Mobile Network Blocks Tappers
Hardware, software provide encryption at the touch of a button.
A wireless communications system offers government organizations the potential to shield both data transmissions and users’ geographic locations. The scalable technology can operate in stand-alone networks or through existing public cellular providers, allowing users to make secure calls from almost any location. An optional central administration capacity allows increased security and administrative capabilities, such as the monitoring and control of every participating mobile telephone or handheld computer.
Voice and data transmission on global system mobile (GSM) networks is a fast-growing facet of the telecommunications industry. Intense competition has kept prices low, fueling further expansion in global markets. While this growth continues in the commercial sector, many government agencies are wary of creating GSM networks of their own because the technology has a reputation for being easy both to tap and to be used to pinpoint callers’ locations, experts say.
One possible solution is a family of secure communications products produced by Siemens AG, Munich, Germany. Called TopSec GSM, the technology is designed to provide scalable data and location security for wireless messaging.
Matthias Stump, director of solution line management with Siemens’ information and communication networks, distribution international security sector (ICN VIS), explains that the development of TopSec was driven by the company’s local and international clients’ needs. ICN VIS is the company’s German acronym. Siemens’ ICN VIS specializes in meeting government, military and police organizations’ requirements, he says.
The company’s security strategy revolves around two systems. The first is the TopSec product line, which consists of a GSM telephone, fixed network devices and a personal computer memory card interface association (PCMCIA) card for wireless data transfer. The second system comprises data security module (DSM) link encryption devices to encode voice, data and signaling information in a mobile network.
The most visible part of TopSec GSM is a shielded and encrypted cellular telephone based on the Siemens S35 mobile telephone. Designed to look like a commercial portable telephone, it can operate within existing commercial mobile and fixed networks. The telephone has built-in security features that can be controlled from an administration center.
Centralized administration allows an organization to control all equipment, codes and lines from one location. Such security management systems offer high levels of protection against outside spying, Stump says.
Customers can also set up their own GSM networks. However, while many organizations prefer to use their own people to operate a network, it is very expensive to buy a GSM network. One solution is for several government agencies to pool their resources to purchase a network and obtain encryption at a lower cost, he says.
Various types of encryption software can also be uploaded into the telephone. Both encrypted and open calls can be made, allowing users the flexibility to choose whether to send a secure message, Stump says.
Encrypted calls can be placed between two TopSec GSM mobile telephones or between a TopSec mobile telephone and a TopSec integrated services digital network (ISDN) fixed network device. To make a secure call, a user dials the number then presses an additional button that automatically establishes a secure connection between both devices. Because it takes only a single button to switch to a secure mode, users can make encrypted calls in a public area without drawing attention, Stump explains. A 1,024-bit asymmetric algorithm encrypts the call. Once both devices are connected, Siemens officials claim, it is impossible to tap the transmission.
TopSec GSM also can be used with other wireless devices, such as notebook computers, because the encryption algorithm can secure both voice and data transmissions. This technology can be integrated into the PCMCIA card and with other TopSec modules. The Siemens product allows users to communicate within a GSM network or other wireless systems; however, secure calls can be made only between TopSec devices, Stump explains.
The Siemens security system also prevents spies or attackers from pinpointing the location of a GSM transmission. Stump notes that cellular telephones use two channels to send a message. One wavelength contains the actual message, and the other carries signaling information identifying the caller to the cellular system. Even if the message content is shielded, observers can pinpoint the location of the caller to within 300 meters (990 feet) because the signaling channel identifies which cell is being used. “It is a fact that intelligence agencies are collecting data internationally. They can monitor where people stand in a building when they make calls and whom they call to create user profiles,” Stump says.
To thwart such intelligence gathering, Siemens offers DSM link devices that are installed in a network’s external dialing and transmission nodes and secure lines over long distances. Stump explains that the DSM link devices are used in areas where two or more locations regularly communicate over a fixed or GSM network. However, this level of security is available only if a client controls its own local network. This would include military bases, government agencies and some private companies that require high security levels for internal communications, he says.
The DSM devices do not affect data transmission speeds. Transmission speeds of 2 megabits per second are possible on a connection with a DSM box at both ends. Bandwidth also can be increased by operating several DSM devices simultaneously, Siemens officials claim. An important component is a crypto smart card that stores encryption data, allowing confidential communication with an administration center.
TopSec GSM can be scaled to meet a customer’s particular requirements with the most basic service provided by the company’s shielded cellular telephones and ISDN devices. Data and telephone numbers also can be protected through the basic package.
For more extensive use, however, Siemens helps customers create a maintenance organization to administer the GSM network. Stump recommends that clients interested in creating a secure network establish a manned operations center. These facilities usually have a staff of five to 10 people who monitor the network and handle emergencies such as lost telephones and smart cards.
Stump explains that one major difference between a government ministry, military or police organization and a civilian telecommunications firm is how lost equipment is treated. If a civilian customer loses a telephone or card, the provider will replace the item. However, if a government or military official loses an encrypted device, there can be major security repercussions. “Security is not only the result of technology. It is the result of organization—security is a process,” he states.
Centralized administration is offered as part of a high-security communications solution featuring hardware and software components that allow convenient central management. Each device in the network is certified. Before a secure connection is made, each device’s certificate is automatically verified.
All TopSec GSM devices in a network can be monitored, remotely disabled and deactivated by the operations center if they are lost or misused. Security management system software monitors and allows immediate access to every installed component in the system at all times. Administrators can remotely and automatically change codes, configurations and identifiers on a regular basis. If someone tries to alter or manipulate any of the hardware or programming in a device, a signal is automatically sent to the administration center, Siemens officials say.
By creating a central services organization, closed user groups can be set up and administered, Stump says, by formulating “black lists”—lists of encrypted telephone numbers within an organization or government ministry. These rosters are not limited in size. As an added security layer, the telephone’s encryption mechanisms can be programmed to allow secure calls only to specific numbers on one or more black lists. The encrypted calls will go through only to similarly equipped TopSec devices.
Security also can be provided for specific areas. While it is impossible to completely secure an entire country, it is possible to set up secure “islands,” such as a headquarters building or a military base. Stump notes that a flexible aspect of the technology is that the space between the islands does not have to be secure to have encrypted communications. The TopSec GSM product line became available this February.