SecurityinWirelessCommunicationNetworks
YiQian
UniversityofNebraska-Lincoln,USA
FengYe
UniversityofDayton,USA
Hsiao-HwaChen
NationalChengKungUniversity,Taiwan
Thiseditionfirstpublished2022 ©2022JohnWiley&SonsLtd
Allrightsreserved.Nopartofthispublicationmaybereproduced,storedinaretrievalsystem,or transmitted,inanyformorbyanymeans,electronic,mechanical,photocopying,recordingorotherwise, exceptaspermittedbylaw.Adviceonhowtoobtainpermissiontoreusematerialfromthistitleisavailable athttp://www.wiley.com/go/permissions.
TherightofYiQian,FengYe,andHsiao-HwaChentobeidentifiedastheauthorsofthisworkhasbeen assertedinaccordancewithlaw.
RegisteredOffices
JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,USA
JohnWiley&SonsLtd,TheAtrium,SouthernGate,Chichester,WestSussex,PO198SQ,UK
EditorialOffice
TheAtrium,SouthernGate,Chichester,WestSussex,PO198SQ,UK
Fordetailsofourglobaleditorialoffices,customerservices,andmoreinformationaboutWileyproducts visitusatwww.wiley.com.
Wileyalsopublishesitsbooksinavarietyofelectronicformatsandbyprint-on-demand.Somecontentthat appearsinstandardprintversionsofthisbookmaynotbeavailableinotherformats.
LimitofLiability/DisclaimerofWarranty
Whilethepublisherandauthorshaveusedtheirbesteffortsinpreparingthiswork,theymakeno representationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisworkand specificallydisclaimallwarranties,includingwithoutlimitationanyimpliedwarrantiesofmerchantability orfitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesrepresentatives,written salesmaterialsorpromotionalstatementsforthiswork.Thefactthatanorganization,website,orproduct isreferredtointhisworkasacitationand/orpotentialsourceoffurtherinformationdoesnotmeanthat thepublisherandauthorsendorsetheinformationorservicestheorganization,website,orproductmay provideorrecommendationsitmaymake.Thisworkissoldwiththeunderstandingthatthepublisheris notengagedinrenderingprofessionalservices.Theadviceandstrategiescontainedhereinmaynotbe suitableforyoursituation.Youshouldconsultwithaspecialistwhereappropriate.Further,readersshould beawarethatwebsiteslistedinthisworkmayhavechangedordisappearedbetweenwhenthisworkwas writtenandwhenitisread.Neitherthepublishernorauthorsshallbeliableforanylossofprofitorany othercommercialdamages,includingbutnotlimitedtospecial,incidental,consequential,orother damages.
LibraryofCongressCataloging-in-PublicationDataappliedfor: ISBN:9781119244363
CoverdesignbyWiley
Coverimage:©AnuchaCheechang/iStock/GettyImages
Setin9.5/12.5ptSTIXTwoTextbyStraive,Chennai,India 10987654321
Contents
Preface xvii
Acknowledgments xxiii
AbouttheCompanionWebsite xxv
PartIIntroductionandMathematicsBackground 1
1Introduction 3
1.1GeneralComputerCommunicationNetworkArchitecture 3
1.1.1WiredCommunicationNetworkInfrastructure 3
1.1.2WirelessCommunicationNetworkInfrastructure 4
1.2DifferentTypesofWirelessCommunicationSystems 5
1.2.1ClassificationofWirelessCommunicationSystems 5
1.2.1.1BasedonCoverage 5
1.2.1.2BasedonTopology 6
1.2.1.3BasedonMobility 6
1.2.2WirelessPersonalAreaNetworks 7
1.2.3WirelessLocalAreaNetworks 7
1.2.4WirelessWideAreaNetworks 7
1.3NetworkSecurityandWirelessSecurity 9
1.3.1NetworkSecurity 9
1.3.2SecurityThreatsinWirelessNetworks 10
1.4Summary 11
2BasicNetworkSecurityConcepts 13
2.1SecurityAttacks 13
2.1.1PassiveAttacks 13
2.1.1.1Eavesdropping 13
2.1.1.2TrafficAnalysis 14
2.1.2ActiveAttacks 15
2.2SecurityServices 16
2.2.1AccessControl 17
2.2.2Authentication 17
2.2.3Confidentiality 18
2.2.4Integrity 18
2.2.5Non-repudiation 19
2.2.6Availability 19
2.3SecurityMechanisms 21
2.3.1Encipherment 21
2.3.2Authentication 21
2.3.3AccessControl 22
2.3.4DigitalSignature 22
2.3.5DataIntegrity 23
2.3.6TrafficPaddingandRoutingControl 23
2.3.7Notarization 24
2.4OtherSecurityConcepts 24
2.4.1LevelsofImpact 24
2.4.2CryptographicProtocols 25
2.5Summary 25
3MathematicalBackground 27
3.1BasicConceptsinModernAlgebraandNumberTheory 27
3.1.1Group 27
3.1.1.1AbelianGroup 28
3.1.1.2CyclicGroup 28
3.1.2Ring 29
3.1.3Field 29
3.2PrimeNumbers,ModularArithmetic,andDivisors 30
3.2.1PrimeNumbers 30
3.2.2ModularArithmetic 30
3.2.3DivisorsandGCD 31
3.2.4MultiplicativeInverse 33
3.3FiniteFieldandGaloisField 34
3.4PolynomialArithmetic 35
3.4.1OrdinaryPolynomialArithmetic 35
3.4.2PolynomialArithmeticinFiniteFields 36
3.4.3ModularPolynomialArithmetic 37
3.4.4ComputationalConsiderations 39
3.4.5GeneratingaFiniteFieldwithaGenerator 40
3.5Fermat’sLittleTheorem,Euler’sTotientFunction,andEuler’sTheorem 41
3.5.1Fermat’sLittleTheorem 41
3.5.2EulerTotientFunction ��(n) 42
3.5.3Euler’sTheorem 43
3.6PrimalityTesting 44
3.7ChineseRemainderTheorem 46
3.8DiscreteLogarithm 48
3.9Summary 49
PartIICryptographicSystems 51
4CryptographicTechniques 53
4.1SymmetricEncryption 53
4.2ClassicalCryptographicSchemes 53
4.2.1ClassicalSubstitutionCiphers 54
4.2.1.1CaesarCipher 54
4.2.1.2MonoalphabeticCipher 55
4.2.1.3PlayfairCipher 57
4.2.1.4PolyalphabeticCipher 58
4.2.1.5AutokeyCipher 59
4.2.1.6One-TimePad 60
4.2.2ClassicalTranspositionCiphers 60
4.2.2.1RailFenceCipher 60
4.2.2.2RowTranspositionCipher 60
4.2.2.3ProductCipher 61
4.2.3MoreAdvancedClassicalCiphers 61
4.2.3.1RotorMachines 61
4.2.3.2Steganography 61
4.3StreamCipher 62
4.3.1RivestCipher4 62
4.4ModernBlockCiphers 63
4.4.1OverviewofModernBlockCiphers 63
4.4.2FeistelBlockCipher 64
4.4.2.1IdealBlockCipher 64
4.4.2.2FeistelCipherStructure 65
4.4.3BlockCipherDesign 67
4.5DataEncryptionStandards(DES) 67
4.5.1OverviewofDES 67
4.5.2InitialPermutation(IP) 68
4.5.3DESRoundFunction 69
4.5.3.1DESS-Boxes 71
4.5.3.2DESPermutationFunction 72
4.5.4DESKeySchedule 72
4.5.5DESSecurity 74
4.5.6MultipleEncryptionandDES 75
4.6Summary 76
5MoreonCryptographicTechniques 77
5.1AdvancedEncryptionStandards 77
5.1.1TheAESCipher:Rijndael 77
5.1.2AESDataStructure 77
5.1.3DetailsinEachRound 79
5.1.3.1SubstituteBytes 79
5.1.3.2ShiftRows 81
5.1.3.3MixColumns 81
5.1.3.4AddRoundKey 82
5.1.3.5AESKeyExpansion 82
5.1.3.6AESDecryption 84
5.1.3.7AESImplementationAspects 84
5.2BlockCipherModesofOperation 85
5.2.1ElectronicCodebook(ECB)Mode 85
5.2.2CipherBlockChaining(CBC)Mode 86
5.2.3CipherFeedback(CFB)Mode 87
5.2.4OutputFeedback(OFB)Mode 88
5.2.5TheCounter(CTR)Mode 89
5.2.6LastBlockinDifferentModes 90
5.2.7XTS-AESMode 90
5.3PublicKeyInfrastructure 92
5.3.1BasicsofPublicKeyCryptography 92
5.3.2Public-KeyApplications 94
5.3.3SecurityofPublicKeySchemes 94
5.4TheRSAAlgorithm 95
5.4.1RSAKeySetup 95
5.4.2RSAEncryptionandDecryption 96
5.4.3RSASecurityAnalysis 96
5.4.3.1FactoringProblem 97
5.4.3.2Timingattacks 97
5.4.3.3ChosenCiphertextAttacks 97
5.5Diffie–Hellman(D–H)KeyExchange 97
5.5.1Finite-FieldDiffie–Hellman 97
5.5.2Elliptic-CurveDiffie–Hellman 98
5.5.3Diffie–HellmanKeyExchangeVulnerability 98
5.6Summary 99
6MessageAuthentication,DigitalSignature,andKey Management 101
6.1MessageAuthentication 101
6.1.1MessageAuthenticationFunctions 101
6.1.2MessageAuthenticationCode 102
6.1.3HashFunctions 103
6.1.4SizeofMACandHashValue 104
6.2MACandHashAlgorithms 105
6.2.1DataAuthenticationAlgorithm 105
6.2.2ABasicHashFunctionStructure 106
6.2.3SecureHashAlgorithm(SHA) 106
6.2.4SHA-512 107
6.2.4.1SHA-512CompressionFunction 108
6.2.4.2SHA-512RoundFunction 109
6.2.5Whirlpool 111
6.2.6OtherMACFunctions 112
6.2.6.1KeyedHashFunctionsasMACs 112
6.2.6.2Cipher-BasedMAC 113
6.3DigitalSignatureandAuthentication 114
6.3.1DigitalSignatureProperties 115
6.3.2DigitalSignatureStandardandAlgorithm 116
6.3.3TheEllipticCurveDigitalSignatureAlgorithm 117
6.3.3.1ECDSADomainParameters 117
6.3.3.2ECDSAPrivate/PublicKeys 118
6.3.3.3ECDSADigitalSignatureGeneration 119
6.3.3.4ECDSADigitalSignatureVerification 120
6.3.4AuthenticationProtocols 120
6.4KeyManagement 122
6.4.1KeyDistributionwithSymmetricKeyEncryptions 122
6.4.2SymmetricKeyDistributionUsingPublicKeyCryptosystems 123
6.4.3DistributionofPublicKeys 124
6.4.4PublicKeyInfrastructure 126
6.4.5X.509AuthenticationService 126
6.5Summary 128
PartIIISecurityforWirelessLocalAreaNetworks 129
7WLANSecurity 131
7.1IntroductiontoWLAN 131
7.1.1Wi-FiOperatingModes 131
7.1.2ChallengesinWLANSecurity 132
7.1.3TricksthatFailtoProtectWLAN 133
7.2EvolutionofWLANSecurity 133
7.3WiredEquivalentPrivacy 135
7.3.1WEPAccessControl 135
7.3.2WEPIntegrityandConfidentiality 136
7.3.3WEPKeyManagement 136
7.3.4WEPSecurityProblems 137
7.3.4.1ProblemsinWEPAccessControl 138
7.3.4.2ProblemsinWEPIntegrity 138
7.3.4.3ProblemsinWEPConfidentiality 138
7.3.4.4ProblemsinWEPKeyManagement 139
7.3.5PossibleWEPSecurityEnhancement 140
7.4IEEE802.1XAuthenticationModel 140
7.4.1AnOverviewofIEEE802.1X 140
7.4.2ProtocolsinIEEE802.1X 141
7.4.3MappingtheIEEE802.1XmodeltoWLAN 143
7.5IEEE802.11iStandard 143
7.5.1OverviewofIEEE802.11i 143
x Contents
7.5.2IEEE802.11iAccessControl 143
7.5.3IEEE802.1iKeyManagement 145
7.5.4IEEE802.11iIntegrityandConfidentiality 147
7.5.4.1TKIPMode 147
7.5.4.2AES-CCMPMode 148
7.5.5Function Michael148
7.5.6Weaknessin802.11i 150
7.6Wi-FiProtectedAccess3andOpportunisticWirelessEncryption 150
7.6.1WPA3-Personal 150
7.6.2WPA3-Enterprise 150
7.6.3OpportunisticWirelessEncryption 151
7.7Summary 152
8BluetoothSecurity 153
8.1IntroductiontoBluetooth 153
8.1.1OverviewofBluetoothTechnology 153
8.1.2BluetoothVulnerabilitiesandThreats 154
8.1.2.1Bluesnarfing 155
8.1.2.2Bluejacking 155
8.1.2.3Bluebugging 155
8.1.2.4CarWhisperer 155
8.1.2.5FuzzingAttacks 155
8.1.3BluetoothSecurityServicesandSecurityModes 156
8.1.3.1BluetoothSecurityServices 156
8.1.3.2BluetoothSecurityModes 156
8.2LinkKeyGeneration 157
8.2.1LinkKeyGenerationforSecurityModes2and3 157
8.2.2LinkKeyGenerationforSecurityMode4 158
8.2.3AssociationModelinMode4 159
8.2.3.1Numericcomparison 159
8.2.3.2Out-of-Band(OOB) 160
8.2.3.3Passkeyentry 162
8.3Authentication,Confidentiality,andTrustandServiceLevels 163
8.3.1Authentication 163
8.3.2Confidentiality 164
8.3.3TrustandSecurityServiceLevels 165
8.4CryptographicFunctionsforSecurityModes1,2,and3 166
8.4.1SAFER+ 166
8.4.1.1OverviewoftheSAFER+ Structure 166
8.4.1.2SAFER+ RoundFunction 166
8.4.1.3SAFER+ KeySchedulefor128-BitKey 168
8.4.2Function E1 (⋅) 168
8.4.3Function E21 (⋅) 170
8.4.4Function E22 (⋅) 170
8.4.5Function E3 (⋅) 171
8.4.6Function E0 (⋅) 171
8.5CryptographicFunctionsinSecurityMode4(SSP) 173
8.5.1Function P192 (⋅) 173
8.5.2Function f1 (⋅) 174
8.5.3Function g(⋅) 174
8.5.3.1Function f2 (⋅) 174
8.5.3.2Function f3 (⋅) 174
8.6Summary 174
9ZigbeeSecurity 177
9.1IntroductiontoZigbee 177
9.1.1OverviewofZigbee 177
9.1.2SecurityThreatsAgainstZigbee 178
9.2IEEE802.15.4SecurityFeatures 179
9.2.1SecurityLevels 179
9.2.2IEEE802.15.4FrameStructure 180
9.3ZigbeeUpperLayerSecurity 182
9.3.1ZigbeeSecurityModels 182
9.3.2SecurityKeysinZigbee 183
9.3.3ZigbeeNetworkLayerSecurity 184
9.3.4ZigbeeApplicationSupportLayerSecurity 184
9.3.5OtherSecurityFeaturesinZigbee 185
9.4Security-RelatedMACPIBAttributes 187
9.5MechanismsUsedinZigbeeSecurity 188
9.5.1AES-CTR 188
9.5.2AES-CBC-MAC 189
9.5.3OverviewoftheAES-CCM 189
9.5.4NoncesAppliedtotheSecurityMechanisms 189
9.5.5Matyas–Meyer–OseasHashFunction 190
9.6Summary 191
10RFIDSecurity 193
10.1IntroductiontoRFID 193
10.1.1OverviewofRFIDSubsystems 193
10.1.2TypesofRFIDTags 193
10.1.3RFIDTransactions 194
10.1.4RFIDFrequencyBands 194
10.2SecurityAttacks,Risks,andObjectivesofRFIDSystems 195
10.2.1SecurityAttackstoRFIDSystems 195
10.2.2RFIDPrivacyRisks 195
10.2.3SecurityObjectives 196
10.3MitigationStrategiesandCountermeasuresforRFIDSecurityRisks 196
10.3.1CryptographicStrategies 196
10.3.1.1Encryption 196
10.3.1.2One-WayHashLocks 196
10.3.1.3EPCTagPINs 197
10.3.2Anti-CollisionAlgorithms 197
10.3.2.1Tree-Walking 197
10.3.2.2TheSelectiveBlockerTag 197
10.3.3OtherMitigationStrategies 198
10.3.3.1PhysicalShieldingSleeve(TheFaradayCage) 198
10.3.3.2SecureReaderProtocol1.0 198
10.4RFIDSecurityMechanisms 199
10.4.1HashLocks 199
10.4.1.1DefaultHashLocking 199
10.4.1.2RandomizedHashLocking 200
10.4.2HBProtocolandtheEnhancement 200
10.4.2.1HBProtocol 200
10.4.2.2HB+ Protocol 202
10.4.2.3HB++ Protocol 203
10.5Summary 205
PartIVSecurityforWirelessWideAreaNetworks 207
11GSMSecurity 209
11.1GSMSystemArchitecture 209
11.1.1MobileStation 209
11.1.2BaseStationSubsystem 210
11.1.3NetworkSubsystem 211
11.2GSMNetworkAccessSecurityFeatures 212
11.2.1GSMEntityAuthentication 212
11.2.2GSMConfidentiality 214
11.2.3GSMAnonymity 215
11.2.4DetectionofStolen/CompromisedEquipmentinGSM 215
11.3GSMSecurityAlgorithms 215
11.3.1Algorithm A3 216
11.3.2Algorithm A8 216
11.3.3AlgorithmCOMP128 216
11.3.4Algorithm A5 220
11.3.4.1 A5∕1 220
11.3.4.2Algorithm A5∕2 223
11.4AttacksAgainstGSMSecurity 225
11.4.1AttacksAgainstGSMAuthenticity 225
11.4.1.1AttacksAgainstGSMConfidentiality 226
11.4.2OtherAttacksagainstGSMSecurity 227
11.5PossibleGSMSecurityImprovements 227
11.5.1ImprovementoverAuthenticityandAnonymity 227
11.5.2ImprovementoverConfidentiality 228
11.5.3ImprovementoftheSignalingNetwork 228
11.6Summary 228
12UMTSSecurity 229
12.1UMTSSystemArchitecture 229
12.1.1UserEquipment 229
12.1.2UTRAN 230
12.1.3CoreNetwork 231
12.2UMTSSecurityFeatures 231
12.3UMTSNetworkAccessSecurity 232
12.3.1AuthenticationandKeyAgreement 232
12.3.1.1TheAKAMechanism 232
12.3.1.2AuthenticationVectorGeneration 234
12.3.1.3AKAontheUESide 236
12.3.2Confidentiality 237
12.3.3DataIntegrity 238
12.3.4UserIdentityConfidentiality 239
12.4AlgorithmsinAccessSecurity 240
12.4.1EncryptionAlgorithmf8 240
12.4.1.1IntegrityAlgorithmf9 241
12.4.2DescriptionofKASUMI 242
12.4.2.1AnOverviewofKASUMIAlgorithm 242
12.4.2.2RoundFunction Fi ( ) 244
12.4.2.3Function FL244
12.4.2.4Function FO244
12.4.2.5FunctionFI 245
12.4.2.6S-boxesS7andS9 245
12.4.2.7KeySchedule 247
12.4.3ImplementationandOperationalConsiderations 248
12.5OtherUMTSSecurityFeatures 249
12.5.1MobileEquipmentIdentification 249
12.5.2LocationServices 249
12.5.3User-to-USIMAuthentication 249
12.6Summary 250
13LTESecurity 251
13.1LTESystemArchitecture 251
13.2LTESecurityArchitecture 253
13.3LTESecurity 255
13.3.1LTEKeyHierarchy 255
13.3.2LTEAuthenticationandKeyAgreement 257
13.3.3SignalingProtection 258
13.3.3.1ProtectionofRadio-SpecificSignaling 259
13.3.3.2ProtectionofUser-PlaneTraffic 259
13.3.4OverviewofConfidentialityandIntegrityAlgorithms 259
13.3.4.1ConfidentialityMechanism 259
13.3.4.2IntegrityMechanism 260
13.3.5Non-3GPPAccess 261
13.4HandoverBetweeneNBs 261
13.4.1Overview 261
13.4.2KeyHandlinginHandover 262
13.4.2.1Initialization 262
13.4.2.2Intra-eNBKeyHandling 264
13.4.2.3Intra-MMEKeyHandling 265
13.4.2.4Inter-MMEKeyHandling 266
13.5SecurityAlgorithms 268
13.5.1128-EEA2 268
13.5.2128-EIA2 269
13.5.3EEA3 270
13.5.4EIA3 271
13.6SecurityforInterworkingBetweenLTEandLegacySystems 273
13.6.1BetweenLTEandUMTS 273
13.6.1.1IdleModeMobilityfromE-UTRANtoUTRAN 273
13.6.1.2IdleModeMobilityfromUTRANtoE-UTRAN 274
13.6.1.3HandoverModefromE-UTRANtoUTRAN 275
13.6.1.4HandoverModefromUTRANtoE-UTRAN 276
13.6.2BetweenE-UTRANandGERAN 277
13.6.2.1IdleMode 277
13.6.2.2HandoverMode 277
13.7Summary 278
PartVSecurityforNextGenerationWirelessNetworks 279
14Securityin5GWirelessNetworks 281
14.1Introductionto5GWirelessNetworkSystems 281
14.1.1TheAdvancementof5G 281
14.1.25GWirelessNetworkSystems 282
14.25GSecurityRequirementsandMajorDrives 283
14.2.1SecurityRequirementsfor5GWirelessNetworks 283
14.2.2MajorDrivesfor5GWirelessSecurity 284
14.2.2.1SupremeBuilt-in-Security 284
14.2.2.2FlexibleSecurityMechanisms 285
14.2.2.3Automation 285
14.2.3Attacksin5GWirelessNetworks 286
14.2.3.1EavesdroppingandTrafficAnalysis 286
14.2.3.2Jamming 286
14.2.3.3DoSandDDoS 287
14.2.3.4Man-In-The-Middle(MITM) 287
14.3A5GWirelessSecurityArchitecture 287
14.3.1NewElementsin5GWirelessSecurityArchitecture 287
14.3.2A5GWirelessSecurityArchitecture 288
14.3.2.1NetworkAccessSecurity(I) 288
14.3.2.2NetworkDomainSecurity(II) 289
14.3.2.3UserDomainSecurity(III) 289
14.3.2.4ApplicationDomainSecurity(IV) 289
14.45GWirelessSecurityServices 289
14.4.1Cryptographyin5G 289
14.4.2IdentityManagement 290
14.4.3Authenticationin5G 291
14.4.3.1FlexibleAuthentication 291
14.4.3.2AuthenticationThroughLegacyCellularSystem 291
14.4.3.3SDNBasedAuthenticationin5G 293
14.4.3.4AuthenticationofD2Din5G 294
14.4.3.5AuthenticationofRFIDin5G 294
14.4.4DataConfidentialityin5G 295
14.4.4.1PowerControl 295
14.4.4.2ArtificialNoiseandSignalProcessing 297
14.4.5HandoverProcedureandSignalingLoadAnalysis 297
14.4.6Availabilityin5G 297
14.4.7LocationandIdentityAnonymityin5G 300
14.55GKeyManagement 300
14.5.13GPP5GKeyArchitecture 300
14.5.2KeyManagementin5GHandover 301
14.5.3KeyManagementforD2DUsers 302
14.6SecurityforNewCommunicationTechniquesin5G 303
14.6.1HeterogeneousNetworkandMassiveMIMOin5G 303
14.6.2Device-to-DeviceCommunicationsin5G 304
14.6.3Software-DefinedNetworkin5G 306
14.6.4Internet-of-Thingsin5G 308
14.7ChallengesandFutureDirectionsfor5GWirelessSecurity 308
14.7.1NewTrustModels 308
14.7.2NewSecurityAttackModels 308
14.7.3PrivacyProtection 309
14.7.4FlexibilityandEfficiency 309
14.7.5UnifiedSecurityManagement 309
14.8Summary 310
15SecurityinV2XCommunications 311
15.1IntroductiontoV2XCommunications 311
15.1.1GenericSystemArchitectureofV2XCommunications 311
15.1.2DedicatedShortRangeCommunications 312
15.1.3CellularBasedV2XCommunications 313
15.2SecurityRequirementsandPossibleAttacksinV2XCommunications 314
15.2.1SecurityRequirements 314
15.2.2AttacksinV2XCommunications 315
15.2.3BasicSolutions 316
15.3IEEEWAVESecurityServicesforApplicationsandManagement Messages 316
15.3.1OverviewoftheWAVEProtocolStackandSecurityServices 316
15.3.2SecureDataServiceandSecurityServiceManagementEntity 318
15.3.3CRLVerificationEntityandP2PCertificateDistributionEntity 319
15.4SecurityinCellularBasedV2XCommunications 320
15.4.1LTE-V2XCommunicationSecurity 320
15.4.25G-V2XCommunicationSecurity 322
15.5CryptographyandPrivacyPreservationinV2XCommunications 323
15.5.1IdentityBasedSchemes 323
15.5.2GroupSignatureBasedSchemes 325
15.5.3BatchVerificationSchemes 326
15.5.4ReputationandTrustBasedSchemes 327
15.5.5IdentityAnonymityPreservation 328
15.5.6LocationAnonymityPreservation 328
15.6ChallengesandFutureResearchDirections 329
15.6.1HighlyEfficientAuthenticationSchemes 329
15.6.2EfficientRevocationMechanisms 330
15.6.3AdvancingOBUandTPDTechnologies 330
15.6.4AdvancingCryptographyandPrivacyPreservationSchemes 330
15.6.5AdvancingSolutionstoHetNet,SDN,andNFV 330
15.6.6AdvancingArtificialIntelligenceinV2XCommunicationSecurity 330
15.7Summary 331
References 333 Index 345
Preface
WefirstsignedthebookcontractwithWileyinearly2006.Threeyearsaftersigningthis bookcontract,weonlycompletedonethirdofthecontentsforthewholeoriginallyplanned book,becauseofunderestimatingthechallengesonwritingsuchaspecializedbook.When thefirstauthor,YiQian,joinedthefacultyoftheDepartmentofElectricalandComputer EngineeringatUniversityofNebraska-LincolninAugust2009,hecreatedanewcourseon wirelessnetworksecurityforthedepartment.Hehasbeenteachingthewirelessnetwork securitycourseinthesamedepartmenteveryyearinthespringsemestersincethen.When preparingthecoursematerialsforwirelessnetworksecurityeachyear,wefeelmoreand morestronglytohavesuchacomprehensivetextbookonwirelessnetworksecurity.In2015, wesignedtherevisedcontractwithWileyandjointlywithIEEEPress,andFengYewas addedasanewco-authorwhenhejustreceivedhisPh.D.degreeintheDepartmentof ElectricalandComputerEngineeringatUniversityofNebraska–Lincoln.Wehavebeen improvingthecontentsofthewirelessnetworksecuritycourseeveryyear,andgradually finishedmorechaptersofthebook.Fifteenyearsafterfirstsigningthecontractand12years afterteachingthesamecourse,withoverseveralthousandsofhoursjointeffortsfromallthe threeco-authors,weareverypleasedthatwehavecompletedthefirsteditionof“Security inWirelessCommunicationNetworks”andpublishedbyWiley/IEEEPressin2021.
Thisbookintendstobeaself-containedandonesemestertextbookforbothundergraduateseniorlevelandgraduatelevelcourses.Therearefivepartswith15chaptersinthe book.PartI,IntroductionandMathematicsBackground,includesthefirstthreechapterson generalintroductiononcomputercommunicationnetworksandwirelessnetworks,basic conceptsonnetworksecurity,andabriefreviewofthemathematicalbackgroundthatis neededtounderstandtherestofthechapters.PartII,CryptographicSystems,includesthe nextthreechaptersoncryptographictechniquesforbothsymmetricandpublickeycrypto systems,aswellasmessageauthentication,digitalsignature,andkeymanagement.Part III,SecurityforWirelessLocalAreaNetworks,includesfourchaptersonWi-Fisecurity, Bluetoothsecurity,Zigbeesecurity,andRFIDsecurity.PartIV,SecurityforWirelessWide AreaNetworks,includesthreechaptersonGSMsecurity,UMTSsecurity,andLTEsecurity. PartV,SecurityforNextGenerationWirelessNetworks,includestwochapterson5Gwirelessnetworksecurity,andvehicularcommunicationnetworksecurity.Inthefollowingisa briefintroductionforeachofthefifteenchapters.
Chapter1deliversthegeneralconceptofcomputernetworks,highlightstheroleofwirelesscommunicationsinthewholepictureofnetworkingarchitecture,andclassifiesthe wirelesssystemsbasedoncoverage,topology,andmobility.Thischapterservesasaprecursortotherestofthebookbyprovidingthebackgroundofdifferenttypesofwireless networks,includingwirelesspersonalareanetworks(WPAN),wirelesslocalareanetworks (WLAN),andwirelesswideareanetworks(WWAN).Italsoexplainsthesecuritythreatsin wirelessnetworksanddiscussestherelationshipbetweennetworksecurityandwireless security.
Chapter2givesanoverviewonthesecurityconceptsusedintherestofthisbook, includingsecurityattacks,securityservices,andsecuritymechanisms.Itfirstpresents theclassificationofsecurityattacksintermsofpassiveattacks(e.g.eavesdroppingand trafficanalysis)andactiveattacks(e.g.masquerade,replay,modification,anddenialof service).Itthenintroducessecurityservices,orthefeaturesinsystemdesignagainst possiblesecurityattacks,suchasconfidentiality,integrity,availability,accesscontrol, authentication,andnon-repudiation.Finally,toprovidesecurityserviceinasystem,a listofpopularsecuritymechanisms,suchastheencipherment,digitalsignature,etc.,is discussedintheremainingpartofthechapter.
Chapter3goesintothemathematicalbackgroundrelatedtowirelesssecurity,includingnumbertheoryandmodernalgebra,modulararithmeticanddivisors,finitefields, polynomialarithmetic,Fermat’slittletheorem,Euler’stotientfunction,Euler’stheory,etc. Theaforementionedknowledgeiscriticalfortheonestounderstandcryptography,such asadvancedencryptionstandardsandpublic-keycryptographicsystems.Inaddition,the fundamentalprinciplesandexemplarycasesareconciselypresentedfromtheperspective ofmathematics.
Afterthemathematicalbackground,Chapters4and5dealwithcryptographictechniques.Chapter4firstintroducesseveralsymmetrickeycryptographictechniquesby illustratingafewclassicalcryptographicalgorithmswithsubstitutionandtransposition techniques.Itthenpresentsthebasicconceptofmodernstream/blockcipheraswellas Feistelcipherstructure.Chapter5explainsmorecryptographictechniquesusingblock ciphersandpublickeyalgorithms,includingadvancedencryptionstandard,blockcipher modeofoperations,publickeyinfrastructure,RSAalgorithm,etc.
Chapter6introducesmessageauthenticationanddigitalsignaturetoprotecttheintegrity ofamessageandtheidentityofasenderandareceiver,respectively.First,thischapter discussesMACandhashfunctionsthoroughly,bothwidelyusedtoprovidemessage authentication.Then,itgoesintothecharacteristicsofdigitalsignatureandaseriesof digitalsignaturestandardssuchasDSA,RSA,andECDSA.Thesecanprotectthesender andreceiveragainsteachother.Withintheaforementionedmechanisms,keymanagement anddistributionplayacriticalrole.Therestofthechaptergivesageneralideaandsome examplesofkeymanagementschemes.Bothsymmetricandasymmetrickeydistributions havebeenillustrated.Thekeydistributionmechanismsadoptsymmetricandpublic keymechanismsfordifferentpurposes.Besides,practicalcommunicationsystemswith massiveusersneedhierarchicalkeydistributionmechanisms.Readersareexpectedto understandthebasicconceptsofthecryptographictechniquesillustratedinChapter5and Chapter6.Thesealgorithmswillbeseeninthewirelesssystemsintroducedinthelater
Preface
chapters.Thebackgroundoftheadvancedmathematicalcontents,suchasellipticcurve Diffie–Hellmankeyexchangeandellipticcurvedigitalsignature,etc.,maybeskipped.
Theremainingchaptersfrom7to15focusonthesecurityofspecificwirelesscommunicationsystems,coveringdifferentscalesofnetworksanddifferenttechnologies includingWLAN,Bluetooth,ZigBee,RFID,GSM,UMTS,LTE,and5G.Astheemerging vehicle-to-everything(V2X)communicationsarereceivinggreatattention,thefifteenth chapterespeciallydiscussesthesecurityofV2Xcommunications.
Chapter7discussesthesecurityofWirelessLocalAreaNetworks(WLAN)orinterchangeablyWi-Finowadays.ItstartswithanintroductionofWLANintermsofoperating modesandsecuritychallenges.WLANismorevulnerabletoattacksthanwiredconnectionsduetothelackofphysicalconnections.ItillustratesafewgenerationsofWLAN securityprotocols,whichevolvedfromtheoriginalWiredEquivalentPrivacydefinedby theIEEE802.11,Wi-FiProtectedAccess(WPA),WPA2,totherecentWPA3toimprove thesecurity.Italsoanalyzestheimplementationdetailsofthesesecurityprotocols.
Chapter8dealswithBluetoothsecurity.Bluetoothisanopenstandarddesignedfor wirelesspersonalareanetworks(WPAN).Bluetoothtechnologyenablesmanywireless devices,suchassmartwatches,wirelessheadphones,wirelesskeyboards,etc.Bluetooth standardspecifiesauthentication,authorization,andconfidentialityforsecuringdata transmission.Inthischapter,itanalyzesthesecuritymode,trustlevel,andservicelevel configurationsthatenableflexibilityofBluetoothsecuritypoliciesandhighlightthat Bluetoothspecificationsdonotensuresecureconnectionsfromalladversarypenetrations. IfusingBluetoothtechnologyinanorganization,itisimportanttodevelopsecurity policiestoaddresstheuseofBluetooth-enableddevicesandtheresponsibilitiesofusers.
Chapter9discussesthesecurityofZigbee.ItfirstgivesanoverviewofZigbeestandards relatedtodifferentnetworklayers,andthenmainlyanalyzesthekeycryptographicmechanisms.AsZigbeeadoptssymmetric-keycryptographicmechanisms,itespeciallyemphasizesthatthesecurestorageanddistributionofkeysisthepremiseofensuringthesecurity ofZigbee.Inpractice,thesecurityprovidedbyZigbeestandardsisnotenough.Forexample, ifaZigbeedevicejoinsanetwork,intruderscaninterceptunprotectedkeys.Moreover,an attackermayeasilygetphysicalaccesstoaZigbeedeviceandextractprivilegedinformationduetothelow-costnature.Thesecuritymustbecarefullyconsideredtoprovidethose applications.
Chapter10dealswiththesecurityofRFID.ItfirstgivesanoverviewofRFIDsubsystems, differenttypesofRFIDtags,andthefrequencybands.Itthenanalyzesthesecurityattacks, risks,andsecurityobjectivesofRFIDsystems.RFIDsystemsarevulnerabletosomeattacks (e.g.counterfeittag,eavesdropping,andelectroniccollisions)andprivacyrisks(e.g.disclosureoflocationinformationofusers).ThesecurityobjectivesoftheRFIDsysteminclude confidentiality,integrity,non-repudiation,andavailability.Duetothelowcostandphysical constraintsofRFIDtags,mitigationmechanismstosecurityrisksarelimited.Thechapter thenelaboratesonthelightweightcryptographicalgorithms,anti-collisionalgorithms,and physicalprotectionavailableforRFID.ItisimperativetoprovidesecurityservicestoRFID systems.
Chapter11dealswiththesecurityofGlobalSystemforMobile(GSM)Communications. Sincetheearly1990s,asthemostwidelyusedcellularmobilephonesystemintheworld,
GSMcanprovideserviceslikevoicecommunications,shortmessaging,etc.Thischapter startswiththeGSMsystemarchitectureandthendiscussesthenetworkaccesssecurity featuresandalgorithms.Despitethepopularity,theGSMsystemisexposedtoquiteafew threats.Inthechapter,itmainlydiscussestheattackscausedbythevulnerabilityofsecurity algorithms,aswellassomepossiblesecurityimprovements.Unfortunately,GSMmadevery fewimprovementsontheseaspectsbeforephasingoutrecently.
Chapter12introducesthesecurityofUniversalMobileTelecommunicationsSystem (UMTS).UMTSisasuccessorofGSMwithbettersecurity.Severalsecuritymechanisms arereusedbutwithmodifications.AfterintroducingUMTSarchitecture,thechapter discussesthesecuritymechanismsofUMTS,liketheauthenticationandkeyagreement, dataconfidentialityandintegrity,useridentityconfidentiality.Comparedwiththe GSM,UMTSaddsintegrityprotection.Algorithmsf8andf9ensureconfidentialityand integrity,respectively.BothalgorithmsarebasedonblockcipherKASUMI.Readers maybeinterestedinsomeadditionalsecurityfeaturesofUMTS,suchasmobiledevice identification,locationservices,anduser-to-USIMauthentication,whicharediscussedat theendofthechapter.
Chapter13illustratesLong-TermEvolution(LTE)security.Itstartswiththeintroduction oftheLTEsystemarchitecturewhichisbasedonGSMandUMTS.Akeydifferencewithits predecessorsisthatLTEseparatesthecontrolplaneanduserplane,differingLTEsecurity fromGSMandUMTS.ItthendepictsLTEsecurityintermsofsecurityarchitecture,security mechanisms,andalgorithms.LTEcoversmorekeysandsecurityalgorithms,suchasAES andZUC,toensurethesecurityofcomplexsystems.ItalsohighlightstheLTEsecurity forinterworkingwithlegacysystemsaswellasnon-3GPPaccess.LTEhasstrongsecurity implementedcomparingwiththepreviousgenerationsystem.LTEwillcontinuetoserve asanimportantpartofthenext-generationwirelesssystem.
Chapter14discussesthesecurityof5thgeneration(5G)wirelessnetworksystems.5G startedlarge-scalecommercialdeploymentaround2020andisthenext-generationmobile wirelesstelecommunicationsbeyond4G/InternationalMobileTelecommunications (IMT)-AdvancedSystems.Thischapterillustratessomecurrentdevelopment,challenges, andfuturedirectionsof5Gwirelessnetworksecurity.Itespeciallyanalyzesseveralnew securityrequirementsandchallengesintroducedbytheadvancedfeaturesofthe5Gwirelessnetworksystems.Duetotheongoingdevelopmentof5G,thechapteronlydiscusses somepresentsolutionsandresearchresultsconcerningthesecurityof5Gwirelessnetwork systems.Quiteafewchallengesin5Gwirelessnetworksecurity,includingnewtrustmodels,newsecurityattackmodels,privacyprotection,etc.,callforcontinuousdevelopment of5Gsecurity.Itbrieflyanalyzesthesechallengesinthefinalpartofthechapter.
Inrecentyears,asakeycomponentofIntelligentTransportationSystems,vehicle-toeverything(V2X)communicationshavereceivedgreatattention.Therapiddevelopment ofwirelesstechnologies(e.g.DSRC,LTE,and5G)enablesV2Xcommunicationsin differentapplications.Tointegratethevarietyofwirelesstechnologiesandmeetspecial requirementsforV2Xcommunications,securityandprivacyhavebecomeatoppriority. Therefore,thelastchapterofthebooksetsofftodiscussthesecurityofV2Xcommunications.StandardssuchasIEEEWAVEandLTE-V2XsetageneralguidelineforV2Xsecurity implementations.Newcryptographyschemes,suchasgroupsignatureandtrust-based schemes,areunderdevelopment.Thischaptercoversallthesetopics.Asanemerging
Preface xxi
typeofwirelesscommunicationscenario,quiteafewunsolvedsecuritychallengesexist inV2Xcommunications.Itdiscussesseveralkeychallenges,includingefficientschemes, hardwareenhancement,andintegrationofAIalgorithms,etc.,attheendofthechapter. Ourteachingphilosophyislettingthestudentslearnthebasicbuildingblocksthatare necessarytodesignasecurewirelesssystemandlearnthesecuritydesignsofdifferent wirelesscommunicationnetworksfromthehistorytothenextgeneration,alsodifferent scalesfrompersonalarea,localarea,towideareawirelessnetworks,sothatthestudents willbeabletohandlethenewdesignsoffuturesecurewirelesssystems.
April2021
YiQian UniversityofNebraska-Lincoln,USA
FengYe UniversityofDayton,USA
Hsiao-HwaChen NationalChengKungUniversity,Taiwan
Acknowledgments
Wewouldliketothankalltheundergraduateandgraduatestudentswhohavetaken thewirelessnetworksecurityclassesattheUniversityofNebraska–Lincolninthelast12 years,withouttheinteractionswiththestudentsandthefeedbacksfromthestudentsthis bookwouldnothavebeenpossible.Weexpressourdeepappreciationfortheirenthusiasm andtheireagernessoflearningthesubjects.WeespeciallythankthosePh.D.students whostudiedthewirelessnetworksecuritycourseandgraduatedintheDepartmentof ElectricalandComputerEngineeringatUniversityofNebraska–Lincolnorworkedas apostdoctorateresearcherthere,fortheircontinuoushelpwithimprovingthecourse materials,andadaptingourwirelessnetworksecuritycoursemodulesintheirnew schoolsforteaching,specificallyattheUniversityofWisconsin,UniversityofDayton,City UniversityofNewYork,DakotaStateUniversity,CaliforniaPolytechnicStateUniversity, UniversityofCentralMissouri,andUniversityofTexas.
WearesincerelyindebtedtoProfessorDavidTipperattheUniversityofPittsburghfor hisadviceandhelpwhenwefirstcreatedthewirelessnetworksecuritycourseatthe UniversityofNebraska-Lincoln12yearsago.ManythankstoProfessorTipperforhis endlessadviceandsupport,andtheencouragementforcompletingthisbook.
WeexpressourthankstothestaffofWiley,fortheircontinuoussupportforthisundertakingoverthelast15years.WewouldliketothankSandraGrayson,SeniorEditoratWiley, forallthesupportandguidance,aswellasforprovidingtheneededextrapushtokeepus indelivering.WethankJulietBooker,ManagingEditoratWiley,andseveralmorestaffat Wiley,fortheirpatienceindealingwithelectronictransferofmanuscriptsandhandling publicationissues.
Lastlybutnotleast,wethankourfamiliesfortheirsupportandpatiencewhileweworked onthisbookovertheseyears.
Webelievethatwehavegivenourbesttoensurethereadability,completeness,andaccuracyofthebook.However,itispossiblethatsomeerrorsandomissionsmaystillhave remainedundetected.Weappreciateanyfeedbackintendedtocorrectsucherrors.
Wearethankfultoeveryone!
