TRADEMARKSRC4 and RC4 are registered trademark of RSASecurity Inc. All rights reserved.management, and scalable trust mechanisms.Various PKI solutions will have a keyrole. The AAA functions will be based onIP protocols. However, the new, IP-basedAAA protocols must be adapted to handlethe huge amount of previously implementedAAA functions in cellular systems.PKIPKI is an essential technology that can meetthe scalability requirements for managingkeys in networks and for supporting networkservices such as e-<strong>com</strong>merce. In thiscontext, the role of the CA role is vital. PKIbasedsubscriptions put this role on a parwith that of an operator. The lack of strongCAs is a potential threat to operators andISPs. Ericsson will work to develop and promotetechnical solutions that pave the wayfor a large number of independent CAs.Ericsson participates in all major forumsthat deal with PKI standardization and development.E-<strong>com</strong>merce applications will acceleratePKI deployment. But technical solutionsare not enough; a legal framework fore-<strong>com</strong>merceis also necessary. One example is theongoing European Electronic SignatureStandardization Initiative (EESSI), whichrecently developed a framework for legal andsecurity requirements for the use of electronicsignatures within the EuropeanUnion. At the same time, several countriesare introducing personal electronic identitycards, which involve nationwide PKIs. InSeptember 1999, Ericsson supported thefounding of Radicchio, a global partnershipof <strong>com</strong>panies and organizations that are<strong>com</strong>mitted to the development of securewireless e-<strong>com</strong>merce and the promotion ofpublic key infrastructure for wireless devicesand networks. This important step is expectedto boost the acceptance of wireless e-<strong>com</strong>merce services, many of which will bebased on WAP technology.Another fundamental <strong>com</strong>ponent is themanagement of roaming agreements. Functionalityis being sought that will introduceautomatic procedures for establishing agreements.In all likelihood, the managementwill rely on trusted third parties that usePKIs and certificate polices and practices.For roaming purposes (between AAAs), secure<strong>com</strong>munication is best handled withIKE/IPsec and PKI. The distribution of keysin mobile IP is best handled with PKI.Although PKI standards based on X.509(PKIX) are mature and several products areavailable, PKIX handles authorization in aninefficient way. Better alternatives (such asauthorization-based certificates like thoseaddressed by AAA) that are better suited to<strong>com</strong>plex trust-management scenarios areneeded.WAPWith the advent of wireless networks, several<strong>com</strong>panies have identified the necessityof designing protocols that are suitablefor narrowband <strong>com</strong>munications. The wirelessapplication protocol, for example, wasdesigned for this purpose. WAP securityprotocols are influenced by security technologiesused on the Internet; for example,the TLS protocol was enhanced to supportconnectionless bearers and <strong>com</strong>pact MACsand signatures, resulting in the WTLS protocol.The Internet PKIX standard is alsounder revision by the WAP Forum, and apreliminary proposal of a Wireless PKI(WPKI) has been developed and will soonbe released. Certificate handling in WPKIhas been adapted to wireless conditions. A<strong>com</strong>pact certificate format is supported anda universal resource locator (URL) pointerto X.509 certificates can be used instead ofstoring and sending the certificate to thewireless terminal. WPKI contains descriptionsof how a PKI is to be handled in theWAP environment. WTLS and WPKI willbe important parts of future secure WAPservices.Internet standardsThe IKE/IPsec <strong>com</strong>bination of <strong>com</strong>municationprotocols is more secure and generalthan its predecessors, SSL and SSH.Notwithstanding, because IKE/IPsec is a<strong>com</strong>plex protocol, it has not gained wide acceptance.One problem with IKE/IPsec isthat it does not fully address the new requirementsof the all-IP world, which includereal-time traffic optimizations, proxyservices, narrowband channels, and legacyauthentication. Consequently, a new protocolneeds to be designed that addresses theseissues.Ericsson actively supports the developmentof security solutions that meet requirementsfrom large IP-based core networksand mass services. Most of these technologiesare standardized by the InternetEngineering Task Force (IETF), of whichEricsson is an increasingly active participant.Ericsson also participates in3GPP/3GPP2 standardization.We believe that openness plays a majorpart in gaining wide acceptance for securi-106 Ericsson Review No. 2, 2000
ty solutions. Accordingly, we actively promotethe use of open and publicly scrutinizedprotocols, mechanisms and algorithms.ConclusionToday, malicious users can easily eavesdropIP traffic, redirect traffic, introduce falsepackets, modify packets, mount denial-ofserviceattacks, and introduce harmful softwareinto systems. One way of counteringthese attacks is to maintain strict control ofaccess to the network by means of firewallsand secure login procedures.To <strong>com</strong>plement access control and obtainthe necessary level of security, the traffic itselfmust be protected. Cryptography providesthe basic techniques needed to buildsecure <strong>com</strong>munications solutions. Protectionmechanisms authenticate users, encryptpackets and protect them from beingmodified.The most straightforward mechanism forregulating access consists of building trustrelationships. Cryptography is used tomaintain the confidentiality of messagesand to guarantee their integrity. Confidentialityis provided by encryption and integritycan be provided by authenticationcodes or digital signatures.Although cryptographic algorithmsmake up the basic mechanisms for secure<strong>com</strong>munication, standardized methods arebeing sought for authenticating users, ex-changing keys, deciding which algorithmand message formats to use, and so on. Thisis where protocols <strong>com</strong>e into play:• Before a <strong>com</strong>munication session canbegin, the <strong>com</strong>municating parties mustverify each other's identity. An authenticationprotocol does this. Authenticationcan be based on a public or secret key. Ifpublic keys are used, they are often obtainedusing some kind of public key infrastructure—thisis an essential technologythat can meet the scalability requirementsfor managing keys in networks andfor supporting network services such as e-<strong>com</strong>merce.• The <strong>com</strong>municating parties negotiate todetermine which cryptographic algorithmsshould be used for exchanging keysand protecting data.• The parties exchange cryptographic sessionkeys—this phase often includes publickey cryptography, which can be usedto authenticate users and machines and forthe secure exchange of session keys.• Symmetric session keys are calculated andused to encrypt all subsequent packets andto append a MAC field to each packet.Ericsson implements IPsec in many products,including Tigris access servers, Telebitrouters, and GPRS nodes. Ericsson's wirelessLAN solution uses IPsec to encrypt airbornetraffic, and TLS has been used in manyWeb-based applications—in particular, aWAP variant (WTLS) will play an importantrole in the future.REFERENCES1 Menezes, A. J., van Oorschot, P. C. and Vanstone,S. A.: Handbook of Applied Cryptography,CRC Press, 1997.2 Dierks, T. and Allen, C: "The TLS Protocol,"IETF RFC 2246, January 1999.3 Ylonen Et. Al., SSH protocols,http://www.ietf.org/html.charters/secshcharter.html.4 Kent, S. and Atkinson, R.: "Security Architecturefor the Internet Protocol," IETF RFC2401, November 1998.5 Harkins, D. and Carrel, D.: "The Internet KeyExchange (IKE)," IETF RFC 2409, November1998.6 ISO/IEC 9594-8 (1988). CCITT InformationTechnology - Open Systems Interconnection- The Directory: Authentication Framework.Standard X.509,1988.7 Curtin, P. and Whyte, B.: Tigris—A gatewaybetween circuit-switched and IP networks.Ericsson Review Vol 76 (1999):2,pp. 70-81.8 Saussy, G.: The AXI 540 router and the publicIP network edge. Ericsson Review Vol 76(1999):4, pp.182-189.9 Granbohm, H. and Wiklund J.: GPRS—Generalpacket radio service. Ericsson ReviewVol. 76 (1999): 2, pp. 82-88.Ericsson Review No. 2, 2000