new device
called a Wireless Identity Module, or WIM.
This will provide the user with a WIM
enabled wireless mobile device with an
electronic wallet which can be used in a
variety of ways to pay for goods and
services, the advantage being that the user
does not need to hand over a card or type a
PIN on a vendor’s terminal. Instead they
send the money from their mobile phone
wallet to the vendors account. Again this
system uses a large range of features such as
a secure transport layer, a PKI
infrastructure, and a transaction structure
which allows for all the possible failings of
a mobile wireless system, and delivery via a
number of air interfaces.
8. On the horizon
There are new technologies coming along
which actually have significant (positive)
impact on the security of wireless mobile
systems. One such technology is beam
forming systems such as those from
Arraycomm ( http://www.arraycomm.com/ )
which can be implemented on any radio
system. Although this is primarily been
designed to increase the efficiency of use of
radio spectrum, a by-product of these
systems can be improved security of the
wireless part as the radio pattern is directed
exclusively to the current user, rather than
broadcast to many users as shown in my
figures earlier in this article.
9. Proposed user requirements
for security in wireless mobile
systems
This paper (and the associated research) has
looked at the wireless system as part of a
bigger system providing commercial services
for users. Some facts are apparent:
 Derek Babb User requirements for security in wireless mobile systems
• There are a number of wireless air
interface systems, and the number and
complexity is growing
• Wireless systems tend to form a part of
bigger systems;
• User Equipment is getting ever more
complex and new features are being added;
• Wireless systems, coverage and usage
continues to grow, when thinking about
security in these systems, think long and
hard, there will be more users and more
technology out there than you can
imagine, quicker than you thought!
Finally, to pull together the requirements
from this document in one place:
User Requirement 1 – in a wireless
system where the underlying radio protocols
have to have some (technical) knowledge of
my user equipment and status, this
knowledge shall not compromise my
personal required security status (this may
include position, equipment status and
other attributes).
User Requirement 2 –A mobile wireless
system shall provide the user with enough
security measures so that another (rogue)
user can not listen to the radio transmission
and find out what the user is doing (note
there are some government / legal
limitations to the extent of this, and how
and where these measures are applied is not
relevant to the user).
User Requirement 3 – Wireless
equipment that has security systems or
settings will be automatically enabled and
configured for use from first use “out of the
box” without user intervention.
User Requirement 4 – During normal use
of user equipment the user will not have to
Information Security Technical Report. Vol. 9, No. 4
make manual adjustments to security
settings.
User Requirement 5 – There shall be
consistent methods across mobile wireless
voice systems (including Voice over IP
telephony) of sending emergency calls.
User Requirement 6 – The wireless
mobile systems shall protect sensitive user
data such as credit card and billing details
from being made available to other or
incorrect users or providers.
I would like to add some derived
requirements based on the previous texts
which are;
User Requirement 7 – The true identity
of a mobile wireless user will only become
available (as distinct from an IP address or
phone number) if the user has authorised it
in some way or if it is required by and
correctly authorised by a government body
(debatable from the user perspective).
User Requirement 8 – The location of a
mobile wireless user will only be made
available if the user has authorised it in
some way (such as for an emergency
breakdown service to find you) or if it is
required by and correctly authorised by a
government body (debatable from the user
perspective).
User Requirement 9 – Security policies,
algorithms and implementation must be
relevant to the activities a user performs and
should not affect the mobile wireless
equipment significantly such as reduce
effective battery life.
From these top level requirements, a set
of detailed requirements and system designs
could be deduced to help set the future
security systems for mobile wireless users.
59