Embed Size (px)
Citation preview
Close to a billion people use GSM mobiles. "To have been part
of that is the greatest thing in my career", says Mike Walker,
Director of Group Research and Development at Vodafone. "And
from a security point of view, that's nearly a billion SIM cards that
implement the security in GSM. I suspect there is not another
security product to that extent".
And yet, this is not sold as security. Walker believes that, in
telecoms at least, the customer has a right to security, and a right
not to have to see it. "It has to be buried to the user", he says.
Twenty one years after getting his cryptography Ph.D from Royal
Holloway & Westfield Colleges at the University of London,
Walker has come to the view that the role of security technology
should be to reduce the complexity of ICT systems to more
manageable proportions, and to do so discreetly.
"There is so much you can do now, with so many
interconnections, that there are just so many potential security
breaches", says Walker. He gives the example of the recent
Bluetooth exploit whereby the innocent mobile phone becomes a
sinister bugging device. "There is nothing insecure about the GSM
link as such, the vulnerability, rather, lies in the interconnections.
"You have so many different systems interacting with each other
now which, on their own are secure, but their interaction opens up
potential problems".
Problem solved, let’s move onWalker believes that "security is usually driven by a big problem,
and interest tends to taper off suddenly when the problem has
been solved. People don't really continue with the momentum".
One such big problem, in the history of mobile telecoms, was the
insecurity of analogue. "Analogue systems were dreadfully
insecure; there were stories in the press about calls being tapped
over the air, phones being cloned, and so on".
GSM was an answer. "That was its great strength: secure access
provided, and confidentiality assured using cryptographic
algorithms and devices".
Mike Walker reports to Vodafone's Group Strategy Director,
Alan Harker, who reports directly to CEO, Arun Sarin. As a
company, Vodafone has grown hugely, from its scattered base in
the Berkshire town of Newbury, to a wireless phones services
Behemoth, second only to China Mobile (Hong Kong). And it has,
famously, grown through acquisition. There is a view, often
expressed in the business media, that the company is now settling
down to a future of more organic growth. The acquisitions
machine built by Sir Christopher Gent is near to cruise control, on
this view.
What is the role of Research and Development at Vodafone,
within that broader story?
"We are doing a lot of work in collaboration with our
suppliers", says Walker, citing a joint technology centre with
Ericsson in Newbury and a similar centre in Milan, with Nokia.
He says the company is also looking at creating a centre in
Düsseldorf, with Siemens. And he describes Siemens as a
company he admires, "interesting in the breadth of work that
they do".
"These are all quite recent collaborations that are finding their
way", he says.
th
e
in
fo
se
cu
ri
ty
t
od
ay
i
nt
er
vi
ew
38In
fosecu
rity Tod
ayN
ovember/D
ecember 2004
Make the pain go away - security at VodafoneBrian McKenna,
Professor Michael Walker is the director of group research and development at £34bn turnover mobileoperator Vodafone. He spoke to Brian McKenna about the place of security in wireless telecoms.
GSM — from Whatis.comGSM (Global System for Mobile communication) is a digitalmobile telephone system that is widely used in Europe andother parts of the world. GSM uses a variation of time divisionmultiple access (TDMA) and is the most widely used of thethree digital wireless telephone technologies (TDMA, GSM,and CDMA). GSM digitizes and compresses data, then sends itdown a channel with two other streams of user data, each inits own time slot. It operates at either the 900 MHz or 1800MHz frequency band.
GSM is the de facto wireless telephone standard in Europe.GSM has over 120 million users worldwide and is available in120 countries, according to the GSM MoU Association. Sincemany GSM network operators have roaming agreements withforeign operators, users can often continue to use their mobilephones when they travel to other countries.
Source: http://searchmobilecomputing.techtarget.com/sDefinition/0,,sid40_gci213988,00.html
th
e
in
fo
se
cu
ri
ty
t
od
ay
i
nt
er
vi
ew
39In
fosecu
rity Tod
ayN
ovember/D
ecember 2004
Mapping the future, staking out choicesAccording to Walker, at Vodafone R&D they work hard at taking
the uncertainty out of the decision making process for the
business. "Our role is to present clear choices to the decision
makers. We map the future and provide the choices the company
needs to make".
Walker leads seven R&D centres world wide, made up of 200
workers, mostly in Munich and Newbury. It is a mix of
mathematicians, scientists and engineers, with a few social
scientists thrown in. “The sociologists look at the ways people
interact with mobiles, and ways the technology is changing
society".
One big recent achievement, in his view, is the group's success in
evangelizing for the evolution of Vodafone's network to IP. "We've
done a lot of business modelling there, helping the company to
understand the impact of that transition. To show, for instance,
the benefit of being able to run different services at the same time,
all in the one session".
To a great extent this transition is about the transmission of
data rather than voice. From a security point of view Walker
makes three points.
"First you have the question of application security. You can now
run applications on your mobile, and you can acquire those on the
air to your phone. So you are now into the area of viruses
spreading on to mobiles.
"Secondly, there is the consumption of content and the needs of
content providers to have their intellectual propert protected.
"And thirdly there is the security of the device itself. You have
multiple channels of communication from the device — Bluetooth
and infra red ports as well as 3G or GSM. So the whole device
needs to be secure. Here you are into digital rights management.
There is a lot of work going on there".
One of the significant achievements of GSM was that security
was just taken care of in the call. But now that you have web
access, online purchasing, and so on the environment becomes
significantly more complex, he says.
"You need to replicate the transfer of trust that you get with
roaming", says Walker. That works at the level of transferring trust
from one network to another, but "we now need to think about the
transfer of trust from one application to another, from one service
provider to another, and so on".
Inside Vodafone, a big part of his group's role is to "show the
business what you can do with the technology". He relates a recent
case of how the German R&D team showed the business how
integrated broadcast and cellular could work. They demonstrated
how all film trailers showing in Berlin could be downloaded onto
a mobile device. Multi-media services like this should be available
in two to three years time.
Putting out feelersMike Walker's own role, however, springs him beyond Vodafone
and on to standards bodies, into academia, and on to bodies where
industry interfaces with government. He is a member of the UK
DTI's Technology Strategy Board, a Fellow of the Institution of
Electrical Engineers, and a chair in Telecommunications at his
alma mater, Royal Holloway.
Curriculum Vitae1969 B.Sc.(Hons) in Mathematics from Royal
Holloway College, University of London
1973 Ph.D. in Mathematics from Royal Holloway & Westfield Colleges, University of London
1973 - 74 Royal Society Research Fellow at the University of Kaiserslautern, Germany
1974 - 83 Lecturer/Reader in Mathematics at the University of Tuebingen, Germany
1983 - 91 Head of Mathematics at Racal Research
1991 - 99 Head of Communications Security and Advanced Developments (later R&D) at Vodafone UK
2000 - Vodafone Group Research and Development Director
Walker: proud of GSM
He was the chairman of the European Telecommunications
Standards Institute (ETSI) RES3 Security Experts Group, the
group which designed the security features and algorithms for
DECT, the Digital European Cordless Telecommunications
system, from 1989-90. He also served as the Chairman of ETSI TC
Security — the technical body with responsibility for security
features in ETSI standards, from 1992-7. And he was Chairman of
ETSI SMG10/3GPP SA3 — the committees responsible for
GSM/3G security, from 1996-2003.
"If you are running R&D for any large company you have to
stay aware", he says, "through external relationships with
suppliers, academia, and government bodies”.
Walker's roots in Britain's academic infosecurity community run
deep. He was one of Professor Fred Piper's earliest maths PhD
students, at Royal Holloway, in the glam rock days of the 1970s.
And Professor Piper remains the figure in the field whom he most
admires. "He is someone able to bring out the best in people, a
great listener who is not unduly directive".
Walker, a dyed in the wool mathematician, says that an R&D
function needs engineers and others as well. He captures the
difference between engineers and mathematicians. "When faced
with a problem, an engineer will rush off to simulate and build
something, while a mathematician will sit down and work things
out logically, with analytical techniques, before worrying about
simulating. You need a balance in R&D".
Professor Walker worries, however, that the UK and Europe are
losing their way in the field of telecommunications and IT. "There
is a huge amount of work being done in Asia now. Japan, Korea
and China are all doing next generation stuff, heavily supported by
their governments. This is a big danger for Europe, and I would
hate to see it losing its lead. For example, GSM was a European
invention, and has been a huge success. The general shift of ICT
to Asia is not healthy for Europe".
th
e
in
fo
se
cu
ri
ty
t
od
ay
i
nt
er
vi
ew
40
Info
security To
day
Novem
ber/Decem
ber 2004
