Infrastructure for a Secure Interface between Wireless and Data
Networks
CS 261 Fall 1998 Project Proposal
Chen-Nee Chuah & Mark D. Spiller
Objective
We propose to design a security infrastructure and build a simple
prototype that will allow a wireless device such as a cel phone to
interoperate securely with data networks. This would enable a valid
user to use the handset to invoke multi-services such as unlocking an
office door, turning on the lights, sending out emergency messages to
campus police etc.
The required infrastructure would include support for authenticated,
private messages/commands (for instance, voice-recognized key words or
codes keyed into the keypad). Some security issues are:
- how to authenticate users (e.g. who is allowed to do what)
- how to guard against evaesdroppers (privacy, e.g. I might want no
or only certain other people to know that I have unlocked my office
door, etc.)
- how to prevent replay attacks (e.g. malicious attackers might echo
previous valid commands to break in)
Plan
We expect that the major challenge in our project is to find an
ingenious way of authentication and privacy over the phone, which is
difficult since transmission is easily overhead and duplicated. An
additional point of interest is how to securely cross-over between the
wireless (i.e. GSM) and the data network (i.e. kerberos, Jini?, etc.)
security models, perhaps through the use of a trusted proxy.
As a start, we will study the existing security models of GSM and the
Internet (i.e. kerberos, etc) in order to understand the differences
and gain insight into the security requirements that such a system
will require. From there, we plan to design and prototype a security
infrastructure as well as a simple prototype service.
Resources
The ICEBERG test-bed and access to the base-stations. We might need to
get card-key access to the 440 lab, and soda access for Mark.
Chen-Nee Chua
Mark D. Spiller