Security of Mobile Communications

Abstract

Mobile communications offer wireless connectivity that enables mobility and computing in many different communication environments. The huge demands from social markets are driving the growing development of mobile communications more rapidly than ever before. Consequently, a large set of new advanced techniques have emerged brought up by a larger bandwidth, more powerful processing capability, and advances in computing technology. Many new services are provided, or will be provided to potential users, and delivered with high level quality by usage of GSM, 3G networks and wireless mesh networks in public, home, and corporate scenarios. The exceptional growth in mobile and wireless communications gives rise to serious problems of security at the level of the subscriber, network operator, and service provider. The causes of such rise, typically due to the fragility of the wireless link nature, the mobility features, and the variety of the provided services, can be classified into the following six categories: a) the physical weaknesses and limitations of mobile and communications; b) the architecture limitations; c) the complexity of services; d) the user requirements; e) the contents of provided services; and f) the evolution of hacking techniques. Many studies have addressed carefully the mobile subscriber authentication, radio-path encryption, and secure mobility, but the so-called "security of mobile communications" does no involve only these relative independent domains. It indeed needs a more systematic approach to build up a framework layout capable of allowing: 1) the risk analysis of threats and vulnerabilities of a mobile communication system; 2) the assessment of a mobile communication system in terms of provided QoS, roaming capabilities, and security; and 3) the protection of a service provided via mobile communication systems. The major goals of this tutorial consist in five issues: 1) analyzing and discussing the security proposals made available by the mobile cellular and ad-hoc communications systems; 2) discussing the security attacks and hacking techniques; 3) discussing security policies and security practices to help better addressing the security problem; 4) discussing the role of the network operator, the service provider, and customer in securing mobile communications; and 5) analyzing the promises, requirements, and limits of service provision in terms of security needs.