Securing a Wireless Network

The security of the wireless network is no doubt an extremely important topic when considering whether mobile applications are right for your business. There are a great many factors to consider when transactions are sent over the airwaves as opposed to a wired connection. To provide secure transactions in any medium, there are four requirements that must be met: confidentiality, authentication, integrity, and nonrepudiation.

• Confidentiality. Requires that only the parties privy to the transaction be aware of that transaction’s detail. In the mobile commerce environment, this suggests that the server and the terminal are the only two points that can examine the real contents of a transmission. To ensure confidentiality, the primary tool used is cryptography. Plaintext is encrypted at the origination point and decrypted upon receipt, effectively shielding the information from parties who do not have access to the encryption algorithm.
• Authentication. Asks that the parties in a transaction provide a means of proving their true identity. In the brick-and-mortar world, this is done through forms of trusted identification, that is, asking the trading partner for a prearranged “secret” code. In wireless data realms, the same concept applies. Server authentication provides a way for users to verify that they are really communicating with the entity with whom they believe they are connected. Client authentication verifies that the user is who he or she claims to be. Authentication can be implemented using passwords, tokens, and digital certificates.
• Integrity. Ensures the detection of any change in the contents of a transaction. In offline commerce, integrity has been accomplished by sealing documents and, in extreme cases, by providing a chain of custody. For the digital domain, analyzing transmission contents at reception and using algorithms that determine whether the content has been altered guarantee integrity. In addition, a digital signature can be used to provide a stronger test for integrity.
• Nonrepudiation. Demands that a party to a transaction cannot falsely claim that they did not participate in that transaction. In the traditional business arena, this is accomplished via signatures, seals, and notaries. In the wireless environment, nonrepudiation is more difficult to realize, although popular solutions include using a combination of digital signatures and certificates.

Taken From : Enterprise Guide to Gaining Business Value from Mobile Technologies