Protecting Wireless LAN Access with Smartcard SIMs

The wireless LAN market is a niche market set to gain greater momentum.

The deployment of WLAN equipment in public access places, small/medium businesses, home offices and residential areas is expected to become widespread in the near future. The fact that WLANs can be more cost effective than wired LANs and provide access to a network anywhere in the building, make this technology an excellent solution to improve a company's efficiency and customer satisfaction.

More and more laptops, PDAs, home network appliances, etc. are WLAN enabled and this is just the beginning. Already widely used in homes and offices, WLAN hot spots are emerging in public places, such as cafés, airport lounges and conference centers. As part of the increasingly diverse range of services offered by mobile network operators, offering permanent and remote access to corporate networks, internet and other data via WLANs is the key to providing an everyday service that will soon be indispensable, as physical barriers, such as office walls, come tumbling down. Research house Analysys forecasts that by 2006, there will be over 20 million users of public WLAN services in Europe, generating over €3 billion of revenues for public WLAN operators.

However, using a PC to access a WLAN is about as secure as leaving your front door open and an invitation to enter and help yourself to the family silver signposted on the front lawn. Security both for services and usage, and for the protection of company and personal data, are key issues that need to be overcome before the use of WLAN becomes widespread.

With the emergence of the WLAN environment, the sands are shifting. New entrants are taking the stage eager to stake their claim, but some are better placed than others to maximize the potential opportunities. The competition is opening up and becoming more varied as fixed line operators and internet service providers battle alongside mobile network operators for a piece of the pie. However, with the existing mobile infrastructure and subscriber base lending themselves beautifully to the roll out of WLAN, it is mobile operators who stand to benefit the most.

Key issues for public WLAN service providers

Operators can either propose WLAN access as a standalone service, or as part of their existing service portfolio via GPRS or 3G. The latter, although potentially more appealing to their customers, requires more investment and integration work to be done and there is the challenge of providing their WLAN customers with the same high levels of security as for their GSM subscription. Consistent service provisioning is a thorny issue, as hotspots have an optimal range of a few hundred meters. Then there is quality of service, network planning, billing schemes, the applications on offer, etc, etc.

Most WLAN market players, especially mobile network operators, will require tight inter-working between all their wireless data networks. Market players are looking to build an attractive offer between the networks that they operate and will thus require interoperability. The smartcard is a strong asset in this perspective.

How can the smartcard help?

Wherever there is remote access to data, be it via GPRS, 3G or WLAN, there is a need for security in terms of access control, protecting user identity, mutual authentication, confidentiality, session integrity and reliable key exchange, preventing a third party from listening into a transmission. In GSM, the SIM is already renowned for its high levels of security as a tamper-resistant device for network access and user identification. It is part of the roaming authentication architecture put in place by the GSM operator and is the only operator stronghold within the mobile device.

The use of a SIM/USIM card as an authentication token on a WLAN, with a dedicated WLAN application onboard, allows the operator to securely authenticate its subscribers while re-using its existing authentication and even billing infrastructure. This makes it a cost-effective solution for WLAN providers.

As the subscription is always terminal-independent, the SIM remains the only trusted operator-managed element and the only link between the operator and the subscriber. As PCs and WLANs are open environments, the operator can, for example, impose the use of anti-virus programs, but cannot control them. However, the SIM gives the operator the peace of mind to trust in the integrity of the environment. It forms the ideal platform to manage roaming between networks (WLAN, GPRS and 3G) and enables operators to use their existing infrastructure for billing and roaming without having to invest in costly new technology.

Who stands to benefit?

Above all, at the heart of any operator's business is the welfare of their subscribers. By using the SIM to access WLANs, the subscriber benefits from one service provider (their existing operator), one authentication process and only one billing scheme, regardless of what services and what network are used. The use of the SIM provides ubiquitous secure access for mobile data applications regardless of the communication channel. In fact, there will be no more talk of GPRS, 3G or WLAN, just access to mobile data services.

Corporate clients offering WLAN access to their employees can sleep easily with the knowledge that access to their company data is secured, both via their own solution (virtual private network) and the operator's own enhanced security layer based around the SIM.

As with any mobile transaction, retailers benefit from the security offered by the SIM as it offers proof of purchase and a secure billing channel. This means that they can reduce fraud and maximize the WLAN as a distribution channel.

The mobile operator is the logical choice for the roll out of WLAN services as it can reuse its existing billing and authentication infrastructure rather than build a brand new backend system. WLAN networks can be smoothly integrated into 2.5 and 3G networks, thus facilitating roaming capabilities both within the operator's own network and worldwide.

VimpelCom, a leading provider of wireless telecommunications in Russia, has begun testing two pilot networks rolled out in the company's own offices. This project, in conjunction with Gemplus, is based on the 802.11b protocol. Hotspots are being set up in Moscow airports, business centers and hotels from the beginning of 2003 with a range of approximately 100 meters, connected to the operator's transport network. As for GSM, the SIM will provide the authentication necessary to identify the subscriber and manage access to the WLAN. The subscriber will not need to re-authenticate when switching between the two, as the SIM will seamlessly manage the handover.

The power of connections

The opportunities for WLAN are immense. Here you see a new network capable of hooking up the power of a corporate network to the internet and the mobile network. No wonder your corporate director of management information services is looking worried. The risks are immense too. Security cannot be compromised and so in order to protect the interests of all parties, a secure authentication process and integrity in guaranteeing this security is essential.

The opportunities for the operator are the greatest. With their existing infrastructure, the roll out of WLAN services will be straightforward. The billing for WLAN services will slot easily into the existing process and the new SIM, with its new WLAN authentication token on board, will simply take its natural place in the subscriber terminal and carry on as before, whatever the network.

Jerome Nadel is vice-president of market intelligence and communications, Gemplus (


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.