Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

Chapter Six

Mobile (cellular) network

6.1. Mobile Network Basics

A cellular network or mobile network is a communication network where the last link is
wireless. A cellular network is a radio network distributed over land through cells where each
cell includes a fixed location transceiver known as base station. These cells together provide
radio coverage over larger geographical areas. User equipment (UE), such as mobile phones, is
therefore able to communicate even if the equipment is moving through cells during
transmission.
Cellular networks give subscribers advanced features over alternative solutions, including
increased capacity, small battery power usage, a larger geographical coverage area and reduced
interference from other signals. Popular cellular technologies include the Global System for
Mobile Communication, general packet radio service, 3GSM and code division multiple access.

Cells in a Network
What’s interesting about mobile phone networks is their cellular design. (Hence the terms
“cellular network” and “cellular phone.”) It means that a mobile phone network is divided into
thousands of overlapping geographic areas, known as cells. A typical cellular network can be
envisioned as a mesh of hexagonal cells, as shown in Figure 6.1, each with its own base station
at the center. The cells slightly overlap at the edges to ensure that users always remain within
range of a base station. (You don’t want a dropped call when you’re driving between base
stations.)

Figure 6.1. Cells in a cellular network.

Page 1 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

The cells in a cellular network vary in size, depending on how many calls are conducted within
that geographic area. The smallest cells, which might cover only a few city blocks, are those
where there’s the heaviest population density, and thus the largest demand for service. The
largest cells are most often in rural areas with a smaller population per square mile.

The different types of cells are given different names according to their size and function:
 Macro cells: Macro cells are large cells that are usually used for remote or sparsely
populated areas. These may be 10 km or possibly more in diameter.
 Micro cells: Micro cells are those that are normally found in densely populated areas
which may have a diameter of around 1 km.
 Pico cells: Pico cells are generally used for covering very small areas such as particular
areas of buildings, or possibly tunnels where coverage from a larger cell in the cellular
system is not possible. Obviously for the small cells, the power levels used by the base
stations are much lower and the antennas are not position to cover wide areas. In this way
the coverage is minimized and the interference to adjacent cells is reduced.
 Selective cells: Sometimes cells termed selective cells may be used where full 360
degree coverage is not required. They may be used to fill in a hole in the coverage in the
cellular system, or to address a problem such as the entrance to a tunnel etc.
 Umbrella cells: Another type of cells known as an umbrella cell is sometimes used in
instances such as those where a heavily used road crosses an area where there are
microcells. Under normal circumstances this would result in a large number of handovers
as people driving along the road would quickly cross the microcells. An umbrella cell
would take in the coverage of the microcells (but use different channels to those allocated
to the microcells). However it would enable those people moving along the road to be
handled by the umbrella cell and experience fewer handovers than if they had to pass
from one microcell to the next.

The base station at the center of each group of cells functions as the hub for those cells—not of
the entire network, but of that individual piece of the network. RF signals are transmitted by an
individual phone and received by the base station, where they are then re-transmitted from the
base station to another mobile phone. Transmitting and receiving are done over two slightly
different frequencies.
Base stations are connected to one another via central switching centers which track calls and
transfer them from one base station to another as callers move between cells; the handoff is
(ideally) seamless and unnoticeable. Each base station is also connected to the main telephone
network, and can thus relay mobile calls to landline phones.

Page 2 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

Frequency reuse
The key characteristic of a cellular network is the ability to re-use frequencies to increase both
coverage and capacity. As shown above, adjacent cells must use different frequencies; however
there is no problem with two cells sufficiently far apart operating on the same frequency. The
elements that determine frequency reuse are the reuse distance and the reuse factor.
The reuse distance, D is calculated as:

Where R is the cell radius and N is the number of cells per cluster. Cells may vary in radius from
1 to 30 kilometers. The boundaries of the cells can also overlap between adjacent cells and large
cells can be divided into smaller cells.
The frequency reuse factor is the rate at which the same frequency can be used in the network. It
is 1/K (or K according to some books) where K is the number of cells which cannot use the same
frequencies for transmission. Common values for the frequency reuse factor are 1/3, 1/4, 1/7, 1/9
and 1/12 (or 3, 4, 7, 9 and 12 depending on notation).

6.2. Cellular network Structure

Cellular network technology supports a hierarchical structure formed by the base transceiver
station (BTS), mobile switching center (MSC), location registers and public switched telephone
network (PSTN).

Figure 6.2.Basic mobile communication structure

Page 3 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

Mobile Station (MS)

A Mobile Station is a device used by a mobile user to access the mobile network. The MS
typically consists of the mobile telephone equipment and a Subscriber Identity Module (SIM).

Subscriber Identity Module (SIM)

The Subscriber Identity Module is a smartcard that is necessary to make use of a mobile phone.
The SIM is the key used to identify and authenticate the mobile subscriber. On the SIM is also
memory available for personalized data, such as a telephone book and messages.
The subscriber is identified with an IMSI, International Mobile Subscriber Identity, and a
telephone number. The SIM made a clear separation between a mobile phone and a subscriber
possible. The subscriber can make use of any mobile phone under his own account if the SIM
card is put in the phone.

There are two different sizes available, a credit card size and a small size that is of the
size of the chip that is on most credit cards. Nearly all phones use the small version.

The use of a SIM can be guarded with a PIN code from 4 to 8 digits. If 4 times the wrong PIN
code is typed, the SIM will be blocked. To unblock the SIM the PUK (PIN Unblocking Key) is
needed. This is an 8 digit code that is known by the authorized user and given by the service
provider.

Base Station (BS) or Base Transceiver Station (BTS)

The Base Transceiver Station (BTS) is a term used to denote a base station in GSM terminology.
A BTS is a radio transmitter/receiver which consists of an antenna and the radio equipment
necessary to communicate by radio with a Mobile Station (MS). Each BTS covers a defined area,
known as a cell. The BTS enables cellular devices to make direct communication with mobile
phones. The unit acts as a base station to route calls to the destination base center controller. A
BTS is under control of a BSC, which is in turn under control of a MSC (Mobile Switching
Centre).

Base Station Control (BSC)

The Base Station Controller (BSC) is in control of and supervises a number of Base Transceiver
Stations (BTS). The BSC is responsible for the allocation of radio resources to a mobile call and
for the handovers that are made between base stations under its control. Other handovers are
under control of the MSC. The base station controller (BSC) coordinates with the MSC to
interface with the landline-based PSTN, visitor location register (VLR), and home location
register (HLR) to route the calls toward different base center controllers.

Page 4 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

Mobile Switching Center (MSC)

The Mobile Switching Centre (MSC) is a telephone exchange that makes the connection between
mobile users within the network, from mobile users to the public switched telephone network
and from mobile users to other mobile networks. The MSC also administers handovers to
neighboring base stations, keeps a record of the location of the mobile subscribers, is responsible
for subscriber services and billing.

Roaming
Roaming is the ability for a customer of mobile communications to automatically make and
receive telephone calls, send and receive data, or access other services while travelling outside
the geographical coverage area of the home network, by means of using a network of another
operator.
Roaming can be either national roaming or international roaming. National roaming means that
mobile subscribers make use of another network in geographical areas where their own operator
does not have coverage. This is e.g. used by operators who do not have complete coverage in a
country. International roaming is used when mobile subscribers travel abroad and make use of
the network of an operator in the foreign country

Home Location Register (HLR)

The Home Location Register is a database from a mobile network in which information from all
mobile subscribers is stored. The HLR contains information about the subscriber’s identity,
his/her telephone number, the associated services and general information about the location of
the subscriber. The exact location of the subscriber is kept in a Visitor Location Register.

Visitor Location Register (VLR)

Visitor Location Register (VLR) is a database that contains information about the subscribers
roaming within a mobile Switching Center (MSC) location area. The primary role of VLR is to
minimize the number of queries that MSCs have to make to the home location register, which
holds permanent data regarding the cellular networks subscriber. Ideally there should be only one
visitor location register per MSC but it is also possible for a single VLR to serve multiple MSCs.

Public Switched Telephone Network

The public switched telephone network (PSTN) refers to the international telephone system that
uses copper wires to carry analog voice data. It consists of a collection of individual telephones
that are hardwired to a public exchange.

Page 5 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

How a mobile call is actually made?

Operational channels
In each cell, there are four types of channels that take active part during a mobile call. These are:

 Forward Voice Channel (FVC): This channel is used for the voice transmission from the BS
to the MS.
 Reverse Voice Channel (RVC): This is used for the voice transmission from the MS to the
BS.
 Forward Control Channel (FCC): Control channels are generally used for controlling the
activity of the call, i.e., they are used for setting up calls and to divert the call to unused voice
channels. Hence these are also called setup channels. These channels transmit and receive call
initiation and service request messages. The FCC is used for control signaling purpose from the BS
to MS.
 Reverse Control Channel (RCC): This is used for the call control purpose from the MS to the
BS. Control channels are usually monitored by mobiles.

Making a Call
When a mobile is idle, i.e., it is not experiencing the process of a call, then it searches all the
FCCs to determine the one with the highest signal strength. The mobile then monitors this
particular FCC. However, when the signal strength falls below a particular threshold
that is insufficient for a call to take place, the mobile again searches all the FCCs for the
one with the highest signal strength. For a particular country or continent, the control
channels will be the same. So all mobiles in that country or continent will search among
the same set of control channels. However, when a mobile moves to a different country or
continent, then the control channels for that particular location will be different and
hence the mobile will not work.
Each mobile has a mobile identification number ( MIN). When a user wants to make a call,
the user sends a call request to the MSC on the reverse control channel. The user also
sends the MIN of the person to whom the call has to be made. The MSC then sends this
MIN to all the base stations. The base station transmits this MIN and all the mobiles within
the coverage area of that base station receive the MIN and match it with their own. If the
MIN matches with a particular MS, that mobile sends an acknowledgment to the BS. The
BS then informs the MSC that the mobile is within its coverage area. The MSC then
instructs the base station to access specific unused voice channel pair. The base station then
sends a message to the mobile to move to the particular channels and it also sends a signal
to the mobile for ringing.

Page 6 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

In order to maintain the quality of the call, the MSC adjusts the transmitted power of
the mobile which is usually expressed in dB or dBm. When a mobile moves from the
coverage area of one base station to the coverage area of another base station i.e., from
one cell to another cell, then the signal strength of the initial base station may not be
sufficient to continue the call in progress. So the call has to be transferred to the other base
station. This is called handoff. In such cases, in order to maintain the call, the MSC
transfers the call to one of the unused voice channels of the new base station or it
transfers the control of the current voice channels to the new base station.

6.3. Mobile security

One of the major concerns when implementing mobile and wireless solutions is data security.
Securing enterprise data in a wired environment is difficult enough; adding wireless data
transmission and mobile storage makes the task even more challenging. A number of security
technologies are available today that make it possible to create mobile solutions with end-to-end
security. These technologies should be incorporated into your application from the initial design
through the final implementation.
Giving all aspects of security equal attention is crucial. For example, it's counter-productive to
spend hours choosing the right security algorithm only to find out that a user is using his or her
surname as the password to the system. Parties with malicious intent will always attack the
weakest part of the system, so, clearly, having a single weak link is very dangerous. To
implement a truly secure environment, you will require both the right technology and a corporate
security policy. This will help ensure that all aspects of your system remain secure.

6.3.1. Creating a Secure Environment

For end-to-end security you have to consider the entire environment, including enterprise access,
middle-tier components, and client applications. End-to-end security means that the transmission
of data is secure along the entire path from the sender to the receiver—usually the client
application to the enterprise server. Contrary to popular belief, this endeavor involves more than
just data encryption. In this section we examine five objectives involved in creating a secure
mobile environment. Understanding these objectives and the impact they have on mobile
application development is crucial for creating secure applications.

Authentication
Authentication is the process of proving that people and organizations are who or what they
claim to be. For wireless networks, this is often done at two layers: the network layer and the
application layer. The network requires the user to be authenticated before that person is granted

Page 7 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

access. This can be done implicitly, based on the device or modem being used, or explicitly,
using a variety of mechanisms. At the application layer, authentication is important at two levels:
the client and the enterprise server. To gain access to enterprise data, the client has to prove to
the server that it is what it says it is. At the same time, before a client allows an outside server to
connect to it—for example, to push some content—the server has to authenticate itself to the
client application. The simplest, and probably least secure, method of authentication is a
username/password combination. More advanced methods include digital certificates or digital
signatures.

Data Integrity
Data integrity is assurance that the data in question has not been altered or corrupted in any way
during the transmission from the sender to the receiver. This can be accomplished by using data
encryption in combination with a cryptographic checksum or Message Authentication Code
(MAC). This information is encoded into the message itself by applying an algorithm to the
message. When recipients receive the message, they compute the MAC and compare it with the
MAC encoded in the message to see if the codes are the same. If they are, recipients can be
confident that the message has not been tampered with. If the codes are different, recipients can
discard the data as inaccurate.

Confidentiality
Confidentiality is one of the most important aspects of security, and certainly the most talked
about. Confidentiality is about maintaining data privacy, making sure it cannot be viewed by
unwanted parties. Most often, when people are worried about the security of a system, they are
concerned that sensitive information, such as a credit card number or health records, can be
viewed by parties with malicious intent. The most common way of preventing this intrusion is by
encrypting the data.

Authorization
Authorization is the process of determining the user's level of access—whether a user has the
right to perform certain actions. Authorization is often closely tied to authentication. Once a user
is authenticated, the system can determine what that party is permitted to do. Access control lists
(ACLs) are often used to help determine this. For example, all users may have read-only access
to a set of data, while the administrator, or another trusted source, may also have write access to
the data.

Page 8 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

Non repudiation
Non repudiation is about making parties accountable for transactions in which they have
participated. It involves identifying the parties in such a way that they cannot at a later time deny
their involvement in the transaction. In essence, it means that both the sender and the recipient of
a message can prove to a third party that the sender did indeed send the message and the
recipient received the identical message. To accomplish this, each transaction has to be signed
with a digital signature that can be verified and time-stamped by a trusted third party.

6.3.2. Security Threats

Building a secure solution is difficult without awareness of the potential risks, so now let us look
at four common security threats: spoofing, sniffing, tampering, and theft. Whenever data is being
transferred, whether over a wireless or wired network, you need to take precautions against these
risks.

Note To simplify terminology, any access to data or systems through a security hole will be
considered unauthorized access.

Spoofing
Spoofing is the attempt by a party to gain unauthorized access to an application or system by
pretending to be someone he or she is not. If the spoofer gains access, he or she can then create
fake responses to messages in an attempt to gain further knowledge and access to other parts of
the system. Spoofing is a major problem for Internet security, hence, wireless Internet security
because a spoofer can make application users believe that they are communicating with a trusted
source, such as their bank, when in reality they are communicating with an attacker machine.
Unknowingly, users often provide additional information that is useful to the attacker to gain
access to other parts and other users of the system.
The process of sniffing, described next, is often used in conjunction with spoofing to get enough
information to access the system in the first place. For this reason, implementing both
authentication and encryption is required to combat spoofing.

Sniffing
Sniffing is a technique used to monitor data flow on a network. While sniffing can be used for
proper purposes, it is more commonly associated with the unauthorized copying of network data.
In this sense, sniffing is essentially electronic eavesdropping. By "listening" to network data,
unauthorized parties are able to obtain sensitive information that will allow them to do further

Page 9 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

damage to the application users, the enterprise systems, or both. Sniffing is dangerous because it
is both simple to do and difficult to detect. Moreover, sniffing tools are easy to obtain and
configure.

Tampering
Data tampering, also called an integrity threat, involves the malicious modification of data from
its original form. Very often this involves intercepting a data transmission, although it also can
happen to data stored on a server or client device. The modified data is then passed off as the
original. Employing data encryption, authentication, and authorization are ways to combat data
tampering.

Theft
Device theft is a problem inherent in mobile computing. Not only do you lose the device itself
but also any confidential data that may reside on this device. This can be a serious threat for
smart client applications, as they contain persistent data, often confidential in nature. For this
reason, you should follow these rules when it comes to securing mobile devices:
 Lock down devices with a username/password combination to prevent easy access.
 Require authentication to access any applications residing on the device.
 Do not store passwords on the device.
 Encrypt any persistent data storage facilities.
 Enforce corporate security policies for mobile users.

Authentication and encryption, along with a security policy, are required to help prevent
malicious data access from a lost or stolen device. Fortunately, this is not as serious a problem
for wireless Internet applications, as they rarely store data outside of the browser's cache.

6.3.3. Security Technologies

Given the security threats just outlined, companies need to understand the technologies that are
available to help them minimize security risks. Though the requirements for each company will
be different, all companies will benefit by implementing a well-thought-out security plan. This
section provides information on the main concepts and technologies that are required to
implement end-to-end security for your m-business applications.

Cryptography
The basic objective of cryptography is to allow two parties to communicate over an insecure
channel without a third party being able to understand what is being transmitted. This capability
is one of the core requirements of a secure environment, as it deals with all aspects of secure data

Page 10 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

transfer, including authentication, digital signatures, and encryption. On the face of it,
cryptography is a simple concept, but it is actually quite complex, especially for large-scale
mobile implementations.

Algorithms and Protocols

Cryptography works on many levels. At the lowest level are cryptographic algorithms. These
algorithms describe the steps required to perform a particular computation, typically based
around the transformation of data from one format to another. Building on these algorithms, is a
protocol. The protocol describes the complete process of executing a cryptographic activity,
including explicit information on how to handle any contingency that might arise. Making this
distinction is important, because an excellent cryptographic algorithm does not necessarily
translate into a strong protocol. The protocol is responsible for more than just the encoding of
data; data transmission and key exchange are also properties of a protocol.

Finally, on top of the protocol are the applications. Once again, a strong protocol does not
guarantee strong security, as the application itself may lead to further problems. Thus, in order to
create a secure solution, a strong protocol is required, as well as a good, robust application
implementation.

Data Encryption
The core of any cryptographic system is encryption, the process of taking a regular set of data,
called plaintext, and converting it into an unreadable form, called ciphertext. Encryption allows
you to maintain the privacy of sensitive data, even when accessed by unauthorized users. The
only way the data can be read is by transforming it back to its original form using a process
called decryption. The method of encryption and decryption is called an algorithm or cipher.
Figure 6.3.3.1 demonstrates the concept of encryption. As the message is transported over an
insecure public channel, it is encrypted, preventing anyone eavesdropping on the line from being
able to understand the data being sent.

Fig. 6.3.3.1 Encryption

Page 11 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

Digital Certificates
Digital certificates provide a way to guarantee that a public key belongs to the party it represents.
For this to be successful, the certificate itself also has to be verified to ensure that it represents
the claimed entity (a person or organization). This is accomplished using a trusted third party
called a certificate authority (CA). Digital certificates typically contain the following:
 The name of the holder, as well as other information that uniquely identifies the holder. Additional
information can include the URL of a Web server using the certificate or an email address.
 The holder's public key.
 The name of the CA that issued the certificate.
 The lifetime that the certificate if valid for (usually a start and end date).
 A digital signature from the CA to make it easy to detect if the transmission has been tampered with.

Certified users also have the option of self-signing a digital certificate, thereby becoming a CA
themselves. This additional party can be considered trustworthy if he or she was signed by
another trusted key. In this way, you can continue to navigate to the root CA, thereby
determining who provided the initial certificate. If the root CA is not recognized or trusted, then
each certificate in the chain is considered invalid.

Digital Signatures
Digital signatures are used to verify that a message really came from the claimed sender. It is
based upon the notion that only the creator of the signature has the private key and that it can be
verified using a corresponding public key.

Public Key Infrastructure

Public key infrastructure (PKI) is the term used to describe a complete organization of systems
and rules defining a single security system. The Internet Engineering Task Force (IETF) X.509
Working Group (www.ietf.org/internet-drafts/draft-ietf-pkix-roadmap-09.txt) defines PKI as "the
set of hardware, software, people, and procedures needed to create, manage, store, distribute, and
revoke certificates based on public key cryptography."
The components of PKI include the following:
 Certificate authorities responsible for issuing and revoking certificates
 Registration authorities responsible for binding between public keys and the identities of their holders
 Certificate holders who have been issued certificates that they can use to sign digital documents
 Repositories that store certificates as well as certificate revocation lists
 Security policy that defines an organization's top-level direction on security

Page 12 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

Leading Protocols
The following are some leading protocols that are used for secure data transmission.
 Secure Sockets Layer (SSL): SSL is the dominant security protocol being used on the Internet today. It
was developed by Netscape to provide secure and private Internet sessions, typically on top of HTTP,
although it can also be used over FTP and other relevant protocols.
 Transport Layer Security (TLS): Transport Layer Security (TLS) is the next generation of SSL. The
overall goals of TLS include cryptographic security, interoperability, and extensibility.
 Wireless Transport Layer Security (WTLS): WTLS is the security layer defined in the WAP specification.
It operates above the Transport Protocol Layer, making it suitable for a variety of underlying wireless
protocols.
 IP Security (IPSec): IPSec is different from the other protocols in that it does not operate on the
application layer. Whereas SSL, TLS, and WTLS are aimed at providing secure communications over an
inherently insecure network, IPSec is aimed at making the Internet itself secure. It does this by providing
authentication, integrity, and privacy services at the IP datagram layer. While it is mainly targeted at laptop
clients in the mobile space, IPSec-based virtual private network (VPN) products are starting to emerge for
PDAs as well (see the upcoming section for more on VPNs). IPSec will become a more prominent solution
when mobile devices start to support IP6, which includes IPSec as part of the standard. It is important to
know that IPSec supports TCP/IP, not WAP.

6.3.4. Other Security Measures

Firewalls
Firewalls are the most common form of security implemented within organizations. They
establish a network perimeter between what is public and what is private. A firewall is a set of
software programs, usually located on a separate gateway server that restricts access to the
private network resources from users on other networks. As soon as an enterprise installs Internet
access to its site, a firewall is required to protect its own resources and, sometimes, to control
outside resources to which its own users have access.
At a lower level, a firewall will examine each packet of network data to determine whether it
should be forwarded to its destination. Where outside access is permitted as in the case of a Web
server, the firewall will allow outside traffic through the firewall on a specified port, for
communication with a specified application. In this case, it would permit access from all outside
users. At times, however, access from outside the firewall will be restricted to only known users,
usually based on their IP addresses. This is used when a finite number of known users require
access to a system.

Page 13 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network

Virtual Private Networks (VPNs)

A VPN allows a company to turn a public network (most commonly the Internet) into a private
network. This technology allows remote workers to communicate with the corporate network in
a secure fashion.

VPN technology is currently being used to help overcome the wireless LAN security problems
by providing a direct link through a WLAN past the corporate firewall. The drawbacks of this
configuration are cost and the inability to roam between WLAN access points. Mobile VPNs for
devices on public networks are still in the early phases of adoption.

Two-Factor Authentication
For some purposes, usually dealing with financial transactions, strong authentication is required.
This involves using a two-factor approach, where users have to apply two factors to authenticate
themselves. One factor is usually something the user knows, such as a PIN number; the other is
something the user has, such a token card to generate a one-time password. This combination
makes it much more difficult for unauthorized users to gain to access the system.

Smart client applications inherently provide a form of two-factor authentication: First you must
have the device to access the application; second, you must authenticate yourself to gain access
to the application, as well as to any back-end system to which it connects.

Biometrics
Biometrics provides a wide range of techniques for authenticating an individual based on his or
her unique physical characteristics. Such techniques include fingerprint identification, face
recognition, voice recognition, or iris and retina scanning. Using biometric techniques, you can
ensure that the identification token is indeed unique. While this use of biometrics does improve
security, this type of authentication does have some drawbacks. Many of these systems are
somewhat intrusive and therefore not widely accepted by users. Also, the reliability of these
technologies varies and so can lead to what's called "false refusal." That said, biometric systems
are growing in popularity due to increased security concerns among all users.

Security Policy
The final, and often most important, security measure is the adoption of a corporate security
policy. Such a policy will outline all aspects of a corporation's security measures, including both
technology and the use and disclosure of confidential information within the enterprise. Even if a
corporation has implemented a very strong technical security solution, the overall system will
still be insecure if its users do not follow corporate security guidelines.

Page 14 of 14 DMU IT