Is anyone else listening?

In 1894, Guglielmo Marconi, while attending the Livorno Technical School, read an article that would help shape history. It outlined the possibility of using radio waves to communicate, and it immediately intrigued him. A year later, the Bologna, Italy native had successfully sent and received a signal that stretched from his home into the garden, and later to approximately two miles. Marconi first went to the Italian Ministry of Posts and Telegraphs with his findings, but they weren’t interested. So, it was off to Britain. Two years later in 1898, the first Marconi radio factory opened in Chelmsford, England.

So, much like jazz legend Miles Davis’s album The Birth of Cool reshaped the jazz scene in the 1960s, Marconi’s findings revolutionized the wireless world. Over a century later however, the wireless industry for all its progress has found an enemy in its garden: a lack of security is inhibiting its growth.

In 1997, the Institute of Electrical and Electronic Engineers (IEEE) accepted the 802.11 specification for over-the-air transmissions. Later, the 802.11b, which is considered backward compatible with the original standard, was introduced. The standard provides transfer rates of up to 54Mbps on a 5GHz band, but the wired equivalent privacy (WEP) security protocol which was designed to protect it isn’t as secure as once thought.

For the better part of 2001, hackers have demonstrated their ability to intrude with impunity. “The problem with the 802.11b is related to the fact that the wired equivalent privacy (standard) was made so easy for the sake of interoperability…And it just doesn’t work at this point,” said John Girard vice-president, research director, at the Gartner Research Center in Stamford, Conn. The WEP algorithm has several functions: to protect wireless communication from eavesdropping, to prevent unauthorized access to the wireless network from taking place and to rely on a secret key that is shared between an access point and the mobile workstation.

Fellow analysts support Girard’s theory. “The 802.11b seems to be the standard wireless encryption standard that is being used right now. And there are a lot of holes in there,” said Warren Chaisatien, analyst at IDC in Toronto. In the wireless world the privacy, protection and integrity of the data that is being transmitted are all real security concerns at this point, he said.

Steve Hunt, vice-president of research at Giga Information Group in Chicago said the quality of a wireless standard is not necessarily a determining factor in its adoption. What wireless is all about is the devices – those PDAs that are becoming increasingly popular for scheduling, calendaring and e-mailing. So whether it’s a PDA or a cellular phone consumers are using, there are some real concerns. “The biggest problem with wireless security in wireless devices is the quality and efficiency of the encryption used to connect that device to a wired network,” he said.

All may not be lost, however. In the wired world, SSL (Secure Socket Layers) and TLS (Transport Layer Security) help to provide authentication and a secure connection between two applications transferring data. In the wireless world, VPNs (virtual private networks) are now being closely examined as a way of ensuring privacy.

“Since VPNs are interoperable across networks and platforms, why bang your head against the wall trying to come up with the ultimate link access privacy protocol to replace WEP…Just make sure everyone is running a VPN,” Girard said. VPNs can move the data that is transmitted wirelessly, and it is encrypted so that when the information is being retrieved, it remains ciphered and secure.

However, according to Jim Barnet, the sales and marketing manager at Field Worker Products Ltd. in Toronto, handheld devices are secure in an off-line mode. Security becomes more of a concern when connecting wirelessly and that’s where VPNs will come in.

When PDAs and other handheld devices were first introduced, a password was often the most common form of security. For example, if a password is repeatedly entered incorrectly in one device all the information on that device is wiped out on the tenth attempt. This may make it more secure, but it’s also extremely inconvenient considering you would lose everything and would have go back re-enter all your phone numbers and re-schedule your life.

the wave of the future

Biometrics are another possible authentication technique. They rely on physical characteristics that can be automatically checked against a database for authentication or identification. Some of the major areas of this technology include voice, fingerprint, facial characteristics, iris and signature authentication.

Imagis Technologies is a Vancouver-based facial biometrics company. One of its customers is the RCMP. The company responded to a demand from the RCMP, which was having some difficulties booking suspects who refused to give officers their names . The company created a database using mug shots for the officers to use to identify suspects. The Imagis software creates a digital string of the suspect using the officers’ laptops and wirelessly sends it back to the database where it looks for a match within the criminal database. Imagis president Iain Drummond said those digital strings become the suspects’ digital facial signature.

On the signature authentication side, Ottawa-based Cloakware has a product that is intended to replace passwords on PDAs. The solution measures the speed, shape and acceleration of the strokes and how the signature is written. There is also a signature-verification algorithm that checks the signature. Alec Maine, the vice-president products and services at Cloakware, said one of the advantages is that it is “a local biometric verification template, and the verification happens right on the device.” Security is provided by the company’s tamper-resistant software, according to Maine.

Will biometrics fly? “I certainly think that the signature will take hold just because it’s used a lot in contract situations. And voice will also be a strong runner because people find the technology easy to use,” said Barb Silfies, senior manager, communications industry, at Deloitte & Touche Consulting in Dallas.

“The value of biometrics is, when it is used in conjunction with other authentication methods, it improves the confidence of the authentication,” Giga’s Hunt said.

one of a kind

PDAs certainly are taking off. But whether all of the various handheld devices out there – phones, pagers and PDAs – will eventually converge into one still remains to be seen.

“In an ideal world it would be great to have one device. The problem is that the converged device is a compromise on both sides,” said Jim Connor, manager of electronic services technologies at Royal Bank of Canada (RBC) in Toronto. Connor is not exactly what you would call a typical user, as he actually tests mobile devices to see how RBC clients could potentially use their PDAs in the future. At the time of the interview, he was using both the Palm Vx and the Compaq iPAQ, using the latter for wireless banking applications.

Price may be another stumbling block to convergence. “I’m waiting for a convergence type of model and I wouldn’t mind paying for that at a more reasonable price point,” said Mihir Shah, alliance manager at Sigma Systems in Toronto. Shah has used a Palm for the past three months for calendaring and keeping track of his contacts. He said he’s not concerned about security issues though, commenting that the devices themselves are secure.

Karen Lopez, who has used the Compaq Pocket PC for well over a year, disagrees. “There are lots of easy ways to break through that security. I’m not sure I would use it on mission-critical systems or systems that had sensitive data – not today,” said Lopez, the principal consultant at Info Advisors in Toronto. And while she too would like to see convergence, she laments the short battery life on today’s devices.

While there are converged devices available, that other wireless device – the cell phone – looks like it may hang on to its independence a little longer.

There’s a lot of talk today about moving from 2.5G to 3G. However, even if bandwidth increases, most devices are not yet capable of handling complex images .

From Bell Mobility’s perspective, the benefit of moving to 3G “is what we call the ability to put an increased number of subscribers on the same network without having to roll out new technologies (and) 3G also brings a high global standard,” said Larry Baziw, director of wireless Internet applications at Bell Mobility in Mississauga, Ont.

But as Barnet of Field Worker points out, the applications that will drive the need for more bandwidth don’t even exist yet, and the devices themselves can’t support functions such as streaming videos.