PKI security for a wireless phone
This tip was submitted to the searchSecurity Tip Exchange by user Tom Mahone. Let other users know how useful it is by rating the tip below.
Most host services communicate with the Web (application) server using Hyper Text Transport Protocol (HTTP) over Secure Sockets Layer (SSL). SSL is an Internet standard for secure communications between Web browser clients and Web servers. Each end-user application controls whether it uses an SSL connection.
The gateway acts as a proxy on behalf of the compatible phone hand-held Internet device, relaying messages to and from the phone. SSL includes both authentication and encryption mechanisms. Encryption methods over SSL include DES, Triple-DES and SSL3 (the latest version of SSL). SSL provides support for authentication of both client (the gateway in the case of some applications) and the server, using public keys and X.509 digital certificates. At the gateway, data is decrypted from Handheld Device Transport Protocol and re-encrypted using SSL. AT&T Wireless protects this portion of the communications at the gateway with physical security. In addition, firewalls limit access to the gateway. The net result is a secure connection all the way from the compatible phone to the Web server.
SSL ensures that only specific compatible phones communicate with allowed Web servers and that this communication is private. The corporate firewall needs to be configured so the host gateway can communicate with the Web server, which typically resides behind the corporate firewall or in a demilitarized zone. In turn, the Web server is configured so that users can access desired services and databases. One final note on using SSL at the application server is that the protocols do involve a relatively high computer-processing load, which should be considered during implementation planning.
We can also provide a virtual private network method to ensure private transmissions over public networks, as well. A VPN establishes a secure tunnel between its endpoints. Each endpoint authenticates the other endpoint, forwards traffic to authorized services and encrypts and decrypts communications. A VPN typically encrypts the IP packet (or other network layer protocol), adds a special header and encapsulates all this information in a new IP packet. There are a number of solutions that allow us to implement a VPN. A VPN approach is particularly effective when connecting to a fixed-end system via the Internet. With a frame relay fixed-end connection, there is less need to employ VPN technology.