May/June 2006 issue
Telecoms – convergence challenge?
Ian Grant
Churchill said, "Give us the tools and we will finish the
job." We have the infosecurity tools, but the job of managing
infosecurity in an age of converged digital networks is only just
beginning.
Earlier this year German scientists working with Fujitsu transmitted
a data signal at 2.56 terabits per second, the equivalent of 60
DVDs/s, over a 160km link. This doubled the previous five year old
record and is 50 times quicker than the fastest commercial high
speed links, now around 40 Gbits/s.A little later, following his
reverse take over of cable TV company NTL, Virgin boss Sir Richard
Branson outlined his plans for a new communication s service. This
will introduce a single bill for access to and use of telephone
service, mobile telephony, broadband connection to the internet,
and television. In true Branson style, he suggested the Virgin service
be called 4Play.
These moves are the more visible foundations of an unparalleled
integration of content over a single communications connection.
Less obviously, scientists are starting to unleash a new breed of
objects, typically tiny sensors, that detect changes in ambient
conditions and communicate them (wirelessly) to a controller for
analysis and response. The net result is that, to coin a phrase,
Big Brother may be watching you, but only so that he knows when
to deliver what you want. And what that is, is a $64 billion question.
Researchers at Finland's VTT Technical Research Centre explored
the infosecurity aspects specifically of digital television. They
say,: “From the information security management point of view,
the interconnection of the different systems, and understanding
the whole environment are very challenging, and have not yet been
solved.”
However, Robert Temple, Chief Security Architect at BT argues that
there are “no insurmountable technical or engineering security
issues in the way”. He points to the scores of very active
standards-making bodies that are striving to build the technical
foundations for a trustworthy environment. “We've got all
the technical standards we need,” he says; it's who is going
to take the commercial plunge.
Temple reckons the market will ‘federate’. In addition
to traditional network operators, content providers from movie studios
and record companies to publishers and search engine firms are starting
to jostle for position with search engine and network operators.
Transaction-based firms such as banks, credit card companies and
retailers could enter the fray. It is not inconceivable to see AT&T
tie up with Google, Time Warner and Visa, or BT with Yahoo, Newscorp/BSkyB
and Mastercard. Such alliances could make commercial sense. And
there is little to stop them except corporate egos, antitrust lawyers
in Washington and Brussels, and consumer distrust.
State of play
The International Telecommunications Union estimates that the world
spent $1,248 billion on telecommunications services in 2004. That
was up 11% on the year before. According to the latest market assessment
from the European Commission, last year the total EU market for
computers and networking grew about 4% to E614 billion, of which
44% (E273 billion) was for 'e-communications'. Adding content and
service revenue streams would raise these figures dramatically.
The key market driver is the rate at which companies and end users
take up broadband connections. The EC says there were nearly 53
million broadband lines in Europe last year, a rise of 20 million
over the year before. Market penetration now averages 11.5% compared
to 7.3% in 2004. Network operators' capital investment, estimated
at E45 billion and rising, ensures that penetration rates will speed
up.
For network operators, the key metric is average revenue per user
(ARPU). Traditional fixed line voice telephony is still the main
source, worth some E85.8 billion in 2005. But it is dropping at
an average of 1.6% a year. This is due partly to incursions by mobile
telephony operators; voice over the internet protocol (VoIP) will
accelerate the decline. Skype already claims its proprietary PC-based
peer to peer VoIP service has over 100m users. European mobile market
penetration rates average 93%, but some countries are now over 100%.
ARPUs for both fixed line and mobile network operators have stalled.
In the UK, the telecommunications regulator Ofcom, has just licensed
11 firms to provide mobile (GSM) 'picocells'. From next year the
cost of making a mobile call from a picocell equipped office will
drop dramatically. Moreover, the European Commission wants operators
to slash the cost of cross-border mobile calls, currently about
10 times the cost of national mobile calls.
Existing network operators are therefore anxious to find new revenue
sources. For most, this means adding services and down loadable
products to their offering. By and large this requires changing
the basic networking technology from circuit switched, the technology
of the telephone, to packet switched, the technology of the internet.
It also means forming alliances or competing with providers of network
enabled services and/or own copyrighted content. Until now, these
were merely customers.
Most operators are already responding. BT will trial its IP based
21st century network in Wales this year, with commercial switchovers
from next year. Last February mobile operators Vodafone, T Mobile,
Orange and others said they will introduce HSDPA (High Speed Down
link Packet Access) this year or next. This will allow them to pump
data to cellphones at between 1.8 and 14 megabits/s. Soon to follow
are equivalent transmission speeds in the reverse direction.
These speeds make possible smooth, high resolution, realtime TV
to and from your cellphone, or laptop, or P.A. Interactive digital
TV is currently the perceived Holy Grail, partly because of the
advertising money that goes into TV and the potential to add transactions
to ads, but also because their present pricing model charges for
bits delivered, and digital TV is bit-intensive. However, Baby Boomers'
kids are less addicted to TV than their parents. They may spend
more hours with the TV on, but often they are using their cellphones,
IPOs or PCS concurrently. As a result, adspend for TV is falling
while adspend on other digital formats is rising fast.
Intelligent environment
Just creeping over the horizon are networks of 'picocomputers' which,
when networked together, will create an 'intelligent ambient environment'.
The first concrete manifestation of this is the proposed replacement
of the barcoded label, the RFID tag. The tag uses low power radio
in either active or passive mode to transmit information about itself
or its environment to nearby receivers.
Some believe these units will become ubiquitous. The most obvious
applications involve identity authentication, monitoring ambient
conditions, and transactions, often in combination.
The biggest problem is that all these units, and mobile terminals,
use the electromagnetic spectrum. Spectrum is a finite resource,
subject to heavy regulation and penalties. Most of it is already
earmarked for applications such as TV broadcast, emergency transmissions
and the like, leaving little space for new applications.
The useable spectrum is finite, so researchers are exploring other
opportunities. The US regulator, the Federal Communications Commission
(FCC) found that some 70% of all allocated spectrum may be unused
at any one time. This has prompted researchers to consider 'cognitive
radio'. The idea is to make transmitters that listen to the traffic,
figure out which frequencies are quiet, and then switch to them.
The snag is that frequency changes must be synchronized if the receiver
is to keep the signal. The military has had frequency hopping radio
since the 1970s for secure, unnameable battlefield communications,
but so far it has not caught on for commercial applications.
New network; same
worries
Chief security officers who plan to use BT's new IP-based
network, the so-called 21st Century Network, need to work
on their policies now
because things are going to get complicated.
BT aims to test the new all-digital network in Wales in
November this year. If all goes well, it will start cutting
over customers, 50,000 at a time, in 2007. The aim is to migrate
everyone within two or three years.
Technically, the new network won't care what content it carries,
as long as it is digital. For CSOs it means that all the hazards
of the internet might now affect other forms of communication,
such as telephone calls and transaction data.
BT's chief security architect, Robert Temple, says the present
internet and other services such as fax and data run on networks
overlaid on the existing circuit-switched network. This is
optimised for telephone calls.
The new network means that each service will run in its own
'logical domain', says Temple. “Each will have its own
security in its own domain.”
Temple warns that end-to-end security is a matter of 'partnership'
with the customer. “There is no substitute for good
hygiene at the customer level,” he says.
“We may do more as the network matures, but customers
will be wise to use firewalls, end-point authentication, the
latest patches and operating system updates, and the like.”
This suggests that, in the short term, BT and other IP network
operators are more concerned to stop people from accessing
services to which they have not subscribed. But bundled offerings
such as NTL-Virgin's 4Play are likely to become standard very
quickly.
“BT faces a competitive market,” says Temple.
“The commercial model must make sense. At present there's
no logic in doing a lot of anti-virus etc. in the network.”
But with carriers like BT hungry for new sources of revenue,
watch this space. |
Who owns the customer?
However, BT's Temple notes the real question is who owns the customer?
Terminal devices are increasingly customized to accommodate the
user's personal needs and desires. Product choice is presently how
users gain the desired personalization. But cost and logic suggest
that in future personalization is more likely to be a function of
the SIM card.
Until now, cellphone makers have worked with mobile network operators
to roll out new features. However, the switch to IP based traffic
is likely to weaken those links. In some countries users can already
make financial transactions using their cellphones, with the cost
of the item debited to their cellphone account. As a result, some
banks are issuing bank branded cellphones.
It is a small step technically to use the information on the SIM
card to authenticate the user to the network, to the vendor, and
to the bank. This makes the SIM in effect an ID card. Taking this
further will be tough because all the players want account control,
Temple says.
Although the cellphone improves convenience all round, widespread
take up is likely to be governed by the trust that account holders
place in everyone (and everything) in the value 'net'.
The VTT researchers say "The most important factor is the customer's
trust in the service and its provider. The enterprise's reputation,
in addition to costs, is important from the end user's perspective
when selecting the service provider."
Referring to digital television, they say: “For the time being,
the application environment has been restricted and strictly under
the control of the digital television network operators and broadcasting
channels because the application comes within the programme signal.
This is going to change due to the emergence of MHP version 1.1,
(which enables) applications to be loaded via the return channel.”
Shifting to IP and terminals with data storage opens them to the
hazards of the internet. As Temple notes, as the value of transactions
and information on the networks rises, so it is likely to attract
better financed, better organized and more motivated bad guys. Potential
new threats include organized crime gangs, terror groups and hostile
states.
The DoS-resistant working group is part of Cambridge-MIT Institute's
Communications Research Network, which is researching ways to prevent
attacks. At its inaugural meeting in January 2005, delegates from
50 interested concerns, including the military and intelligence
communities, heard that botnet-based denial of service attacks might
drain up to 3Gbit/s bandwidth from the networks. “Alarmingly
low amounts of traffic suffice for causing damage,” they heard.
This could be as little as a few hundred bots for static web pages,
dynamic pages and SSL, or even a few dozen if fired rapidly; SYN
scans and bandwidth are vulnerable to anything from a dozen to a
few hundred attackers. Botnet attacks by up to 80,000 nodes were
reported.
Current defensive measures include securing the core; responding
to the incident through preparation, detection, classification,
trace back, containment and post-mortem analysis. (For a fuller
treatment see http://communicationsresearch.net/dos-resistant/meeting-1/cii-dos-summary.pdf.)
The consensus at the meeting was that future defensive architectures
are very hard to predict and build. This is because no-one is responsible
for it. Furthermore, fixed security standards could inhibit innovation
of profitable new products and services.
The group planned to set up a registry of attack profiles and attack
types to track trends. It also hoped to classify attackers' motives.
It planned to draw up a registry of defence techniques, a 'standard'
picture of the network at any point in time, and to coordinate responses
to attacks.
As they noted, end users cannot do much against DoS attacks, so
the need is to deal with such attacks as far upstream as possible.
This requires coordination at network level and security regarding
specific responses to slow what Temple calls the arms race against
the hackers.
Even so, infosecurity means different things to different people.
As the Finns note, the emphasis on threats varies in severity and
solutions in different parts of the value net. Content producers
worry most about unauthorized use and distribution of programs or
other content. Network operators worry that erroneous content will
affect terminal devices and/or users' data and applications. End
users' concerns are primarily invasion of privacy and identity theft.
Up to now, companies like Google and eBay have shown staggering
success, despite the infosecurity hazards. In future, the risk-reward
ratios for users are likely to change for the worse. Unless everyone
in the value net, including the justice system, cooperates, end
users are unlikely to trust the system as much as they should. Without
that trust, despite global networks, the world will become a very
small place. •
About the author
Ian Grant is a freelance writer on business issues.
Back to features index
|
|
