Download Chapter 8

Document related concepts

Network tap wikipedia , lookup

Computer network wikipedia , lookup

UMTS wikipedia , lookup

Airborne Networking wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Distributed firewall wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Computer security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Wireless security wikipedia , lookup

Transcript
Chapter: 01-Mobile Computing
Introduction to Mobile Computing Security
By: Mr. Abdul Haseeb Khan
OUTLINE
Introduction
1. GSM-UMTS security
2. IEEE 802.11 security
a. Wired Equivalent Protocol (WEP)
b. Wi-Fi Protected Access (WPA)
3. MANETs security
Conclusions
References
INTRODUCTION
Mobile computing is a generic term describing one's ability to
use wireless computing technology whilst moving. The devices
that utilize mobile computing give access to resources like the
internet and range from laptops to handhelds.
Mobile computing devices
include;
1. Laptops
2. PDAs and handheld PC
3. Smart and mobile phones
4. Pagers
Mobile Computing security;
1.
Device security
2.
Network security
MOBILE COMPUTING SECURITY
Secure communication within mobile computing network provides the
following facilities to users:
Confidentiality, Integrity, authentication and nonrepudiation
Table 1 Mobile computing security requirements
MOBILE COMPUTING SECURITY
Confidentiality, integrity, and authentication are arguably
the big three issues in network security.
Table 2 Solutions to security requirements
REQUIREMENTS
SOLUTIONS
Authentication
1. Challenge response
2. Digital signature
Confidentiality
Encryption
Integrity
Hash function (MAC)
Nonrepudiation
Time stamping
MOBILE COMPUTING SECURITY
Security attacks
A useful means of classifying security attacks is in terms of
passive attacks and active attacks.
1. Passive attacks are in the nature of eavesdropping on, or
monitoring of, transmissions. The goal of the opponent is
to obtain information that is being transmitted.
2. Active attacks involve some modification of the data
stream or the creation of a false stream and can be
subdivided into four categories: masquerade, replay,
modification of messages, and denial of service.
1. SECURITY IN GSM NETWORKS
Security in GSM networks
Figure 1 is the complete architecture of
GSM (2G) networks.
The security mechanisms of GSM are
implemented in three different
elements;
1. the Subscriber Identity Module
(SIM)
2. the GSM handset or MS
3. the GSM network.
Fig 1.1 GSM physical architecture
Security in GSM networks
Security features distribution for the three elements in 2G networks is
shown in figure 1.2. The distribution of these security credentials
provide an additional measure of security both in ensuring the
privacy of cellular telephone conversations and prevention of cellular
telephone fraud.
Fig 1.2: Security features distribution in GSM
Security in GSM networks
Security in GSM consists of the following aspects:
subscriber identity authentication, subscriber
identity confidentiality, signaling data confidentiality,
and user data confidentiality.
The figure 1.3 gives the distribution of security
algorithms and keys in the 2G network.
The SIM contains the IMSI, the individual
subscriber authentication key (Ki), the ciphering key
generating algorithm (A8), the authentication
algorithm (A3), as well as a Personal Identification
Number (PIN). The GSM handset contains the
ciphering algorithm (A5).
Fig 1.3. Algorithm and Key distribution in GSM
(a)
(b)
Fig 1.4. (a) Authentication components (b) General mechanism
Fig 1.5a: SRES Generation
Fig 1.5b: Kc generation
Security in GSM networks
The process of encryption occurs between the BTS and ME without involving the
home network. For achieving seamless roaming between different networks all service
providers use the same encryption algorithm which is A5 specified by the GSM
standard.
In a similar manner to the authentication process, the computation of the ciphering key
(Kc) takes place internally within the SIM.
Fig 1.6. Ciphering mode initiation mechanism
April 14th , 2010
Security in GSM (2G) networks
The TMSI is sent to the mobile station after the authentication and
encryption procedures have taken place. The mobile station responds
by confirming reception of the TMSI. The TMSI is valid in the location
area in which it was issued.
Fig 1.7 Subscriber confidentiality
SECURITY IN 2.5G NETWORKS
Security in 2.5G networks
General Packet Radio Service (GPRS) was basically intended to provide the ME with
data-connectivity to various web servers.
GPRS transfers the responsibility of encryption and decryption on the network side from
the BTS to the Server GPRS Service Node (SGSN). The SGSN is the equivalent of
the VLR and MSC. This means that the GPRS architecture effectively prevents or
protects against eavesdropping on the backbone between the BTS and the SGSN
too.
Fig 1.8 2.5G architecture
Security in 2.5G networks
Wireless Application Protocol (WAP) is an open specification that offers
a standard method to access Internet-based content and services
from wireless devices such as mobile phones and Personal Digital
Assistants (PDAs). The information content meant for the ME is
formatted suitably for the ME’s small screen.
Fig 1.9 (a) WAP overview
(b) WAP architecture
Security in 2.5G networks
In this new operating environment,
securing just the last link is not
enough. This end-to-end security
is achieved by the Wireless
Transport Layer Security (WTLS)
layer in the WAP stack.
Fig 1.10 TLS in WAP
SECURITY IN UMTS(3G) NETWORKS
Security in UMTS (3G)
UMTS architecture provides provisions for encrypting any
signaling or subscriber data that might reveal the
subscriber’s identity.
Anonymity in UMTS
1. VLRo/VLRn
2. IMSI/TMSI
3. Sequence Number (SQN)
4. AK
Security in UMTS (3G)
Fig 1.11 UMTS physical architecture
Security in UMTS
The authentication procedure is mutual; that
is, the network authenticates the subscriber
(USIM) and the subscriber (USIM)
authenticates the network.
The UMTS authentication vector is actually a
security quintet which consists of five
numbers: RAND (a 128-bit random number),
XRES (the 32-bit expected signed response
to the RAND), CK (a 128-bit session cipher or
encryption key), IK (a 128-bit integrity key)
and AUTN (a 128-bit network authentication
token).
Fig 1.12 UMTS authentication
Security in UMTS (3G)
Fig 1.13a: Authentication vector generation
Fig 1.13b: Response generation at USIM
Security in UMTS (3G)
The UMTS encryption
algorithm is known as
KASUMI and uses a 128-bit
session key CK. The
KASUMI algorithm is more
secure than A5 and one of
the reasons for this is simply
the use of longer keys for
encryption.
Fig 1.14 UMTS encryption
April 14th , 2010
Security in UMTS (3G)
UMTS integrity key IK is
derived
using
the
authentication process.
The receiver then compares
the computed XMAC to the
received MAC.
Security in UMTS (3G)
The UMTS designers have limited their scope to securing the mobile specific part of the
network, which is known as the Mobile Application Part (MAP). UMTS specifies the
MAPSEC protocol, which works at the application layer to protect MAP messages
cryptographically.
The Key Administration Center (KAC) is a new entity introduced by MAPSEC. To establish a
SA, the KACs use the Internet Key Exchange (IKE) protocol. The designers provided a
method not only for securing MAP in SS7 networks (MAPSEC) but also for using MAP over
IP-based networks which may be protected by the already well-established IPSec protocol.
Fig 1.16 (a) MAPSEC
(b) MAP over IP-based Networks
2. SECURITY IN IEEE 802.11
NETWORKS
Security in IEEE 802.11
I.
II.
IEEE 802.11 defines two classes of security algorithms for : algorithms for
creating and using an Robust Security Network Association (RSNA) , called
RSNA algorithms and pre-RSNA algorithms. Pre-RSNA security comprises
Wired Equivalent Privacy (WEP) and IEEE 802.11 entity authentication.
The RSNA security comprises Temporal Key Integrity Protocol (TKIP), CCMP,
RSNA establishment and termination procedures, including use of IEEE 802.1X
authentication, and Key management procedures.
Security in WEP
Key establishment
IEEE 802.11 relies on preshared keys between the mobile nodes or stations (STAs)
and the Access Points (APs). key establishment is outside the scope of WEP. The
absence of any key management protocol led to multiple problem.
Anonymity
However, given the IP address, it is extremely difficult to determine the identity of the
subscriber.
1. IP addresses are dynamically assigned using protocols like DHCP.
2. the widespread use of Network Address Translation (NAT) adds another layer of
identity protection.
Security in WEP
Authentication
1. For a station to connect to a wireless local area
network (WLAN), the station must find out which
networks it currently has access to.
2. Only after this authentication is complete can the
station be connect to. APs periodically broadcast
beacons.
3. Each beacon contains a Service Set Identifier
(SSID), also called the network name, which
uniquely identifies an ESS. When an STA wants
to access a network, it has two options: passive
scan and active scan. In the former case, it can
scan the channels trying to find beacon
advertisements from APs in the area.
Fig 2.1 System overview
Security in WEP
STA wants to access a network, it has two options: passive scan and
active scan.
In passive scan, it scans the channels trying to find beacon
advertisements from APs in the area. In active scan, the station
sends probe-requests over all the channels one-by-one. A particular
SSID indicates that the station is looking for a particular network. If
the concerned AP receives the probe, it responds with a probe
response. All APs which receive this probe-request and which want
this particular station to join their network, reply back with a proberesponse.
Security in WEP
Authentication:
1. Open System Authentication (OSA)
2. Shared Key Authentication (SKA).
In other words, the AP does not do any checks on the
identity of the station and allows any and all stations to join
the network. OSA is exactly what its name suggests: open
system authentication.
SKA is based on the challenge-response system. SKA
divides stations into two groups. Group One consists of
stations that are allowed access to the network and Group
Two consists of all other stations.
Using SKA requires 1) that the station and the AP be
capable of using WEP and 2) that the station and the AP
have a preshared key.
Fig 2.2a; IEEE 802.11 OSA
Fig 2.2b; IEEE 802.11 SKA
Security in WEP
1. If a station is mobile while accessing the
network, it may leave the range of one AP and
enter into the range of another AP. A STA may
move inside a BSA (intra-BSA), between two
BSAs (inter-BSA) or between two Extended
Service Areas (ESAs) (inter-ESAs).
2. It is the inter-BSA roaming that 802.11 deals
with. A STA keeps track of the received signal
strength (RSS) of the beacon with which it is
associated.
3. The process of authenticating to the new AP is
the same as it is for a STA that has just
powered on in this BSS.
Fig 2.3; IEEE 802.11 handoffs and security
Security in WEP
Confidentiality in 802.11
WEP uses a preestablished set of keys. Figure 1.4 shows
how WEP is used to encrypt an 802.11 MAC Protocol
Data Unit (MPDU).
1. Calculate the Integrity Check Value (ICV) over the
length of the MPDU and append this 4-byte value to
the end of the MPDU.
2. Select a master key to be used from one of the four
possible preshared secret keys.
3. Select an IV and concatenate it with the master key to
obtain a key seed.
4. The key seed generated in Step 3 is then fed to an
RC4 key-generator.
5. A 4-byte header is then appended to the encrypted
packet.
Fig 2.4 WEP
Security in WEP
Data Integrity
IEEE 802.11 uses an Integrity Check Value (ICV) field in the packet. ICV is another
name for message integrity check (MIC).
In WEP, ICV is implemented as a Cyclic Redundancy Check-32 bits (CRC-32)
checksum which breaks this assumption. The reason for this is that CRC-32 is linear
and is not cryptographically computed, i.e., the calculation of the CRC-32 checksum
does not use a key/shared secret.
Fig 2.5; WEP Data Integrity
Security in Wi-Fi Protected Access (WPA)
When the loopholes in WEP was realized, the original I.
802.11 security standard, had been exposed, IEEE
formed a Task Group: 802.11i with the aim of improving
upon the security of 802.11 networks. This group came
up with the proposal of a Robust Security Network
(RSN).
II.
802.11i allows for a Transitional Security Network
(TSN) which allows for the existence of both RSN and
WEP nodes in an 802.11 network.
The security proposal specified by the Task Group-i
uses the Advanced Encryption Standard (AES) in its
default mode. One obstacle in using AES is that it is not
backward compatible with existing WEP hardware.
Wi-Fi alliance adopted Temporal Key Integrity
Protocol (TKIP) as the security standard that needs to
be deployed for Wi-Fi certification.
WPA is basically a prestandard subset of
802.11i which includes the key
management and the authentication
architecture (802.1X) specified in 802.11i.
The biggest difference between WPA and
802l.11i is that instead of using AES for
providing confidentiality and integrity, WPA
uses
Temporarily
Key
Integrity
Protocol(TKIP)
and
MICHAEL
respectively.
Security in Wi-Fi Protected Access (WPA)
Key establishment
1. IEEE 802.11i task group used two distinct environments: the home
network and the enterprise network hence two environments had
distinct security requirements and different infrastructure
capacities.
2. For the enterprise network, 802.11i specifies the use of IEEE
802.1X for key establishment and authentication. For home
deployments of 802.11, 802.11i allows the use of the “out-of-band
mechanism” (manual configuration) for key establishment.
Security in Wi-Fi Protected Access (WPA)
WPA extends the two-tier key-hierarchy of
WEP to a multitier hierarchy. At the top
level is still the master key, referred to as
the Pair-wise Master Key (PMK) in WPA.
The next level in the key hierarchy is the
PTK which is derived from
the PMK. The final level is the per-packet
keys which are generated by feeding the
PTK to a key-mixing function.
As we saw, WPA is flexible about how the
master key (PMK in WPA) is established.
The PMK, therefore, may be a
preshared16 secret key (WEP-design) or
a key derived from an authentication
process like 802.1X.
Fig 2.6: Key Hierarchy in 802.11
Security in Wi-Fi Protected Access (WPA)
Authentication
1. The controlled port is open only
when the device connected to the
authenticator has been authorized
by 802.1x. On the other hand, the
uncontrolled port provides a path
for extensible authentication
protocol over LAN (EAPoL) traffic
ONLY.
2. EAP specifies three network
elements: the supplicant, the
authenticator
and
the
authentication server.
Fig 2.7: 802.1X/EAP Port Model
Security in Wi-Fi Protected Access (WPA)
Authentication
1. In the 802.1X architecture, the result of the
authentication process is conveyed by the
authentication server to the AP so that the
AP may allow or disallow the STA access to
the network.
2. 802.1X is a framework for authentication. It
does not specify the authentication protocol
to be used. Therefore, it is up to the network
administrator to choose the authentication
protocol they want to plug in to the 802.1X
architecture.
Fig 2.8: IEEE 802.1X Network Architecture
Way Handshake
RSNA defines a protocol using IEEE 802.1X EAPOL-Key frames called the 4-Way
Handshake. The handshake completes the IEEE 802.1X authentication process. The
information flow of the 4-Way Handshake is as follows:
Security in Wi-Fi Protected Access (WPA)
Integrity
1. The problem is that most well known protocols used for calculating a message
integrity check (MIC) have lots of multiplication operations and multiplication
operations are computation intensive. Therefore, TKIP uses a new MIC protocol;
MICHAEL which uses no multiplication operations and relies instead on shift and
add operations.
2. However, it is in no way as cryptographically secure as the other standardized
MIC protocols like MD5 or SHA-1. The TKIP designers knew this and hence built
in countermeasures to handle cases where MICHAEL might be compromised.
3. TKIP explicitly requires that each STA start using an IV with a value of 0 and
increment the value by one for each packet that it transmits during its session
lifetime.
WPA 2 (IEEE 802.11i)
I. WPA was a stepping stone to the final
solution which was being designed by the
IEEE 802.11i task group. This security
proposal was referred to as the Robust
Security Network (RSN) and also came to be
known as the 802.11i security solution.
II. The Wi-Fi alliance integrated this solution in
their proposal and called it WPA2.
WPA 2 (IEEE 802.11i)
 Key establishment
Since WPA2 and 802.11i standard are almost the same, the key-establishment
process and the key hierarchy architecture in WPA and WPA2 are almost
identical. In WPA2, the same key can be used for the encryption and integrity
protection of data.
 Authentication
WPA had also adopted the authentication architecture specified in 802.11i
completely. Therefore, the authentication architecture in WPA and WPA2 is
identical.
WPA 2 (IEEE 802.11i)
Confidentiality
Task Group i specified the use of a block encryption algorithm for 802.11 security.
Since AES is considered the most secure block cipher, it was an obvious
choice.
To provide confidentiality in 802.11i, AES is used in the counter mode. Counter
mode actually uses a block cipher as a stream cipher, thus combining the
security of a block cipher with the ease of use of a stream cipher.
Fig 2.9: AES Counter Mode
WPA 2 (IEEE 802.11i)
Integrity
To achieve message integrity, Task Group i extended the counter mode to include a Cipher
Block Chaining (CBC)-MAC operation. Hence the name of the protocol: AES-CCMP
where CCMP stands for Counter-mode CBC-MAC protocol.
Fig 2.10: AES CBC-MAC
3. SECURITY IN MANETs
MANETs security
Introduction to MANETs algorithms
MANETs security
1. Reputation and trust base system
2. Cryptographic base
MANETs algorithms
A Mobile Ad hoc Network (MANET) is a system
of wireless mobile nodes that dynamically selforganize in arbitrary and temporary network
topologies allowing people and devices to internetwork without any preexisting communication
infrastructure
Mobile ad hoc networks are realized in
vehicular ad hoc network (VANET), wireless
networks and wireless sensor network (WSN).
An important challenge in the design of
algorithms for a mobile ad hoc network is the fact
that its topology is dynamic.
Fig 3.1 MANET topology
MANETs algorithms
 Topology formation
1. Neighbour discovery
2. Packets forwarding
 Topology control
1. Clustering
 Routing
1. Proactive protocols
2. Reactive Protocols
3. Hybrid protocol
Multicasting and Broadcasting
Routing protocols for a MANET can be unicast,
geocast, multicast and broadcast.
Fig 3.2 Packets forwarding algorithms
MANETs algorithms
Clustering in ad hoc networks can be defined as
the grouping of nodes into manageable sets called
clusters.
Beacon-supported protocols are based on
selecting a few beacon nodes and constructing a
basic communication tree from them to every other
node. As a result, every node is aware of its
distance (in hops) to every beacon and the
resulting vectors can serve as coordinates.
Virtual coordinates can be constructed using only
local connectivity information which is available
since nodes always know their neighbors.
Fig 3.3 Clustering of nodes
MANETs algorithms
MANETs, mesh networks and multihop sensor networks are
instances of multihop wireless networks where nodes
forward traffic among each other.
Network-Wide Broadcast (NWB) algorithms provide a
mechanism to deliver information to nodes in a multihop
network without depending on routing state.
NWB algorithms may be viewed as two components: (1)
redundancy control, which is the component that attempts
to reduce redundancy while maintaining coverage, and (2)
robustness control, which is the component that attempts to
recover from lost rebroadcasts and maintain coverage in
the face of losses.
Criteria for rebroadcasting includes Probability-Based,
Counter-Based, Distance-Based and Location-Based
Fig 3.4a: Flooding
Fig 3.4b: Optimized flooding
Introduction to MANETs algorithms
Adaptive Dynamic Backbone Multicast (ADBM) incorporates a backbone construction algorithm
that autonomously extracts a subset of nodes to serve as backbone nodes and provide mobilityadaptive connectivity for multicast operations.
The core connection process is responsible for connecting these cores together by designating
some nodes to take the role of intermediate nodes; the cores and intermediate nodes jointly
comprise a virtual backbone.
A node is said to be a border node if and only if it is able to hear Hello packets from nodes that
are associated with different cores.
Fig 3.5a: Core connection process
Fig 3.5b: backbone construction
Introduction to MANETs algorithms
Route discovery contains both route request message and route reply messages; each node
maintains a route cache, it first checks its cache for a route that matches the requested
destination.
A source node seeking to send a data packet to a destination node checks its route table to see
if it has a valid route to the destination node. if there is no route in the table, the source node
begins a route discovery process. It broadcasts a route request (RREQ) packet to its immediate
neighbors, and those nodes broadcast further to their neighbors until the request reaches either
an intermediate node with a route to the destination or the destination node itself.
Fig 3.6. (a) Reverse path formation
(b) Forward path formation
Table 3.1 MANETs routing protocols
Reputation and trust base security
The capture and distribution of
feedback about current interactions.
cryptography can provides integrity,
• Use of feedback to guide trust
confidentiality, and authentication but
decisions.
fails in the face of insider attacks.
Classification
Malicious misbehavior is divided into two
types: forwarding and routing. Common 1. Observation; first hand and Second
forwarding misbehavior are packet
2. Information Symmetry
dropping, modification, fabrication,
3. Centralization
timing attacks, and silent route change.
System goals
• To cope with any kind of observable
misbehavior.
• To minimize the damage caused by
insider attacks.
•
Reputation and trust base system
• Information gathering is the process by which a node collects information about
the nodes it cares about. First-hand information can be further classified into
personal experience and direct observation; Watchdog.
• This vulnerability can be mitigated by adopting a strategy of limited information
sharing; sharing either only positive information or negative information.
• The decisions made by this component are based on the information provided by
the information modeling component.
Fig 3.7 Architecture design for reputation based framework
Cryptographic based
• In ad hoc networks since there is no single CA which is always
accessible, what is needed is a virtual CA. This virtual CA is formed
by distributing the CA’s functionality to each local neighborhood.
• Digital signatures can be used to authenticate a message and
prevent attackers from injecting erroneous routing information and
data traffic inside the network.
CONCLUSIONS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
GPRS has extended encryption and decryption to the SGSN
There is TMSI in GSM to keep the ISMI secrete
There are three security element per GSM/UMTS security; SIM, MS and the Network
There is use of WTLS which is at WAP stack
The security component should be suitable for mobile equipment as at WAP
A secure network security should encompasses of these, mutual authentication,
confidentiality, integrity and non repudition
RSNA security is more powerful than WEP which has more vulnerabilities
Authentication in IEEE 802.11i is port base access control
In UMTS, there is mutual authentication while GSM is unilateral authentication
There is challenge response authentication algorithm instead of digital signature in GSM
UMTS uses KASUMI 128 bit which more secure than A5
There are quintet authentication vector in UMTS while triplets in GSM
There is problem of handoff in WLAN
UMTS architecture provides integrity of the message while GSM does not
CONCLUSIONS
15. GPRS transfers the responsibility of encryption and decryption on the network side from the
BTS to the Server GPRS Service Node (SGSN).
16. GSM allows the service provider to choose an algorithm for A3 and A8 but A5 is the same for
all service providers.
17. There is limited encryption scope in GSM; securing is between the ME-BTS interface.
18. There is no support for a STA to authenticate the network in WEP
19. MANET security is divided into different directions like secure routing, key exchange, secure
architecture and, intrusion detection and protection
20. Challenge response authentication algorithms will be difficult to implement in MANETs
21. Ad hoc networks pose security problem due to dynamic routing and highly insecure working
environment algorithms for key management and routing.
22. The UMTS designers limited the security scope to securing the mobile specific part of the
network, the Mobile Application Part (MAP).
REFERENCES-GSM
•
•
•
•
•
•
•
[1] Chang, C.-C. Lee, J.-S. and Chang, Y.-F. (2005), 'Efficient authentication
protocols of GSM', Computer Communications, vol. 28, pp. 921–928.
[2] Peng, C. (2000), 'GSM and GPRS Security',
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.100.2671&rep=rep1&t
ype=pdf, [26th February, 2010 at 15:03 GMT].
[3] Mehrotra, A. and Golding, L. S. (1998), 'Mobility and Security Management
in the GSM System and Some Proposed Future Improvements', IEEE, New Jersey,
pp. 1480-1497.
[4] Menezes, A. Oorschot, P. V. and Vanstone, S. (1997), handbook of applied
cryptography, CRC Press, Boca Raton, pp. 1-47.
[5] Praphul, C., "Bulletproof Wireless Security," GSM, UMTS, 802.11 and Ad Hoc
Security, Elsevier, 2005, pp. 121-127, 199-227.
[6] Margrave, D. (2000), 'GSM Security and Encryption', http://www.netpa.net/tr/urunlerimiz/Iletisim/ASC/detay/Introduction/GSMSecurityAndEncryptio
n.doc, [20th February 2010 at 10:31 GMT].
[7] Stallings, W. (2006), Cryptography and Network Security Principles and
Practices, 4 ed., Prentice Hall, Upper Saddle River, pp. 317-433.
REFERENCES- IEEE 802.11
•
•
•
•
•
•
•
•
[1]
Zahur, Y. and Yang, T. A. (2003), 'WIRELESS LAN SECURITY AND LABORATORY DESIGNS', in CCSC: Southeastern
Conference, 2003, pp. 44-60.
[2]
Ieee, C. S. (2004), IEEE Standard for information technology, telecommunications and information exchange
between systems local and metropolitan area networks specific requirements Part 11: Wireless LAN Medium Access Control
(MAC) and Physical Layer (PHY) Specifications (IEEE Std 802.11i™-2004), IEEE, New York, pp. 1-175.
[3]
Sithirasenan, E. Zafar, S. and Muthukkumarasamy, V., 'Formal Verification of the IEEE 802.11i WLAN Security
Protocol'.
[4]
Kassab, M. et al. (2005), 'Fast Pre-Authentication Based on Proactive Key Distribution for 802.11 Infrastructure
Networks', WMuNeP’05, Montreal, Quebec, pp. 46-53.
[5]
Altunbasak, H. and Owen, H. (2004), 'Alternative Pair-wise Key Exchange Protocols for Robust Security Networks
(IEEE 802.11i) in Wireless LANs'.
[6]
Borisov, N. Goldberg, I. and Wagner, D. (2001), 'Intercepting Mobile Communications: The Insecurity of 802.11',
Seventh Annual International Conference on Mobile Computing And Networking.
[7]
Park, S. H. Ganz, A. and B, Z. G. (1998), 'Security protocol for IEEE 802.11 wireless local area network', Mobile
Networks and Applications 3, pp. 237-246.
[8]
Bresson, E. Chevassut, O. and Pointcheval, D., 'A Security Solution for IEEE 802.11’s Ad-hoc Mode: PasswordAuthentication and Group-Diffie-Hellman Key Exchange'.
REFERENCES-MANETs
•
•
•
•
•
•
•
•
•
[1]
Singh, K. Yadav, R. S. and Ranvijay (2000), 'A REVIEW PAPER ON AD HOC NETWORK SECURITY', International Journal of
Computer Science and Security,, vol. 1, no. 1, pp. 52-69.
[2]
Ertaul, L. and Chavan, N. (2005), 'Security of Ad Hoc Networks and Threshold Cryptography',
http://www.mcs.csueastbay.edu/~lertaul/MA2-6.pdf, [14th February 2010 at 08:10 GMT].
[3]
Praphul, C., "Bulletproof Wireless Security," GSM, UMTS, 802.11 and Ad Hoc Security, Elsevier, 2005, pp. 121-127, 199227.
[4]
Marti, S. et al. (2000), 'Mitigating Routing Misbehaviour in Mobile Ad Hoc Networks', http://www2.cs.cmu.edu/~srini/15-829A/readings/marti-giuli-lai-baker-mitigating-routing-misbehavior.pdf, [20th January, 2010 at 17:49
GMT].
[5]
A, A. Feham, M. and Taleb-Ahmed, A. (2009), 'On Recent Security Enhancements to Autoconfiguration Protocols for
MANETs Real Threats and Requirements', International Journal of Computer Science and Network Security, vol. 9, no. 401-407.
[6]
Albers, P. et al. (2002), 'Security in Ad Hoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based
Approaches', http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.103.9855&rep=rep1&type=pdf, [20th February 2010 at
23:09 GMT].
[7]
Baghaei, N. (2003), 'IEEE 802.11 Wireless LAN Security Performance Using Multiple Clients', University of Canterbury,
Christchurch, New Zealand, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.76.8038&rep=rep1&type=pdf.,
[01//1/2010 at 10:19 GMT].
[8]
Sun, B. (2004), 'Intrusion detection in mobile ad hocnetworks', PhD, Texas A&M University, Texas, 142 pp.,
http://txspace.tamu.edu/bitstream/handle/1969.1/2215/etd-tamu-2004A-CPSC-Sun-1.pdf?sequence=1, [13 February 2010, at
21:10 GMT].
[13]
Boukerche, A. (2009), Algorithms and Protocols for Wireless and Mobile Ad Hoc Networks, John Wiley & Sons, New
Jersey.