354 Int.. Mobile Communications, ol. 2. No 4. 2004 Wireless in the enterprise: requirements, solutions and research directions Department of Computer Information Systems Georgia State University, Atlanta, GA 30302, USA Fax:4046513842 E-mail: uvarshney @ gsu edu Alisha Malloy Department of Management Information Systems University of Alabama, Tuscaloosa, AL 35487, USA E-mail: malloy @cba. ua.edu Punit Ahluwalia Department of Computer Information Systems Georgia State University, Atlanta, GA 30302, USA Radhika jain Department of Computer Information Systems Georgia State University, Atlanta, GA 30302, USA E-mail: rain@ cis. gsu.edu Abstract: In the last few years, wireless networking has seen considerable interest among service providers, users, vendors and content developers Significant advances have been made in devices, applications, middleware and networking infrastructure. With wireless becoming such a mainstream technology, there is a growing interest in increasing its usage in the enterprise environment. Before wireless solutions can be deployed widely, the requirements of the enterprise environment and capabilities and limitations of wireless technologies must be addressed. In this study, we analyse and discuss the enterprise requirements and how such requirements can be met by the current and emerging wireless infrastructure. In particular, the major requirements are dependability, security, coverage, ease-of-use, devices, network interoperability and cost. Some of these requirements are addressed in the paper, and we also present a dependable, secure and scalable solution for the emerging wireless enterprise. Since this is an emerging area, we present approaches to conduct research in wi Keywords: wireless technologies: security; dependability: enterprise opyright o 2004 Inderscience Enterprises Ltd
354 Int. J. Mobile Communications, Vol. 2, No. 4, 2004 Copyright © 2004 Inderscience Enterprises Ltd. Wireless in the enterprise: requirements, solutions and research directions Upkar Varshney* Department of Computer Information Systems, Georgia State University, Atlanta, GA 30302, USA Fax: 404 651 3842 E-mail: uvarshney@gsu.edu *Corresponding author Alisha Malloy Department of Management Information Systems, University of Alabama, Tuscaloosa, AL 35487, USA E-mail: amalloy@cba.ua.edu Punit Ahluwalia Department of Computer Information Systems, Georgia State University, Atlanta, GA 30302, USA E-mail: punit@gsu.edu Radhika Jain Department of Computer Information Systems, Georgia State University, Atlanta, GA 30302, USA E-mail: rjain@cis.gsu.edu Abstract: In the last few years, wireless networking has seen considerable interest among service providers, users, vendors and content developers. Significant advances have been made in devices, applications, middleware and networking infrastructure. With wireless becoming such a mainstream technology, there is a growing interest in increasing its usage in the enterprise environment. Before wireless solutions can be deployed widely, the requirements of the enterprise environment and capabilities and limitations of wireless technologies must be addressed. In this study, we analyse and discuss the enterprise requirements and how such requirements can be met by the current and emerging wireless infrastructure. In particular, the major requirements are dependability, security, coverage, ease-of-use, devices, network interoperability and cost. Some of these requirements are addressed in the paper, and we also present a dependable, secure and scalable solution for the emerging wireless enterprise. Since this is an emerging area, we present several possible approaches to conduct research in wireless enterprise. Keywords: wireless technologies; security; dependability; enterprise requirements; wireless solutions
/ireless in the enterprise 355 Reference to this paper should be made as follows: Varshney, U Malloy, A, Ahluwalia, P. and Jain, R.(2004)'Wireless in the enterprise requirements, solutions and research directions, Int. J. Mobile Communications, Vol. 2, No. 4, pp. 354-367 ai Georgia State University, Atlanta. He has authored over 70 papers on wireless networks, mobile commerce and other topics nternational conferences. Many of his papers are among the most widely cited ublications in m-commerce. He has delivered over 50 invited speeches ng several keynotes at conferences and workshops awarded the Myron T Greene CIS Outstanding Teaching Award in 2000 and the rCB College Outstanding Teaching Award in 2002. During 2000-2002, he was a guest editor for ACM/Kluwer Journal on Mobile Networks and Applications MONET)'s special issue on mobile commerce(with Ron Vetter). He is also or the editorial board of IEEE Computer and International Journal on Mobile Communications. He has also served on the programme committees of IEEE CNC, IEEE LCN, ACM Workshop on Mobile Commerce, HICSS and several other international conferences Alisha Malloy is an Assistant Professor of Management Information Systems at University of Alabama, Tuscaloosa. She received a PhD in Computer Information Systems from Georgia State University in 2002 after receiving a BS from the Us Naval Academy and an MS from Old Dominion University She is very interested in wireless communications, wireless enterprise, mobile commerce, network dependability and modelling and simulation of networks Dr Malloy has published papers in ACM/Kluwer Journal on Mobile Networks and Applications(MONET), Computers, the Encyclopedia of Information ystems and several others. She was the KPMG Doctoral Fellow from 1998 to 2002. Dr Malloy is a member of the Association of Computing Machinery, the Association for Information Systems, and the Institute of Electrical and Electronics engineers. Punit Ahluwalia is a Doctoral Student at the Cis department of Georgia State University since 2002. He received an Ms in Cis from Georgia State University in 2002. He is very interested in quality of service in wireless networks, mobile commerce, wireless enterprise and modelling and simulation of networks. He has published papers in many journals and conferences including IJMC, Workshop on Wireless Enterprise and IEEE Vehicular Technology Conference. Radhika Jain is a Doctoral the Cis department of Georgia State University since Spring 2001 eived an Ms in Computer Engineering software engineering, telecommunications and wireless networkserssted in any journals and conf including IEEE Computer, AMCIS and IEEE Vehicular Technology Conference 1 Introduction In the last several years, wireless networking has seen considerable interest among service providers, users, vendors and content developers. Significant advances have been made in devices, applications, middleware and networking infrastructure. Recently, the
Wireless in the enterprise 355 Reference to this paper should be made as follows: Varshney, U., Malloy, A., Ahluwalia, P. and Jain, R. (2004) ‘Wireless in the enterprise: requirements, solutions and research directions’, Int. J. Mobile Communications, Vol. 2, No. 4, pp.354–367. Biographical notes: Upkar Varshney is an Associate Professor of CIS at Georgia State University, Atlanta. He has authored over 70 papers on wireless networks, mobile commerce and other topics in major journals and international conferences. Many of his papers are among the most widely cited publications in m-commerce. He has delivered over 50 invited speeches, including several keynotes at conferences and workshops. Upkar was awarded the Myron T. Greene CIS Outstanding Teaching Award in 2000 and the RCB College Outstanding Teaching Award in 2002. During 2000–2002, he was a guest editor for ACM/Kluwer Journal on Mobile Networks and Applications (MONET)’s special issue on mobile commerce (with Ron Vetter). He is also on the editorial board of IEEE Computer and International Journal on Mobile Communications. He has also served on the programme committees of IEEE WCNC, IEEE LCN, ACM Workshop on Mobile Commerce, HICSS and several other international conferences. Alisha Malloy is an Assistant Professor of Management Information Systems at University of Alabama, Tuscaloosa. She received a PhD in Computer Information Systems from Georgia State University in 2002 after receiving a BS from the US Naval Academy and an MS from Old Dominion University. She is very interested in wireless communications, wireless enterprise, mobile commerce, network dependability and modelling and simulation of networks. Dr Malloy has published papers in ACM/Kluwer Journal on Mobile Networks and Applications (MONET), Computers, the Encyclopedia of Information Systems and several others. She was the KPMG Doctoral Fellow from 1998 to 2002. Dr Malloy is a member of the Association of Computing Machinery, the Association for Information Systems, and the Institute of Electrical and Electronics Engineers. Punit Ahluwalia is a Doctoral Student at the CIS department of Georgia State University since 2002. He received an MS in CIS from Georgia State University in 2002. He is very interested in quality of service in wireless networks, mobile commerce, wireless enterprise and modelling and simulation of networks. He has published papers in many journals and conferences including IJMC, Workshop on Wireless Enterprise and IEEE Vehicular Technology Conference. Radhika Jain is a Doctoral Student at the CIS department of Georgia State University since Spring 2001. She received an MS in Computer Engineering from Stevens Institute of Technology in 2000. She is very interested in software engineering, telecommunications and wireless networks. She has published papers in many journals and conferences including IEEE Computer, AMCIS and IEEE Vehicular Technology Conference. 1 Introduction In the last several years, wireless networking has seen considerable interest among service providers, users, vendors and content developers. Significant advances have been made in devices, applications, middleware and networking infrastructure. Recently, the
356 U Varshney et al number of hand-held mobile devices reached one billion worldwide, thus exceeding the total of all telephones, computers and set-top boxes. With such wide-scale adoption of wireless devices there are still several issues and limitations in wireless networks These include the amount of bandwidth available, noise and interference, frequency allocation, security, routing(how to maintain communication with mobility and location management(keeping track of the location). These issues are briefly listed in Figure 1 and have been discussed in detail in [1]. Location management issues in wireless networks and in m-commerce are presented in significant detail in [2, 3]. These issues ar likely to affect the design, development, deployment and adoption of wireless solutions 1 Issues in mobile and wireless Location Tracking E Bandwidth M obile and w ireless Networking issues OoS Management Netw ork Con figuration Failure or M alfunctionin MAC: Medium Access Protocol QoS: Quality of Service With wireless becoming a mainstream technology, there is a growing interest in increasing its usage in the enterprise. Support for mobility at user, device and applications levels is a major attraction for many enterprises. It has been known that freeing up users from location restrictions could also lead to a significant productivity gain In todays marketplace, where more and more organisations are decentralised and workers are increasingly more mobile, the ability of an organisation to equip its workforce with access to vital information, anytime and anyplace, is becoming a strategic asset. The concept of anytime,anywhere access to crucial business information is attracting attention among businesses and their increasingly mobile workforce. Therefore, an organisation that is capable of harnessing the power of mobile technologies to automate its business and streamline business processes via mobile applications may reap the benefits of improved productivity, lowered operational cost and increased customer satisfaction. Wireless applications enhance mobile workers' productivity through improved decision making capabilities, less paperwork and reduced cycle times for transactions and billing. The current drivers of mobile applications include sales executives, field technicians, maintenance workers, delivery staff and workers in the areas of healthcare, retail and manufacturing. The competitive advantages that are possible with wireless mobile technology will also require organisations to establish
356 U. Varshney et al. number of hand-held mobile devices reached one billion worldwide, thus exceeding the total of all telephones, computers and set-top boxes. With such wide-scale adoption of wireless devices, there are still several issues and limitations in wireless networks. These include the amount of bandwidth available, noise and interference, frequency allocation, security, routing (how to maintain communication with mobility) and location management (keeping track of the location). These issues are briefly listed in Figure 1 and have been discussed in detail in [1]. Location management issues in wireless networks and in m-commerce are presented in significant detail in [2,3]. These issues are likely to affect the design, development, deployment and adoption of wireless solutions. Figure 1 Issues in mobile and wireless systems With wireless becoming a mainstream technology, there is a growing interest in increasing its usage in the enterprise. Support for mobility at user, device and applications levels is a major attraction for many enterprises. It has been known that freeing up users from location restrictions could also lead to a significant productivity gain. In today’s marketplace, where more and more organisations are decentralised and workers are increasingly more mobile, the ability of an organisation to equip its workforce with access to vital information, anytime and anyplace, is becoming a strategic asset. The concept of ‘anytime’, ‘anywhere’ access to crucial business information is attracting attention among businesses and their increasingly mobile workforce. Therefore, an organisation that is capable of harnessing the power of mobile technologies to automate its business and streamline business processes via mobile applications may reap the benefits of improved productivity, lowered operational cost and increased customer satisfaction. Wireless applications enhance mobile workers’ productivity through improved decision making capabilities, less paperwork and reduced cycle times for transactions and billing. The current drivers of mobile applications include sales executives, field technicians, maintenance workers, delivery staff and workers in the areas of healthcare, retail and manufacturing. The competitive advantages that are possible with wireless mobile technology will also require organisations to establish
/ireless in the enterprise 357 wireless strategies. One major issue with wireless enterprise is that there has been very this area [1, 4, 5]. Although there are several possible configurations for wireless enterprise, we assume the configuration as shown in Figure 2. It can be observed that different issues are important in the two environments. But when these two environments intersect, the most be noted that due to specific requirements of the enterprise environment, not all the wireless technologies could be deployed. In any case, we believe that a secure, dependable and scalable wireless access is the most crucial requirement presented by the wireless enterprise. Figure 2 Wireless enterprise environment Protocols Devices echnologies W ireless e n m en Standards frastructure Provide wireless enterprise environ m en W ireless access Enterprise enviro n m e n t Data A pplications Business processes In this study, we discuss the requirements of businesses and how such requirements can be met by the current and emerging wireless infrastructure. Many important requirements are dependability, security, coverage, ease-of-use, devices, network interoperability and cost.We address these issues in the next section and later present a dependable and secure wireless solution. We also present several approaches for conducting research in wireless enterprise 2 Issues related to wireless in the enterprise Although certain industries, including shipping, computing and transportation, have been on the forefront of using wireless technologies for business processing, the same is not true about most other industries. To allow widespread deployment of wireless solutions, research is necessary in identifying the enterprise requirements and how such
Wireless in the enterprise 357 wireless strategies. One major issue with wireless enterprise is that there has been very limited research in this area [1,4,5]. Although there are several possible configurations for wireless enterprise, we assume the configuration as shown in Figure 2. It can be observed that different issues are important in the two environments. But when these two environments intersect, the most important issue in the resulting environment appears to be wireless access. It should also be noted that due to specific requirements of the enterprise environment, not all the wireless technologies could be deployed. In any case, we believe that a secure, dependable and scalable wireless access is the most crucial requirement presented by the wireless enterprise. Figure 2 Wireless enterprise environment In this study, we discuss the requirements of businesses and how such requirements can be met by the current and emerging wireless infrastructure. Many important requirements are dependability, security, coverage, ease-of-use, devices, network interoperability and cost. We address these issues in the next section and later present a dependable and secure wireless solution. We also present several approaches for conducting research in wireless enterprise. 2 Issues related to wireless in the enterprise Although certain industries, including shipping, computing and transportation, have been on the forefront of using wireless technologies for business processing, the same is not true about most other industries. To allow widespread deployment of wireless solutions, research is necessary in identifying the enterprise requirements and how such
358 U Varshney ef al requirements may be supported by one or more wireless technologies. We have identified several requirements, such as wireless access and coverage, security, ease-of-use, devices, dependability, network interoperability and cost. The coverage issues are important as many businesses have been accessing wireline networks with substantial and issue as businesses are unlikely to pi mission-critical data on networks that are not secure or are 'perceived to be insecure. It should be noted that security issues are quite complex in wireless networks, and due to a variety of reasons, strong security has not been implemented yet in all wireless infrastructure. Depending on the type of data and the cost of possible lost, modified and stolen data, a security strategy must be devised and implemented. Another important issue is the lack of interoperability among wireless networks. For each type of wireless network, there are multiple standards, and even if a single standard could be used, nteroperability is not guaranteed as the products and services from different vendors may not work well together. From a user point of view, fewer and better standards allowing access to multiple wireless networks would be much more helpfuL. Another important issue is the overall cost of wireless migration. This should include cost of equipment services, training and other cost related to the transition to or deployment of wireless infrastructure. The important issues related to the introduction of wireless technologies in the enterprise can be divided into multiple sub-categories of applications, wireless infrastructure, business requirements and strategies 2.1 Applications These issues include determining business applications needing mobility support and also the effect of user and data mobility on business applications. Also, some work is necessary in determining the role and suitability of mobile applications in the enterprise environment. With increasing infrastructure for location-based services, the enterprise should be able to utilise location information for business and consumer applications The architecture for mobile applications should be robust and flexible in providing user-friendly mobile solutions that are secure, reliable, scalable and manageable across a wide range of standards and devices 2.2 Wireless infrastructure The issues here are the specific infrastructure requirements and the role of local wireless networks such as wireless LANS, 3G and beyond wireless networks and location-aware infrastructure. One factor that has been an obstacle in widespread deployment of wireless technologies is the existence of multiple un-interoperable' standards and products For example, there are multiple cellular and PCS standards in the USA alone. In local area networks there are two standards and several variations that differ in coverage access and throughput. Therefore organisations will need to implement solutions that work seamlessly across multiple access protocols, devices, bandwidth capabilities, network dependability and quality of service attributes. Also, the problems in wireless networks such as network coverage, non-uniform coverage/spotty coverage, data transmission speeds, security concerns, cost factors and limited authentication capabilities must also be addressed. It should be noted that substantial differences exist among wireless networks. as shown in figure 3, two most desirable attributes, access quality and mobility support, are highly variable across different wireless networks
358 U. Varshney et al. requirements may be supported by one or more wireless technologies. We have identified several requirements, such as wireless access and coverage, security, ease-of-use, devices, dependability, network interoperability and cost. The coverage issues are important as many businesses have been accessing wireline networks with substantial and dependable coverage. Security is a major issue as businesses are unlikely to put mission-critical data on networks that are not secure or are ‘perceived’ to be insecure. It should be noted that security issues are quite complex in wireless networks, and due to a variety of reasons, strong security has not been implemented yet in all wireless infrastructure. Depending on the type of data and the cost of possible lost, modified and stolen data, a security strategy must be devised and implemented. Another important issue is the lack of interoperability among wireless networks. For each type of wireless network, there are multiple standards, and even if a single standard could be used, interoperability is not guaranteed as the products and services from different vendors may not work well together. From a user point of view, fewer and better standards allowing access to multiple wireless networks would be much more helpful. Another important issue is the overall cost of wireless migration. This should include cost of equipment, services, training and other cost related to the transition to or deployment of wireless infrastructure. The important issues related to the introduction of wireless technologies in the enterprise can be divided into multiple sub-categories of applications, wireless infrastructure, business requirements and strategies. 2.1 Applications These issues include determining business applications needing mobility support and also the effect of user and data mobility on business applications. Also, some work is necessary in determining the role and suitability of mobile applications in the enterprise environment. With increasing infrastructure for location-based services, the enterprise should be able to utilise location information for business and consumer applications. The architecture for mobile applications should be robust and flexible in providing user-friendly mobile solutions that are secure, reliable, scalable and manageable across a wide range of standards and devices. 2.2 Wireless infrastructure The issues here are the specific infrastructure requirements and the role of local wireless networks such as wireless LANs, ‘3G and beyond’ wireless networks and location-aware infrastructure. One factor that has been an obstacle in widespread deployment of wireless technologies is the existence of multiple ‘un-interoperable’ standards and products. For example, there are multiple cellular and PCS standards in the USA alone. In local area networks, there are two standards and several variations that differ in coverage, access and throughput. Therefore organisations will need to implement solutions that work seamlessly across multiple access protocols, devices, bandwidth capabilities, network dependability and quality of service attributes. Also, the problems in wireless networks such as network coverage, non-uniform coverage/spotty coverage, data transmission speeds, security concerns, cost factors and limited authentication capabilities must also be addressed. It should be noted that substantial differences exist among wireless networks. As shown in Figure 3, two most desirable attributes, access quality and mobility support, are highly variable across different wireless networks
/ireless in the enterprise Figure 3 Level of mobility and access quality in wireless networks Level of mobility Cellular/PCS G Networks Wireless LANs Broadband wireless LANs ccess Quali Personal Area Networks Fixed Wireless Networks 7 curity We believe that security remains one of the biggest challenges in wireless enterprise Many incidents(such as 250,000 devices left in airports, most of which carried sensitive corporate data without even password protection), perceived and real wireless infrastructure attacks and the lack of strong security in wireless technologies could adversely affect the wireless enterprise. The wireless infrastructure must provide centralised control over critical security function that includes user authentication, data encryption, anti-virus administration, software version control, data synching, automatic backups and emergency data lock-downs Security levels vary significantly among wireless networks. As shown in Figure 4 some wireless networks with an increased support for security have lower bandwidth We believe that the emerging broadband wireless networks will excel in both in increasing bandwidth and higher security Figure 4 Security and bandwidth in wireless networks Broadband wireless LANs Wireless LANs 3G Networks Security Cellular/PCS Sy ems
Wireless in the enterprise 359 Figure 3 Level of mobility and access quality in wireless networks 2.3 Security We believe that security remains one of the biggest challenges in wireless enterprise. Many incidents (such as 250,000 devices left in airports, most of which carried sensitive corporate data without even password protection), perceived and real wireless infrastructure attacks and the lack of strong security in wireless technologies could adversely affect the wireless enterprise. The wireless infrastructure must provide centralised control over critical security function that includes user authentication, data encryption, anti-virus administration, software version control, data synching, automatic backups and emergency data lock-downs. Security levels vary significantly among wireless networks. As shown in Figure 4, some wireless networks with an increased support for security have lower bandwidth. We believe that the emerging broadband wireless networks will excel in both in increasing bandwidth and higher security. Figure 4 Security and bandwidth in wireless networks
360 U Varshney et al 2. 4 Devices As there are over one billion hand-held devices in the world now, a significant diversity does exist as far as capabilities, functionalities and wireless access are concerned. Some devices have been more communications-centric(cell phone, etc. ) while others are computing-centric(PDA etc. ) It can be observed that more and more of these differences are disappearing with the emergence of smart phones and multi-mode devices; however, the wireless market still contains a variety of mobile devices. The diversity of devices increases the level of difficulty in deploying applications that allow communications among multiple devices. Such obstacles could be overcome by employing user profiles that perform intelligent routing that determine the device configuration and communicate accordingly. Characteristics such as viewing area, browser capabilities, input methods, storage capabilities, text and graphic support and processor speed must also be addressed We believe that the overall, usability of mobile devices should also be addressed in terms of form factor, intuitive user interfaces, location functions and ability to access multiple wireless networks. 2.5 Wireless strategy One of the crucial functions is to support the distribution of business critical information over wireless infrastructure. The three major obstacles as perceived by many businesses are coverage, reliability and security issues. Each one of these must be a part of the overall wireless strategy. The businesses must develop and implement an overall wireless business plan that not only identifies where the greatest return on investment will come from but also what will be the impact of integrating a wireless solution into their current business processes. Important questions that must be answered prior to implementing a wireless plan include the following what is the current state of wireless technologies. devices and standards? how should the wireless strategy be aligned to meet the corporate goals? what are the benefits and obstacles in implementing a wireless strategy how will the wireless devices be integrated with the existing systems (i.e. nteropera ability, connectivity, analysis of platform requirements and standards )? how will privacy and security of data and information be achieved and enforced Before the organisations decide to do the implementation of wireless technology, they need to address a set of questions to narrow down their focus to a particular set of technology and devices to best address their problems. These questions include but are not limited to Why does an organisation need a wireless application? How will the wireless system development be done? How will the requirements for the system be collected? What role do the users/mobile clients of the system play in the system development Does the organisation have the necessary resources to implement the system?
360 U. Varshney et al. 2.4 Devices As there are over one billion hand-held devices in the world now, a significant diversity does exist as far as capabilities, functionalities and wireless access are concerned. Some devices have been more communications-centric (cell phone, etc.), while others are computing-centric (PDA etc.). It can be observed that more and more of these differences are disappearing with the emergence of smart phones and multi-mode devices; however, the wireless market still contains a variety of mobile devices. The diversity of devices increases the level of difficulty in deploying applications that allow communications among multiple devices. Such obstacles could be overcome by employing user profiles that perform intelligent routing that determine the device configuration and communicate accordingly. Characteristics such as viewing area, browser capabilities, input methods, storage capabilities, text and graphic support and processor speed must also be addressed. We believe that the ‘overall’ usability of mobile devices should also be addressed in terms of form factor, intuitive user interfaces, location functions and ability to access multiple wireless networks. 2.5 Wireless strategy One of the crucial functions is to support the distribution of business critical information over wireless infrastructure. The three major obstacles as perceived by many businesses are coverage, reliability and security issues. Each one of these must be a part of the overall wireless strategy. The businesses must develop and implement an overall wireless business plan that not only identifies where the greatest return on investment will come from but also what will be the impact of integrating a wireless solution into their current business processes. Important questions that must be answered prior to implementing a wireless plan include the following: • what is the current state of wireless technologies, devices and standards? • how should the wireless strategy be aligned to meet the corporate goals? • what are the benefits and obstacles in implementing a wireless strategy? • how will the wireless devices be integrated with the existing systems (i.e. interoperability, connectivity, analysis of platform requirements and standards)? • how will privacy and security of data and information be achieved and enforced? Before the organisations decide to do the implementation of wireless technology, they need to address a set of questions to narrow down their focus to a particular set of technology and devices to best address their problems. These questions include but are not limited to • Why does an organisation need a wireless application? • How will the wireless system development be done? • How will the requirements for the system be collected? What role do the users/mobile clients of the system play in the system development? • Does the organisation have the necessary resources to implement the system?
/ireless in the enterprise 361 How will the deployment of a wireless system result in efficient and effective How will deployment of wireless infrastructure translate into cost-savings(ROD)for What level of security will the applications running on these wireless systems need? How will the system's integrity be compromised if there is a security breach or if these mobile devices are stolen/lost? In what environment (indoor/outdoor) will the mobile clients be working and when will these systems be used Are the users already familiar with wireless technology? If not, then firms need to train their users with not only how to use but also why they should be using these systems. It has been shown that when users have no incentive to use a system, many great technological implementations of the systems can fail Will data sent be stored/updated in some database in real-time that is further used by other parties for inventorying, accounting and billing purposes, such as in health nsurance industries, or is it just used for messaging/dispatching purposes? How frequently will users need to transmit or access the information? Do the mobile clients need to havealways on internet access? will the users benefit from having always oninternet access? Lastly, how frequently will the users need to charge-up their devices? Although it may seem a minor point, it significantly affects the usage of such devices 3 A secure and dependable wireless solution Although many industries and companies have invested money and efforts towards supporting wireless deployment in their site, there have been many obstacles. These are lack of security, lack of wireless infrastructure dependability and unpredictable levels of coverage and access. The coverage issues are important as businesses have been using wireline networks with substantial coverage and dependability. Security is always an issue as businesses are unlikely to put mission-critical data on networks that are not secure or are 'perceived to be insecure. 3.1 Security issues There are many security issues in the enterprise environment, including confidentiality. authentication, integrity, authorisation, non-repudiation and accessibility. Other issues would include convenience, speed, ease-of-use and standardisation. In addition to security and privacy risks, new vulnerabilities arise due to the use of wireless devices. The use of wireless infrastructure may involve multiple wireless networks with different levels of security. These could lead to possible change/deletion of information and denial of service. In such an environment, tracing of hackers is a very difficult job as devices
Wireless in the enterprise 361 • How will the deployment of a wireless system result in efficient and effective operations performed by its mobile clients? • How will deployment of wireless infrastructure translate into cost-savings (ROI) for the organisation? • What level of security will the applications running on these wireless systems need? How will the system’s integrity be compromised if there is a security breach or if these mobile devices are stolen/lost? • In what environment (indoor/outdoor) will the mobile clients be working and when will these systems be used? • Are the users already familiar with wireless technology? If not, then firms need to train their users with not only how to use but also why they should be using these systems. It has been shown that when users have no incentive to use a system, many great technological implementations of the systems can fail. • Will data sent be stored/updated in some database in real-time that is further used by other parties for inventorying, accounting and billing purposes, such as in health insurance industries, or is it just used for messaging/dispatching purposes? • How frequently will users need to transmit or access the information? Do the mobile clients need to have ‘always on’ internet access? Will the users benefit from having ‘always on’ internet access? • Lastly, how frequently will the users need to charge-up their devices? Although it may seem a minor point, it significantly affects the usage of such devices. 3 A secure and dependable wireless solution Although many industries and companies have invested money and efforts towards supporting wireless deployment in their site, there have been many obstacles. These are lack of security, lack of wireless infrastructure dependability and unpredictable levels of coverage and access. The coverage issues are important as businesses have been using wireline networks with substantial coverage and dependability. Security is always an issue as businesses are unlikely to put mission-critical data on networks that are not secure or are ‘perceived’ to be insecure. 3.1 Security issues There are many security issues in the enterprise environment, including confidentiality, authentication, integrity, authorisation, non-repudiation and accessibility. Other issues would include convenience, speed, ease-of-use and standardisation. In addition to security and privacy risks, new vulnerabilities arise due to the use of wireless devices. The use of wireless infrastructure may involve multiple wireless networks with different levels of security. These could lead to possible change/deletion of information and denial of service. In such an environment, tracing of hackers is a very difficult job as devices
362 U Varshney et al move in and out of multiple wireless networks, and many US wireless networks do not authenticate a particular user to a particular device [6]. In addition to these, many more ecurity issues arise due to poor implementation, feature interactions, unplanned growth and new flaws that are created due to prior attacks(Figure 5) Figure 5 Security issues in the wireless enterprise environment by previous attacks Inability to authenticate Interoperable and nd secure wireless ted channels Wireless network infrastructure Unplanned for Enterprise growth problems etwork or attacks problems Poor management Feature and control ating unintended nteraction problem flaws) and upgrades Several US-based financial companies and associated vendors in the financial services technology corporation(FSTC) are working on implementing the end-to-end transaction support for financial applications involving mobile devices, wireless networks and financial institutions [7]. One of the major hurdles is end-to-end encryption, which is not widely available but could become possible with widespread deployment and use of wireless application protocol (WAP)2.0. There is some support for security in mobile middleware. For example, WAP provides security using a wireless transport security layer (WTLS), but it does not result in end-to-end security (only between device and WAP gateway). The translation between secure socket layer(SSL) and WTSL occurs at the WAP gateway, which is vulnerable to denial of service(Dos)attacks as malicious WML script may run on a device, making other existing security techniques( signing, authentication and encryption)less effective, as shown in [6]. WAP 1.0 requires a proxy/WAP gateway: however, WAP 2.0, released recently, does not. It uses WML2 based on XHTML, and thus does not require a proxy or gateway. However, for push operation, improved services and optimised communications, WAP proxy is still necessary. It also supports a variety of user interfaces and standard internet protocols such as Tcp/ip and Http. It is possible to add some security feature for financial services as GSM supports both user(PIN) and device authentication (SSL). Finnish wireless provider Sonera is offering PKI on a SIM card. Another possibility is wireless PKI, a system to manage keys and certificates, and requires the user to enter two PINS (authentication and digital signature). The WPKI is used in WTLS to support two-way authentication(anonymous, class 1: server, class 2; user, class 3)
362 U. Varshney et al. move in and out of multiple wireless networks, and many US wireless networks do not authenticate a particular user to a particular device [6]. In addition to these, many more security issues arise due to poor implementation, feature interactions, unplanned growth and new flaws that are created due to prior attacks (Figure 5). Figure 5 Security issues in the wireless enterprise environment Several US-based financial companies and associated vendors in the financial services technology corporation (FSTC) are working on implementing the end-to-end transaction support for financial applications involving mobile devices, wireless networks and financial institutions [7]. One of the major hurdles is end-to-end encryption, which is not widely available but could become possible with widespread deployment and use of wireless application protocol (WAP) 2.0. There is some support for security in mobile middleware. For example, WAP provides security using a wireless transport security layer (WTLS), but it does not result in end-to-end security (only between device and WAP gateway). The translation between secure socket layer (SSL) and WTSL occurs at the WAP gateway, which is vulnerable to denial of service (DoS) attacks as malicious WML script may run on a device, making other existing security techniques (signing, authentication and encryption) less effective, as shown in [6]. WAP 1.0 requires a proxy/WAP gateway; however, WAP 2.0, released recently, does not. It uses WML2, based on XHTML, and thus does not require a proxy or gateway. However, for push operation, improved services and optimised communications, WAP proxy is still necessary. It also supports a variety of user interfaces and standard internet protocols such as TCP/IP and HTTP. It is possible to add some security feature for financial services as GSM supports both user (PIN) and device authentication (SSL). Finnish wireless provider Sonera is offering PKI on a SIM card. Another possibility is wireless PKI, a system to manage keys and certificates, and requires the user to enter two PINs (authentication and digital signature). The WPKI is used in WTLS to support two-way authentication (anonymous, class 1; server, class 2; user, class 3)
/ireless in the enterprise 363 3.2 Achieving security by enhancing dependability of wireless infrastructure Before deploying wireless in the enterprise environment on a large scale, one important ssue is the (lack of) dependability of wireless infrastructure. We believe that secure and dependable wireless solutions must be designed and implemented before mission-critical data can be put on wireless infrastructure. The dependability problems arise due to component failures or is caused by attacks. Both these require very careful attention as far as the enterprise environment is concerned. We also believe that techniques used for wireless dependability could also lead to increased security. As shown in Figure 6, increased dependability is achieved by fault-tolerance or added redundancy in the wireless infrastructure. This fault-tolerance allows business transactions to be executed even when there are one or more failures in the infrastructure. This redundancy would also allow overcoming or at least alleviating dos attacks If an attack occurs at device, access, network or server levels, the redundancy would allow switching to another network, server or device interface as shown in Figure 6. The proposed solution is also scalable in terms of number of users and transactions and the network size Figure 6 A dependable, secure and scalable solution for wireless enterprise DoS attacks or security Network provider 1 Device-level redundancy ider 2 WLAN: Wireless Local Area Networks PAN: Personal Area Networks 4 Possible approaches for research in wireless enterprise Traditional wireless research has been conducted by building simulation and analytical models, designing and implementing limited-coverage wireless networks and by accessing and analysing large public and private wireless networks. Many of these
Wireless in the enterprise 363 3.2 Achieving security by enhancing dependability of wireless infrastructure Before deploying wireless in the enterprise environment on a large scale, one important issue is the (lack of) dependability of wireless infrastructure. We believe that secure and dependable wireless solutions must be designed and implemented before mission-critical data can be put on wireless infrastructure. The dependability problems arise due to component failures or is caused by attacks. Both these require very careful attention as far as the enterprise environment is concerned. We also believe that techniques used for wireless dependability could also lead to increased security. As shown in Figure 6, increased dependability is achieved by fault-tolerance or ‘added’ redundancy in the wireless infrastructure. This fault-tolerance allows business transactions to be executed even when there are one or more failures in the infrastructure. This redundancy would also allow overcoming or at least alleviating DoS attacks. If an attack occurs at device, access, network or server levels, the redundancy would allow switching to another network, server or device interface as shown in Figure 6. The proposed solution is also scalable in terms of number of users and transactions and the network size. Figure 6 A dependable, secure and scalable solution for wireless enterprise 4 Possible approaches for research in wireless enterprise Traditional wireless research has been conducted by building simulation and analytical models, designing and implementing limited-coverage wireless networks and by accessing and analysing large public and private wireless networks. Many of these