Wireless and Mobile Network Security Personal Risk and Control Templates

Wireless and Mobile Network Security Personal Risk and Control Templates

1. Read access to private data
this risk includes unauthorized reading of the consumed, produced or transmitted content. An example is wire tapping or snooping, i.e. a passive reading of data during their transmission over a telecommunications network. Motivated by privacy protection, this category also includes read access to administrative data related to the access profile (such as personal identity, location, use statistics and billing).

2. Modification of private data
an unnoticed change in the private data cited in the preceding section is a risk, because it can lead to taking control of the private data, to changes in usage statistics, accounting, etc. Note that depending on the used technology, modification does not necessarily imply read access. An example is the blind change of encrypted frames on a wireless link that uses the WEP encryption scheme according to the IEEE 802.11 standard.

3. Rogue services
in the digital virtual world, the user runs the risk to connect to a rogue service. This may be due to technical faults: the examples include access to a rogue access point in a wireless network, redirecting to a fake Web server and impersonating the network.

4. Non-contractual access properties
the user runs the risk of not obtaining contractual access properties such as the reliability of access, the negotiated data rates, time and duration of connection, etc.

5. The fragility of the execution platform
Along with the information about the source, destination and data protection discussed above, the user must care about the integrity of the platform and the used programs. If the used platform is not reliable, malicious access (through a virus, a Trojan and any type of 'malware') to the private data of the user, including the user’s identity and credentials is possible.

6. Identity usurpation
Identity usurpation is a major risk to authorized users, since any act committed under a spoofed identity can be falsely attributed to an authorized user. This in turn allows access to and the ability to modify private data, etc.