Security in Wireless Communication Networks E-Book

Table of Contents

Cover

Title Page

Copyright

Preface

Acknowledgments

About the Companion Website

Part I: Introduction and Mathematics Background

1 Introduction

1.1 General Computer Communication Network Architecture

1.2 Different Types of Wireless Communication Systems

1.3 Network Security and Wireless Security

1.4 Summary

2 Basic Network Security Concepts

2.1 Security Attacks

2.2 Security Services

2.3 Security Mechanisms

2.4 Other Security Concepts

2.5 Summary

3 Mathematical Background

3.1 Basic Concepts in Modern Algebra and Number Theory

3.2 Prime Numbers, Modular Arithmetic, and Divisors

3.3 Finite Field and Galois Field

3.4 Polynomial Arithmetic

3.5 Fermat's Little Theorem, Euler's Totient Function, and Euler's Theorem

3.6 Primality Testing

3.7 Chinese Remainder Theorem

3.8 Discrete Logarithm

3.9 Summary

Part II: Cryptographic Systems

4 Cryptographic Techniques

4.1 Symmetric Encryption

4.2 Classical Cryptographic Schemes

4.3 Stream Cipher

4.4 Modern Block Ciphers

4.5 Data Encryption Standard (DES)

4.6 Summary

5 More on Cryptographic Techniques

5.1 Advanced Encryption Standard

5.2 Block Cipher Modes of Operation

5.3 Public Key Infrastructure

5.4 The RSA Algorithm

5.5 Diffie–Hellman (D–H) Key Exchange

5.6 Summary

6 Message Authentication, Digital Signature, and Key Management

6.1 Message Authentication

6.2 MAC and Hash Algorithms

6.3 Digital Signature and Authentication

6.4 Key Management

6.5 Summary

Part III: Security for Wireless Local Area Networks

7 WLAN Security

7.1 Introduction to WLAN

7.2 Evolution of WLAN Security

7.3 Wired Equivalent Privacy

7.4 IEEE 802.1X Authentication Model

7.5 IEEE 802.11i Standard

7.6 Wi‐Fi Protected Access 3 and Opportunistic Wireless Encryption

7.7 Summary

8 Bluetooth Security

8.1 Introduction to Bluetooth

8.2 Link Key Generation

8.3 Authentication, Confidentiality, and Trust and Service Levels

8.4 Cryptographic Functions for Security Modes 1, 2, and 3

8.5 Cryptographic Functions in Security Mode 4 (SSP)

8.6 Summary

9 Zigbee Security

9.1 Introduction to Zigbee

9.2 IEEE 802.15.4 Security Features

9.3 Zigbee Upper Layer Security

9.4 Security‐Related MAC PIB Attributes

9.5 Mechanisms Used in Zigbee Security

9.6 Summary

10 RFID Security

10.1 Introduction to RFID

10.2 Security Attacks, Risks, and Objectives of RFID Systems

10.3 Mitigation Strategies and Countermeasures for RFID Security Risks

10.4 RFID Security Mechanisms

10.5 Summary

Part IV: Security for Wireless Wide Area Networks

11 GSM Security

11.1 GSM System Architecture

11.2 GSM Network Access Security Features

11.3 GSM Security Algorithms

11.4 Attacks Against GSM Security

11.5 Possible GSM Security Improvements

11.6 Summary

12 UMTS Security

12.1 UMTS System Architecture

12.2 UMTS Security Features

12.3 UMTS Network Access Security

12.4 Algorithms in Access Security

12.5 Other UMTS Security Features

12.6 Summary

13 LTE Security

13.1 LTE System Architecture

13.2 LTE Security Architecture

13.3 LTE Security

13.4 Handover Between eNBs

13.5 Security Algorithms

13.6 Security for Interworking Between LTE and Legacy Systems

13.7 Summary

Part V: Security for Next Generation Wireless Networks

14 Security in 5G Wireless Networks

14.1 Introduction to 5G Wireless Network Systems

14.2 5G Security Requirements and Major Drives

14.3 A 5G Wireless Security Architecture

14.4 5G Wireless Security Services

14.5 5G Key Management

14.6 Security for New Communication Techniques in 5G

14.7 Challenges and Future Directions for 5G Wireless Security

14.8 Summary

15 Security in V2X Communications

15.1 Introduction to V2X Communications

15.2 Security Requirements and Possible Attacks in V2X Communications

15.3 IEEE WAVE Security Services for Applications and Management Messages

15.4 Security in Cellular Based V2X Communications

15.5 Cryptography and Privacy Preservation in V2X Communications

15.6 Challenges and Future Research Directions

15.7 Summary

References

Index

End User License Agreement

List of Tables

Chapter 3

Table 3.1 Generator for using .

Table 3.2 List of for .

Chapter 4

Table 4.1 Basic terminology of cryptographic techniques.

Table 4.2 Transformation of Caesar cipher.

Table 4.3 An example key of monoalphabetic cipher.

Table 4.4 Parameters and design features of Feistel cipher structure.

Table 4.5 Initial permutation ().

Table 4.6 Inverse initial permutation ().

Table 4.7 Expansion permutation ().

Table 4.8 DES‐boxes.

Table 4.9 Permutation function ().

Table 4.10 Indexes of the input key.

Table 4.11 Permutation choice 1 ().

Table 4.12 Schedule of left shifts.

Table 4.13 Permutation choice 2 ().

Chapter 5

Table 5.1 Parameters for different AES configurations.

Table 5.2 AES‐box for encryption.

Table 5.3 AES inverse‐box for decryption.

Chapter 6

Table 6.1 Comparison of SHA parameters (in).

Table 6.2 Additive constants for SHA‐512.

Table 6.3 Comparison of Whirlpool block cipher and AES.

Table 6.4 ECDSA security parameters.

Chapter 7

Table 7.1 EAP messages.

Table 7.2 Cryptographic tools used in WPA3‐Enterprise.

Chapter 8

Table 8.1 Major evolution of Bluetooth versions.

Table 8.2 Scenarios for two devices using OOB protocol.

Table 8.3 Bluetooth trust levels.

Table 8.4 Bluetooth service levels.

Chapter 9

Table 9.1 Zigbee operating frequency bands.

Table 9.2 Security suites supported by IEEE 802.15.4.

Table 9.3 Values of the key identifier mode field.

Table 9.4 The PIB security‐related attributes.

Chapter 10

Table 10.1 RFID frequency bands.

Table 10.2 RFID system risks and their impacts and countermeasures.

Table 10.3 Layers specified in Reader Protocol 1.0.

Chapter 11

Table 11.1 Components and their tasks in GSM authentication.

Table 11.2 Four versions of COMP128 algorithm.

Table 11.3 Settings of look‐up table.

Table 11.4 COMP128‐1 look‐up tables.

Table 11.5 Specifications of the three LSFRs in A5/1.

Table 11.6 Specifications of the four LSFRs in A5/2.

Chapter 12

Table 12.1 Parameters used in UMTS access control security.

Table 12.2 Decimal look‐up table of S‐box.

Table 12.3 Decimal look‐up table of S‐box.

Table 12.4 Implementation and operational requirements.

Chapter 13

Table 13.1 Security algorithms in LTE.

Chapter 14

Table 14.1 Advanced features of 5G wireless systems.

Table 14.2 Security requirements for 5G wireless networks.

Table 14.3 Identity management in 5G wireless networks – from USIM to UDM.

Table 14.4 Security requirements in D2D group use cases.

Table 14.5 The advantages of SDN security over traditional networks.

Table 14.6 New security issues in SDN networks and possible countermeasures.

Chapter 15

Table 15.1 V2X communication types.

Table 15.2 Security requirements in V2X communications.

Table 15.3 Attacks in V2X communications.

Table 15.4 WAVE security services.

Table 15.5 Functions of Sec‐SAP and SSME‐SAP.

Table 15.6 Description of the functional entities in P2P certificate distrib...

Table 15.7 Description of the functional entities in certificate distributio...

List of Illustrations

Chapter 1

Figure 1.1 Traditional wired networks.

Figure 1.2 Positioning of wireless networks.

Figure 1.3 Classification of wireless communication systems.

Figure 1.4 Architecture of wireless personal area networks.

Figure 1.5 Architecture of wireless local area networks.

Figure 1.6 Architecture of wireless wide area networks.

Figure 1.7 Generic security terminology.

Chapter 2

Figure 2.1 Security attacks.

Figure 2.2 Eavesdropping in wireless networks.

Figure 2.3 Traffic analysis in wireless networks.

Figure 2.4 An example of masquerade attack.

Figure 2.5 An example of replay attack.

Figure 2.6 An example of modification.

Figure 2.7 An example of DoS.

Figure 2.8 Illustration of access control.

Figure 2.9 Illustration of authentication.

Figure 2.10 Illustration of confidentiality.

Figure 2.11 Illustration of integrity.

Figure 2.12 Illustration of source non‐repudiation.

Chapter 3

Figure 3.1 Modulo example of . (a) Addition modulo 4. (b) Multiplication mo...

Figure 3.2 Applying the extended Euclidean algorithm to find multiplicative ...

Figure 3.3 Addition and multiplication in . (a) Addition in (7). (b) Mult...

Figure 3.4 Operations in . (a) Addition in (2). (b) Multiplication in (2)...

Figure 3.5 Ordinary polynomial addition and multiplication. (a) . (b) .

Figure 3.6 An example of polynomial division in ordinary polynomial arithmet...

Figure 3.7 Ordinary polynomial addition and multiplication. (a) with coeff...

Figure 3.8 with coefficients in .

Figure 3.9 An example of polynomial modulus.

Figure 3.10 Polynomial addition modulo .

Figure 3.11 Polynomial multiplication modulo .

Chapter 4

Figure 4.1 Symmetric cipher model.

Figure 4.2 English letter frequency distribution..

Figure 4.3 Vigenère tableau.

Figure 4.4 An example of steganography.

Figure 4.5 Structure of stream cipher.

Figure 4.6 The overview of the keystream generation.

Figure 4.7 Examples of reversible and irreversible mappings for . (a) Rever...

Figure 4.8 Encryption and decryption tables for a ‐bit substitution cipher....

Figure 4.9 Encryption and decryption structures of Feistel cipher.

Figure 4.10 DES encryption overview.

Figure 4.11 DES round structure.

Figure 4.12 Illustration of S‐box process.

Figure 4.13 The key schedule of DES.

Figure 4.14 Double‐DES (2‐DES).

Figure 4.15 Triple‐DES (3‐DES).

Chapter 5

Figure 5.1 The overall structure of AES.

Figure 5.2 AES data structure. (a) Input, state array, and output block. (b)...

Figure 5.3 Illustration of

shift rows

.

Figure 5.4 The

electronic codebook

(ECB) mode. (a) Encryption. (b) Decryptio...

Figure 5.5

Cipher block chaining

(CBC) mode. (a) Encryption. (b) Decryption....

Figure 5.6 Cipher feedback (CFB) mode. (a) Encryption in CFB mode. (b) Decry...

Figure 5.7 Output feedback (OFB) mode. (a) Encryption in OFB mode. (b) Decry...

Figure 5.8 Counter (CTR) mode. (a) Encryption in CTR mode. (b) Decryption in...

Figure 5.9 XTS‐AES operation on a single block. (a) Encryption in XTS‐AES. (...

Figure 5.10 XTS‐AES ciphertext—stealing mode. (a) The ciphertext‐stealing in...

Figure 5.11 Public‐key cryptography. (a) Encryption and decryption. (b) Digi...

Figure 5.12 Public‐key cryptographic systems.

Chapter 6

Figure 6.1 An illustration of message authentication code usage.

Figure 6.2 Hash function for message authentication.

Figure 6.3 Hash function with digital signature.

Figure 6.4 Illustration of birthday paradox.

Figure 6.5 Data authentication algorithm.

Figure 6.6 A basic structure of hash function.

Figure 6.7 Overview of the SHA‐512 algorithm.

Figure 6.8 SHA‐512 compression function .

Figure 6.9 SHA‐512 round function.

Figure 6.10 SHA‐512 message schedule.

Figure 6.11 Overview of Whirlpool algorithm.

Figure 6.12 Whirlpool block function .

Figure 6.13 HMAC overview.

Figure 6.14 Cipher‐based message authentication code (CMAC). (a) Message len...

Figure 6.15 RSA approach for digital signature.

Figure 6.16 DSS approach for digital signature.

Figure 6.17 Number of keys required for different number of end points.

Figure 6.18 Key distribution with confidentiality and authentication.

Figure 6.19 Public key authority.

Figure 6.20 Public‐key certificates.

Figure 6.21 Public key infrastructure.

Figure 6.22 X.509 Certificate and revocation list. (a) X.509 certificate. (b...

Chapter 7

Figure 7.1 Overview of WLAN access.

Figure 7.2 Communication flows and Internet connections in a WLAN.

Figure 7.3 Evolution of Wi‐Fi security.

Figure 7.4 WEP authentication process.

Figure 7.5 Overview of WEP encryption and message integrity.

Figure 7.6 The overview of WEP security.

Figure 7.7 WEP key management—default key.

Figure 7.8 WEP key management—key mapping key.

Figure 7.9 An example of security issue from IV reuse.

Figure 7.10 IEEE 802.1X authentication model.

Figure 7.11 Summary of the IEEE 802.1X protocol architecture for WLAN.

Figure 7.12 EAPoL frame format.

Figure 7.13 MS‐MPPE‐Recv‐Key attribute format.

Figure 7.14 Robust security network association.

Figure 7.15 WLAN authentication based on IEEE 802.1X.

Figure 7.16 Key hierarchies in WPA‐802.1X.

Figure 7.17 Four‐way handshake in IEEE 802.11i.

Figure 7.18 TKIP—Generating RC4 keys.

Figure 7.19 Padding in Michael.

Figure 7.20 Overview of SAE process for identity authentication.

Figure 7.21 Overview of OWE process.

Chapter 8

Figure 8.1 Overview of Bluetooth networks.

Figure 8.2 Link key generation in modes 2 and 3.

Figure 8.3 Link key generation in mode 4.

Figure 8.4 Association model–numeric comparison.

Figure 8.5 Association model—out‐of‐band.

Figure 8.6 Association model—passkey entry.

Figure 8.7 One‐way Bluetooth authentication.

Figure 8.8 Encryption mechanism for Bluetooth security modes 2 and 3.

Figure 8.9 Overview of the SAFER+ structure.

Figure 8.10 Key‐controlled substitution.

Figure 8.11 Invertible linear transformation.

Figure 8.12 2‐PHT function.

Figure 8.13 SAFER+ key schedule.

Figure 8.14 Overview of .

Figure 8.15 Modified key‐controlled substitution for the third round in .

Figure 8.16 Overview of function .

Figure 8.17 Overview of function .

Figure 8.18 Overview of function .

Figure 8.19 Overview of function .

Chapter 9

Figure 9.1 Overview of the Zigbee protocol stack.

Figure 9.2 Zigbee network topologies.

Figure 9.3 IEEE 802.15.4 MAC frame format.

Figure 9.4 The formatting of the data field for the three main security cate...

Figure 9.5 Trust center in Zigbee residential security mode.

Figure 9.6 Trust center in Zigbee commercial security mode.

Figure 9.7 Security in Zigbee OTA updates.

Figure 9.8 Zigbee frequency agility operation.

Figure 9.9 Overview of the AES‐CTR mode.

Figure 9.10 Overview of the AES‐CBC‐MAC mode.

Figure 9.11 Overview of the AES‐CCM mode.

Figure 9.12 Nonce for non‐TSCH mode.

Figure 9.13 Nonce for TSCH mode.

Figure 9.14 Source address field for TSCH mode with short addressing.

Figure 9.15 Nonce for fragment frames.

Figure 9.16 General structure of MMO hash function.

Chapter 10

Figure 10.1 An example of a simple RF subsystem.

Figure 10.2 Illustration of tree walking.

Figure 10.3 Hash locking.

Figure 10.4 Randomized hash locking.

Figure 10.5 Illustration of HB protocol.

Figure 10.6 Active attacker to HB protocol.

Figure 10.7 Illustration of HB

+

protocol.

Figure 10.8 The man‐in‐the‐middle attack on HB

+

protocol to retrieve ....

Figure 10.9 The man‐in‐the‐middle attack on HB

+

protocol to retrieve ....

Figure 10.10 Illustration of HB

++

protocol.

Chapter 11

Figure 11.1 A typical GSM system architecture.

Figure 11.2 Connections of BTSs and BSCs.

Figure 11.3 GSM authentication protocol.

Figure 11.4 GSM encryption scheme.

Figure 11.5 GSM authentication algorithm—.

Figure 11.6 GSM cipher key generation algorithm—.

Figure 11.7 Implementation of and using COMP128.

Figure 11.8 Illustration of COMP128‐1 compression function.

Figure 11.9 An example LSFR with feedback polynomial of .

Figure 11.10 A5/1 LSFR construction.

Figure 11.11 Examples of the clocking mechanism in A5/1.

Figure 11.12 An example of 3‐bit output from A5/1 LSFR.

Figure 11.13 A5/2 LSFR construction.

Chapter 12

Figure 12.1 UMTS system architecture.

Figure 12.2 3GPP architecture—UMTS.

Figure 12.3 Security features defined by 3GPP TS 33.102.

Figure 12.4 UMTS authentication.

Figure 12.5 Generation of authentication vector.

Figure 12.6 Verification on user equipment.

Figure 12.7 Stream cipher method in UMTS.

Figure 12.8 Message authentication in UMTS.

Figure 12.9 Temporary identity allocation process.

Figure 12.10 An overview of the f8 algorithm.

Figure 12.11 The f9 integrity mode.

Figure 12.12 KASUMI block cipher.

Chapter 13

Figure 13.1 LTE architecture.

Figure 13.2 Evolution of services provided by GSM, UMTS, and EPS.

Figure 13.3 LTE communications planes.

Figure 13.4 Overview of LTE security architecture.

Figure 13.5 Key hierarchy in LTE.

Figure 13.6 Key derivation in LTE.

Figure 13.7 LTE authentication and key agreement.

Figure 13.8 LTE ciphering mechanism.

Figure 13.9 LTE integrity mechanism.

Figure 13.10 3GPP and non‐3GPP access networks.

Figure 13.11 Handover from a source eNB over X2 to a target eNB.

Figure 13.12 Handover from a source eNB over S1 to a target eNB with new key...

Figure 13.13 Initialization of NH key derivation parameter and .

Figure 13.14 Key refresh with intra‐eNB handover.

Figure 13.15 NH based key refresh with intra‐MME handover.

Figure 13.16 Key refresh with inter‐MME handover.

Figure 13.17 Overview of EEA2.

Figure 13.18 First counter block.

Figure 13.19 Overview of EIA2.

Figure 13.20 First input block () for 128‐EIA2.

Figure 13.21 Overview of 128‐EEA3.

Figure 13.22 Overview of 128‐EEA3.

Figure 13.23 Interworking from E‐UTRAN to UTRAN with cached context.

Figure 13.24 Interworking from E‐UTRAN to UTRAN without cached context.

Figure 13.25 Interworking from UTRAN to E‐UTRAN with mapped context.

Figure 13.26 Interworking from UTRAN to E‐UTRAN with cached context.

Figure 13.27 Interworking from E‐UTRAN to UTRAN in handover mode.

Figure 13.28 Interworking from UTRAN to E‐UTRAN in handover mode.

Figure 13.29 Interworking from GERAN to E‐UTRAN in handover mode.

Chapter 14

Figure 14.1 A generic 5G wireless system.

Figure 14.2 A general 5G wireless network system.

Figure 14.3 Major drives for 5G wireless security.

Figure 14.4 Trust models of 4G and 5G wireless networks.

Figure 14.5 PHY/MAC layer attacks in 5G wireless networks. (a) Eavesdropping...

Figure 14.6 Elements in a 5G security architecture.

Figure 14.7 A 5G wireless network security architecture.

Figure 14.8 Channel capacities in PHY layer security.

Figure 14.9 Authentication mechanism selection.

Figure 14.10 Authentication based on legacy security architecture.

Figure 14.11 Authentication based on the 5G security architecture.

Figure 14.12 An SDN enabled authentication model.

Figure 14.13 An authentication and revocation process of RFID secure applica...

Figure 14.14 A general system model with eavesdropping attacks.

Figure 14.15 The system model with D2D link and an eavesdropper.

Figure 14.16 Handover scenarios in a two‐tier HetNet model.

Figure 14.17 A handover procedure for changing access technologies.

Figure 14.18 Signaling architecture comparison of 4G networks and 5G network...

Figure 14.19 A pseudorandom time hopping system block diagram.

Figure 14.20 The resource allocation model.

Figure 14.21 5G key hierarchy defined in 3GPP Release 16.

Figure 14.22 5G handover key chaining.

Figure 14.23 Example of D2D key exchange protocol.

Figure 14.24 Eavesdropping in D2D communications.

Chapter 15

Figure 15.1 A generic architecture of V2X communications.

Figure 15.2 DSRC spectrum defined in the United States.

Figure 15.3 Attacks and solutions.

Figure 15.4 WAVE protocol stack security services.

Figure 15.5 Processing flow for use of WAVE SDS.

Figure 15.6 Processing flows of the CRL verification entity.

Figure 15.7 Connections of the functional entities in P2P certificate distri...

Figure 15.8 Security architecture for PC5 and LTE‐Uu based V2X communication...

Figure 15.9 Fundamental modifications to PC5. (a) V2X sub‐frame for PC5 inte...

Figure 15.10 5G‐V2X system level architecture.

Figure 15.11 A security architecture for 5G‐V2X

Figure 15.12 A general architecture of identity based schemes.

Figure 15.13 A general architecture of group signature based schemes.

Figure 15.14 Modules and functions in a TPD.

Figure 15.15 Illustration of opinion piggybacking.

Guide

Cover

Table of Contents

Title Page

Copyright

Preface

Acknowledgments

About the Companion Website

Begin Reading

References

Index

End User License Agreement

Pages

iii

iv

xvii

xviii

xix

xx

xxi

xxiii

xxv

1

3

4

5

6

7

8

9

10

11

13

14

15

16

17

18

19

20

21

22

23

24

25

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

51

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

193

194

195

196

197

198

199

200

201

202

203

204

205

207

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

333

334

335

336

337

338

339

340

341

342

343

345

346

347

348

349

350

Security in Wireless Communication Networks

This edition first published 2022© 2022 John Wiley & Sons Ltd

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

The right of Yi Qian, Feng Ye, and Hsiao‐Hwa Chen to be identified as the authors of this work has been asserted in accordance with law.

Registered OfficesJohn Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USAJohn Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK

Editorial OfficeThe Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Wiley also publishes its books in a variety of electronic formats and by print‐on‐demand. Some content that appears in standard print versions of this book may not be available in other formats.

Limit of Liability/Disclaimer of WarrantyWhile the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

Library of Congress Cataloging‐in‐Publication Data applied for:ISBN: 9781119244363

Cover design by WileyCover image: © AnuchaCheechang/iStock/Getty Images

Preface

We first signed the book contract with Wiley in early 2006. Three years after signing this book contract, we only completed one third of the contents for the whole originally planned book, because of underestimating the challenges on writing such a specialized book. When the first author, Yi Qian, joined the faculty of the Department of Electrical and Computer Engineering at University of Nebraska‐Lincoln in August 2009, he created a new course on wireless network security for the department. He has been teaching the wireless network security course in the same department every year in the spring semester since then. When preparing the course materials for wireless network security each year, we feel more and more strongly to have such a comprehensive textbook on wireless network security. In 2015, we signed the revised contract with Wiley and jointly with IEEE Press, and Feng Ye was added as a new co‐author when he just received his Ph.D. degree in the Department of Electrical and Computer Engineering at University of Nebraska–Lincoln. We have been improving the contents of the wireless network security course every year, and gradually finished more chapters of the book. Fifteen years after first signing the contract and 12 years after teaching the same course, with over several thousands of hours joint efforts from all the three co‐authors, we are very pleased that we have completed the first edition of “Security in Wireless Communication Networks” and published by Wiley/IEEE Press in 2021.

This book intends to be a self‐contained and one semester textbook for both undergraduate senior level and graduate level courses. There are five parts with 15 chapters in the book. Part I, Introduction and Mathematics Background, includes the first three chapters on general introduction on computer communication networks and wireless networks, basic concepts on network security, and a brief review of the mathematical background that is needed to understand the rest of the chapters. Part II, Cryptographic Systems, includes the next three chapters on cryptographic techniques for both symmetric and public key crypto systems, as well as message authentication, digital signature, and key management. Part III, Security for Wireless Local Area Networks, includes four chapters on Wi‐Fi security, Bluetooth security, Zigbee security, and RFID security. Part IV, Security for Wireless Wide Area Networks, includes three chapters on GSM security, UMTS security, and LTE security. Part V, Security for Next Generation Wireless Networks, includes two chapters on 5G wireless network security, and vehicular communication network security. In the following is a brief introduction for each of the fifteen chapters.

Chapter 1 delivers the general concept of computer networks, highlights the role of wireless communications in the whole picture of networking architecture, and classifies the wireless systems based on coverage, topology, and mobility. This chapter serves as a precursor to the rest of the book by providing the background of different types of wireless networks, including wireless personal area networks (WPAN), wireless local area networks (WLAN), and wireless wide area networks (WWAN). It also explains the security threats in wireless networks and discusses the relationship between network security and wireless security.

Chapter 2 gives an overview on the security concepts used in the rest of this book, including security attacks, security services, and security mechanisms. It first presents the classification of security attacks in terms of passive attacks (e.g. eavesdropping and traffic analysis) and active attacks (e.g. masquerade, replay, modification, and denial of service). It then introduces security services, or the features in system design against possible security attacks, such as confidentiality, integrity, availability, access control, authentication, and non‐repudiation. Finally, to provide security service in a system, a list of popular security mechanisms, such as the encipherment, digital signature, etc., is discussed in the remaining part of the chapter.

Chapter 3 goes into the mathematical background related to wireless security, including number theory and modern algebra, modular arithmetic and divisors, finite fields, polynomial arithmetic, Fermat's little theorem, Euler's totient function, Euler's theory, etc. The aforementioned knowledge is critical for the ones to understand cryptography, such as advanced encryption standards and public‐key cryptographic systems. In addition, the fundamental principles and exemplary cases are concisely presented from the perspective of mathematics.

After the mathematical background, Chapters 4 and 5 deal with cryptographic techniques. Chapter 4 first introduces several symmetric key cryptographic techniques by illustrating a few classical cryptographic algorithms with substitution and transposition techniques. It then presents the basic concept of modern stream/block cipher as well as Feistel cipher structure. Chapter 5 explains more cryptographic techniques using block ciphers and public key algorithms, including advanced encryption standard, block cipher mode of operations, public key infrastructure, RSA algorithm, etc.

Chapter 6 introduces message authentication and digital signature to protect the integrity of a message and the identity of a sender and a receiver, respectively. First, this chapter discusses MAC and hash functions thoroughly, both widely used to provide message authentication. Then, it goes into the characteristics of digital signature and a series of digital signature standards such as DSA, RSA, and ECDSA. These can protect the sender and receiver against each other. Within the aforementioned mechanisms, key management and distribution play a critical role. The rest of the chapter gives a general idea and some examples of key management schemes. Both symmetric and asymmetric key distributions have been illustrated. The key distribution mechanisms adopt symmetric and public key mechanisms for different purposes. Besides, practical communication systems with massive users need hierarchical key distribution mechanisms. Readers are expected to understand the basic concepts of the cryptographic techniques illustrated in Chapter 5 and Chapter 6. These algorithms will be seen in the wireless systems introduced in the later chapters. The background of the advanced mathematical contents, such as elliptic curve Diffie–Hellman key exchange and elliptic curve digital signature, etc., may be skipped.

The remaining chapters from 7 to 15 focus on the security of specific wireless communication systems, covering different scales of networks and different technologies including WLAN, Bluetooth, ZigBee, RFID, GSM, UMTS, LTE, and 5G. As the emerging vehicle‐to‐everything (V2X) communications are receiving great attention, the fifteenth chapter especially discusses the security of V2X communications.

Chapter 7 discusses the security of Wireless Local Area Networks (WLAN) or interchangeably Wi‐Fi nowadays. It starts with an introduction of WLAN in terms of operating modes and security challenges. WLAN is more vulnerable to attacks than wired connections due to the lack of physical connections. It illustrates a few generations of WLAN security protocols, which evolved from the original Wired Equivalent Privacy defined by the IEEE 802.11, Wi‐Fi Protected Access (WPA), WPA2, to the recent WPA3 to improve the security. It also analyzes the implementation details of these security protocols.

Chapter 8 deals with Bluetooth security. Bluetooth is an open standard designed for wireless personal area networks (WPAN). Bluetooth technology enables many wireless devices, such as smartwatches, wireless headphones, wireless keyboards, etc. Bluetooth standard specifies authentication, authorization, and confidentiality for securing data transmission. In this chapter, it analyzes the security mode, trust level, and service level configurations that enable flexibility of Bluetooth security policies and highlight that Bluetooth specifications do not ensure secure connections from all adversary penetrations. If using Bluetooth technology in an organization, it is important to develop security policies to address the use of Bluetooth‐enabled devices and the responsibilities of users.

Chapter 9 discusses the security of Zigbee. It first gives an overview of Zigbee standards related to different network layers, and then mainly analyzes the key cryptographic mechanisms. As Zigbee adopts symmetric‐key cryptographic mechanisms, it especially emphasizes that the secure storage and distribution of keys is the premise of ensuring the security of Zigbee. In practice, the security provided by Zigbee standards is not enough. For example, if a Zigbee device joins a network, intruders can intercept unprotected keys. Moreover, an attacker may easily get physical access to a Zigbee device and extract privileged information due to the low‐cost nature. The security must be carefully considered to provide those applications.

Chapter 10 deals with the security of RFID. It first gives an overview of RFID subsystems, different types of RFID tags, and the frequency bands. It then analyzes the security attacks, risks, and security objectives of RFID systems. RFID systems are vulnerable to some attacks (e.g. counterfeit tag, eavesdropping, and electronic collisions) and privacy risks (e.g. disclosure of location information of users). The security objectives of the RFID system include confidentiality, integrity, non‐repudiation, and availability. Due to the low cost and physical constraints of RFID tags, mitigation mechanisms to security risks are limited. The chapter then elaborates on the lightweight cryptographic algorithms, anti‐collision algorithms, and physical protection available for RFID. It is imperative to provide security services to RFID systems.

Chapter 11 deals with the security of Global System for Mobile (GSM) Communications. Since the early 1990s, as the most widely used cellular mobile phone system in the world, GSM can provide services like voice communications, short messaging, etc. This chapter starts with the GSM system architecture and then discusses the network access security features and algorithms. Despite the popularity, the GSM system is exposed to quite a few threats. In the chapter, it mainly discusses the attacks caused by the vulnerability of security algorithms, as well as some possible security improvements. Unfortunately, GSM made very few improvements on these aspects before phasing out recently.

Chapter 12 introduces the security of Universal Mobile Telecommunications System (UMTS). UMTS is a successor of GSM with better security. Several security mechanisms are reused but with modifications. After introducing UMTS architecture, the chapter discusses the security mechanisms of UMTS, like the authentication and key agreement, data confidentiality and integrity, user identity confidentiality. Compared with the GSM, UMTS adds integrity protection. Algorithms f8 and f9 ensure confidentiality and integrity, respectively. Both algorithms are based on block cipher KASUMI. Readers may be interested in some additional security features of UMTS, such as mobile device identification, location services, and user‐to‐USIM authentication, which are discussed at the end of the chapter.

Chapter 13 illustrates Long‐Term Evolution (LTE) security. It starts with the introduction of the LTE system architecture which is based on GSM and UMTS. A key difference with its predecessors is that LTE separates the control plane and user plane, differing LTE security from GSM and UMTS. It then depicts LTE security in terms of security architecture, security mechanisms, and algorithms. LTE covers more keys and security algorithms, such as AES and ZUC, to ensure the security of complex systems. It also highlights the LTE security for interworking with legacy systems as well as non‐3GPP access. LTE has strong security implemented comparing with the previous generation system. LTE will continue to serve as an important part of the next‐generation wireless system.

Chapter 14 discusses the security of 5th generation (5G) wireless network systems. 5G started large‐scale commercial deployment around 2020 and is the next‐generation mobile wireless telecommunications beyond 4G/International Mobile Telecommunications (IMT)‐Advanced Systems. This chapter illustrates some current development, challenges, and future directions of 5G wireless network security. It especially analyzes several new security requirements and challenges introduced by the advanced features of the 5G wireless network systems. Due to the ongoing development of 5G, the chapter only discusses some present solutions and research results concerning the security of 5G wireless network systems. Quite a few challenges in 5G wireless network security, including new trust models, new security attack models, privacy protection, etc., call for continuous development of 5G security. It briefly analyzes these challenges in the final part of the chapter.

In recent years, as a key component of Intelligent Transportation Systems, vehicle‐to‐everything (V2X) communications have received great attention. The rapid development of wireless technologies (e.g. DSRC, LTE, and 5G) enables V2X communications in different applications. To integrate the variety of wireless technologies and meet special requirements for V2X communications, security and privacy have become a top priority. Therefore, the last chapter of the book sets off to discuss the security of V2X communications. Standards such as IEEE WAVE and LTE‐V2X set a general guideline for V2X security implementations. New cryptography schemes, such as group signature and trust‐based schemes, are under development. This chapter covers all these topics. As an emerging type of wireless communication scenario, quite a few unsolved security challenges exist in V2X communications. It discusses several key challenges, including efficient schemes, hardware enhancement, and integration of AI algorithms, etc., at the end of the chapter.

Our teaching philosophy is letting the students learn the basic building blocks that are necessary to design a secure wireless system and learn the security designs of different wireless communication networks from the history to the next generation, also different scales from personal area, local area, to wide area wireless networks, so that the students will be able to handle the new designs of future secure wireless systems.

April 2021

Yi Qian                                                             University of Nebraska‐Lincoln, USA       

Feng Ye                                                            University of Dayton, USA                           

Hsiao‐Hwa Chen                                           National Cheng Kung University, Taiwan

Acknowledgments

We would like to thank all the undergraduate and graduate students who have taken the wireless network security classes at the University of Nebraska–Lincoln in the last 12 years, without the interactions with the students and the feedbacks from the students this book would not have been possible. We express our deep appreciation for their enthusiasm and their eagerness of learning the subjects. We especially thank those Ph.D. students who studied the wireless network security course and graduated in the Department of Electrical and Computer Engineering at University of Nebraska–Lincoln or worked as a post doctorate researcher there, for their continuous help with improving the course materials, and adapting our wireless network security course modules in their new schools for teaching, specifically at the University of Wisconsin, University of Dayton, City University of New York, Dakota State University, California Polytechnic State University, University of Central Missouri, and University of Texas.

We are sincerely indebted to Professor David Tipper at the University of Pittsburgh for his advice and help when we first created the wireless network security course at the University of Nebraska‐Lincoln 12 years ago. Many thanks to Professor Tipper for his endless advice and support, and the encouragement for completing this book.

We express our thanks to the staff of Wiley, for their continuous support for this undertaking over the last 15 years. We would like to thank Sandra Grayson, Senior Editor at Wiley, for all the support and guidance, as well as for providing the needed extra push to keep us in delivering. We thank Juliet Booker, Managing Editor at Wiley, and several more staff at Wiley, for their patience in dealing with electronic transfer of manuscripts and handling publication issues.

Lastly but not least, we thank our families for their support and patience while we worked on this book over these years.

We believe that we have given our best to ensure the readability, completeness, and accuracy of the book. However, it is possible that some errors and omissions may still have remained undetected. We appreciate any feedback intended to correct such errors.

We are thankful to everyone!

About the Companion Website

This book is accompanied by a companion website:

www.wiley.com/go/qian/sec51

The website includes:

Lecture Slides

Note: The authors plan to supply additional supplementary resources up to one year after initial publication.

Part IIntroduction and Mathematics Background

1Introduction

A wireless communication network is a computer network that uses a wireless connection between network nodes. Wireless networking is a method to connect telecommunications networks, and business installations or to connect between various equipment locations, to avoid the costly process of introducing cables. Examples of wireless communication networks include cellular networks, wireless local area networks (WLANs), wireless ad‐hoc networks, wireless sensor networks, vehicular communication networks, and satellite communication networks. Wireless communication networks are becoming ubiquitous with the increasing of mobile Internet applications, advances of technological development in radio communications and communication infrastructure backbones, as well as mobile wireless devices and consumer electronics [1]. Over the last three decades, we have witnessed several critical moments for the evolution of next generation wireless communication networks. During the 1990s, we witnessed the popularity of personal computers and Internet access for common households as well as the accessible of 2G cellular wireless communications. During the 2000s, we witnessed the tremendous increasing e‐commerce on the Internet and the deployment of 3G cellular wireless communications, as well as WLANs for mobile Internet. Since 2010, we have witnessed increasing bandwidth and quality‐of‐service for 4G cellular wireless communications with more and more applications on the mobile Internet. The wireless communication technology is continuing to be advanced to the next generation with high capacity, low latency, and low energy consumption, for better implementation of Internet of things and many other new service capabilities. From the beginning, security for wireless communication networks has always been a critical issue. In this chapter, a brief introduction will be given on wireless communication networks and basic concepts on wireless communication network security.

1.1 General Computer Communication Network Architecture

1.1.1 Wired Communication Network Infrastructure

Computer communication networks interconnect a collection of network nodes including computer and communication devices, routers, gateways, and switches [2]. The Internet can be considered as the largest computer network that interconnects billions of autonomous nodes around the globe. Obviously, standalone computer is not the only type of device that has network access. Smart phones, tablets, smart sensors, vehicles, and many other devices are also connected to computer networks. With the network, data collection and data exchange can be enabled to support further control required by some services. Computer networks have been developed and deployed for many years. In general, computer networks are comprised of wired networks and wireless networks. Although wireless networks are more accessible to regular users in today's communications, the backbone infrastructures still rely significantly on wired networks. Figure 1.1 shows a generic framework of traditional wired networks. User equipment in wired networks is referred to as fixed communication terminals due to limited mobility. In the early days, user equipment such as land‐line telephones and desktop computers are directly connected to a network switch or a network router through physical network cables. In modern data centers and cloud computing centers, the servers are also hard wired to switches or routers. The core network consists of many switches and routers that are interconnected with physical medium, such as copper wire, Ethernet cable, fiber optics, etc.

Figure 1.1 Traditional wired networks.

1.1.2 Wireless Communication Network Infrastructure

Computer and communication nodes access a wireless communication network through wireless links. However, despite the name, most wireless communication systems only deploy wireless components at the edge of the communication infrastructure, as shown in Figure 1.2. The core network in a general wireless communication infrastructure is a wired network. For example, in a cellular network, its core infrastructure is connected by fiber optic cables and Ethernet. Users are aware of the wireless access only from their user equipment, such as smart phones, tablets, laptops, etc. The wireless access is provided with extra components and resources to the core network infrastructure. The extra components and resources include:

Wireless transceivers

: base stations,

access point

(AP),

mobile stations

(MSs), etc.

Management entities

: mobility management, power management, radio resource management, security management, etc.

Figure 1.2 Positioning of wireless networks.

Spectrum

: radio frequency bands for data transmission and possible air interface.

Deployment

: spectrum reuse in communications, wireless network design, etc.

One advantage of wireless communication networks is flexible access from user equipment. Network access can be provided to any user who is within the radio coverage. Therefore, wireless access is more flexible and more convenient compared with wired access. Wireless users would not be restricted by the limited number of Ethernet ports or not long enough cables. The deployment cost of wireless communications is also less than that of wired communications in most cases. For example, a home Wi‐Fi network can be established with a single Wi‐Fi router, while a traditional Ethernet based home network would require a bulk of Ethernet cables.

1.2 Different Types of Wireless Communication Systems

1.2.1 Classification of Wireless Communication Systems

Wireless communication systems can be classified in several ways, based on coverage, topology, or mobility, as illustrated in Figure 1.3.

1.2.1.1 Based on Coverage

Wireless communications systems are classified into wireless personal area networks(WPANs), wireless local area networks (WLANs), and wireless wide area networks(WWANs). This classification depends on wireless technology limitations as well as its supporting applications. For example, while both Bluetooth and Wi‐Fi can provide a radio coverage large enough for an office, only Wi‐Fi is considered as a WLAN. Subtle differences exist due to other classification criteria as well. In some classification, wireless metropolitan area networks may be listed as one type of wireless communication system. Wide area networks in traditional wired computer networks are usually the backbone infrastructure. However, a wireless metropolitan area network has the largest coverage before it is connected to the wide area network backbone. Thus, without loss of generality, both wireless metropolitan area networks and WWANs will be considered the same (as WWANs) in this book.

Figure 1.3 Classification of wireless communication systems.

1.2.1.2 Based on Topology

Wireless communication systems are classified into infrastructure based and ad‐hoc based. An infrastructure based wireless communication system requires a fixed backbone communication infrastructure. For example, a cellular network has wireless access from user equipment, but it requires a fixed base station and a backbone network infrastructure. A home Wi‐Fi has wireless access from user equipment, but it requires a fixed router that is hard‐wired to an Internet service provider. An ad‐hoc wireless communication system does not require a fixed infrastructure. For example, a wireless headphone may be connected to a smart phone using Bluetooth technology. In this communication system, data communication between the headphone and the smart phone is wireless based on Bluetooth technology, while a fixed infrastructure is not required for neither end.

1.2.1.3 Based on Mobility

Wireless communication systems are classified into fixed, stationary, portable, and mobile. A fixed wireless communication system indicates fixed deployment of equipment. For example, cellular base stations that are micro‐wave based only. A stationary wireless communication system indicates a semi‐fixed deployment of equipment. For example, a temporary relay vehicle for cellular systems. A portable wireless communication system indicates a more flexible deployment of equipment, with communications enabled when users are not moving fast. For example, users in a home Wi‐Fi may have network service with their portable devices. A mobile wireless communication system requires support for services during high speed movement. For example, a general cellular network is a mobile system since services are provided to users, whether moving or not, as long as they are within the radio coverage.

1.2.2 Wireless Personal Area Networks

A WPAN can be used for communications among the personal devices themselves. Therefore, a WPAN usually has an ad‐hoc topology. As shown in Figure 1.4, master–slave mode and mesh mode are the two types of ad‐hoc networks that can be applied for WPANs. A master–slave ad‐hoc network consists of a master node and multiple slave nodes. The master node defines a cell or piconet. The slave nodes within the piconet connect to the master device. A WPAN based on Bluetooth typically applies master–slave mode. For example, if a wireless headphone is connected to a smart phone using Bluetooth, then the smart phone is the master node where the headphone is a slave node. The user may also connect a Bluetooth keyboard to the same smart phone as a slave node. Some WPANs apply mesh mode, where nodes are interconnected with wireless links without forming a specific cell or piconet, for example, sensor networks, radio‐frequency identification (RFID), vehicular ad‐hoc networks, etc.

1.2.3 Wireless Local Area Networks

WLANs are infrastructure based wireless communication systems. They are normally built on top of a wired local area network (LAN). One of the typical WLAN settings is a home Wi‐Fi, which forms one basic service set (BSS) that includes one AP and multiple user devices. The AP may have extra Ethernet ports to support wired access from servers, desktops, and other devices. As shown in Figure 1.5, a WLAN may have extended service set (ESS) that supports multiple BSSs, similar to a traditional Ethernet based LAN. All APs are interconnected, in most cases through wired connection. A user may be within the radio coverage of multiple APs, nonetheless, each user belongs to one BSS only at a time. That is to say, each user can have access to one AP only in an ESS.

1.2.4 Wireless Wide Area Networks

WWAN has the largest service coverage in all wireless communication systems. As shown in Figure 1.6, a general architecture of WWANs has different components at the radio level, the network level, and the management level.

Figure 1.4 Architecture of wireless personal area networks.

Figure 1.5 Architecture of wireless local area networks.

Figure 1.6 Architecture of wireless wide area networks.

The radio level provides wireless access to user equipment, or mobile stations (MSs), which can be a mobile phone, a smart watch, a vehicle, etc. MSs access to WWAN through points of access in the infrastructure. Point of access is the physical radio transceiver. It creates the air interface and communications with MSs. Points of access could be base stations, base transceiver subsystem, mobile data base station, AP, NodeB, eNodeB, etc., depending on the wireless technology it is deployed.

The network level is the backbone infrastructure that connects all switches and routers in the network. A radio network controller (RNC) bridges the radio level and the network level. RNC provides spectrum and power management to base stations, as well as other issues in wireless access. A mobile switching center (MSC) in the network level is a mobile data intermediate system that bridges the network level and the management level in cellular communication systems. MSC manages mobility of devices and keeps track of the location of MSs. MSC also ensures security by using the authentication center and equipment register in the management level to prevent fraudulent devices from using the network.

The management level performs administrative operations of network service providers, such as accounting and billing. In a cellular communication system, the management level includes visitor location register, home location register, authentication center, operation and maintenance center, and equipment register.

1.3 Network Security and Wireless Security

1.3.1 Network Security

Network security is subject to the context in which it is used. Network security is also dictated by the needs of individuals, customs and laws of a region, and policies of an organization. There are different kinds of security breaches. For example, an unauthorized person gets access to confidential records across a network. A malicious user picks up and modifies an authorization file over a network. Or a data file has been received however the sender denies having sent it. All of those examples are security attacks in different ways. In general, network security is defined as protection of networks and their services from unauthorized modification, destruction, or disclosure. Network security provides assurance that the network performs its critical functions correctly, with no harmful side‐effects [3]. Network security focuses mainly on networks, network protocols, and network applications. It includes all network devices, all applications, an data utilizing a network. For example, routers, switches, smart phones, tablets, etc.

Figure 1.7 illustrates the generic security terminology in a communication network system. As shown in the system, information is usually the target of security attacks. In order to protect the information, requirements and policies are first needed to be specified. Those are the overall and detailed plan for what the potential risks are, and what to protect. This is a statement of what is allowed and what is not. Security services required by a system could be developed based on specific requirements and policies. For example, security services are confidentiality, integrity, availability, etc. Many security mechanisms are developed to provide various security services. Carefully designed security mechanisms detect, prevent, or recover a communication network system from security attacks. In most cases, multiple security mechanisms must be deployed together to provide just one security service. There is no single security mechanism can provide all security services in a communication network system. All the requirements and policies, security services, and security mechanism, form a security architecture of a communication network system.

Figure 1.7 Generic security terminology.

1.3.2 Security Threats in Wireless Networks

Some security threats are generic in computer networks, for example, hardware sabotage, data leakage, etc. However, wireless networks have unique issues because of the shared transmission medium. Therefore, it is easier for a malicious user to get attached to wireless networks. Even if an access to a wireless communication network system is not granted due to authentication and access control, malicious users may still monitor data traffic by eavesdropping certain radio frequencies. A malicious user may also launch active attacks more easily to a wireless communication network system. For example, a malicious user could continuously send strong signals to jam a radio spectrum. Therefore, vulnerabilities and security problems in wireless communication networks are to be addressed from different aspects.

Wireless networks suffer from limited coverage and harshness of the radio channels in physical layer. Therefore transmission in wireless networks has relatively high error rates with little to none guarantee of channel quality. Because of that, it is hard to tell

denial of service

(DoS) attack (an attack to make network resource unavailable to intended users) from channel degradation.

Wireless networks require decentralized medium access mechanism in

medium access control

(MAC) layer because of open “broadcast” medium. Fundamental types of medium access mechanisms include

frequency division multiple access

(FDMA),

time division multiple access

(TDMA), code division multiple access (CDMA),

space division multiple access

(

SDMA

), etc. Besides access control, several other aspects, such as throughput, delay, and quality of service (QoS), also need to be addressed in MAC layer.

Wireless networks need to deal with mobility of users. On one hand, mobility is a revolutionary advantage of wireless networks. MSs in wireless networks are not restrained to certain deployments; they are free to move within the coverage of the networks. On the other hand, mobility introduces management problems for wireless networks. For example, location tracking and handoff management as MSs move. When the scale of wireless network is large, more issues come to database management.

Wireless networks need to manage transmission power and radio resources. Generally speaking, raising transmission power level can increase transmission quality for one link. However, interference to other users will be increased thus reducing the transmission quality of other users. Coverage of a wireless network is limited, and it is common that a MS roams from one base station to another one. The process of a MS moving from one base station to another base station is called handoff. Bear in mind that wireless signals do not have clear boundaries; therefore handoff decision must be carefully made. If a MS moves frequently around the overlap region of two base stations, insufficient handoffs will interrupt transmission, while unnecessary handoffs can increase load to the system.

Wireless networks are versatile. There is no single type of wireless access available everywhere. Cellular service providers adopt different kinds of wireless technologies. Therefore, very few cell phones can roam across the globe successfully. Even Wi‐Fi has different specifications in each AP. For this reason, network design and deployment are to be carefully planned in wireless networks. Besides, spectrum resource is also scarce, therefore coexistence of users and interference among users must be carefully addressed.

Security concerns in network operations and management need to be addressed in wireless networks. On one hand, network operators need to enable resources and services to MSs safely and privately. On the other hand, network operators also need to authenticate legitimate MSs, especially the roaming ones. Correct accounting and billing for subscribers are based on secure network operations and management.

Service discovery and data management are problems to be addressed in some wireless networks, e.g. sensor networks and RFIDs. For example, how is data maintained? How to ensure integrity and confidentiality of data? Moreover, a mobile device needs to be lightweight with reasonably long battery life. Therefore, energy efficient designs of software and protocols are unique for wireless networks. While many of these security problems have been studied in wired networks, the solutions proposed there are in general too computationally demanding to work for wireless networks, because mobile devices have limited computational resources and power supply. Communications must also be minimized due to scarce spectrum resource.

1.4 Summary

This chapter gives an introduction on general communication network architectures and wireless communication architectures, as well as security threats in wireless communications networks. The same security objectives that exist in wireline communication networks are also needed for wireless networks. They must be addressed in the context of wireless specific characteristics such as physical layer issues, MAC layer issues, mobility management, radio resource and power management, wireless network design and deployment, wireless network operations and management, wireless application issues, etc. The next chapter provides more security concepts that will be mostly concerned in wireless communication networks. It is recommended to read more on the topics of wireless communication networks for better understanding of security in wireless networks [4–6].