9.5 END-TO-END ENCRYPTION IN A MOBILE NETWORK
We have established that end-to-end encryption is the optimal solution for protecting confidential user information. Moreover, the use of encryption helps us to provide a secure channel for authentication; some of the encryption techniques even lend themselves to authenticating in a strong manner. With WAP 1, end-to-end encryption is simply not possible, though we can get quite close; matters can be made relatively secure if we can properly secure the gateway itself.
An important realisation is that with digital cellular networks, and with other wireless networks like 802.11, despite the ability to achieve OTA encryption, this does not allow us to be lax about application-level, or transport-level encryption end-to-end. Air interface protection is only one small part of the problem. In fact, if application-level or transport-level encryption is in place, then arguably we can dispense with air-interface encryption altogether (for data transfers, in any case, although we still need the encryption to protect other types of information such as voice traffic).
Given the issues with WAP 1, how can we achieve end-to-end encryption in a mobile application? Well, firstly we should point out that our current security consideration has been within the context of established software architecture paradigms, particularly the client–server approach based on the link–fetch–response, or browser, modality using HTTP or HTTP-like protocols.
As we shall ...
Get Next Generation Wireless Applications: Creating Mobile Applications in a Web 2.0 and Mobile 2.0 World, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.