Re: Security on CDMA for Banking Applications

[Alessandro Bottonelli <a.bottonelli () axis-net it>]

On Tuesday 29 March 2005 22:17, Nick Owen wrote:
> I would add to this that each carrier has different network
> configurations that can affect security.  
Yes, you're quite right. I assumed (unnecessarily) we were talking about a 
radio link directly managed by the bank with no carriers involved. This is 
not necessarily the case. If a carrier is supplying the link, they must be 
involved in the security setup. The best way is to ask for a transparent 
radio link, pure and simple linking. Whatever gets in on one side, gets out 
on the other (be it voice, data, IP, ATM, or a proprietary protocol).

> Just to complicate things, one carrier wouldn't take our encrypted
> messages unless we said it was a bitmap image ;).
;-) 

I wonder why they would do so. A carrier shoud be a ... carrier. If they stick 
their nose in what they carry from point A to point B, they might loose their 
status of "common carrier" (the same status airlines, post offices and the 
like enjoy all other the (free) world).  Just like the post office doesn't 
ask you what's inside the envelope you mail through them, as long it is of 
standard size,  I don't see a reason for a carrier (or even an ISP) to get 
into what is a (say) an IP packet as long it is correctly formatted.

In some EU member states they also try to resist the idea of encrypted traffic 
being fed into networks (the idea being that it would make it more difficult 
for police agencies to monitor (legally) such traffic). Yet, it's not really 
enforced.

-- 
Alessandro Bottonelli
Axis-Net (Privacy & InfoSec Consulting)
Tel. +39 02 93595859
Fax. +39 02 93590544
Web. http://www.axis-net.it