Franklin Heath Ltd

Master Your Information Assets

  • Categories

  • Meta

Archive for the ‘Network Protocols’ Category

Comparing the Security of Low-Power Wide-Area Network Technologies

Posted by Craig H on 2 May 2017

I was recently asked by the GSMA to undertake an independent study looking at the security of various LPWA (Low-Power Wide-Area) network technologies. I took on the project because I find it a very interesting topic; these types of network are targeted at IoT (Internet-of-Things) devices, an area I have been working on over the last couple of years with IoTUK and the IoT Security Foundation. One of the main challenges of the IoT space is in making trade-offs to accommodate low-power and low-cost devices, and security is one of the things that might be traded off.

You can download the 20-page report here.
Read the rest of this entry »

Posted in Cryptography, Internet of Things, Network Protocols, Risks | 1 Comment »

Apps for the Paranoid Needed?

Posted by Craig H on 4 January 2010

I can’t let Karsten Nohl‘s presentation at 26C3 go without comment. To be clear, he was only talking about weaknesses that were already known (so headlines like “Secret mobile phone codes cracked” are at best misleading) but his purpose was to demonstrate that those theoretically known attacks are now practical. His point is a very valid one, and holds for most (all?) cryptographic algorithms: researchers will discover more efficient attack techniques, and technology will evolve to make such attacks practical, so you’d better design your cryptographic protocols so you can switch to different algorithms if and when the future need arises.* Happily this is the case for the GSM protocols, and all (!) that is needed is for the phone manufacturers and network operators to deploy the A5/3 algorithm and we can all go about our business.

That said, there is an interesting point made, almost in passing, in the presentation. Read the rest of this entry »

Posted in Applications, Network Protocols, Privacy | 3 Comments »

Femtocells and Security

Posted by Craig H on 25 June 2009

The Femtocells World Summit is in London this week; I haven’t attended, but I have seen articles about it that have me wondering whether there are interesting security issues emerging.

First, what’s a femtocell? Essentially, it’s a short-range, miniaturised version of a mobile phone mast. However, instead of being directly plumbed in to the phone network, calls made through a femtocell are routed over broadband Internet connections so they can be used in areas where the normal phone network coverage is poor or non-existent.

Read the rest of this entry »

Posted in Network Protocols, Privacy | 8 Comments »