Wireless networks technologies have been dramatically improved by the popularity of third generation (3G) wireless networks, wireless LANs, Bluetooth, and sensor networks. However, security is a major concern for wide deployments of such wireless networks. The contributions to this volume identify various vulnerabilities in the physical layer, the MAC layer, the IP layer, the transport layer, and the application layer, and discuss ways to strengthen security mechanisms and services in all these layers. The topics covered in this book include intrusion detection, secure PHY/MAC/routing protocols, attacks and prevention, immunization, key management, secure group communications/multicast, secure location services, monitoring and surveillance, anonymity, privacy, trust establishment/management, redundancy and security, and dependable wireless networking.
Springer Series on S IGNALS AND C OMMUNICATION T ECHNOLOGY Wireless Network Security YANG XIAO, XUEMIN SHEN, and DING-ZHU DU Springer Editors: Yang Xiao Xuemin (Sherman) Shen Department of Computer Science Department of Electrical & Computer Engineering University of Alabama University of Waterloo 101 Houser Hall Waterloo, Ontario, Canada N2L 3G1 Tuscaloosa, AL 35487 Ding-Zhu Du Department of Computer Science & Engineering University of Texas at Dallas Richardson, TX 75093 Wireless Network Security Library of Congress Control Number: 2006922217 ISBN-10 0-387-28040-5 e-ISBN-10 0-387-33112-3 ISBN-13 978-0-387-28040-0 e-ISBN-13 978-0-387-33112-6 Printed on acid-free paper. © 2007 Springer Science+Business Media, LLC All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now know or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. 9 8 7 6 5 4 3 2 1 springer.com CONTENTS Preface vii Part I: Security in General Wireless/Mobile Networks 1 Chapter 1: High Performance Elliptic Curve Cryptographic Co-processor 3 Jonathan Lutz and M. Anwarul Hasan Chapter 2: An Adaptive Encryption Protocol in Mobile Computing 43 Hanping Lufei and Weisong Shi Part II: Security in Ad Hoc Network 63 Chapter 3: Pre-Authentication and Authentication Models in Ad Hoc Networks 65 Katrin Hoeper and Guang Gong Chapter 4: Promoting Identity-Based Key Management in Wireless Ad Hoc Networks 83 Jianping Pan, Lin Cai, and Xuemin (Sherman) Shen Chapter 5: A Survey of Attacks and Countermeasures in Mobile Ad Hoc Networks 103 Bing Wu, Jianmin Chen, Jie Wu, and Mihaela Cardei 137 Venkata C. Giruka and Mukesh Singhal Yang Xiao, Xuemin Shen, and Ding-Zhu Du Chapter 6: Secure Routing in Wireless Ad-Hoc Networks vi TABLE OF CONTENTS Chapter 7: A Survey on Intrusion Detection in Mobile Ad Hoc Networks 159 Tiranuch Anantvalee and Jie Wu Part III: Security in Mobile Cellular Networks 181 Chapter 8: Intrusion Detection in Cellular Mobile Networks 183 Bo Sun, Yang Xiao, and Kui Wu Chapter 9: The Spread of Epidemics on Smartphones 211 Bo Zheng, Yongqiang Xiong, Qian Zhang, and Chuang Lin Part IV: Security in Wireless LANs 243 Chapter 10: Cross-Domain Mobility-Adaptive Authentication 245 Hahnsang Kim and Kang G. Shin 273 Jon W. Mark, Yixin Jiang, and Chuang Lin Chapter 12: An Experimental Study on Security Protocols in WLANs 295 Avesh Kumar Agarwal and Wenye Wang Part V: Security in Sensor Networks 323 Chapter 13: Security Issues in Wireless Sensor Networks used in Clinical Information Systems 325 Chapter 14: Key Management Schemes in Sensor Networks 341 Chapter 15: Secure Routing in Ad Hoc and Sensor Networks 381 Xu (Kevin) Su, Yang Xiao, and Rajendra V. Boppana About the Editors 403 Index 407 Minghui Shi, Humphrey Rutagemwa, Xuemin (Sherman) Shen, Chapter 11: AAA Architecture and Authentication for Wireless LAN Roaming Jelena Misic and Vojislav B. Misic ˇ´ ˇ´ Venkata Krishna Rayi, Yang Xiao, Bo Sun, Xiaojiang (James) Du, and Fei Hu PREFACE Wireless/mobile communications network technologies have been dramatically ad- vanced in recent years, inculding the third generation (3G) wireless networks, wireless LANs, Ultra-wideband (UWB), ad hoc and sensor networks. However, wireless net- work security is still a major impediment to further deployments of the wireless/mobile networks. Security mechanisms in such networks are essential to protect data integrity and confidentiality, access control, authentication, quality of service, user privacy, and continuity of service. They are also critical to protect basic wireless network function- ality. This edited book covers the comprehensive research topics in wireless/mobile net- work security, which include cryptographic co-processor, encryption, authentication, key management, attacks and countermeasures, secure routing, secure medium access control, intrusion detection, epidemics, security performance analysis, security issues in applications, etc. It can serve as a useful reference for researchers, educators, graduate students, and practitioners in the field of wireless/network network security. The book contains 15 refereed chapters from prominent researchers working in this area around the world. It is organized along five themes (parts) in security issues for different wireless/mobile networks. Part I: Security in General Wireless/Mobile Networks: Chapter 1 by Lutz and Hasan describes a high performance and optimal elliptic curve processor as well as an optimal co-processor using Lopez and Dahab’s projective coordinate system. Chapter 2 by Lufei and Shi proposes an adaptive encryption protocol to dynamically choose a proper encryption algorithm based on application-specific requirements and device configurations. Part II: Security in Ad Hoc Networks: The next five chapters focus on security in ad hoc networks. Chapter 3 by Hoeper and Gong introduces a security framework for pre-authentication and authenticated models in ad hoc networks. Chapter 4 by Pan, Cai, and Shen promotes identity-based key management in ad hoc networks. Chapter 5 by Wu et al. provides a survey of attacks and countermeasures in ad hoc networks. Chapter 6 by Giruka and Singhal presents several routing protocols for ad-hoc networks, the security issues related to viii PREFACE routing, and securing routing protocols in ad hoc networks. Chapter 7 by Anantvalee and Wu classifies the architectures for intrusion detection systems in ad hoc networks. Part III: Security in Mobile Cellular Networks: The next two chapters dis- cuss security in mobile cellular networks. Chapter 8 by Sun, Xiao, and Wu introduces intrusion detection systems in mobile cellular networks. Chapter 9 by Zheng et al. proposes an epidemics spread model for smartphones. Part IV: Security in Wireless LANs: The next three chapters study the secu- rity in wireless LANs. Chapter 10 by Kim and Shin focuses on cross-domain authentication over wireless local area networks, and proposes an enhanced protocol called the Mobility-adjusted Authentication Protocol that performs mutual authentication and hierarchical key derivation. Chapter 11 by Shi et al. proposes Authentication, Authorization and Accounting (AAA) architec- ture and authentication for wireless LAN roaming. Chapter 12 by Agarwal and Wang studies the cross-layer interactions of security protocols in wireless LANs, and presents an experimental study. Part V: Security in Sensor Networks: The last three chapters focus on security in sensor networks. Chapter 13 by Mi ˇ si ´ c and Mi ˇ si ´ c reviews confidentiality and integrity polices for clinical information systems and compares candidate technologies IEEE 802.15.1 and IEEE 802.15.4 from the aspect of resilience of MAC and PHY layers to jamming and denial-of-service attacks. Chapter 14 by Rayi et al. provides a survey of key management schemes in sensor networks. The last chapter by Su, Xiao, and Boppana introduces security attacks, and reviews the recent approaches of secure network routing protocols in both mobile ad hoc and sensor networks. Although the covered topics may not be an exhaustive representation of all the security issues in wireless/mobile networks, they do represent a rich and useful sample of the strategies and contents. This book has been made possible by the great efforts and contributions of many people. First of all, we would like to thank all the contributors for putting together excellent chapters that are very comprehensive and informative. Second, we would like to thank all the reviewers for their valuable suggestions and comments which have greatly enhanced the quality of this book. Third, we would like to thank the staff members from Springer, for putting this book together. Finally, We would like to dedicate this book to our families. Yang Xiao Tuscaloosa, Alabama, USA Xuemin (Sherman) Shen Waterloo, Ontario, CANADA Ding-Zhu Du Richardson, Texas, USA Part I SECURITY IN GENERAL WIRELESS/MOBILE NETWORKS 1 HIGH PERFORMANCE ELLIPTIC CURVE CRYPTOGRAPHIC CO-PROCESSOR Jonathan Lutz General Dynamics - C4 Systems Scottsdale, Arizona E-mail: Jonathan.Lutz@gdc4s.com M. Anwarul Hasan Department of Electrical and Computer Engineering University of Waterloo, Waterloo, ON, Canada E-mail: ahasan@ece.uwaterloo.ca For an equivalent level of security, elliptic curve cryptography uses shorter key sizes and is considered to be an excellent candidate for constrained environments like wireless/mobile communications. In FIPS 186-2, NIST recommends several finite fields to be used in the elliptic curve digital signature algorithm (ECDSA). Of the ten recommended finite fields, five are binary extension fields with degrees ranging from 163 to 571. The fundamental building block of the ECDSA, like any ECC based protocol, is elliptic curve scalar mul- tiplication. This operation is also the most computationally intensive. In many situations it may be desirable to accelerate the elliptic curve scalar multiplication with specialized hardware. In this chapter a high performance elliptic curve processor is described which is optimized for the NIST binary fields. The architecture is built from the bottom up starting with the field arithmetic units. The architecture uses a field multiplier capable of performing a field multiplication over the extension field with degree 163 in 0.060 microseconds. Architectures for squaring and inversion are also presented. The co-processor uses Lopez and Dahab’s projective coordinate system and is optimized specifically for Koblitz curves. A prototype of the processor has been implemented for the binary extension field with degree 163 on a Xilinx XCV2000E FPGA. The prototype runs at 66 MHz and performs an elliptic curve scalar multiplication in 0.233 msec on a generic curve and 0.075 msec on a Koblitz curve. 1. INTRODUCTION The use of elliptic curves in cryptographic applications was first proposed inde- pendently in [15] and [23]. Since then several algorithms have been developed whose