Security WILEY. Wireless Mobile Internet. Second Edition. Man Young Rhee. Endowed Chair Professor, Kyung Hee University



Similar documents
Wireless Mobile Internet Security. 2nd Edition

ICTTEN8195B Evaluate and apply network security

MOBILE COMMUNICATION SYSTEMS AND SECURITY

Internet Security Cryptographic Principles, Algorithms and Protocols

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Network Security Fundamentals

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Network Security and Firewall 1

Cornerstones of Security

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

(d-5273) CCIE Security v3.0 Written Exam Topics

NETWORK ADMINISTRATION AND SECURITY

Chapter 10. Network Security

Chapter 7 Transport-Level Security

Chapter 8. Network Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

EXAM questions for the course TTM Information Security May Part 1

Network Security Essentials Chapter 5

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

CRYPTOGRAPHY AND NETWORK SECURITY

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Lecture 10: Communications Security

Networking: EC Council Network Security Administrator NSA

Chapter 4: Networking and the Internet

How To Pass A Credit Course At Florida State College At Jacksonville

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

How To Protect Your Network From Attack

BUY ONLINE FROM:

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Raritan Valley Community College Academic Course Outline. CISY Advanced Computer Networking

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Detailed Table of Contents

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Joseph Migga Kizza. A Guide to Computer Network Security. 4) Springer

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Common Remote Service Platform (crsp) Security Concept

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

CRIPT - Cryptography and Network Security

Chapter 17. Transport-Level Security

Communication Systems SSL

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Advanced Higher Computing. Computer Networks. Homework Sheets

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Transport Layer Security Protocols

Network Access Security. Lesson 10

Cryptography and network security CNET4523

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Tim Bovles WILEY. Wiley Publishing, Inc.

Security Protocols/Standards

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

What would you like to protect?

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Networking Technology Online Course Outline

Computer Networks CS321

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

CRYPTOG NETWORK SECURITY

IT Networks & Security CERT Luncheon Series: Cryptography

EXPLORER. TFT Filter CONFIGURATION

Proxy Server, Network Address Translator, Firewall. Proxy Server

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Network System Design Lesson Objectives

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Network Security Part II: Standards

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

CSCI 454/554 Computer and Network Security. Final Exam Review

Protocol Specification & Design. The Internet and its Protocols. Course Outline (trivia) Introduction to the Subject Teaching Methods

COTS SECURITY GUIDANCE (CSG) VOICE OVER INTERNET PROTOCOL (VoIP)

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

Network Security Essentials:

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

Chapter 32 Internet Security

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Chapter 4: Security of the architecture, and lower layer security (network security) 1

Security Technology: Firewalls and VPNs

Secure web transactions system

Build Your Own Security Lab

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

CompTIA Network+ (Exam N10-005)

Transcription:

Wireless Mobile Internet Security Second Edition Man Young Rhee Endowed Chair Professor, Kyung Hee University Professor Emeritus, Hanyang University, Republic of Korea WILEY A John Wiley & Sons. Ltd., Publication

Contents Preface About the Author Acknowledgments xiii xxi xxiii 1 Internetworking and Layered Models 1 1.1 Networking Technology 2 1.1.1 Local Area Networks (LANs) 2 1.1.2 Wide Area Networks (WANs) 3 1.2 Connecting Devices 5 1.2.1 Switches 5 1.2.2 Repeaters 6 1.2.3 Bridges 7 1.2.4 Routers 7 1.2.5 Gateways 8 1.3 The OSI Model 8 1.4 TCP/IP Model 12 1.4.1 Network Access Layer 13 1.4.2 Internet Layer 14 1.4.3 Transport Layer 14 1.4.4 Application Layer 14 2 TCP/IP Suite and Internet Stack Protocols 15 2.1 Network Layer Protocols 15 2.1.1 Internet Protocol (IP) 15 2.1.2 Address Resolution Protocol (ARP) 28 2.1.3 Reverse Address Resolution Protocol (RARP) 31 2.1.4 Classless Interdomain Routing (CIDR) 31 2.1.5 IP Version 6 (IPv6 or IPng) 32 2.1.6 Internet Control Message Protocol (ICMP) 40 2.1.7 Internet Group Management Protocol (IGMP) 41 2.2 Transport Layer Protocols 41 2.2.1 Transmission Control Protocol (TCP) 41 2.2.2 User Datagram Protocol (UDP) 44

vi CONTENTS 2.3 World Wide Web 47 2.3.1 Hypertext Transfer Protocol (HTTP) 47 2.3.2 Hypertext Markup Language (HTML) 47 2.3.3 Common Gateway Interface (CGI) 48 2.3.4 Java 49 2.4 File Transfer 49 2.4.1 File Transfer Protocol (FTP) 49 2.4.2 Trivial File Transfer Protocol (TFTP) 49 2.4.3 Network File System (NFS) 50 2.5 E-Mail 50 2.5.1 Simple Mail Transfer Protocol (SMTP) 50 2.5.2 Post Office Protocol Version 3 (POP3) 51 2.5.3 Internet Message Access Protocol (IMAP) 51 2.5.4 Multipurpose Internet Mail Extension (MIME) 52 2.6 Network Management Service 52 2.6.1 Simple Network Management Protocol (SNMP) 52 2.7 Converting IP Addresses 53 2.7.1 Domain Name System (DNS) 53 2.8 Routing Protocols 54 2.8.1 Routing Information Protocol (RIP) 54 2.8.2 Open Shortest Path First (OSPF) 54 2.8.3 Border Gateway Protocol (BGP) 55 2.9 Remote System Programs 55 2.9.1 TELNET 55 2.9.2 Remote Login (Rlogin) 56 2.10 Social Networking Services 56 2.10.1 Facebook 56 2.10.2 Twitter 56 2.10.3 Linkedin 57 2.10.4 Groupon 57 2.11 Smart IT Devices 57 2.11.1 Smartphones 57 2.11.2 Smart TV 57 2.11.3 Video Game Console 58 2.12 Network Security Threats 58 2.12.1 Worm 58 2.12.2 Virus 58 2.12.3 DDoS 58 2.13 Internet Security Threats 58 2.13.1 Phishing 58 2.13.2 SNS Security Threats 59 2.14 Computer Security Threats 59 2.14.1 Exploit 59 2.14.2 Password Cracking 60 2.14.3 Rootkit 60

CONTENTS vii 2.14.4 Trojan Horse 60 2.14.5 Keylogging 61 2.14.6 Spoofing Attack 61 2.14.7 Packet Sniffer 62 2.14.8 Session Hijacking 62 3 Global Trend of Mobile Wireless Technology 63 3.1 1G Cellular Technology 3.1.1 AMPS (Advanced Mobile Phone System) 64 3.1.2 NMT (Nordic Mobile Telephone) 64 3.1.3 TACS (Total Access Communications System) 64 3.2 2G Mobile Radio Technology 64 3.2.1 CDPD (Cellular Digital Packet Data), North American Protocol 65 3.2.2 GSM (Global System for Mobile Communications) 65 3.2.3 TDMA-136 or IS-54 66 3.2.4 iden (Integrated Digital Enhanced Network) 66 3.2.5 cdmaone IS-95A 67 3.2.6 PDC (Personal Digital Cellular) 67 3.2.7 i-mode 67 3.2.8 WAP (Wireless Application Protocol) 67 3.3 2.5G Mobile Radio Technology 67 3.3.1 ECSD (Enhanced Circuit-Switched Data) 69 3.3.2 HSCSD (High-Speed Circuit-Switched Data) 69 3.3.3 GPRS (General Packet Radio Service) 69 3.3.4 EDGE (Enhanced Data rate for GSM Evolution) 69 3.3.5 cdmaone IS-95B 69 3.4 3G Mobile Radio Technology (Situation and Status of 3G) 70 3.4.1 UMTS (Universal Mobile Telecommunication System) 73 3.4.2 HSDPA (High-Speed Downlink Packet Access) 73 3.4.3 CDMA2000 lx 74 3.4.4 CDMA2000 lxev (lx Evolution) 74 3.4.5 CDMA2000 lxev-do (lx Evolution Data Only) 74 3.4.6 CDMA2000 lxev-dv (lx Evolution Data Voice) 74 3.5 3G UMTS Security-Related Encryption Algorithm 75 3.5.1 KASUMI Encryption Function 75 4 Symmetric Block Ciphers 81 4.1 Data Encryption Standard (DES) 81 4.1.1 Description of the Algorithm 4.1.2 Key Schedule 84 4.1.3 DES Encryption 86 4.1.4 DES Decryption 91 4.1.5 Triple DES 95 4.1.6 DES-CBC Cipher Algorithm with IV 97 63 82

viii CONTENTS 4.2 International Data Encryption Algorithm (IDEA) 99 4.2.1 Subkey Generation and Assignment 100 4.2.2 IDEA Encryption 101 4.2.3 IDEA Decryption 106 4.3 RC5 Algorithm 108 4.3.1 Description of RC5 109 4.3.2 Key Expansion 110 4.3.3 Encryption 114 4.3.4 Decryption 117 4.4 RC6 Algorithm 123 4.4.1 Description of RC6 123 4.4.2 Key Schedule 124 4.4.3 Encryption 125 4.4.4 Decryption 128 4.5 AES (Rijndael) Algorithm 135 4.5.1 Notational Conventions 135 4.5.2 Mathematical Operations 137 4.5.3 AES Algorithm Specification 140 5 Hash Function, Message Digest, and Message Authentication Code 161 5.1 DMDC Algorithm 161 5.1.1 Key Schedule 162 5.1.2 Computation of Message Digests 166 5.2 Advanced DMDC Algorithm 171 5.2.1 Key Schedule 171 5.2.2 Computation of Message Digests 173 5.3 MD5 Message-Digest Algorithm 176 5.3.1 Append Padding Bits 176 5.3.2 Append Length 177 5.3.3 Initialize MD Buffer 177 5.3.4 Define Four Auxiliary Functions (F, G, H, I) 177 5.3.5 FF, GG, HH, and II Transformations for Rounds 1, 2, 3, and 4 178 5.3.6 Computation of Four Rounds (64 Steps) 178 5.4 Secure Hash Algorithm (SHA-1) 188 5.4.1 Message Padding 188 5.4.2 Initialize 160-bit Buffer 189 5.4.3 Functions Used 189 5.4.4 Constants Used 190 5.4.5 Computing the Message Digest 191 5.5 Hashed Message Authentication Codes (HMAC) 195 6 Asymmetric Public-Key Cryptosystems 203 6.1 Diffie-Hellman Exponential Key Exchange 203 6.2 RSA Public-Key Cryptosystem 207

CONTENTS ix 6.2.1 RSA Encryption Algorithm 208 6.2.2 RSA Signature Scheme 212 6.3 ElGamal's Public-Key Cryptosystem 215 6.3.1 ElGamal Encryption 215 6.3.2 ElGamal Signatures 217 6.3.3 ElGamal Authentication Scheme 219 6.4 Schnorr's Public-Key Cryptosystem 222 6.4.1 Schnorr's Authentication Algorithm 222 6.4.2 Schnorr's Signature Algorithm 224 6.5 Digital Signature Algorithm 227 6.6 The Elliptic Curve Cryptosystem (ECC) 230 6.6.1 Elliptic Curves 230 6.6.2 Elliptic Curve Cryptosystem Applied to the ElGamal Algorithm 239 6.6.3 Elliptic Curve Digital Signature Algorithm 240 6.6.4 ECDSA Signature Computation 244 7 Public-Key Infrastructure 249 7.1 Internet Publications for Standards 250 7.2 Digital Signing Techniques 251 7.3 Functional Roles of PKI Entities 258 7.3.1 Policy Approval Authority 258 7.3.2 Policy Certification Authority 260 7.3.3 Certification Authority 261 7.3.4 Organizational Registration Authority 262 7.4 Key Elements for PKI Operations 263 7.4.1 Hierarchical Tree Structures 264 7.4.2 Policy-Making Authority 265 7.4.3 Cross-Certification 266 7.4.4 X.500 Distinguished Naming 269 7.4.5 Secure Key Generation and Distribution 270 7.5 X.509 Certificate Formats 271 7.5.1 X.509 vl Certificate Format 271 7.5.2 X.509 v2 Certificate Format 273 7.5.3 X.509 v3 Certificate Format 274 7.6 Certificate Revocation List 282 7.6.1 CRL Fields 282 7.6.2 CRL Extensions 284 7.6.3 CRL Entry Extensions 285 7.7 Certification Path Validation 287 7.7.1 Basic Path Validation 287 7.7.2 Extending Path Validation 289 8 Network Layer Security 8.1 IPsec Protocol 291 291

X CONTENTS 8.1.1 IPsec Protocol Documents 292 8.1.2 Security Associations (SAs) 294 8.1.3 Hashed Message Authentication Code (HMAC) 296 8.2 IP Authentication Header 299 8.2.1 AH Format 300 8.2.2 AH Location 301 8.3 IP ESP 301 8.3.1 ESP Packet Format 303 8.3.2 ESP Header Location 304 8.3.3 Encryption and Authentication Algorithms 306 8.4 Key Management Protocol for IPsec 308 8.4.1 OAKLEY Key Determination Protocol 308 8.4.2 ISAKMP 309 9 Transport Layer Security: SSLv3 and TLSvl 325 9.1 SSL Protocol 325 9.1.1 Session and Connection States 326 9.1.2 SSL Record Protocol 327 9.1.3 SSL Change Cipher Spec Protocol 331 9.1.4 SSL Alert Protocol 331 9.1.5 SSL Handshake Protocol 332 9.2 Cryptographic Computations 338 9.2.1 Computing 9.2.2 Converting the Master Secret into Cryptographic the Master Secret 338 Parameters 339 9.3 TLS Protocol 339 9.3.1 HMAC Algorithm 340 9.3.2 Pseudo-random Function 344 9.3.3 Error Alerts 349 9.3.4 Certificate Verify Message 350 9.3.5 Finished Message 351 9.3.6 Cryptographic Computations (for TLS) 351 10 Electronic Mail Security: PGP, S/MIME 353 10.1 PGP 353 10.1.1 Confidentiality via Encryption 354 10.1.2 Authentication via Digital Signature 355 10.1.3 Compression 356 10.1.4 Radix-64 Conversion 357 10.1.5 Packet Headers 361 10.1.6 PGP Packet Structure 363 10.1.7 Key Material Packet 367 10.1.8 Algorithms for PGP 5.x 371 10.2 S/MIME 372 10.2.1 MIME 372 10.2.2 S/MIME 379

CONTENTS xi 10.2.3 Enhanced Security Services for S/MIME 382 11 Internet Firewalls for Trusted Systems 387 11.1 Role of Firewalls 387 11.2 Firewall-Related Terminology 388 11.2.1 Bastion Host 389 11.2.2 Proxy Server 389 11.2.3 SOCKS 390 11.2.4 Choke Point 391 11.2.5 Demilitarized Zone (DMZ) 391 11.2.6 Logging and Alarms 391 11.2.7 VPN 392 11.3 Types of Firewalls 392 11.3.1 Packet Filters 392 11.3.2 Circuit-Level Gateways 397 11.3.3 Application-Level Gateways 397 11.4 Firewall Designs 398 11.4.1 Screened Host Firewall (Single-Homed Bastion Host) 399 11.4.2 Screened Host Firewall (Dual-Homed Bastion Host) 400 11.4.3 Screened Subnet Firewall 400 11.5 IDS Against Cyber Attacks 401 11.5.1 Internet Worm Detection 401 11.5.2 Computer 11.5.3 Special Kind of Viruses 403 Virus 402 11.6 Intrusion Detections Systems 404 11.6.1 Network-Based Intrusion Detection System (NIDS) 404 11.6.2 Wireless Intrusion Detection System (WIDS) 406 11.6.3 Network Behavior Analysis System (NBAS) 408 11.6.4 Host-Based Intrusion Detection System (HIDS) 409 11.6.5 Signature-Based Systems 410 11.6.6 Anomaly-Based Systems 411 11.6.7 Evasion Techniques of IDS Systems 412 12 SET for E-Commerce Transactions 415 12.1 Business Requirements for SET 415 12.2 SET System Participants 417 12.3 Cryptographic Operation Principles 418 12.4 Dual Signature and Signature Verification 420 12.5 Authentication and Message Integrity 424 12.6 Payment Processing 427 12.6.1 Cardholder Registration 427 12.6.2 Merchant Registration 433 12.6.3 Purchase Request 434 12.6.4 Payment Authorization 435 12.6.5 Payment Capture 437

xii CONTENTS 13 4G Wireless Internet Communication Technology 439 13.1 Mobile WiMAX 440 13.1.1 Mobile WiMAX Network Architecture 440 13.1.2 Reference Points in WiMAX Network Reference Model (NRM) 442 13.1.3 Key Supporting Technologies 444 13.1.4 Comparison between Mobile WiMAX Network and Cellular Wireless Network 447 13.2 WiBro (Wireless Broadband) 448 13.2.1 WiBro Network Architecture 448 13.2.2 Key Elements in WiBro System Configuration 449 13.2.3 System Comparison between HSDPA and WiBro 451 13.2.4 Key Features on WiBro Operation 451 13.3 UMB (Ultra Mobile Broadband) 452 13.3.1 Design Objectives of UMB 453 13.3.2 Key Technologies Applicable to UMB 453 13.3.3 UMB IP-Based Network Architecture 455 13.3.4 Conclusive Remarks 456 13.4 LTE (Long Term Evolution) 457 13.4.1 LTE Features and Capabilities 457 13.4.2 LTE Frame Structure 458 13.4.3 LTE Time-Frequency Structure for Downlink 458 13.4.4 LTE SC-FDMA on Uplink 460 13.4.5 LTE Network Architecture 461 13.4.6 Key Components Supporting LTE Design 463 13.4.7 Concluding Remarks 464 Acronyms 467 Bibliography 473 Index 481

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information