Wireless and Mobile Network Security E-Book

Table of Contents

Introduction

PART 1. Basic Concepts

Chapter 1. Introduction to Mobile and Wireless Networks

1.1. Introduction

1.2. Mobile cellular networks

1.3. IEEE wireless networks

1.4. Mobile Internet networks

1.5. Current trends

1.6. Conclusions

1.7. Bibliography

Chapter 2. Vulnerabilities of Wired and Wireless Networks

2.1. Introduction

2.2. Security in the digital age

2.3. Threats and risks to telecommunications systems

2.4. From wireline vulnerabilities to vulnerabilities in wireless communications

2.5. Conclusions

2.6. Bibliography

Chapter 3. Fundamental Security Mechanisms

3.1. Introduction

3.2. Basics on security

3.3. Secure communication protocols and VPN implementation

3.4. Authentication

3.5. Access control

3.6. Conclusions

3.7. Bibliography

Chapter 4. Wi-Fi Security Dedicated Architectures

4.1. Introduction

4.2. Hot spot architecture: captive portals

4.3. Wireless intrusion detection systems (WIDS)

4.4. Wireless honeypots

Chapter 5. Multimedia Content Watermarking

5.1. Introduction

5.2. Robust watermarking: a new challenge for the information society

5.3. Different constraints for different types of media

5.4. Toward the watermarking theoretical model

5.5. Discussion and perspectives

5.6. Conclusion

5.7. Bibliography

PART 2. Off-the Shelf Technologies

Chapter 6. Bluetooth Security

6.1. Introduction

6.2. Bluetooth technical specification

6.3. Bluetooth security

6.4. Conclusion

6.5. Bibliography

Chapter 7. Wi-Fi Security

7.1. Introduction

7.2. Attacks on wireless networks

7.3. Security in the IEEE 802.11 standard

7.4. Security in 802.1x

7.5. Security in 802.11i

7.6. Authentication in wireless networks

7.7. Layer 3 security mechanisms

7.8. Bibliography

Chapter 8. WiMAX Security

8.1. Introduction

8.2. WiMAX low layers

8.3. Security according to 802.16-2004

8.4. Security according to the IEEE-802.16e standard

8.5. The role of the smart card in WiMAX infrastructures

8.6. Conclusion

8.7. Glossary

8.8. Bibliography

Chapter 9. Security in Mobile Telecommunication Networks

9.1. Introduction

9.2. Signaling

9.3. Security in the GSM

9.4. GPRS security

9.5. 3 G security

9.6. Network interconnection

9.7. Conclusion

9.8. Bibliography

Chapter 10. Security of Downloadable Applications

10.1. Introduction

10.2. Opening the handset

10.3. Security policy

10.4. The implementation of a security policy

10.5. Execution environments for active contents

10.6. Validation of active contents

10.7. Detection of attacks

10.8. Conclusion

10.9. Bibliography

PART 3. Emerging Technologies

Chapter 11. Security in Next Generation Mobile Networks

11.1. Introduction

11.2. The SIP

11.3. VoIP

11.4. IP Multimedia Subsystem (IMS)

11.5. 4 G security

11.6. Confidentiality

11.7. Conclusion

11.8. Bibliography

Chapter 12. Security of IP-Based Mobile Networks

12.1. Introduction

12.2. Security issues related to mobility

12.3. Mobility with MIPv6

12.4. Mobility with Mobile IPv4

12.5. Mobility with MOBIKE

12.6. IP mobility with HIP and NetLMM

12.7. Conclusions

12.8. Glossary

12.9. Bibliography

Chapter 13. Security in Ad Hoc Networks

13.1. Introduction

13.2. Motivations and application fields

13.3. Routing protocols

13.4. Attacks to routing protocols

13.5. Security mechanisms

13.6. Auto-configuration

13.7. Conclusion

13.8. Bibliography

Chapter 14. Key Management in Ad Hoc Networks

14.1. Introduction

14.2. Authentication issue within ad hoc networks

14.3. Group key management within ad hoc networks

14.4. Discussions

14.5. Conclusions

14.6. Bibliography

Chapter 15. Wireless Sensor Network Security

15.1. Introduction

15.2. Attacks on wireless sensor networks and counter-measures

15.3. Prevention mechanisms: authentication and traffic protection

15.4. Case study: centralized and passive intruder detection

15.5. Case study: decentralized intrusion detection

15.6. Case study: intrusion tolerance with multiple routes

15.7. Conclusion

15.8. Bibliography

Chapter 16. Key Management in Wireless Sensor Networks

16.1. Introduction

16.2. Introduction to key management

16.3. Security needs of WSNs

16.4. Key management problems in WSNs

16.5. Metric for evaluating key management protocols in WSNs

16.6. Classification of key management protocols in WSNs

16.7. Notations and assumptions

16.8. Broadcast source authentication protocols

16.9. Probabilistic key management protocols

16.10. Deterministic key management protocols

16.11. Hybrid key management protocols

16.12. Comparison of key management protocols in WSNs

16.13. Conclusion

16.14. Bibliography

Conclusion

List of Authors

Index

First published in France in 2007 by Hermes Science/Lavoisier in 3 volumes entitled: La sécurité dans les réseaux sans fil et mobiles © LAVOISIER, 2007

First published in Great Britain and the United States in 2009 by ISTE Ltd and John Wiley & Sons, Inc.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address:

ISTE Ltd

John Wiley & Sons, Inc.

27-37 St George’s Road

111 River Street

London SW19 4EU

Hoboken, NJ 07030

UK

USA

www.iste.co.uk

www.wiley.com

© ISTE Ltd, 2009

The rights of Hakima Chaouchi and Maryline Laurent-Maknavicius to be identified as the author of this work have been asserted by him in accordance with the Copyright, Designs and Patents Act 1988.

Library of Congress Cataloging-in-Publication Data

Sécurité dans les réseaux sans fil et mobiles. English.

Wireless and mobile network security: security basics, security in on-the-shelf and emerging technologies / edited by Hakima Chaouchi, Maryline Laurent-Maknavicius.

p. cm.

Includes bibliographical references and index.

English edition is a complete translation of the French three volumes ed. compiled into one volume in English.

ISBN 978-1-84821-117-9

1. Wireless communication systems--Security measures. 2. Mobile communication systems--Security measures. I. Chaouchi, Hakima. II. Laurent-Maknavicius, Maryline. III. Title.

TK5103.2.S438 2009

005.8--dc22

2009011422

British Library Cataloguing-in-Publication Data

A CIP record for this book is available from the British Library

ISBN: 978-1-84821-117-9

Introduction1

Wireless networks and security might be considered an oxymoron. Indeed it is hard to believe in security when it is so easy to access communication media such as wireless radio media. However, the research community in industry and academia has for many years extended wired security mechanisms or developed new security mechanisms and security protocols to sustain this marriage between wireless/mobile networks and security. Note that the mobile communication market is growing rapidly for different services and not only mobile phone services. This is why securing wireless and mobile communications is crucial for the continuation of the deployment of services over these networks.

Wireless and mobile communication networks have had tremendous success in today’s communication market both in general or professional usage. In fact, obtaining communication services anytime, anywhere and on the move has been an essential need expressed by connected people. This becomes true thanks to the evolution of communication technologies from wired to wireless and mobile technologies, but also the miniaturization of terminals. Offering services to users on the move has significantly improved productivity for professionals and flexibility for general users. However, we cannot ignore the existence of important inherent vulnerabilities of these unwired communication systems, which gives the network security discipline a key role in convincing users to trust the usage of these wireless communication systems supported by security mechanisms.

Since the beginning of the networking era, security was part of the network architectures and protocols design even if it is considered to slow down the communication systems. Actually, network security is just a natural evolution of the security of stand-alone or distributed operating systems dealing with machine/network access control, authorization, confidentiality, etc. Even though the context has changed from wired to wireless networks, we are facing the same issues and challenges regarding security. More precisely, it is about preserving the integrity, confidentiality and availability of resources and the network. Other security issues that are more related to the users such as privacy and anonymity are also important from the user’s point of view today, especially with the new need of tracking criminals, but in this book we are concerned only with network security, and as such, two chapters are included dealing with important security issues and solutions to secure downloaded applications in the mobile operator context and copyright protection by watermarking techniques.

Several security mechanisms have been developed such as authentication, encryption and access control others in order to offer secure communications over the network. According to the network environment, some security mechanisms are more mature than others due to the early stages of certain networking technologies such as wireless networks, ad hoc or sensor networks. However, even with maturity, and even if they are already widely implemented in marketed products, some security mechanisms still need some improvement. It is also important to consider the limited resources of mobile terminals and radio resources to adapt the wired network’s security mechanisms to a wireless context. These limited resources have a direct impact on security design for this type of networks.

Chapter 1 offers a survey on current and emerging wireless and mobile communications coming from the mobile cellular communications such as 2G, 3G, 4G, IEEE wireless communication such as Wi-Fi, Bluetooth, WiMAX, WiMobile and WiRan, and the IP-based mobility communication such as Mobile IP or IMS. Even if security solutions always need to be improved, the deployment of these wireless and mobile networks is already effective and will tend to grow because of the growing needs of users in terms of mobility, flexibility and services. To do so, the industry and academic researchers keep on designing mobile and wireless technologies, with or without infrastructure, providing on the one hand more resources and security, and on the other hand autonomous and more efficient terminals (PDA phones, etc.).

This book is aimed at academics and industrialists, generalists or specialists interested in security in current and emerging wireless and mobile networks. It offers an up-to-date state of the art on existing security solutions in the market or prototype and research security solutions of wireless and mobile networks. It is organized into three parts.

Part 1, “Basic Concepts”, offers a survey on mobile and wireless networks and the major security basics necessary for understanding the rest of the book. It is essential for novices in the field. In fact, this part describes current and emerging mobile and wireless technologies. It also introduces vulnerabilities and security mechanism fundamentals. It finally presents the vulnerabilities in wireless technology and an adaptation of copyright protection techniques in the wireless and mobile context.

Part 2, “Off-the-Shelf Technology”, looks at the issue of security of current mobile and wireless networks, namely Wi-Fi, WiMAX, Bluetooth and GSM/UMTS, and concludes with a description of the mechanisms for the protection of downloaded applications in the context of mobile operators.

Part 3, “Emerging Technologies”, focuses on the security of new communication technologies, namely the new generation of telecommunication networks such as IMS, mobile IP networks, and self-organized ad hoc and sensor networks. This last category of technologies offer very attractive applications but needs more work on the security side in order to be trusted by the users.

Finally, as we can see throughout this book, security solutions for wireless and mobile networks are either an extension of security solutions of unwired networks or a design of specific security solutions for this context. In any case, one thing is sure: at least four major constraints have to be considered in security design for wireless and mobile networks: limited radio and/or terminal resources, expected security and performance level, infrastructure or infrastructure-less architecture, and cost.

1 Written by Hakima CHAOUCHI.

PART 1Basic Concepts

Chapter 1

Introduction to Mobile and Wireless Networks1

1.1. Introduction

Wireless networks in small or large coverage are increasingly popular as they promise the expected convergence of voice and data services while providing mobility to users. The first major success of wireless networks is rendered to Wi-Fi (IEEE 802.11), which opened a channel of fast and easy deployment of a local network. Other wireless technologies such as Bluetooth, WiMAX and WiMobile also show a very promising future given the high demand of users in terms of mobility and flexibility to access all their services from anywhere.

This chapter covers different wireless as well as mobile technologies. IP mobility is also introduced. The purpose of this chapter is to recall the context of this book, which deals with the security of wireless and mobile networks. Section 1.2 presents a state of the art of mobile cellular networks designed and standardized by organizations such as ITU, ETSI or 3GPP/3GPP2. Section 1.3 presents wireless networks from the IEEE standardization body. Section 1.4 introduces Internet mobility. Finally, the current and future trends are also presented.

1.2. Mobile cellular networks

1.2.1. Introduction

The first generation (1G) mobile network developed in the USA was the AMPS network (Advanced Mobile Phone System). It was based on FDM (Frequency Division Multiplexing). A data service was then added on the telephone network, which is the CDPD (Cellular Digital Packet Data) network. It uses TDM (Time Division Multiplexing). The network could offer a rate of 19.2 kbps and exploit periods of inactivity of traditional voice channels to carry data. The second generation (2G) mobile network is mainly GSM (Global System for Mobile Communications). It was first introduced in Europe and then in the rest of the world. Another second-generation network is the PCS (Personal Communications Service) network or IS-136 and IS-95; PCS was developed in the USA. The IS-136 standard uses TDMA (Time Division Multiple Access) while the IS-95 standard uses CDMA (Code Division Multiple Access) in order to share the radio resource. The GSM and PCS IS-136 employ dedicated channels for data transmission.

The ITU (International Telecommunication Union) has developed a set of standards for a third generation (3G) mobile telecommunications system under the IMT-2000 (International Mobile Telecommunication-2000) in order to create a global network. They are scheduled to operate in the frequency band around 2 GHz and offer data transmission rates up to 2 Mbps. In Europe, the ETSI (European Telecommunications Standards Institute) has standardized UMTS (Universal Mobile Telecommunications Systems) as the 3G network.

The fourth generation of mobile networks is still to come (in the near future) and it is still unclear whether it will be based on both mechanisms of cellular networks and wireless networks of the IEEE or a combination of both. The ITU has stated the flow expected by this generation should be around 1 Gbps static and 100 Mbps on mobility regardless of the technology or mechanism adopted.

The figure below gives an idea of evolving standards of cellular networks. Despite their diversity, their goal has always been the same; to build a network capable of carrying both voice and data respecting the QoS, security and above all reducing the cost for the user as well as for the operator.

1.2.2. Cellular network basic concepts

a) Radio resource

Radio communication faces several problems due to radio resource imperfection. In fact the radio resource is prone to errors and suffers from signal fading. Here are some problems related to the radio resource:

Power signal: the signal between the BS and the mobile station must be sufficiently high to maintain the communication. There are several factors that can influence the signal (the distance from the BS, disrupting signals, etc.).

Fading: different effects of propagation of the signal can cause disturbances and errors. It is important to consider these factors when building a cellular network.

To ensure communication and to avoid interference, cellular networks use signal strength control techniques. Indeed, it is desirable that the signal received is sufficiently above the background noise. For example, when the mobile moves away from the BS, the signal received subsides. In contrast, because of the effects of reflection, diffraction and dispersion, it can change the signal even if the mobile is close to the BS. It is also important to reduce the power of the broadcast signal from the mobile not only to avoid interference with neighboring cells, but also for reasons of health and energy.

As the radio resource is rare, different methods of multiplexing user data have been used to optimize its use:

FDMA (Frequency Division Multiple Access) is the most frequently used method of radio multiple access. This technique is the oldest and it allows users to be differentiated by a simple frequency differentiation. Indeed, to listen to the user N, the receiver considers only the associated frequency fN. The implementation of this technology is fairly simple. In this case there is one user per frequency.

TDMA (Time Division Multiple Access) is an access method which is based on the distribution of the radio resource over time. Each frequency is then divided into intervals of time. Each user sends or transmits in a time interval from which the frequency is defined by the length of the frame. In this case, to listen to the user N, the receiver needs only to consider the time interval N for this user. Unlike FDMA, multiple users can transmit on the same frequency.

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!