Security in Wireless Communication Networks
Wiley - IEEE
1. Edition December 2021
384 Pages, Hardcover
Wiley & Sons Ltd
ISBN:
978-1-119-24436-3
John Wiley & Sons
Short Description
A current, state-of-the-art examination of security in wireless networks, this book will be highly relevant to students, instructors, and engineers working in the various areas of wireless security.
Topics and technology to be addressed include?: Basics of communication network security; Security in wireless local area networks (e.g., Bluetooth, Wi-Fi) ; Security in wide area wireless networks (e.g., GSM, UMTS, LTE); Security in wireless ad-hoc and sensor networks (e.g., wireless monitoring networks, vehicle ad-hoc networks, mobile computing).
Further versions
Receive comprehensive instruction on the fundamentals of wireless security from three leading international voices in the field
Security in Wireless Communication Networksdelivers a thorough grounding in wireless communication security. The distinguished authors pay particular attention to wireless specific issues, like authentication protocols for various wireless communication networks,encryption algorithms and integrity schemes on radio channels, lessons learned from designing secure wireless systems and standardization for security in wireless systems.
The book addresses how engineers, administrators, and others involved in the design and maintenance of wireless networks can achieve security while retaining the broadcast nature of the system, with all of its inherent harshness and interference. Readers will learn:
* A comprehensive introduction to the background of wireless communication network security, including a broad overview of wireless communication networks, security services, the mathematics crucial to the subject, and cryptographic techniques
* An exploration of wireless local area network security, including Bluetooth security, Wi-Fi security, and body area network security
* An examination of wide area wireless network security, including treatments of 2G, 3G, and 4G
* Discussions of future development in wireless security, including 5G, and vehicular ad-hoc network security
Perfect for undergraduate and graduate students in programs related to wireless communication, Security in Wireless Communication Networks will also earn a place in the libraries of professors, researchers, scientists, engineers, industry managers, consultants, and members of government security agencies who seek to improve their understanding of wireless security protocols and practices.
Preface xvii
Acknowledgments xxiii
About the Companion Website xxv
Part I Introduction and Mathematics Background 1
1 Introduction 3
1.1 General Computer Communication Network Architecture 3
1.1.1 Wired Communication Network Infrastructure 3
1.1.2 Wireless Communication Network Infrastructure 4
1.2 Different Types of Wireless Communication Systems 5
1.2.1 Classification of Wireless Communication Systems 5
1.2.1.1 Based on Coverage 5
1.2.1.2 Based on Topology 6
1.2.1.3 Based on Mobility 6
1.2.2 Wireless Personal Area Networks 7
1.2.3 Wireless Local Area Networks 7
1.2.4 Wireless Wide Area Networks 7
1.3 Network Security and Wireless Security 9
1.3.1 Network Security 9
1.3.2 Security Threats in Wireless Networks 10
1.4 Summary 11
2 Basic Network Security Concepts 13
2.1 Security Attacks 13
2.1.1 Passive Attacks 13
2.1.1.1 Eavesdropping 13
2.1.1.2 Traffic Analysis 14
2.1.2 Active Attacks 15
2.2 Security Services 16
2.2.1 Access Control 17
2.2.2 Authentication 17
2.2.3 Confidentiality 18
2.2.4 Integrity 18
2.2.5 Non-repudiation 19
2.2.6 Availability 19
2.3 Security Mechanisms 21
2.3.1 Encipherment 21
2.3.2 Authentication 21
2.3.3 Access Control 22
2.3.4 Digital Signature 22
2.3.5 Data Integrity 23
2.3.6 Traffic Padding and Routing Control 23
2.3.7 Notarization 24
2.4 Other Security Concepts 24
2.4.1 Levels of Impact 24
2.4.2 Cryptographic Protocols 25
2.5 Summary 25
3 Mathematical Background 27
3.1 Basic Concepts in Modern Algebra and Number Theory 27
3.1.1 Group 27
3.1.1.1 Abelian Group 28
3.1.1.2 Cyclic Group 28
3.1.2 Ring 29
3.1.3 Field 29
3.2 Prime Numbers, Modular Arithmetic, and Divisors 30
3.2.1 Prime Numbers 30
3.2.2 Modular Arithmetic 30
3.2.3 Divisors and GCD 31
3.2.4 Multiplicative Inverse 33
3.3 Finite Field and Galois Field 34
3.4 Polynomial Arithmetic 35
3.4.1 Ordinary Polynomial Arithmetic 35
3.4.2 Polynomial Arithmetic in Finite Fields 36
3.4.3 Modular Polynomial Arithmetic 37
3.4.4 Computational Considerations 39
3.4.5 Generating a Finite Field with a Generator 40
3.5 Fermat's Little Theorem, Euler's Totient Function, and Euler's Theorem 41
3.5.1 Fermat's Little Theorem 41
3.5.2 Euler Totient Function phi(n) 42
3.5.3 Euler's Theorem 43
3.6 Primality Testing 44
3.7 Chinese Remainder Theorem 46
3.8 Discrete Logarithm 48
3.9 Summary 49
Part II Cryptographic Systems 51
4 Cryptographic Techniques 53
4.1 Symmetric Encryption 53
4.2 Classical Cryptographic Schemes 53
4.2.1 Classical Substitution Ciphers 54
4.2.1.1 Caesar Cipher 54
4.2.1.2 Monoalphabetic Cipher 55
4.2.1.3 Playfair Cipher 57
4.2.1.4 Polyalphabetic Cipher 58
4.2.1.5 Autokey Cipher 59
4.2.1.6 One-Time Pad 60
4.2.2 Classical Transposition Ciphers 60
4.2.2.1 Rail Fence Cipher 60
4.2.2.2 Row Transposition Cipher 60
4.2.2.3 Product Cipher 61
4.2.3 More Advanced Classical Ciphers 61
4.2.3.1 Rotor Machines 61
4.2.3.2 Steganography 61
4.3 Stream Cipher 62
4.3.1 Rivest Cipher 4 62
4.4 Modern Block Ciphers 63
4.4.1 Overview of Modern Block Ciphers 63
4.4.2 Feistel Block Cipher 64
4.4.2.1 Ideal Block Cipher 64
4.4.2.2 Feistel Cipher Structure 65
4.4.3 Block Cipher Design 67
4.5 Data Encryption Standards (DES) 67
4.5.1 Overview of DES 67
4.5.2 Initial Permutation (IP) 68
4.5.3 DES Round Function 69
4.5.3.1 DES S-Boxes 71
4.5.3.2 DES Permutation Function 72
4.5.4 DES Key Schedule 72
4.5.5 DES Security 74
4.5.6 Multiple Encryption and DES 75
4.6 Summary 76
5 More on Cryptographic Techniques 77
5.1 Advanced Encryption Standards 77
5.1.1 The AES Cipher: Rijndael 77
5.1.2 AES Data Structure 77
5.1.3 Details in Each Round 79
5.1.3.1 Substitute Bytes 79
5.1.3.2 Shift Rows 81
5.1.3.3 Mix Columns 81
5.1.3.4 Add Round Key 82
5.1.3.5 AES Key Expansion 82
5.1.3.6 AES Decryption 84
5.1.3.7 AES Implementation Aspects 84
5.2 Block Cipher Modes of Operation 85
5.2.1 Electronic Codebook (ECB) Mode 85
5.2.2 Cipher Block Chaining (CBC) Mode 86
5.2.3 Cipher Feedback (CFB) Mode 87
5.2.4 Output Feedback (OFB) Mode 88
5.2.5 The Counter (CTR) Mode 89
5.2.6 Last Block in Different Modes 90
5.2.7 XTS-AES Mode 90
5.3 Public Key Infrastructure 92
5.3.1 Basics of Public Key Cryptography 92
5.3.2 Public-Key Applications 94
5.3.3 Security of Public Key Schemes 94
5.4 The RSA Algorithm 95
5.4.1 RSA Key Setup 95
5.4.2 RSA Encryption and Decryption 96
5.4.3 RSA Security Analysis 96
5.4.3.1 Factoring Problem 97
5.4.3.2 Timing attacks 97
5.4.3.3 Chosen Ciphertext Attacks 97
5.5 Diffie-Hellman (D-H) Key Exchange 97
5.5.1 Finite-Field Diffie-Hellman 97
5.5.2 Elliptic-Curve Diffie-Hellman 98
5.5.3 Diffie-Hellman Key Exchange Vulnerability 98
5.6 Summary 99
6 Message Authentication, Digital Signature, and Key Management 101
6.1 Message Authentication 101
6.1.1 Message Authentication Functions 101
6.1.2 Message Authentication Code 102
6.1.3 Hash Functions 103
6.1.4 Size of MAC and Hash Value 104
6.2 MAC and Hash Algorithms 105
6.2.1 Data Authentication Algorithm 105
6.2.2 A Basic Hash Function Structure 106
6.2.3 Secure Hash Algorithm (SHA) 106
6.2.4 SHA-512 107
6.2.4.1 SHA-512 Compression Function 108
6.2.4.2 SHA-512 Round Function 109
6.2.5 Whirlpool 111
6.2.6 Other MAC Functions 112
6.2.6.1 Keyed Hash Functions as MACs 112
6.2.6.2 Cipher-Based MAC 113
6.3 Digital Signature and Authentication 114
6.3.1 Digital Signature Properties 115
6.3.2 Digital Signature Standard and Algorithm 116
6.3.3 The Elliptic Curve Digital Signature Algorithm 117
6.3.3.1 ECDSA Domain Parameters 117
6.3.3.2 ECDSA Private/Public Keys 118
6.3.3.3 ECDSA Digital Signature Generation 119
6.3.3.4 ECDSA Digital Signature Verification 120
6.3.4 Authentication Protocols 120
6.4 Key Management 122
6.4.1 Key Distribution with Symmetric Key Encryptions 122
6.4.2 Symmetric Key Distribution Using Public Key Cryptosystems 123
6.4.3 Distribution of Public Keys 124
6.4.4 Public Key Infrastructure 126
6.4.5 X.509 Authentication Service 126
6.5 Summary 128
Part III Security for Wireless Local Area Networks 129
7 WLAN Security 131
7.1 Introduction to WLAN 131
7.1.1 Wi-Fi Operating Modes 131
7.1.2 Challenges in WLAN Security 132
7.1.3 Tricks that Fail to Protect WLAN 133
7.2 Evolution of WLAN Security 133
7.3 Wired Equivalent Privacy 135
7.3.1 WEP Access Control 135
7.3.2 WEP Integrity and Confidentiality 136
7.3.3 WEP Key Management 136
7.3.4 WEP Security Problems 137
7.3.4.1 Problems in WEP Access Control 138
7.3.4.2 Problems in WEP Integrity 138
7.3.4.3 Problems in WEP Confidentiality 138
7.3.4.4 Problems in WEP Key Management 139
7.3.5 Possible WEP Security Enhancement 140
7.4 IEEE 802.1X Authentication Model 140
7.4.1 An Overview of IEEE 802.1X 140
7.4.2 Protocols in IEEE 802.1X 141
7.4.3 Mapping the IEEE 802.1X model to WLAN 143
7.5 IEEE 802.11i Standard 143
7.5.1 Overview of IEEE 802.11i 143
7.5.2 IEEE 802.11i Access Control 143
7.5.3 IEEE 802.1i Key Management 145
7.5.4 IEEE 802.11i Integrity and Confidentiality 147
7.5.4.1 TKIP Mode 147
7.5.4.2 AES-CCMP Mode 148
7.5.5 Function Michael 148
7.5.6 Weakness in 802.11i 150
7.6 Wi-Fi Protected Access 3 and Opportunistic Wireless Encryption 150
7.6.1 WPA3-Personal 150
7.6.2 WPA3-Enterprise 150
7.6.3 Opportunistic Wireless Encryption 151
7.7 Summary 152
8 Bluetooth Security 153
8.1 Introduction to Bluetooth 153
8.1.1 Overview of Bluetooth Technology 153
8.1.2 Bluetooth Vulnerabilities and Threats 154
8.1.2.1 Bluesnarfing 155
8.1.2.2 Bluejacking 155
8.1.2.3 Bluebugging 155
8.1.2.4 Car Whisperer 155
8.1.2.5 Fuzzing Attacks 155
8.1.3 Bluetooth Security Services and Security Modes 156
8.1.3.1 Bluetooth Security Services 156
8.1.3.2 Bluetooth Security Modes 156
8.2 Link Key Generation 157
8.2.1 Link Key Generation for Security Modes 2 and 3 157
8.2.2 Link Key Generation for Security Mode 4 158
8.2.3 Association Model in Mode 4 159
8.2.3.1 Numeric comparison 159
8.2.3.2 Out-of-Band (OOB) 160
8.2.3.3 Passkey entry 162
8.3 Authentication, Confidentiality, and Trust and Service Levels 163
8.3.1 Authentication 163
8.3.2 Confidentiality 164
8.3.3 Trust and Security Service Levels 165
8.4 Cryptographic Functions for Security Modes 1, 2, and 3 166
8.4.1 SAFER+ 166
8.4.1.1 Overview of the SAFER+ Structure 166
8.4.1.2 SAFER+ Round Function 166
8.4.1.3 SAFER+ Key Schedule for 128-Bit Key 168
8.4.2 Function E1(s) 168
8.4.3 Function E21(s) 170
8.4.4 Function E22(s) 170
8.4.5 Function E3(s) 171
8.4.6 Function E0(s) 171
8.5 Cryptographic Functions in Security Mode 4 (SSP) 173
8.5.1 Function P192(s) 173
8.5.2 Function f1(s) 174
8.5.3 Function g(s) 174
8.5.3.1 Function f2(s) 174
8.5.3.2 Function f3(s) 174
8.6 Summary 174
9 Zigbee Security 177
9.1 Introduction to Zigbee 177
9.1.1 Overview of Zigbee 177
9.1.2 Security Threats Against Zigbee 178
9.2 IEEE 802.15.4 Security Features 179
9.2.1 Security Levels 179
9.2.2 IEEE 802.15.4 Frame Structure 180
9.3 Zigbee Upper Layer Security 182
9.3.1 Zigbee Security Models 182
9.3.2 Security Keys in Zigbee 183
9.3.3 Zigbee Network Layer Security 184
9.3.4 Zigbee Application Support Layer Security 184
9.3.5 Other Security Features in Zigbee 185
9.4 Security-Related MAC PIB Attributes 187
9.5 Mechanisms Used in Zigbee Security 188
9.5.1 AES-CTR 188
9.5.2 AES-CBC-MAC 189
9.5.3 Overview of the AES-CCM 189
9.5.4 Nonces Applied to the Security Mechanisms 189
9.5.5 Matyas-Meyer-Oseas Hash Function 190
9.6 Summary 191
10 RFID Security 193
10.1 Introduction to RFID 193
10.1.1 Overview of RFID Subsystems 193
10.1.2 Types of RFID Tags 193
10.1.3 RFID Transactions 194
10.1.4 RFID Frequency Bands 194
10.2 Security Attacks, Risks, and Objectives of RFID Systems 195
10.2.1 Security Attacks to RFID Systems 195
10.2.2 RFID Privacy Risks 195
10.2.3 Security Objectives 196
10.3 Mitigation Strategies and Countermeasures for RFID Security Risks 196
10.3.1 Cryptographic Strategies 196
10.3.1.1 Encryption 196
10.3.1.2 One-Way Hash Locks 196
10.3.1.3 EPC Tag PINs 197
10.3.2 Anti-Collision Algorithms 197
10.3.2.1 Tree-Walking 197
10.3.2.2 The Selective Blocker Tag 197
10.3.3 Other Mitigation Strategies 198
10.3.3.1 Physical Shielding Sleeve (The Faraday Cage) 198
10.3.3.2 Secure Reader Protocol 1.0 198
10.4 RFID Security Mechanisms 199
10.4.1 Hash Locks 199
10.4.1.1 Default Hash Locking 199
10.4.1.2 Randomized Hash Locking 200
10.4.2 HB Protocol and the Enhancement 200
10.4.2.1 HB Protocol 200
10.4.2.2 HB+ Protocol 202
10.4.2.3 HB++ Protocol 203
10.5 Summary 205
Part IV Security for Wireless Wide Area Networks 207
11 GSM Security 209
11.1 GSM System Architecture 209
11.1.1 Mobile Station 209
11.1.2 Base Station Subsystem 210
11.1.3 Network Subsystem 211
11.2 GSM Network Access Security Features 212
11.2.1 GSM Entity Authentication 212
11.2.2 GSM Confidentiality 214
11.2.3 GSM Anonymity 215
11.2.4 Detection of Stolen/Compromised Equipment in GSM 215
11.3 GSM Security Algorithms 215
11.3.1 Algorithm A3 216
11.3.2 Algorithm A8 216
11.3.3 Algorithm COMP128 216
11.3.4 Algorithm A5 220
11.3.4.1 A5/1 220
11.3.4.2 Algorithm A5/2 223
11.4 Attacks Against GSM Security 225
11.4.1 Attacks Against GSM Authenticity 225
11.4.1.1 Attacks Against GSM Confidentiality 226
11.4.2 Other Attacks against GSM Security 227
11.5 Possible GSM Security Improvements 227
11.5.1 Improvement over Authenticity and Anonymity 227
11.5.2 Improvement over Confidentiality 228
11.5.3 Improvement of the Signaling Network 228
11.6 Summary 228
12 UMTS Security 229
12.1 UMTS System Architecture 229
12.1.1 User Equipment 229
12.1.2 UTRAN 230
12.1.3 Core Network 231
12.2 UMTS Security Features 231
12.3 UMTS Network Access Security 232
12.3.1 Authentication and Key Agreement 232
12.3.1.1 The AKA Mechanism 232
12.3.1.2 Authentication Vector Generation 234
12.3.1.3 AKA on the UE Side 236
12.3.2 Confidentiality 237
12.3.3 Data Integrity 238
12.3.4 User Identity Confidentiality 239
12.4 Algorithms in Access Security 240
12.4.1 Encryption Algorithm f8 240
12.4.1.1 Integrity Algorithm f9 241
12.4.2 Description of KASUMI 242
12.4.2.1 An Overview of KASUMI Algorithm 242
12.4.2.2 Round Function Fi(s) 244
12.4.2.3 Function FL 244
12.4.2.4 Function FO 244
12.4.2.5 Function FI 245
12.4.2.6 S-boxes S7 and S9 245
12.4.2.7 Key Schedule 247
12.4.3 Implementation and Operational Considerations 248
12.5 Other UMTS Security Features 249
12.5.1 Mobile Equipment Identification 249
12.5.2 Location Services 249
12.5.3 User-to-USIM Authentication 249
12.6 Summary 250
13 LTE Security 251
13.1 LTE System Architecture 251
13.2 LTE Security Architecture 253
13.3 LTE Security 255
13.3.1 LTE Key Hierarchy 255
13.3.2 LTE Authentication and Key Agreement 257
13.3.3 Signaling Protection 258
13.3.3.1 Protection of Radio-Specific Signaling 259
13.3.3.2 Protection of User-Plane Traffic 259
13.3.4 Overview of Confidentiality and Integrity Algorithms 259
13.3.4.1 Confidentiality Mechanism 259
13.3.4.2 Integrity Mechanism 260
13.3.5 Non-3GPP Access 261
13.4 Handover Between eNBs 261
13.4.1 Overview 261
13.4.2 Key Handling in Handover 262
13.4.2.1 Initialization 262
13.4.2.2 Intra-eNB Key Handling 264
13.4.2.3 Intra-MME Key Handling 265
13.4.2.4 Inter-MME Key Handling 266
13.5 Security Algorithms 268
13.5.1 128-EEA2 268
13.5.2 128-EIA2 269
13.5.3 EEA3 270
13.5.4 EIA3 271
13.6 Security for Interworking Between LTE and Legacy Systems 273
13.6.1 Between LTE and UMTS 273
13.6.1.1 Idle Mode Mobility from E-UTRAN to UTRAN 273
13.6.1.2 Idle Mode Mobility from UTRAN to E-UTRAN 274
13.6.1.3 Handover Mode from E-UTRAN to UTRAN 275
13.6.1.4 Handover Mode from UTRAN to E-UTRAN 276
13.6.2 Between E-UTRAN and GERAN 277
13.6.2.1 Idle Mode 277
13.6.2.2 Handover Mode 277
13.7 Summary 278
Part V Security for Next Generation Wireless Networks 279
14 Security in 5G Wireless Networks 281
14.1 Introduction to 5GWireless Network Systems 281
14.1.1 The Advancement of 5G 281
14.1.2 5GWireless Network Systems 282
14.2 5G Security Requirements and Major Drives 283
14.2.1 Security Requirements for 5GWireless Networks 283
14.2.2 Major Drives for 5GWireless Security 284
14.2.2.1 Supreme Built-in-Security 284
14.2.2.2 Flexible Security Mechanisms 285
14.2.2.3 Automation 285
14.2.3 Attacks in 5G Wireless Networks 286
14.2.3.1 Eavesdropping and Traffic Analysis 286
14.2.3.2 Jamming 286
14.2.3.3 DoS and DDoS 287
14.2.3.4 Man-In-The-Middle (MITM) 287
14.3 A 5G Wireless Security Architecture 287
14.3.1 New Elements in 5G Wireless Security Architecture 287
14.3.2 A 5G Wireless Security Architecture 288
14.3.2.1 Network Access Security (I) 288
14.3.2.2 Network Domain Security (II) 289
14.3.2.3 User Domain Security (III) 289
14.3.2.4 Application Domain Security (IV) 289
14.4 5GWireless Security Services 289
14.4.1 Cryptography in 5G 289
14.4.2 Identity Management 290
14.4.3 Authentication in 5G 291
14.4.3.1 Flexible Authentication 291
14.4.3.2 Authentication Through Legacy Cellular System 291
14.4.3.3 SDN Based Authentication in 5G 293
14.4.3.4 Authentication of D2D in 5G 294
14.4.3.5 Authentication of RFID in 5G 294
14.4.4 Data Confidentiality in 5G 295
14.4.4.1 Power Control 295
14.4.4.2 Artificial Noise and Signal Processing 297
14.4.5 Handover Procedure and Signaling Load Analysis 297
14.4.6 Availability in 5G 297
14.4.7 Location and Identity Anonymity in 5G 300
14.5 5G Key Management 300
14.5.1 3GPP 5G Key Architecture 300
14.5.2 Key Management in 5G Handover 301
14.5.3 Key Management for D2D Users 302
14.6 Security for New Communication Techniques in 5G 303
14.6.1 Heterogeneous Network and Massive MIMO in 5G 303
14.6.2 Device-to-Device Communications in 5G 304
14.6.3 Software-Defined Network in 5G 306
14.6.4 Internet-of-Things in 5G 308
14.7 Challenges and Future Directions for 5G Wireless Security 308
14.7.1 New Trust Models 308
14.7.2 New Security Attack Models 308
14.7.3 Privacy Protection 309
14.7.4 Flexibility and Efficiency 309
14.7.5 Unified Security Management 309
14.8 Summary 310
15 Security in V2X Communications 311
15.1 Introduction to V2X Communications 311
15.1.1 Generic System Architecture of V2X Communications 311
15.1.2 Dedicated Short Range Communications 312
15.1.3 Cellular Based V2X Communications 313
15.2 Security Requirements and Possible Attacks in V2X Communications 314
15.2.1 Security Requirements 314
15.2.2 Attacks in V2X Communications 315
15.2.3 Basic Solutions 316
15.3 IEEEWAVE Security Services for Applications and Management Messages 316
15.3.1 Overview of the WAVE Protocol Stack and Security Services 316
15.3.2 Secure Data Service and Security Service Management Entity 318
15.3.3 CRL Verification Entity and P2P Certificate Distribution Entity 319
15.4 Security in Cellular Based V2X Communications 320
15.4.1 LTE-V2X Communication Security 320
15.4.2 5G-V2X Communication Security 322
15.5 Cryptography and Privacy Preservation in V2X Communications 323
15.5.1 Identity Based Schemes 323
15.5.2 Group Signature Based Schemes 325
15.5.3 Batch Verification Schemes 326
15.5.4 Reputation and Trust Based Schemes 327
15.5.5 Identity Anonymity Preservation 328
15.5.6 Location Anonymity Preservation 328
15.6 Challenges and Future Research Directions 329
15.6.1 Highly Efficient Authentication Schemes 329
15.6.2 Efficient Revocation Mechanisms 330
15.6.3 Advancing OBU and TPD Technologies 330
15.6.4 Advancing Cryptography and Privacy Preservation Schemes 330
15.6.5 Advancing Solutions to HetNet, SDN, and NFV 330
15.6.6 Advancing Artificial Intelligence in V2X Communication Security 330
15.7 Summary 331
References 333
Index 345
Acknowledgments xxiii
About the Companion Website xxv
Part I Introduction and Mathematics Background 1
1 Introduction 3
1.1 General Computer Communication Network Architecture 3
1.1.1 Wired Communication Network Infrastructure 3
1.1.2 Wireless Communication Network Infrastructure 4
1.2 Different Types of Wireless Communication Systems 5
1.2.1 Classification of Wireless Communication Systems 5
1.2.1.1 Based on Coverage 5
1.2.1.2 Based on Topology 6
1.2.1.3 Based on Mobility 6
1.2.2 Wireless Personal Area Networks 7
1.2.3 Wireless Local Area Networks 7
1.2.4 Wireless Wide Area Networks 7
1.3 Network Security and Wireless Security 9
1.3.1 Network Security 9
1.3.2 Security Threats in Wireless Networks 10
1.4 Summary 11
2 Basic Network Security Concepts 13
2.1 Security Attacks 13
2.1.1 Passive Attacks 13
2.1.1.1 Eavesdropping 13
2.1.1.2 Traffic Analysis 14
2.1.2 Active Attacks 15
2.2 Security Services 16
2.2.1 Access Control 17
2.2.2 Authentication 17
2.2.3 Confidentiality 18
2.2.4 Integrity 18
2.2.5 Non-repudiation 19
2.2.6 Availability 19
2.3 Security Mechanisms 21
2.3.1 Encipherment 21
2.3.2 Authentication 21
2.3.3 Access Control 22
2.3.4 Digital Signature 22
2.3.5 Data Integrity 23
2.3.6 Traffic Padding and Routing Control 23
2.3.7 Notarization 24
2.4 Other Security Concepts 24
2.4.1 Levels of Impact 24
2.4.2 Cryptographic Protocols 25
2.5 Summary 25
3 Mathematical Background 27
3.1 Basic Concepts in Modern Algebra and Number Theory 27
3.1.1 Group 27
3.1.1.1 Abelian Group 28
3.1.1.2 Cyclic Group 28
3.1.2 Ring 29
3.1.3 Field 29
3.2 Prime Numbers, Modular Arithmetic, and Divisors 30
3.2.1 Prime Numbers 30
3.2.2 Modular Arithmetic 30
3.2.3 Divisors and GCD 31
3.2.4 Multiplicative Inverse 33
3.3 Finite Field and Galois Field 34
3.4 Polynomial Arithmetic 35
3.4.1 Ordinary Polynomial Arithmetic 35
3.4.2 Polynomial Arithmetic in Finite Fields 36
3.4.3 Modular Polynomial Arithmetic 37
3.4.4 Computational Considerations 39
3.4.5 Generating a Finite Field with a Generator 40
3.5 Fermat's Little Theorem, Euler's Totient Function, and Euler's Theorem 41
3.5.1 Fermat's Little Theorem 41
3.5.2 Euler Totient Function phi(n) 42
3.5.3 Euler's Theorem 43
3.6 Primality Testing 44
3.7 Chinese Remainder Theorem 46
3.8 Discrete Logarithm 48
3.9 Summary 49
Part II Cryptographic Systems 51
4 Cryptographic Techniques 53
4.1 Symmetric Encryption 53
4.2 Classical Cryptographic Schemes 53
4.2.1 Classical Substitution Ciphers 54
4.2.1.1 Caesar Cipher 54
4.2.1.2 Monoalphabetic Cipher 55
4.2.1.3 Playfair Cipher 57
4.2.1.4 Polyalphabetic Cipher 58
4.2.1.5 Autokey Cipher 59
4.2.1.6 One-Time Pad 60
4.2.2 Classical Transposition Ciphers 60
4.2.2.1 Rail Fence Cipher 60
4.2.2.2 Row Transposition Cipher 60
4.2.2.3 Product Cipher 61
4.2.3 More Advanced Classical Ciphers 61
4.2.3.1 Rotor Machines 61
4.2.3.2 Steganography 61
4.3 Stream Cipher 62
4.3.1 Rivest Cipher 4 62
4.4 Modern Block Ciphers 63
4.4.1 Overview of Modern Block Ciphers 63
4.4.2 Feistel Block Cipher 64
4.4.2.1 Ideal Block Cipher 64
4.4.2.2 Feistel Cipher Structure 65
4.4.3 Block Cipher Design 67
4.5 Data Encryption Standards (DES) 67
4.5.1 Overview of DES 67
4.5.2 Initial Permutation (IP) 68
4.5.3 DES Round Function 69
4.5.3.1 DES S-Boxes 71
4.5.3.2 DES Permutation Function 72
4.5.4 DES Key Schedule 72
4.5.5 DES Security 74
4.5.6 Multiple Encryption and DES 75
4.6 Summary 76
5 More on Cryptographic Techniques 77
5.1 Advanced Encryption Standards 77
5.1.1 The AES Cipher: Rijndael 77
5.1.2 AES Data Structure 77
5.1.3 Details in Each Round 79
5.1.3.1 Substitute Bytes 79
5.1.3.2 Shift Rows 81
5.1.3.3 Mix Columns 81
5.1.3.4 Add Round Key 82
5.1.3.5 AES Key Expansion 82
5.1.3.6 AES Decryption 84
5.1.3.7 AES Implementation Aspects 84
5.2 Block Cipher Modes of Operation 85
5.2.1 Electronic Codebook (ECB) Mode 85
5.2.2 Cipher Block Chaining (CBC) Mode 86
5.2.3 Cipher Feedback (CFB) Mode 87
5.2.4 Output Feedback (OFB) Mode 88
5.2.5 The Counter (CTR) Mode 89
5.2.6 Last Block in Different Modes 90
5.2.7 XTS-AES Mode 90
5.3 Public Key Infrastructure 92
5.3.1 Basics of Public Key Cryptography 92
5.3.2 Public-Key Applications 94
5.3.3 Security of Public Key Schemes 94
5.4 The RSA Algorithm 95
5.4.1 RSA Key Setup 95
5.4.2 RSA Encryption and Decryption 96
5.4.3 RSA Security Analysis 96
5.4.3.1 Factoring Problem 97
5.4.3.2 Timing attacks 97
5.4.3.3 Chosen Ciphertext Attacks 97
5.5 Diffie-Hellman (D-H) Key Exchange 97
5.5.1 Finite-Field Diffie-Hellman 97
5.5.2 Elliptic-Curve Diffie-Hellman 98
5.5.3 Diffie-Hellman Key Exchange Vulnerability 98
5.6 Summary 99
6 Message Authentication, Digital Signature, and Key Management 101
6.1 Message Authentication 101
6.1.1 Message Authentication Functions 101
6.1.2 Message Authentication Code 102
6.1.3 Hash Functions 103
6.1.4 Size of MAC and Hash Value 104
6.2 MAC and Hash Algorithms 105
6.2.1 Data Authentication Algorithm 105
6.2.2 A Basic Hash Function Structure 106
6.2.3 Secure Hash Algorithm (SHA) 106
6.2.4 SHA-512 107
6.2.4.1 SHA-512 Compression Function 108
6.2.4.2 SHA-512 Round Function 109
6.2.5 Whirlpool 111
6.2.6 Other MAC Functions 112
6.2.6.1 Keyed Hash Functions as MACs 112
6.2.6.2 Cipher-Based MAC 113
6.3 Digital Signature and Authentication 114
6.3.1 Digital Signature Properties 115
6.3.2 Digital Signature Standard and Algorithm 116
6.3.3 The Elliptic Curve Digital Signature Algorithm 117
6.3.3.1 ECDSA Domain Parameters 117
6.3.3.2 ECDSA Private/Public Keys 118
6.3.3.3 ECDSA Digital Signature Generation 119
6.3.3.4 ECDSA Digital Signature Verification 120
6.3.4 Authentication Protocols 120
6.4 Key Management 122
6.4.1 Key Distribution with Symmetric Key Encryptions 122
6.4.2 Symmetric Key Distribution Using Public Key Cryptosystems 123
6.4.3 Distribution of Public Keys 124
6.4.4 Public Key Infrastructure 126
6.4.5 X.509 Authentication Service 126
6.5 Summary 128
Part III Security for Wireless Local Area Networks 129
7 WLAN Security 131
7.1 Introduction to WLAN 131
7.1.1 Wi-Fi Operating Modes 131
7.1.2 Challenges in WLAN Security 132
7.1.3 Tricks that Fail to Protect WLAN 133
7.2 Evolution of WLAN Security 133
7.3 Wired Equivalent Privacy 135
7.3.1 WEP Access Control 135
7.3.2 WEP Integrity and Confidentiality 136
7.3.3 WEP Key Management 136
7.3.4 WEP Security Problems 137
7.3.4.1 Problems in WEP Access Control 138
7.3.4.2 Problems in WEP Integrity 138
7.3.4.3 Problems in WEP Confidentiality 138
7.3.4.4 Problems in WEP Key Management 139
7.3.5 Possible WEP Security Enhancement 140
7.4 IEEE 802.1X Authentication Model 140
7.4.1 An Overview of IEEE 802.1X 140
7.4.2 Protocols in IEEE 802.1X 141
7.4.3 Mapping the IEEE 802.1X model to WLAN 143
7.5 IEEE 802.11i Standard 143
7.5.1 Overview of IEEE 802.11i 143
7.5.2 IEEE 802.11i Access Control 143
7.5.3 IEEE 802.1i Key Management 145
7.5.4 IEEE 802.11i Integrity and Confidentiality 147
7.5.4.1 TKIP Mode 147
7.5.4.2 AES-CCMP Mode 148
7.5.5 Function Michael 148
7.5.6 Weakness in 802.11i 150
7.6 Wi-Fi Protected Access 3 and Opportunistic Wireless Encryption 150
7.6.1 WPA3-Personal 150
7.6.2 WPA3-Enterprise 150
7.6.3 Opportunistic Wireless Encryption 151
7.7 Summary 152
8 Bluetooth Security 153
8.1 Introduction to Bluetooth 153
8.1.1 Overview of Bluetooth Technology 153
8.1.2 Bluetooth Vulnerabilities and Threats 154
8.1.2.1 Bluesnarfing 155
8.1.2.2 Bluejacking 155
8.1.2.3 Bluebugging 155
8.1.2.4 Car Whisperer 155
8.1.2.5 Fuzzing Attacks 155
8.1.3 Bluetooth Security Services and Security Modes 156
8.1.3.1 Bluetooth Security Services 156
8.1.3.2 Bluetooth Security Modes 156
8.2 Link Key Generation 157
8.2.1 Link Key Generation for Security Modes 2 and 3 157
8.2.2 Link Key Generation for Security Mode 4 158
8.2.3 Association Model in Mode 4 159
8.2.3.1 Numeric comparison 159
8.2.3.2 Out-of-Band (OOB) 160
8.2.3.3 Passkey entry 162
8.3 Authentication, Confidentiality, and Trust and Service Levels 163
8.3.1 Authentication 163
8.3.2 Confidentiality 164
8.3.3 Trust and Security Service Levels 165
8.4 Cryptographic Functions for Security Modes 1, 2, and 3 166
8.4.1 SAFER+ 166
8.4.1.1 Overview of the SAFER+ Structure 166
8.4.1.2 SAFER+ Round Function 166
8.4.1.3 SAFER+ Key Schedule for 128-Bit Key 168
8.4.2 Function E1(s) 168
8.4.3 Function E21(s) 170
8.4.4 Function E22(s) 170
8.4.5 Function E3(s) 171
8.4.6 Function E0(s) 171
8.5 Cryptographic Functions in Security Mode 4 (SSP) 173
8.5.1 Function P192(s) 173
8.5.2 Function f1(s) 174
8.5.3 Function g(s) 174
8.5.3.1 Function f2(s) 174
8.5.3.2 Function f3(s) 174
8.6 Summary 174
9 Zigbee Security 177
9.1 Introduction to Zigbee 177
9.1.1 Overview of Zigbee 177
9.1.2 Security Threats Against Zigbee 178
9.2 IEEE 802.15.4 Security Features 179
9.2.1 Security Levels 179
9.2.2 IEEE 802.15.4 Frame Structure 180
9.3 Zigbee Upper Layer Security 182
9.3.1 Zigbee Security Models 182
9.3.2 Security Keys in Zigbee 183
9.3.3 Zigbee Network Layer Security 184
9.3.4 Zigbee Application Support Layer Security 184
9.3.5 Other Security Features in Zigbee 185
9.4 Security-Related MAC PIB Attributes 187
9.5 Mechanisms Used in Zigbee Security 188
9.5.1 AES-CTR 188
9.5.2 AES-CBC-MAC 189
9.5.3 Overview of the AES-CCM 189
9.5.4 Nonces Applied to the Security Mechanisms 189
9.5.5 Matyas-Meyer-Oseas Hash Function 190
9.6 Summary 191
10 RFID Security 193
10.1 Introduction to RFID 193
10.1.1 Overview of RFID Subsystems 193
10.1.2 Types of RFID Tags 193
10.1.3 RFID Transactions 194
10.1.4 RFID Frequency Bands 194
10.2 Security Attacks, Risks, and Objectives of RFID Systems 195
10.2.1 Security Attacks to RFID Systems 195
10.2.2 RFID Privacy Risks 195
10.2.3 Security Objectives 196
10.3 Mitigation Strategies and Countermeasures for RFID Security Risks 196
10.3.1 Cryptographic Strategies 196
10.3.1.1 Encryption 196
10.3.1.2 One-Way Hash Locks 196
10.3.1.3 EPC Tag PINs 197
10.3.2 Anti-Collision Algorithms 197
10.3.2.1 Tree-Walking 197
10.3.2.2 The Selective Blocker Tag 197
10.3.3 Other Mitigation Strategies 198
10.3.3.1 Physical Shielding Sleeve (The Faraday Cage) 198
10.3.3.2 Secure Reader Protocol 1.0 198
10.4 RFID Security Mechanisms 199
10.4.1 Hash Locks 199
10.4.1.1 Default Hash Locking 199
10.4.1.2 Randomized Hash Locking 200
10.4.2 HB Protocol and the Enhancement 200
10.4.2.1 HB Protocol 200
10.4.2.2 HB+ Protocol 202
10.4.2.3 HB++ Protocol 203
10.5 Summary 205
Part IV Security for Wireless Wide Area Networks 207
11 GSM Security 209
11.1 GSM System Architecture 209
11.1.1 Mobile Station 209
11.1.2 Base Station Subsystem 210
11.1.3 Network Subsystem 211
11.2 GSM Network Access Security Features 212
11.2.1 GSM Entity Authentication 212
11.2.2 GSM Confidentiality 214
11.2.3 GSM Anonymity 215
11.2.4 Detection of Stolen/Compromised Equipment in GSM 215
11.3 GSM Security Algorithms 215
11.3.1 Algorithm A3 216
11.3.2 Algorithm A8 216
11.3.3 Algorithm COMP128 216
11.3.4 Algorithm A5 220
11.3.4.1 A5/1 220
11.3.4.2 Algorithm A5/2 223
11.4 Attacks Against GSM Security 225
11.4.1 Attacks Against GSM Authenticity 225
11.4.1.1 Attacks Against GSM Confidentiality 226
11.4.2 Other Attacks against GSM Security 227
11.5 Possible GSM Security Improvements 227
11.5.1 Improvement over Authenticity and Anonymity 227
11.5.2 Improvement over Confidentiality 228
11.5.3 Improvement of the Signaling Network 228
11.6 Summary 228
12 UMTS Security 229
12.1 UMTS System Architecture 229
12.1.1 User Equipment 229
12.1.2 UTRAN 230
12.1.3 Core Network 231
12.2 UMTS Security Features 231
12.3 UMTS Network Access Security 232
12.3.1 Authentication and Key Agreement 232
12.3.1.1 The AKA Mechanism 232
12.3.1.2 Authentication Vector Generation 234
12.3.1.3 AKA on the UE Side 236
12.3.2 Confidentiality 237
12.3.3 Data Integrity 238
12.3.4 User Identity Confidentiality 239
12.4 Algorithms in Access Security 240
12.4.1 Encryption Algorithm f8 240
12.4.1.1 Integrity Algorithm f9 241
12.4.2 Description of KASUMI 242
12.4.2.1 An Overview of KASUMI Algorithm 242
12.4.2.2 Round Function Fi(s) 244
12.4.2.3 Function FL 244
12.4.2.4 Function FO 244
12.4.2.5 Function FI 245
12.4.2.6 S-boxes S7 and S9 245
12.4.2.7 Key Schedule 247
12.4.3 Implementation and Operational Considerations 248
12.5 Other UMTS Security Features 249
12.5.1 Mobile Equipment Identification 249
12.5.2 Location Services 249
12.5.3 User-to-USIM Authentication 249
12.6 Summary 250
13 LTE Security 251
13.1 LTE System Architecture 251
13.2 LTE Security Architecture 253
13.3 LTE Security 255
13.3.1 LTE Key Hierarchy 255
13.3.2 LTE Authentication and Key Agreement 257
13.3.3 Signaling Protection 258
13.3.3.1 Protection of Radio-Specific Signaling 259
13.3.3.2 Protection of User-Plane Traffic 259
13.3.4 Overview of Confidentiality and Integrity Algorithms 259
13.3.4.1 Confidentiality Mechanism 259
13.3.4.2 Integrity Mechanism 260
13.3.5 Non-3GPP Access 261
13.4 Handover Between eNBs 261
13.4.1 Overview 261
13.4.2 Key Handling in Handover 262
13.4.2.1 Initialization 262
13.4.2.2 Intra-eNB Key Handling 264
13.4.2.3 Intra-MME Key Handling 265
13.4.2.4 Inter-MME Key Handling 266
13.5 Security Algorithms 268
13.5.1 128-EEA2 268
13.5.2 128-EIA2 269
13.5.3 EEA3 270
13.5.4 EIA3 271
13.6 Security for Interworking Between LTE and Legacy Systems 273
13.6.1 Between LTE and UMTS 273
13.6.1.1 Idle Mode Mobility from E-UTRAN to UTRAN 273
13.6.1.2 Idle Mode Mobility from UTRAN to E-UTRAN 274
13.6.1.3 Handover Mode from E-UTRAN to UTRAN 275
13.6.1.4 Handover Mode from UTRAN to E-UTRAN 276
13.6.2 Between E-UTRAN and GERAN 277
13.6.2.1 Idle Mode 277
13.6.2.2 Handover Mode 277
13.7 Summary 278
Part V Security for Next Generation Wireless Networks 279
14 Security in 5G Wireless Networks 281
14.1 Introduction to 5GWireless Network Systems 281
14.1.1 The Advancement of 5G 281
14.1.2 5GWireless Network Systems 282
14.2 5G Security Requirements and Major Drives 283
14.2.1 Security Requirements for 5GWireless Networks 283
14.2.2 Major Drives for 5GWireless Security 284
14.2.2.1 Supreme Built-in-Security 284
14.2.2.2 Flexible Security Mechanisms 285
14.2.2.3 Automation 285
14.2.3 Attacks in 5G Wireless Networks 286
14.2.3.1 Eavesdropping and Traffic Analysis 286
14.2.3.2 Jamming 286
14.2.3.3 DoS and DDoS 287
14.2.3.4 Man-In-The-Middle (MITM) 287
14.3 A 5G Wireless Security Architecture 287
14.3.1 New Elements in 5G Wireless Security Architecture 287
14.3.2 A 5G Wireless Security Architecture 288
14.3.2.1 Network Access Security (I) 288
14.3.2.2 Network Domain Security (II) 289
14.3.2.3 User Domain Security (III) 289
14.3.2.4 Application Domain Security (IV) 289
14.4 5GWireless Security Services 289
14.4.1 Cryptography in 5G 289
14.4.2 Identity Management 290
14.4.3 Authentication in 5G 291
14.4.3.1 Flexible Authentication 291
14.4.3.2 Authentication Through Legacy Cellular System 291
14.4.3.3 SDN Based Authentication in 5G 293
14.4.3.4 Authentication of D2D in 5G 294
14.4.3.5 Authentication of RFID in 5G 294
14.4.4 Data Confidentiality in 5G 295
14.4.4.1 Power Control 295
14.4.4.2 Artificial Noise and Signal Processing 297
14.4.5 Handover Procedure and Signaling Load Analysis 297
14.4.6 Availability in 5G 297
14.4.7 Location and Identity Anonymity in 5G 300
14.5 5G Key Management 300
14.5.1 3GPP 5G Key Architecture 300
14.5.2 Key Management in 5G Handover 301
14.5.3 Key Management for D2D Users 302
14.6 Security for New Communication Techniques in 5G 303
14.6.1 Heterogeneous Network and Massive MIMO in 5G 303
14.6.2 Device-to-Device Communications in 5G 304
14.6.3 Software-Defined Network in 5G 306
14.6.4 Internet-of-Things in 5G 308
14.7 Challenges and Future Directions for 5G Wireless Security 308
14.7.1 New Trust Models 308
14.7.2 New Security Attack Models 308
14.7.3 Privacy Protection 309
14.7.4 Flexibility and Efficiency 309
14.7.5 Unified Security Management 309
14.8 Summary 310
15 Security in V2X Communications 311
15.1 Introduction to V2X Communications 311
15.1.1 Generic System Architecture of V2X Communications 311
15.1.2 Dedicated Short Range Communications 312
15.1.3 Cellular Based V2X Communications 313
15.2 Security Requirements and Possible Attacks in V2X Communications 314
15.2.1 Security Requirements 314
15.2.2 Attacks in V2X Communications 315
15.2.3 Basic Solutions 316
15.3 IEEEWAVE Security Services for Applications and Management Messages 316
15.3.1 Overview of the WAVE Protocol Stack and Security Services 316
15.3.2 Secure Data Service and Security Service Management Entity 318
15.3.3 CRL Verification Entity and P2P Certificate Distribution Entity 319
15.4 Security in Cellular Based V2X Communications 320
15.4.1 LTE-V2X Communication Security 320
15.4.2 5G-V2X Communication Security 322
15.5 Cryptography and Privacy Preservation in V2X Communications 323
15.5.1 Identity Based Schemes 323
15.5.2 Group Signature Based Schemes 325
15.5.3 Batch Verification Schemes 326
15.5.4 Reputation and Trust Based Schemes 327
15.5.5 Identity Anonymity Preservation 328
15.5.6 Location Anonymity Preservation 328
15.6 Challenges and Future Research Directions 329
15.6.1 Highly Efficient Authentication Schemes 329
15.6.2 Efficient Revocation Mechanisms 330
15.6.3 Advancing OBU and TPD Technologies 330
15.6.4 Advancing Cryptography and Privacy Preservation Schemes 330
15.6.5 Advancing Solutions to HetNet, SDN, and NFV 330
15.6.6 Advancing Artificial Intelligence in V2X Communication Security 330
15.7 Summary 331
References 333
Index 345
Yi Qian, PhD, is a Professor in the Department of Electrical and Computer Engineering at the University of Nebraska-Lincoln, USA. He is a recipient of the Henry Y. Kleinkauf Family Distinguished New Faculty Teaching Award in 2011, the Holling Family Distinguished Teaching Award in 2012, the Holling Family Distinguished Teaching/Advising/Mentoring Award in 2018, and the Holling Family Distinguished Teaching Award for Innovative Use of Instructional Technology in 2018, all from University of Nebraska-Lincoln, USA.
Feng Ye, PhD, is an Assistant Professor in the Department of Electrical and Computer Engineering at the University of Dayton, USA. He received his PhD from the University of Nebraska-Lincoln, USA, in 2015. He is the author or co-author over 60 technical papers.
Hsiao-Hwa Chen, PhD, is Distinguished Professor in the Department of Engineering Science at the National Cheng Kung University in Taiwan. He received his PhD from the University of Oulu, Finland, in 1991. He is the author or co-author of over 400 technical papers.
Feng Ye, PhD, is an Assistant Professor in the Department of Electrical and Computer Engineering at the University of Dayton, USA. He received his PhD from the University of Nebraska-Lincoln, USA, in 2015. He is the author or co-author over 60 technical papers.
Hsiao-Hwa Chen, PhD, is Distinguished Professor in the Department of Engineering Science at the National Cheng Kung University in Taiwan. He received his PhD from the University of Oulu, Finland, in 1991. He is the author or co-author of over 400 technical papers.
