Maximizing Security – CDMA and its Contribution to Homeland Security
Michael Iandolo Vice President, CDMA Product Management Lucent Technologies Who thinks Wireless is Critical for Homeland Security? “Commercial services offer public safety flexible, convenient “There is growing demand for wireless communications for both daily and disaster operations” technology…drivers for this trend come from several McKinsey 9/11 report different directions…in DOD, it’s the need to support “GPS and “We operate the fourth largest database in the first responders and develop a more mobile geolocation via military.” GSA world, but it doesn’t do our folks in the field “There are several efforts underway wireless phones much good if they can’t get access to it…As to address secure access to critical may allow more wireless systems are implemented, data to protect the lives of first vehicles as probes Customs wrestles with critical issues like responders. For example, first to supplement bandwidth, signal strength, coverage and responders could receive information critical security.” Woody Hall, CIO Customs about where emergency exits are infrastructure located through a PDA when lost in a data. ITS “Crucial to DHS mission are building.” Steve Dawson, CTO, NJ technology geospatial software, knowledge combined with “Wireless modem terminals equipped with management, infrastructure, wireless and CAD GPS provide a more efficient way to respond wireless, collaboration, modeling can provide EMS to a health threat. A gift by the Marcus and simulation, middleware and the capability to foundation enables the CDC to make broad database technology.” Steve receive timely use of location- based wireless services for Cooper, CIO DHS notice of an mobile field operations.” CDC “long term goal of Operation Safe incident, be “Not only must information be secure, it must City is to integrate the system with efficiently routed be part of the enterprise in such a way that the handheld devices that police and to the scene and wireless infrastructure is connected to it. firemen can use in the field in order hospital” DOT 10 We’re looking to try to expand some of to send data about buildings in their year plan for ITS information services to cell phones, PDAs,…” areas of responsibility to a central FEMA data warehouse.” City of Boston Lucent Technologies 2 CDMA2000 Benefits for Homeland Security
• Supports the bandwidth needed for wireless data applications to be viable • CDMA2000 1X offers unparalleled voice capacity: 1xEV- DO delivers unmatched data capacity • Allows selective deployment where/when it is most needed: Backwards compatibility of CDMA2000 provides advantage of seamless co-existence of 2nd and 3rd Generation systems. • Provides high levels of security • Offers broad terminal availability
Lucent Technologies 3 Why CDMA for Homeland Security?
3G Wireless is necessary to supplement current Land Mobile Radio (LMR) voice networks First Responders’ use • LMR is Costly • Expensive equipment • Dominance by very few vendors • As 9/11 demonstrated, lack of interoperability is a serious problem • Proprietary protocols • Very fragmented spectrum • With the low data speeds of P25 systems there are limited applications – Narrow band technology good for voice but only enables low-speed data – Encryption requires higher air-interface capability for quality
Lucent Technologies 4 Why CDMA for Homeland Security?
Limited use of mobile data now and limited speeds • Lack of access to Mobile Data for First Responders – 2.5 Million First Responders and only 150K using wireless data now • Most First Responders that have access to mobile data are limited to very low speed networks with average speeds of 9.2 kbps to 19.2 kbps • Large number of public safety agencies utilizing CDPD, which is being discontinued over the next two years • Only 3G can support the additional security and speed required for Homeland Security
Lucent Technologies 5 Why is CDMA a Better Choice than GPRS?
• Better Security – In contrast to GSM/GPRS networks, neither CDMA2000 1X nor the earlier cdmaOne have fallen victim to attacks – CDMA2000 1X has very strong authentication mechanisms through the use of multiple keys and 128-bit radio link encryption – Spread-spectrum technology makes use of pseudo-random codes • CDMA Provides Better Coverage • Faster Speed and Better Capacity – CDMA2000 1X (peak rates) • 1x rel.0: 153.6 Kbps DL & RL • 1x rel.A: 307 Kbps DL/ 153.6 Kbps RL • 1x rel.D: 3.1 Mbps DL/ 1.5 Mbps RL (in the near future) – GSM/GPRS/EDGE (peak rates) • GPRS: 9.6 to 22 Kbps per time slot in packet mode • EDGE: up to 59 Kbps per time slot in packet mode
Lucent Technologies 6 Spread Spectrum Provides Inherent Privacy of All Information (Voice, Data, Signaling)
• Code Division (CDMA) signals are more difficult to tap than Time Division (GSM/TDMA) or Analog signals via: – Signal Spreading – Soft hand-off – Long Code Mask • Enhanced Subscriber Authentication (ESA) and Enhanced Subscriber Privacy (ESP) provide key security enhancements • Security is further enhanced at device level • To date, there are no known or commercially available CDMA2000 interception devices
Lucent Technologies 7 Packet Data Security Architecture User Credit Authentication VPN - End-to-End Protection
Bank Centralized Authentication, Authorization, Policy enforcement, Accounting (AAA) accounting billing
Network-layer authentication and authorization
Over the air coding and encryption Wireless Core Network Wireless Radio Network MSC & PDSN HLR/VLR/AAA Internet Wireless servers Routers application servers
Lucent Technologies 8 CDMA2000 Meets Federal Security Source: Federal Wireless Requirements Policy Committee Federal Security Requirements 3G CDMA Wireless Goals
Confidentiality – the protection of Protect session information and user data, signaling, identification prevent unauthorized access to and location user traffic Integrity – the protection from Protect session from hijacking insertion, deletion, modification which provides integrity protection or replay of data (prevents tampering with user traffic) Authentication – the assured Protect system resources through identification of the user, terminal authentication of users and carrier Availability – Obtain access to Mutual authentication of mobile service and prevent denial of and network to each other service attacks prevents network attacks Lucent Technologies 9 Beyond Security- Why is CDMA Necessary for Homeland Security?
• Enables First Responders to utilize critical applications that are not possible on slower speed LMR, Mobitex and CDPD networks – Mapping/Location Based Services – critical infrastructure protection – Video Streaming – incident scenes, security – Digital Image transfer – disaster scene – Large files transfer – records, on-line manuals, emergency protocol – Biometrics – facial recognition – Bioterrorism detection and response – sample analysis, plume tracking • Enables First Responders to communicate and respond in real-time • Enables First Responders to better utilize the technology they already have
Lucent Technologies 10 Public Safety / Homeland Security Applications
Police and EMS Video Applications PROTECT • Provides Chem/bio alarms, video, and facial recognition • 1.2 Mbps throughput required
! Medical Consult, “virtual” backup, and incident pre-assessment are all critical ! 240 kbps per user (bi-directional) for full motion, medium resolution video
CapWIN
! Messaging, incident command, and database access across jurisdictions and functional disciplines ! High quantities of medium speed (80 kbps) users for rapid image distribution
Source: DC Office of Technology Lucent Technologies 11 GPS/GIS/Location Based Services
Route Navigation First Responder Tracking
Traffic Conditions
Critical Infrastructure
Health Threats Crime Mapping Container Tracking MultipleMultiple Uses Uses for for Location Location
Lucent Technologies 12 Try Downloading this GIS Image Over 19.2 kbps (Event Management Application)
Lucent Technologies 13 Biometrics
Fingerprints Facial Recognition Retina Scanners
Mobile Fingerprint Scanners Smart Cards IncreaseIncrease effectiveness effectiveness of of Biometrics Biometrics withwith 3G3G MobileMobile HighHigh SpeedSpeed DataData
Lucent Technologies 14 Video
Real-time Patrol Car Video Disaster Communication Dispatch Centers
Image Transmission from Crime Databases 3G3G Mobile Mobile High High Speed Speed Accident Scene Data-Data- a a good good fit fit for for Mobile Mobile to Trauma Center VideoVideo Lucent Technologies 15 Large File Transfer – Incident Management System: Many types of information that need to be shared and stored
•Incident type •Traffic Flow/Transportation •Driver history requests •Incident location Network status •Intelligence •Who is on scene by agency and •Equipment deployed Information unit •Universal health precautions •Crime •Whose jurisdiction •Weather patterns/mapping •Notification of Other Agencies •Land Property •Location injured •Available routes to scene •Media Interaction •Hospital capability and •Danger areas at scene (Hazmat, •Lookouts status Weapons) •Officer in distress Notification •Wanted vehicle •Chem/Bio threat •Premise history notification •Number and type of vehicles •Concealed weapon permits •Sensory Capabilities involved •Escapees •CAD data •Road closures and lane •Condition of Release and •Records management blockages Repeat Offender files information •Number and description of •Domestic/Protection orders •Accident scene photos person involved •Recovered stolen auto •Number and type of injuries information Source: CapWin •Resources needed •Mugshots •Buildings and layouts Moving beyond Link-n-Sync •Protocols Moving beyond Link-n-Sync Lucent Technologies 16 Lucent’s Homeland Security Wireless Network Concept • Now: Utilize commercial networks for mobile data applications for First Responders with no mobile data, or for lower speed network migration • Long-term: A dedicated, national wireless capability- Initially for High Speed Data (voice capability to follow) for Government users. This network provides: – Interoperable, secure communications – Customized features not available through commercial service – Critical “hot spots” – Cost savings over private networks – Ability to leverage existing commercial networks for national coverage • Additional spectrum required for long-term opportunity – Possible options: 700 MHz, 800 MHz, 1900 MHz – All options have complications: unlikely to be resolved prior to late 2004-2006. – Legislative action needs to be taken now if spectrum is to be available in even this delayed time-frame Lucent Technologies 17 National Homeland Security Wireless Network (2005-2008)
• Network will provide high speed data and voice capability for: – National security community (military, FBI, INS, customs, etc.) – Public Safety (law enforcement, fire fighters, EMS, etc.) – Crisis Mode “Business Continuity” for government operations (Social Security Administration, Postal Service, etc.) • Requirements – Grass roots public safety coalition to support campaign for spectrum for wireless national network – Champions within Executive Branch (DHS, DOD, DOJ) and Congress for establishment and funding for national network – Successful pilot projects with public safety end-users at 700 MHz and/or 1900 MHz
Lucent Technologies 18 District of Columbia Wireless Pilot Data Program • First Responders need better tools than the terrorists. – High speed wireless technologies will provide critical applications to assist with homeland security/ public safety threats. D.C. government’s current networks and spectrum allocations do not enable these types of critical applications. – D.C. is procuring a pilot system using 3G data technologies to address these critical gaps, scheduled for deployment in 2004.
• D.C. and other major municipalities (New York City, San Diego, Denver, Phoenix, Montgomery Co., MD, the State of Delaware and the U.S. Park Police) have formed The Spectrum Coalition to urge Congress and the administration for additional spectrum to deploy high speed mobile data.
Lucent Technologies 19 Why Lucent?
• Lucent is actively engaging the Public Sector through Local, State and Federal opportunities – President Bush assigned Russo to NSTAC – Actively lobbying support to free up public safety spectrum – Lucent critical in forming Wireless Emergency Response Team after 9/11 – Lucent Chair NRIC for Physical Security Subcommittee – Worked with DynCorp to define requirements for Wireless Priority Access • Leverage our unmatched expertise in spread spectrum technologies • Developing partnerships with best-in-class government players to provide differentiated end-to-end solutions • Lucent Worldwide Services to design/implement/maintain 3G networks • Lucent Bell Labs extensive history of innovations for government
Lucent Technologies 20 How Can Lucent Help You? Government Customer Engagement Program
• Lucent believes 3G technology will benefit mobile professionals in the public safety and homeland security arena by bringing new productivity benefits to their jobs.
• Our intent is to engage a group of government agencies (our customer’s customer) to help them identify their mobile data needs and the benefits of mobile data and higher bandwidth technology
• Agencies can use the data to justify technology purchases, as part of supporting material for grant applications or for budget audits
• Successful engagements will be result in a case study and potentially the joint opportunity to take part in a live wireless High Speed Data (HSD) pilot.
• Lucent has already begun pilots with several other government customers and as well as enterprise customers.
Lucent Technologies 21 Back-Up Slides
Lucent Technologies 22 3G Security Enhancements in CDMA2000
• ESA: Enhanced Subscriber Authentication – Mutual Authentication of Mobile and Network to each-other • Prevents Network Impersonation and possible Repeat Attacks. – Authentication of Message Contents Integrity • Prevents Contents Modifications and Session Hijacking. – Strong Public Algorithms with Large Keys (128-bit). • SHA-1 in 3GPP2 for CDMA2000; –FullBackwards Compatibility and Interworking. • ESP: Enhanced Subscriber Privacy – Encryption of All Information Bearers. – Strong Encryption Algorithms with Large Keys (128-bit). • AES in 3GPP2 for CDMA2000
Lucent Technologies 23 VPN Security
• A virtual private network (VPN) allows the creation of a secure, private access over public networks. It is called "virtual" because it depends on the use of temporary connections that have no lasting physical presence. – A VPN provides an encrypted, encapsulated path for access to a corporate network across public networks – IPSec VPN protocols are used for end-to-end integrity across any public networks (xDSL, Cable and Wireless media) – IPSec - DES, 3DES: Digital Encryption Standard, DES uses 56-bit key, 3DES is an enhancement of DES with an effective key length of 168-bit – IPSec future support - AES Advanced Encryption Standard (Govt. standard), 128, 192, 256 bit keys
IPSec addresses the need for end-to-end security from wireless terminal to Enterprise Intranet
Lucent Technologies 24 Additional Types of Security
• Device Security – Blackberry – FIPS 140-2 certified – Roaming clients – IBM WEA/WECM – FIPS 140-2 certified – NSA approved devices – Qualcomm QSEC (Condor device) – Biometric readers on devices – Itronix laptops and Compaq handheld devices • Application Servers – Sun Solaris – Common Criteria Certified (EAL4) • Digital Certificates – PKI – Diversinet Wireless PKI
Lucent Technologies 25