This edition first published 2017
© 2017 John Wiley & Sons, Ltd
Registered Office
John Wiley & Sons, Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom
For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com.
The right of the author to be identified as the author of this work has been asserted in accordance with the Copyright, Designs and Patents Act 1988.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. It is sold on the understanding that the publisher is not engaged in rendering professional services and neither the publisher nor the author shall be liable for damages arising herefrom. If professional advice or other expert assistance is required, the services of a competent professional should be sought.
The advice and strategies contained herein may not be suitable for every situation. In view of ongoing research, equipment modifications, changes in governmental regulations, and the constant flow of information relating to the use of experimental reagents, equipment, and devices, the reader is urged to review and evaluate the information provided in the package insert or instructions for each chemical, piece of equipment, reagent, or device for, among other things, any changes in the instructions or indication of usage and for added warnings and precautions. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read. No warranty may be created or extended by any promotional statements for this work. Neither the publisher nor the author shall be liable for any damages arising herefrom.
Library of Congress Cataloging‐in‐Publication data applied for
ISBN: 9781119084396
A catalogue record for this book is available from the British Library.
Dr Jyrki T. J. Penttinen, the author of this Wireless Communications Security book, started working in the mobile communications industry in 1987 evaluating early stage NMT‐900, DECT and GSM radio network performance. After having obtained his MSc (EE) grade from Helsinki University of Technology (HUT) in 1994, he continued with Telecom Finland (Sonera and TeliaSonera Finland) and with Xfera Spain (Yoigo) participating in 2G and 3G projects. He also established and managed the consultancy firm Finesstel Ltd in 2002–03 operating in Europe and the Americas, and afterwards he worked with Nokia and Nokia Siemens Networks in Mexico, Spain and the United States in 2004–2013. During his time working with mobile network operators and equipment manufacturers, Dr Penttinen was involved in a wide range of operational and research activities performing system and architectural design, investigation, standardization, training and technical management with special interest in the radio interface of cellular networks and mobile TV such as GSM, GPRS/EDGE, UMTS/HSPA and DVB‐H. Since 2014, in his current Program Manager’s position with Giesecke & Devrient America, Inc, his focus areas include mobile and IoT security and innovation.
Dr Penttinen obtained his LicSc (Tech) and DSc (Tech) degrees in HUT (currently known as Aalto University, School of Science and Technology) in 1999 and 2011, respectively. In addition to his main work, he is an active lecturer, has written dozens of technical articles and authored telecommunications books, the recent ones being The LTE‐Advanced Deployment Handbook (Wiley, 2016), The Telecommunications Handbook (Wiley, 2015) and The LTE/SAE Deployment Handbook (Wiley, 2011). More information about his publications can be found at www.tlt.fi.
This Wireless Communications Security book summarizes key aspects related to radio access network security solutions and protection against malicious attempts. As such a large number of services depend on the Internet and its increasingly important wireless access methods now and in the future, proper shielding is of the utmost importance. Along with the popularization of wireless communications systems such as Wi‐Fi and cellular networks, the utilization of the services often takes place via wireless equipment such as smartphones and laptops supporting short and long range radio access technologies. Threats against these services and devices are increasing, one of the motivations of the attackers being the exploitation of user credentials and other secrets to achieve monetary benefits. There are also plenty of other reasons for criminals to attack wireless systems which thus require increasingly sophisticated protection methods by users, operators, service providers, equipment manufacturers, standardization bodies and other stakeholders.
Along with the overall development of IT and communications technologies, the environment has changed drastically over the years. In the 1980s, threats against mobile communications were merely related to the cloning of a user’s telephone number to make free phone calls and eavesdropping on voice calls on the unprotected radio interface. From the experiences with the relatively poorly protected first‐generation mobile networks, modern wireless communications systems have gradually taken into account security threats in a much more advanced way while the attacks are becoming more sophisticated and involve more diversified motivations such as deliberate destruction of the services and ransom‐type threats. In addition to all these dangers against end‐users, security breaches against the operators, service providers and other stakeholder are on the rise, too. In other words, we are entering a cyber‐world, and the communications services are an elemental part of this new era.
The Internet has such an integral role in our daily life that the consequences of a major breakdown in its services would result in chaos. Proper shielding against malicious attempts requires a complete and updated cyber‐security to protect the essential functions of societies such as bank institutes, energy distribution and telecommunications infrastructures. The trend related to the Internet of Things (IoT), with estimations of tens of billions of devices being taken into use within a short time period, means that the environment is becoming even more challenging due to the huge proportion of the cheaper IoT devices that may often lack their own protection mechanisms. These innocent‐looking always‐connected devices such as intelligent household appliances – if deployed and set up improperly – may expose doors deeper into the home network, its services and information containers, and open security holes even further into the business networks. This is one of the key areas in modern wireless security preparation.
www.tlt.fiWireless Communications Securityjyrki.penttinen@hotmail.com