Wireless Mobile Internet Security

The mobile industry for wireless cellular services has grown at a rapid pace over the past decade. Similarly, Internet service technology has also made dramatic growth through the World Wide Web with a wire line infrastructure. Realization for complete wired/wireless mobile Internet technologies will become the future objectives for convergence of these technologies through multiple enhancements of both cellular mobile systems and Internet interoperability. Flawless integration between these two wired/wireless networks will enable subscribers to not only roam worldwide, but also to solve the ever increasing demand for data/Internet services. In order to keep up with this noteworthy growth in the demand for wireless broadband, new technologies and structural architectures are needed to greatly improve system performance and network scalability while significantly reducing the cost of equipment and deployment.

Features:

• Written by a top expert in information security
• Gives a clear understanding of wired/wireless mobile internet technologies
• Presents complete coverage of various cryptographic protocols and specifications needed for 3GPP: AES, KASUMI, Public-key and Elliptic curve cryptography
• Forecast new features and promising 4G packet-switched wireless internet technologies for voice and data communications
• Provides MIMO/OFDMA-based for 4G systems such as Long Term Evolution (LTE), Ultra Mobile Broadband (UMB), Mobile WiMax or Wireless Broadband (WiBro)
• Deals with Intrusion Detection System against worm/virus cyber attacks

The book ideal for advanced undergraduate and postgraduate students enrolled in courses such as Wireless Access Networking, Mobile Internet Radio Communications. Practicing engineers in industry and research scientists can use the book as a reference to get reacquainted with mobile radio fundamentals or to gain deeper understanding of complex security issues.

Preface

About the Author

Acknowledgments

1 Internetworking and Layered Models

1.1 Networking Technology

1.1.1 Local Area Networks (LANs)

1.1.2 Wide Area Networks (WANs)

1.2 Connecting Devices

1.2.1 Switches

1.2.2 Repeaters

1.2.3 Bridges

1.2.4 Routers

1.2.5 Gateways

1.3 The OSI Model

1.4 TCP/IP Model

1.4.1 Network Access Layer

1.4.2 Internet Layer

1.4.3 Transport Layer

1.4.4 Application Layer

2 TCP/IP Suite and Internet Stack Protocols

2.1 Network Layer Protocols

2.1.1 Internet Protocol (IP)

2.1.2 Address Resolution Protocol (ARP)

2.1.3 Reverse Address Resolution Protocol (RARP)

2.1.4 Classless Interdomain Routing (CIDR)

2.1.5 IP Version 6 (IPv6 or IPng)

2.1.6 Internet Control Message Protocol (ICMP)

2.1.7 Internet Group Management Protocol (IGMP)

2.2 Transport Layer Protocols

2.2.1 Transmission Control Protocol (TCP)

2.2.2 User Datagram Protocol (UDP)

2.3 World Wide Web

2.3.1 Hypertext Transfer Protocol (HTTP)

2.3.2 Hypertext Markup Language (HTML)

2.3.3 Common Gateway Interface (CGI)

2.3.4 Java

2.4 File Transfer

2.4.1 File Transfer Protocol (FTP)

2.4.2 Trivial File Transfer Protocol (TFTP)

2.4.3 Network File System (NFS)

2.5 E-Mail

2.5.1 Simple Mail Transfer Protocol (SMTP)

2.5.2 Post Office Protocol Version 3 (POP3)

2.5.3 Internet Message Access Protocol (IMAP)

2.5.4 Multipurpose Internet Mail Extension (MIME)

2.6 Network Management Service

2.6.1 Simple Network Management Protocol (SNMP)

2.7 Converting IP Addresses

2.7.1 Domain Name System (DNS)

2.8 Routing Protocols

2.8.1 Routing Information Protocol (RIP)

2.8.2 Open Shortest Path First (OSPF)

2.8.3 Border Gateway Protocol (BGP)

2.9 Remote System Programs

2.9.1 TELNET

2.9.2 Remote Login (Rlogin)

2.10 Social Networking Services

2.10.1 Facebook

2.10.2 Twitter

2.10.3 Linkedin

2.10.4 Groupon

2.11 Smart IT Devices

2.11.1 Smartphones

2.11.2 Smart TV

2.11.3 Video Game Console

2.12 Network Security Threats

2.12.1 Worm

2.12.2 Virus

2.12.3 DDoS

2.13 Internet Security Threats

2.13.1 Phishing

2.13.2 SNS Security Threats

2.14 Computer Security Threats

2.14.1 Exploit

2.14.2 Password Cracking

2.14.3 Rootkit

2.14.4 Trojan Horse

2.14.5 Keylogging

2.14.6 Spoofing Attack

2.14.7 Packet Sniffer

2.14.8 Session Hijacking

3 Global Trend of Mobile Wireless Technology

3.1 1G Cellular Technology

3.1.1 AMPS (Advanced Mobile Phone System)

3.1.2 NMT (Nordic Mobile Telephone)

3.1.3 TACS (Total Access Communications System)

3.2 2G Mobile Radio Technology

3.2.1 CDPD (Cellular Digital Packet Data), North American Protocol

3.2.2 GSM (Global System for Mobile Communications)

3.2.3 TDMA-136 or IS-54

3.2.4 iDEN (Integrated Digital Enhanced Network)

3.2.5 cdmaOne IS-95A

3.2.6 PDC (Personal Digital Cellular)

3.2.7 i-mode

3.2.8 WAP (Wireless Application Protocol)

3.3 2.5G Mobile Radio Technology

3.3.1 ECSD (Enhanced Circuit-Switched Data)

3.3.2 HSCSD (High-Speed Circuit-Switched Data)

3.3.3 GPRS (General Packet Radio Service)

3.3.4 EDGE (Enhanced Data rate for GSM Evolution)

3.3.5 cdmaOne IS-95B

3.4 3G Mobile Radio Technology (Situation and Status of 3G)

3.4.1 UMTS (Universal Mobile Telecommunication System)

3.4.2 HSDPA (High-Speed Downlink Packet Access)

3.4.3 CDMA2000 1x

3.4.4 CDMA2000 1xEV (1x Evolution)

3.4.5 CDMA2000 1xEV-DO (1x Evolution Data Only)

3.4.6 CDMA2000 1xEV-DV (1x Evolution Data Voice)

3.5 3G UMTS Security-Related Encryption Algorithm

3.5.1 KASUMI Encryption Function

4 Symmetric Block Ciphers

4.1 Data Encryption Standard (DES)

4.1.1 Description of the Algorithm

4.1.2 Key Schedule

4.1.3 DES Encryption

4.1.4 DES Decryption

4.1.5 Triple DES

4.1.6 DES-CBC Cipher Algorithm with IV

4.2 International Data Encryption Algorithm (IDEA)

4.2.1 Subkey Generation and Assignment

4.2.2 IDEA Encryption

4.2.3 IDEA Decryption

4.3 RC5 Algorithm

4.3.1 Description of RC5

4.3.2 Key Expansion

4.3.3 Encryption

4.3.4 Decryption

4.4 RC6 Algorithm

4.4.1 Description of RC6

4.4.2 Key Schedule

4.4.3 Encryption

4.4.4 Decryption

4.5 AES (Rijndael) Algorithm

4.5.1 Notational Conventions

4.5.2 Mathematical Operations

4.5.3 AES Algorithm Specification

5 Hash Function, Message Digest, and Message Authentication Code

5.1 DMDC Algorithm

5.1.1 Key Schedule

5.1.2 Computation of Message Digests

5.2 Advanced DMDC Algorithm

5.2.1 Key Schedule

5.2.2 Computation of Message Digests

5.3 MD5 Message-Digest Algorithm

5.3.1 Append Padding Bits

5.3.2 Append Length

5.3.3 Initialize MD Buffer

5.3.4 Define Four Auxiliary Functions (F, G, H, I)

5.3.5 FF, GG, HH, and II Transformations for

Rounds 1, 2, 3, and 4

5.3.6 Computation of Four Rounds (64 Steps)

5.4 Secure Hash Algorithm (SHA-1)

5.4.1 Message Padding

5.4.2 Initialize 160-bit Buffer

5.4.3 Functions Used

5.4.4 Constants Used

5.4.5 Computing the Message Digest

5.5 Hashed Message Authentication Codes (HMAC)

6 Asymmetric Public-Key Cryptosystems

6.1 Diffie–Hellman Exponential Key Exchange

6.2 RSA Public-Key Cryptosystem

6.2.1 RSA Encryption Algorithm

6.2.2 RSA Signature Scheme

6.3 ElGamal’s Public-Key Cryptosystem

6.3.1 ElGamal Encryption

6.3.2 ElGamal Signatures

6.3.3 ElGamal Authentication Scheme

6.4 Schnorr’s Public-Key Cryptosystem

6.4.1 Schnorr’s Authentication Algorithm

6.4.2 Schnorr’s Signature Algorithm

6.5 Digital Signature Algorithm

6.6 The Elliptic Curve Cryptosystem (ECC)

6.6.1 Elliptic Curves

6.6.2 Elliptic Curve Cryptosystem Applied to

the ElGamal Algorithm

6.6.3 Elliptic Curve Digital Signature Algorithm

6.6.4 ECDSA Signature Computation

7 Public-Key Infrastructure

7.1 Internet Publications for Standards

7.2 Digital Signing Techniques

7.3 Functional Roles of PKI Entities

7.3.1 Policy Approval Authority

7.3.2 Policy Certification Authority

7.3.3 Certification Authority

7.3.4 Organizational Registration Authority

7.4 Key Elements for PKI Operations

7.4.1 Hierarchical Tree Structures

7.4.2 Policy-Making Authority

7.4.3 Cross-Certification

7.4.4 X.500 Distinguished Naming

7.4.5 Secure Key Generation and Distribution

7.5 X.509 Certificate Formats

7.5.1 X.509 v1 Certificate Format

7.5.2 X.509 v2 Certificate Format

7.5.3 X.509 v3 Certificate Format

7.6 Certificate Revocation List

7.6.1 CRL Fields

7.6.2 CRL Extensions

7.6.3 CRL Entry Extensions

7.7 Certification Path Validation

7.7.1 Basic Path Validation

7.7.2 Extending Path Validation

8 Network Layer Security

8.1 IPsec Protocol

8.1.1 IPsec Protocol Documents

8.1.2 Security Associations (SAs)

8.1.3 Hashed Message Authentication Code (HMAC)

8.2 IP Authentication Header

8.2.1 AH Format

8.2.2 AH Location

8.3 IP ESP

8.3.1 ESP Packet Format

8.3.2 ESP Header Location

8.3.3 Encryption and Authentication Algorithms

8.4 Key Management Protocol for IPsec

8.4.1 OAKLEY Key Determination Protocol

8.4.2 ISAKMP

9 Transport Layer Security: SSLv3 and TLSv1

9.1 SSL Protocol

9.1.1 Session and Connection States

9.1.2 SSL Record Protocol

9.1.3 SSL Change Cipher Spec Protocol

9.1.4 SSL Alert Protocol

9.1.5 SSL Handshake Protocol

9.2 Cryptographic Computations

9.2.1 Computing the Master Secret

9.2.2 Converting the Master Secret into Cryptographic Parameters

9.3 TLS Protocol

9.3.1 HMAC Algorithm

9.3.2 Pseudo-random Function

9.3.3 Error Alerts

9.3.4 Certificate Verify Message

9.3.5 Finished Message

9.3.6 Cryptographic Computations (for TLS)

10 Electronic Mail Security: PGP, S/MIME

10.1 PGP

10.1.1 Confidentiality via Encryption

10.1.2 Authentication via Digital Signature

10.1.3 Compression

10.1.4 Radix-64 Conversion

10.1.5 Packet Headers

10.1.6 PGP Packet Structure

10.1.7 Key Material Packet

10.1.8 Algorithms for PGP 5.x

10.2 S/MIME

10.2.1 MIME

10.2.2 S/MIME

10.2.3 Enhanced Security Services for S/MIME

11 Internet Firewalls for Trusted Systems

11.1 Role of Firewalls

11.2 Firewall-Related Terminology

11.2.1 Bastion Host

11.2.2 Proxy Server

11.2.3 SOCKS

11.2.4 Choke Point

11.2.5 Demilitarized Zone (DMZ)

11.2.6 Logging and Alarms

11.2.7 VPN

11.3 Types of Firewalls

11.3.1 Packet Filters

11.3.2 Circuit-Level Gateways

11.3.3 Application-Level Gateways

11.4 Firewall Designs

11.4.1 Screened Host Firewall (Single-Homed Bastion Host)

11.4.2 Screened Host Firewall (Dual-Homed Bastion Host)

11.4.3 Screened Subnet Firewall

11.5 IDS Against Cyber Attacks

11.5.1 Internet Worm Detection

11.5.2 Computer Virus

11.5.3 Special Kind of Viruses

11.6 Intrusion Detections Systems

11.6.1 Network-Based Intrusion Detection System (NIDS)

11.6.2 Wireless Intrusion Detection System (WIDS)

11.6.3 Network Behavior Analysis System (NBAS)

11.6.4 Host-Based Intrusion Detection System (HIDS)

11.6.5 Signature-Based Systems

11.6.6 Anomaly-Based Systems

11.6.7 Evasion Techniques of IDS Systems

12 SET for E-Commerce Transactions

12.1 Business Requirements for SET

12.2 SET System Participants

12.3 Cryptographic Operation Principles

12.4 Dual Signature and Signature Verification

12.5 Authentication and Message Integrity

12.6 Payment Processing

12.6.1 Cardholder Registration

12.6.2 Merchant Registration

12.6.3 Purchase Request

12.6.4 Payment Authorization

12.6.5 Payment Capture

13 4G Wireless Internet Communication Technology

13.1 Mobile WiMAX

13.1.1 Mobile WiMAX Network Architecture

13.1.2 Reference Points in WiMAX Network

Reference Model (NRM)

13.1.3 Key Supporting Technologies

13.1.4 Comparison between Mobile WiMAX Network and Cellular

Wireless Network

13.2 WiBro (Wireless Broadband)

13.2.1 WiBro Network Architecture

13.2.2 Key Elements in WiBro System Configuration

13.2.3 System Comparison between HSDPA and WiBro

13.2.4 Key Features on WiBro Operation

13.3 UMB (Ultra Mobile Broadband)

13.3.1 Design Objectives of UMB

13.3.2 Key Technologies Applicable to UMB

13.3.3 UMB IP-Based Network Architecture

13.3.4 Conclusive Remarks

13.4 LTE (Long Term Evolution)

13.4.1 LTE Features and Capabilities

13.4.2 LTE Frame Structure

13.4.3 LTE Time-Frequency Structure for Downlink

13.4.4 LTE SC-FDMA on Uplink

13.4.5 LTE Network Architecture

13.4.6 Key Components Supporting LTE Design

13.4.7 Concluding Remarks

Acronyms

Bibliography

Index