Advantages of FOTA for Mobile Security.pdf

1Advantages of Firmware Over the Air (FOTA) for Mobile Security Gene Wang Chairman, OTA Flash Forum CEO, Bitfone Corporation 2First, a Quiz: Q: What are paraskevidekatriaphobics? A: People afflicted with a morbid, irrational fear of Friday the 13th Q: What percent of Americans suffer from this condition? A: 8% Q: What do these notorious killers have in common? Jack the Ripper, Charles Manson, Jeffrey Dahmer, Theodore Bundy and Albert De Salvo A: 13 characters in their names 3What is OTAFF? A “safe” acronym for a 13-letter name! Special Interest Group focused on OTA device management Founded in June 2003, now 32 members Submits recommendations to OMA ? Firmware Update Mgmt Object (FUMO) Publishes “best practice” white papers: ? FOTA Interoperability ? End-to-end FOTA Security FOTA Security Mobile Security are 2 of the 4 Top Priorities in 2005 4Reviewing Intruder Capabilities - Eavesdropping - intruder picks up signals and data connections associated with other users; requires a modified MS - Impersonation of a user - intruder sends signal and/or user data to the network, which interprets data as originating from a target user; requires a modified MS - Impersonation of the network - intruder sends signal and/or user data to a target user, who interprets the data as originating from a genuine network; requires a modified BS. - Man-in-the-middle - intruder places itself in between a target user and a genuine network and has the ability to eavesdrop, modify, delete, re-order, replay, and spoof signals and user data messages exchanged between the two parties; requires modified BS in conjunction with a modified MS. - Compromised authentication vectors in the network - intruder possesses a compromised authentication vector, which may include challenge/response pairs, cipher keys and integrity keys. This data may have been obtained by compromising network nodes or by intercepting signal messages on network links. Ref: 3G TR 33.900 V1.2.0 (2000-01) 8 3G