Embed Size (px)
Citation preview
Maximizing Security – CDMA and its Contribution to Homeland Security
Michael IandoloVice President, CDMA Product ManagementLucent Technologies
2Lucent Technologies
Who thinks Wireless is Critical for Homeland Security?
“Commercial services offer public safety flexible, convenient communications for both daily and disaster operations” McKinsey 9/11 report
“Not only must information be secure, it must be part of the enterprise in such a way that the wireless infrastructure is connected to it. We’re looking to try to expand some of information services to cell phones, PDAs,…” FEMA
“Crucial to DHS mission are geospatial software, knowledge management, infrastructure, wireless, collaboration, modeling and simulation, middleware and database technology.” Steve Cooper, CIO DHS
“There is growing demand for wireless technology…drivers for this trend come from several different directions…in DOD, it’s the need to support first responders and develop a more mobile military.” GSA
“long term goal of Operation Safe City is to integrate the system with handheld devices that police and firemen can use in the field in order to send data about buildings in their areas of responsibility to a central data warehouse.” City of Boston
“There are several efforts underway to address secure access to critical data to protect the lives of first responders. For example, first responders could receive information about where emergency exits are located through a PDA when lost in a building.” Steve Dawson, CTO, NJ
“Wireless modem terminals equipped with GPS provide a more efficient way to respond to a health threat. A gift by the Marcus foundation enables the CDC to make broad use of location- based wireless services for mobile field operations.” CDC
“We operate the fourth largest database in the world, but it doesn’t do our folks in the field much good if they can’t get access to it…As more wireless systems are implemented, Customs wrestles with critical issues like bandwidth, signal strength, coverage and security.” Woody Hall, CIO Customs
“GPS and geolocation via wireless phones may allow vehicles as probes to supplement critical infrastructure data. ITS technology combined with wireless and CAD can provide EMS the capability to receive timely notice of an incident, be efficiently routed to the scene and hospital” DOT 10 year plan for ITS
3Lucent Technologies
CDMA2000 Benefits for Homeland Security
• Supports the bandwidth needed for wireless data applications to be viable
• CDMA2000 1X offers unparalleled voice capacity: 1xEV-DO delivers unmatched data capacity
• Allows selective deployment where/when it is most needed: Backwards compatibility of CDMA2000 provides advantage of seamless co-existence of 2nd and 3rd Generation systems.
• Provides high levels of security
• Offers broad terminal availability
4Lucent Technologies
Why CDMA for Homeland Security?3G Wireless is necessary to supplement current Land
Mobile Radio (LMR) voice networks First Responders’ use
• LMR is Costly• Expensive equipment• Dominance by very few vendors
• As 9/11 demonstrated, lack of interoperability is a serious problem• Proprietary protocols• Very fragmented spectrum
• With the low data speeds of P25 systems there are limited applications
– Narrow band technology good for voice but only enables low-speed data– Encryption requires higher air-interface capability for quality
5Lucent Technologies
Why CDMA for Homeland Security?
Limited use of mobile data now and limited speeds
• Lack of access to Mobile Data for First Responders –2.5 Million First Responders and only 150K using wireless data now
• Most First Responders that have access to mobile data are limited to very low speed networks with average speeds of 9.2 kbps to 19.2 kbps
• Large number of public safety agencies utilizing CDPD, which is being discontinued over the next two years
• Only 3G can support the additional security and speed required for Homeland Security
6Lucent Technologies
Why is CDMA a Better Choice than GPRS?• Better Security
– In contrast to GSM/GPRS networks, neither CDMA2000 1X nor the earlier cdmaOne have fallen victim to attacks
– CDMA2000 1X has very strong authentication mechanisms through the use of multiple keys and 128-bit radio link encryption
– Spread-spectrum technology makes use of pseudo-random codes
• CDMA Provides Better Coverage
• Faster Speed and Better Capacity– CDMA2000 1X (peak rates)
• 1x rel.0: 153.6 Kbps DL & RL• 1x rel.A: 307 Kbps DL/ 153.6 Kbps RL• 1x rel.D: 3.1 Mbps DL/ 1.5 Mbps RL (in the near future)
– GSM/GPRS/EDGE (peak rates)• GPRS: 9.6 to 22 Kbps per time slot in packet mode• EDGE: up to 59 Kbps per time slot in packet mode
7Lucent Technologies
Spread Spectrum Provides Inherent Privacy of All Information (Voice, Data, Signaling)
• Code Division (CDMA) signals are more difficult to tap than Time Division (GSM/TDMA) or Analog signals via:
– Signal Spreading
– Soft hand-off
– Long Code Mask
• Enhanced Subscriber Authentication (ESA) and Enhanced Subscriber Privacy (ESP) provide key security enhancements
• Security is further enhanced at device level
• To date, there are no known or commercially available CDMA2000 interception devices
8Lucent Technologies
Packet Data Security Architecture
Wireless Radio Network
Wireless Core Network
Wirelessapplication
servers
HLR/VLR/AAAservers
MSC &PDSN Internet
Routers
Centralized Authentication, Authorization, Accounting (AAA)
Policy enforcement,accounting
billing
VPN - End-to-End Protection
Network-layer authentication and
authorization
Over the air coding and encryption
User Credit Authentication
Bank
9Lucent Technologies
CDMA2000 Meets Federal Security Requirements Source: Federal Wireless
Policy Committee
Mutual authentication of mobile and network to each other prevents network attacks
Availability – Obtain access to service and prevent denial of service attacks
Protect system resources through authentication of users
Authentication – the assured identification of the user, terminal and carrier
Protect session from hijacking which provides integrity protection (prevents tampering with user traffic)
Integrity – the protection from insertion, deletion, modification or replay of data
Protect session information and prevent unauthorized access to user traffic
Confidentiality – the protection of user data, signaling, identification and location
3G CDMA Wireless GoalsFederal Security Requirements
10Lucent Technologies
Beyond Security- Why is CDMA Necessary for Homeland Security?• Enables First Responders to utilize critical applications that are not
possible on slower speed LMR, Mobitex and CDPD networks– Mapping/Location Based Services – critical infrastructure protection
– Video Streaming – incident scenes, security
– Digital Image transfer – disaster scene
– Large files transfer – records, on-line manuals, emergency protocol
– Biometrics – facial recognition
– Bioterrorism detection and response – sample analysis, plume tracking
• Enables First Responders to communicate and respond in real-time
• Enables First Responders to better utilize the technology they already have
11Lucent Technologies
Public Safety / Homeland Security Applications
• Provides Chem/bio alarms, video, and facial recognition
• 1.2 Mbps throughput required
! Medical Consult, “virtual” backup, and incident pre-assessment are all critical
! 240 kbps per user (bi-directional) for full motion, medium resolution video
Police and EMS Video ApplicationsPROTECT
CapWIN! Messaging, incident
command, and database access across jurisdictions and functional disciplines
! High quantities of medium speed (80 kbps) users for rapid image distribution
Source: DC Office of Technology
12Lucent Technologies
GPS/GIS/Location Based Services
Health Threats
Traffic Conditions
Crime MappingContainer Tracking
Route NavigationFirst Responder Tracking
Critical Infrastructure
Multiple Uses for LocationMultiple Uses for Location
13Lucent Technologies
Try Downloading this GIS Image Over 19.2 kbps(Event Management Application)
14Lucent Technologies
Biometrics
Facial Recognition
Mobile Fingerprint Scanners
Smart Cards
FingerprintsRetina Scanners
Increase effectiveness of Biometrics with 3G Mobile High Speed Data
Increase effectiveness of Biometrics with 3G Mobile High Speed Data
15Lucent Technologies
Video
Real-time Patrol Car Video Disaster Communication
Image Transmission from Crime Databases
Accident Scene to Trauma Center
Dispatch Centers
3G Mobile High Speed Data- a good fit for Mobile
Video
3G Mobile High Speed Data- a good fit for Mobile
Video
16Lucent Technologies
Large File Transfer – Incident Management System: Many types of information that need to be shared and stored
•Incident type•Incident location•Who is on scene by agency and unit•Whose jurisdiction•Notification of Other Agencies•Available routes to scene•Danger areas at scene (Hazmat, Weapons)•Chem/Bio threat•Number and type of vehicles involved•Road closures and lane blockages•Number and description of person involved•Number and type of injuries•Resources needed•Buildings and layouts•Protocols
•Driver history requests•Intelligence Information•Crime patterns/mapping•Location injured•Hospital capability and status•Wanted vehicle notification•Sensory Capabilities•CAD data•Records management information•Accident scene photos
•Traffic Flow/Transportation Network status•Equipment deployed•Universal health precautions•Weather•Land Property•Media Interaction•Lookouts•Officer in distress Notification•Premise history•Concealed weapon permits•Escapees•Condition of Release and Repeat Offender files•Domestic/Protection orders•Recovered stolen auto information•Mugshots
Source: CapWin
Moving beyond Link-n-SyncMoving beyond Link-n-Sync
17Lucent Technologies
Lucent’s Homeland Security Wireless Network Concept • Now: Utilize commercial networks for mobile data applications for First
Responders with no mobile data, or for lower speed network migration
• Long-term: A dedicated, national wireless capability- Initially for High Speed Data (voice capability to follow) for Government users. This network provides:
– Interoperable, secure communications
– Customized features not available through commercial service
– Critical “hot spots”
– Cost savings over private networks
– Ability to leverage existing commercial networks for national coverage
• Additional spectrum required for long-term opportunity
– Possible options: 700 MHz, 800 MHz, 1900 MHz
– All options have complications: unlikely to be resolved prior to late 2004-2006.
– Legislative action needs to be taken now if spectrum is to be available in even this delayed time-frame
18Lucent Technologies
National Homeland Security Wireless Network (2005-2008) • Network will provide high speed data and voice capability for:
– National security community (military, FBI, INS, customs, etc.)
– Public Safety (law enforcement, fire fighters, EMS, etc.)
– Crisis Mode “Business Continuity” for government operations (Social Security Administration, Postal Service, etc.)
• Requirements– Grass roots public safety coalition to support campaign for spectrum
for wireless national network
– Champions within Executive Branch (DHS, DOD, DOJ) and Congress for establishment and funding for national network
– Successful pilot projects with public safety end-users at 700 MHz and/or 1900 MHz
19Lucent Technologies
District of Columbia Wireless Pilot Data Program
• First Responders need better tools than the terrorists.– High speed wireless technologies will provide critical
applications to assist with homeland security/ public safety threats. D.C. government’s current networks and spectrum allocations do not enable these types of critical applications.
– D.C. is procuring a pilot system using 3G data technologies to address these critical gaps, scheduled for deployment in 2004.
• D.C. and other major municipalities (New York City, San Diego, Denver, Phoenix, Montgomery Co., MD, the State of Delaware and the U.S. Park Police) have formed The Spectrum Coalition to urge Congress and the administration for additional spectrum to deploy high speed mobile data.
20Lucent Technologies
Why Lucent?• Lucent is actively engaging the Public Sector through Local, State
and Federal opportunities– President Bush assigned Russo to NSTAC
– Actively lobbying support to free up public safety spectrum
– Lucent critical in forming Wireless Emergency Response Team after 9/11
– Lucent Chair NRIC for Physical Security Subcommittee
– Worked with DynCorp to define requirements for Wireless PriorityAccess
• Leverage our unmatched expertise in spread spectrum technologies
• Developing partnerships with best-in-class government players to provide differentiated end-to-end solutions
• Lucent Worldwide Services to design/implement/maintain 3G networks
• Lucent Bell Labs extensive history of innovations for government
21Lucent Technologies
How Can Lucent Help You?
• Lucent believes 3G technology will benefit mobile professionals in the public safety and homeland security arena by bringing new productivity benefits to their jobs.
• Our intent is to engage a group of government agencies (our customer’s customer) to help them identify their mobile data needs and the benefits of mobile data and higher bandwidth technology
• Agencies can use the data to justify technology purchases, as part of supporting material for grant applications or for budget audits
• Successful engagements will be result in a case study and potentially the joint opportunity to take part in a live wireless High Speed Data (HSD) pilot.
• Lucent has already begun pilots with several other government customers and as well as enterprise customers.
Government Customer Engagement Program
22Lucent Technologies
Back-Up Slides
23Lucent Technologies
3G Security Enhancements in CDMA2000
• ESA: Enhanced Subscriber Authentication– Mutual Authentication of Mobile and Network to each-other
• Prevents Network Impersonation and possible Repeat Attacks.
– Authentication of Message Contents Integrity• Prevents Contents Modifications and Session Hijacking.
– Strong Public Algorithms with Large Keys (128-bit).• SHA-1 in 3GPP2 for CDMA2000;
– Full Backwards Compatibility and Interworking.
• ESP: Enhanced Subscriber Privacy– Encryption of All Information Bearers.
– Strong Encryption Algorithms with Large Keys (128-bit).
• AES in 3GPP2 for CDMA2000
24Lucent Technologies
VPN Security
• A virtual private network (VPN) allows the creation of a secure, private access over public networks. It is called "virtual" because it depends on the use of temporary connections that have no lasting physical presence.
IPSec addresses the need for endIPSec addresses the need for end--toto--end security from wireless end security from wireless terminal to Enterprise Intranetterminal to Enterprise Intranet
– A VPN provides an encrypted, encapsulated path for access to a corporate network across public networks
– IPSec VPN protocols are used for end-to-end integrity across any public networks (xDSL, Cable and Wireless media)
– IPSec - DES, 3DES: Digital Encryption Standard, DES uses 56-bit key, 3DES is an enhancement of DES with an effective key length of 168-bit
– IPSec future support - AES Advanced Encryption Standard (Govt. standard), 128, 192, 256 bit keys
25Lucent Technologies
Additional Types of Security
• Device Security– Blackberry – FIPS 140-2 certified
– Roaming clients – IBM WEA/WECM – FIPS 140-2 certified
– NSA approved devices – Qualcomm QSEC (Condor device)
– Biometric readers on devices – Itronix laptops and Compaq handheld devices
• Application Servers– Sun Solaris – Common Criteria Certified (EAL4)
• Digital Certificates – PKI– Diversinet Wireless PKI
