Security and Privacy Approaches for Wireless Local and Metropolitan Area Networks (LANs & MANs)

Security and Privacy Approaches for Wireless Local and Metropolitan Area Networks (LANs & MANs)

Giorgos Kostopoulos (University of Patras, Greece), Nicolas Sklavos (Technological Educational Institute of Mesolonghi, Greece) and Odysseas Koufopavlou (University of Patras, Greece)
Copyright: © 2008 |Pages: 15
DOI: 10.4018/978-1-59904-899-4.ch046
OnDemand PDF Download:


Wireless communications are becoming ubiquitous in homes, offices, and enterprises with the popular IEEE 802.11 wireless local area network (LAN) technology and the up-and-coming IEEE 802.16 wireless metropolitan area networks (MAN) technology. The wireless nature of communications defined in these standards makes it possible for an attacker to snoop on confidential communications or modify them to gain access to home or enterprise networks much more easily than with wired networks. Wireless devices generally try to reduce computation overhead to conserve power and communication overhead to conserve spectrum and battery power. Due to these considerations, the original security designs in wireless LANs and MANs used smaller keys, weak message integrity protocols, weak or one-way authentication protocols, and so forth. As wireless networks became popular, the security threats were also highlighted to caution users. A security protocol redesign followed first in wireless LANs and then in wireless MANs. This chapter discusses the security threats and requirements in wireless LANs and wireless MANs, with a discussion on what the original designs missed and how they were corrected in the new protocols. It highlights the features of the current wireless LAN and MAN security protocols and explains the caveats and discusses open issues. Our aim is to provide the reader with a single source of information on security threats and requirements, authentication technologies, security encapsulation, and key management protocols relevant to wireless LANs and MANs.

Key Terms in this Chapter

MPDU: MAC protocol data unit is a fancy name for frame. The MPDU does not, however, include PLCP headers.

Institute of Electrical and Electronics Engineers (IEEE): A worldwide professional association for electrical and electronics engineers that sets standards for telecommunications and computing applications.

EAP-PEAP: Protected extensible authentication protocol is a two-phase authentication like EAP-TLS. In the first phase the authentication server is authenticated to the supplicant using an X.509 certificate. Using TLS, a secure channel is established through which any other EAP-Type can be used to authenticate the supplicant to the authentication server during the second phase. A certificate is only required at the authentication server. EAP-PEAP also supports identity hiding where the authenticator is only aware of the anonymous username used to establish the TLS channel during the first phase but not the individual user authenticated during the second phase.

EAP-SIM: EAP-SIM is an authentication mechanism that makes use of the SIM card to perform authentication within the 802.1x framework for WLAN.

Extensible Authentication Protocol (EAP): A protocol used between a user station and an authenticator or authentication server. It acts as a transport for authentication methods or types. It in turn may be encapsulated in other protocols, such as 802.1x and RADIUS.

Certification Authority (CA): An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding between the data items in a certificate.

Integrity Check Value (ICV): The checksum calculated over a frame before encryption by WEP. The ICV is designed to protect a frame against tampering by allowing a receiver to detect alterations to the frame. Unfortunately, WEP uses a flawed algorithm to generate the ICV, which robs WEP of a great deal of tamperresistance.

Medium Access Control (MAC): The function in IEEE networks that arbitrates use of the network capacity and determines which stations are allowed to use the medium for transmission.

OFDM: Orthogonal frequency division multiplexing is a technique that splits a wide frequency band into a number of narrow frequency bands and inverse multiplexes data across the subchannels. Both 802.11a and the forthcoming 802.11g standards are based on OFDM.

Request for Comments (RFC): A series of numbered documents (RFC 822, RFC 1123, etc.), developed by the Internet Engineering Task Force (IETF) that set standards and are voluntarily followed by many makers of software in the Internet community.

Initialization Vector (IV): Generally used as a term for exposed keying material in cryptographic headers; most often used with block ciphers. WEP exposes 24 bits of the secret key to the world in the frame header, even though WEP is based on a stream cipher.

EAP-AKA: This document specifies an extensible authentication protocol (EAP) mechanism for authentication and session key distribution using the authentication and key agreement (AKA) mechanism used in the 3rd generation mobile networks universal mobile telecommunications system (UMTS) and CDMA2000. AKA is based on symmetric keys, and runs typically in a subscriber identity module (UMTS subscriber identity module [USIM], or removable user identity module [RUIM], a smart card like device).

Wireless Application Protocol (WAP): A standard for providing cellular telephones, pagers, and other handheld devices with secure access to e-mail and text-based Web pages. Introduced in 1997 by, Ericsson, Motorola, and Nokia, WAP provides a complete environment for wireless applications that includes a wireless counterpart of TCP/IP and a framework for telephony integration, such as call control and telephone book access. WAP features the wireless markup language (WML), which was derived from’s HDML and is a streamlined version of HTML for small-screen displays. It also uses WMLScript, a compact JavaScript-like language that runs in limited memory. WAP also supports handheld input methods, such as a keypad and voice recognition. Independent of the air interface, WAP runs over all the major wireless networks in place now and in the future. It is also device-independent, requiring only a minimum functionality in the unit to permit use with a myriad of telephones and handheld devices.

EAP-TLS: Transport layer security is an EAP-Type for authentication based upon X.509 certificates. Because it requires both the supplicant and the authentication server to have certificates, it provides explicit mutual authentication and is resilient to man-in-the-middle attacks. After successful authentication a secure TLS link is established to securely communicate a unique session key from the authentication server to the authenticator. Because X.509 certificates are required on the supplicant, EAP-TLS presents significant management complexities.

EAP-TTLS: Tunneled TLS is an EAP-type for authentication that employs a two-phase authentication process. In the first phase the authentication server is authenticated to the supplicant using an X.509 certificate. Using TLS, a secure channel is established through which the supplicant can be authenticated to the authentication server using legacy PPP authentication protocols such as PAP, CHAP, and MS-CHAP. EAP-TTLS has the advantage over EAP-TLS that it only requires a certificate at the authentication server. It also makes possible forwarding of Supplicant requests to a legacy RADIUS server. EAP-TTLS also supports identity hiding where the authenticator is only aware of the anonymous username used to establish the TLS channel during the first phase but not the individual user authenticated during the second phase.

Access Point (AP): The network access device for an 802.11 wireless network. It contains a radio receiver/transmitter. It may be an 802.1x authenticator.

Open Systems Interconnection (OSI): A baroque compendium of networking standards that was never implemented because IP networks actually existed.

MSDU: MAC service data unit is the data accepted by the MAC for delivery to another MAC on the network. MSDUs are composed of higher-level data only. For example, an 802.11 management frame does not contain an MSDU.

European Telecommunications Standards Institute (ETSI): ETSI is a multinational standardization body with regulatory and standardization authority over much of Europe. GSM standardization took place under the auspices of ETSI. ETSI has taken the lead role in standardizing a wireless LAN technology competing with 802.11 called the high performance radio LAN (HIPERLAN).

EAP-LEAP: Lightweight extensible authentication protocol is a Cisco proprietary EAPType. It is designed to overcome some basic wireless authentication concerns through mutual authentication and the use of dynamic WEP keys.

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
Yan Zhang, Jun Zheng, Miao Ma
Yan Zhang, Jun Zheng, Miao Ma
Chapter 1
Thomas M. Chen, Cyrus Peikari
This chapter examines the scope of malicious software (malware) threats to mobile devices. The stakes for the wireless industry are high. While... Sample PDF
Malicious Software in Mobile Devices
Chapter 2
Sheikh I. Ahamed, John F. Buford, Moushumi Sharmin, Munirul M. Haque, Nilothpal Talukder
In broadband wireless networks, mobile devices will be equipped to directly share resources using service discovery mechanisms without relying upon... Sample PDF
Secure Service Discovery
Chapter 3
Zbigniew Kotulski, Aneta Zwierko
The recent development in the mobile technology (mobile phones, middleware, wireless networks, etc.) created a need for new methods of protecting... Sample PDF
Security of Mobile Code
Chapter 4
Identity Management  (pages 44-60)
Kumbesan Sandrasegaran, Mo Li
The broad aim of identity management (IdM) is to manage the resources of an organization (such as files, records, data, and communication... Sample PDF
Identity Management
Chapter 5
Wireless Wardriving  (pages 61-77)
Luca Caviglione
Wardriving is the practice of searching wireless networks while moving. Originally, it was explicitly referred to as people searching for wireless... Sample PDF
Wireless Wardriving
Chapter 6
Amel Meddeb Makhlouf, Noureddine Boudriga
The broadcast nature of wireless networks and the mobility features created new kinds of intrusions and anomalies taking profit of wireless... Sample PDF
Intrusion and Anomaly Detection in Wireless Networks
Chapter 7
Lu Yan
A lot of networks today are behind firewalls. In peer-to-peer (P2P) networking, firewall-protected peers may have to communicate with peers outside... Sample PDF
Peer-to-Peer (P2P) Network Security: Firewall Issues
Chapter 8
Mohammad M.R. Chowdhury, Josef Noll
Ubiquitous access and pervasive computing concept is almost intrinsically tied to wireless communications. Emerging next-generation wireless... Sample PDF
Identity Management for Wireless Service Access
Chapter 9
Peter Langendörfer, Michael Maaser, Krzysztof Piotrowski, Steffen Peter
This chapter provides a survey of privacy-enhancing techniques and discusses their effect using a scenario in which a charged location-based service... Sample PDF
Privacy-Enhancing Technique: A Survey and Classification
Chapter 10
Lawan A. Mohammed, Biju Issac
This chapter shows that the security challenges posed by the 802.11 wireless networks are manifold and it is therefore important to explore the... Sample PDF
Vulnerability Analysis and Defenses in Wireless Networks
Chapter 11
György Kálmán, Josef Noll
This chapter deals with challenges raised by securing transport, service access, user privacy, and accounting in wireless environments. Key... Sample PDF
Key Distribution and Management for Mobile Applications
Chapter 12
Said Zaghloul, Admela Jukan
The architecture, and protocols for authentication, authorization, and accounting (AAA) are one of the most important design considerations in third... Sample PDF
Architecture and Protocols for Authentication, Authorization, and Accounting in the Future Wireless Communications Networks
Chapter 13
Josef Noll, György Kálmán
Converging networks and mobility raise new challenges towards the existing authentication, authorisation, and accounting (AAA) systems. Focus of the... Sample PDF
Authentication, Authorisation, and Access Control in Mobile Systems
Chapter 14
Yacine Djemaiel, Slim Rekhis, Noureddine Boudriga
Wireless networks are gaining popularity that comes with the occurrence of several networking technologies raising from personal to wide area, from... Sample PDF
Trustworthy Networks, Authentication, Privacy, and Security Models
Chapter 15
Jianfeng Ma, Xinghua Li
In the design and analysis of authentication and key agreement protocols, provably secure formal methods play a very important role, among which the... Sample PDF
The Provably Secure Formal Methods for Authentication and Key Agreement Protocols
Chapter 16
Shiguo Lian
In a wireless environment, multimedia transmission is often affected by the error rate; delaying; terminal’s power or bandwidth; and so forth, which... Sample PDF
Multimedia Encryption and Watermarking in Wireless Environment
Chapter 17
Paris Kitsos
In this chapter, a system-on-chip design of the newest powerful standard in the hash families, named Whirlpool, is presented. With more details an... Sample PDF
System-on-Chip Design of the Whirlpool Hash Function
Chapter 18
Security in 4G  (pages 272-296)
Artur Hecker, Mohamad Badra
The fourth generation (4G) of mobile networks will be a technology-opportunistic and user-centric system combining the economic and technological... Sample PDF
Security in 4G
Chapter 19
Christoforos Ntantogian, Christos Xenakis
The integration of heterogeneous mobile/wireless networks using an IP-based core network materializes the beyond third generation (B3G) mobile... Sample PDF
Security Architectures for B3G Mobile Networks
Chapter 20
Christos Xenakis
This chapter analyzes the security architecture designed for the protection of the universal mobile telecommunication system (UMTS). This... Sample PDF
Security in UMTS 3G Mobile Networks
Chapter 21
Yan Zhang, Yifan Chen, Rong Yu, Supeng Leng, Huansheng Ning, Tao Jiang
Motivated by the requirements for higher data rate, richer multimedia services, and broader radio range wireless mobile networks are currently in... Sample PDF
Access Security in UMTS and IMS
Chapter 22
Christos Xenakis
The global system for mobile communications (GSM) is the most popular standard that implements second generation (2G) cellular systems. 2G systems... Sample PDF
Security in 2.5G Mobile Systems
Chapter 23
Sasan Adibi, Gordon B. Agnew
Security measures of mobile infrastructures have always been important from the early days of the creation of cellular networks. Nowadays, however... Sample PDF
End-to-End Security Comparisons Between IEEE 802.16e and 3G Technologies
Chapter 24
Silke Holtmanns, Pekka Laitinen
This chapter outlines how cellular authentication can be utilized for generic application security. It describes the basic concept of the generic... Sample PDF
Generic Application Security in Current and Future Networks
Chapter 25
Sangheon Pack, Sungmin Baek, Taekyoung Kwon, Yanghee Choi
Network mobility (NEMO) enables seamless and ubiquitous Internet access while on-board vehicles. Even though the Internet Engineering Task Force... Sample PDF
Authentication, Authorization, and Accounting (AAA) Framework in Network Mobility (NEMO) Environments
Chapter 26
Bin Lu
Mobile ad hoc network (MANET) is a self-configuring and self-maintaining network characterized as dynamic topology, absence of infrastructure, and... Sample PDF
Security in Mobile Ad Hoc Networks
Chapter 27
Christer Andersson, Leonardo A. Martucci, Simone Fischer-Hübner
Providing privacy is often considered a keystone factor for the ultimate take up and success of mobile ad hoc networking. Privacy can best be... Sample PDF
Privacy and Anonymity in Mobile Ad Hoc Networks
Chapter 28
Tomasz Ciszkowski, Zbigniew Kotulski
The pervasiveness of wireless communication recently gave mobile ad hoc networks (MANET) significant researchers’ attention, due to its innate... Sample PDF
Secure Routing with Reputation in MANET
Chapter 29
Paolo Bellavista, Rebecca Montanari, Daniela Tibaldi, Alessandra Toninelli
The increasing diffusion of wireless portable devices and the emergence of mobile ad hoc networks promote anytime and anywhere opportunistic... Sample PDF
Trust Management and Context-Driven Access Control
Chapter 30
Bing Wu, Jie Wu, Mihaela Cardei
Security has become a primary concern in mobile ad hoc networks (MANETs). The characteristics of MANETs pose both challenges and opportunities in... Sample PDF
A Survey of Key Management in Mobile Ad Hoc Networks
Chapter 31
Sasan Adibi, Gordon B. Agnew
Mobile ad hoc networks (MANETs) have gained popularity in the past decade with the creation of a variety of ad hoc protocols that specifically offer... Sample PDF
Security Measures for Mobile Ad-Hoc Networks (MANETs)
Chapter 32
Hao Yin, Chuang Lin, Zhijia Chen, Geyong Min
The integration of wireless communication and embedded video systems is a demanding and interesting topic which has attracted significant research... Sample PDF
A Novel Secure Video Surveillance System Over Wireless Ad Hoc Networks
Chapter 33
John Felix Charles Joseph, Amitabha Das, Boon-Chong Seet, Bu-Sung Lee
Intrusion detection in ad hoc networks is a challenge because of the inherent characteristics of these networks, such as, the absence of centralized... Sample PDF
Cutting the Gordian Knot: Intrusion Detection Systems in Ad Hoc Networks
Chapter 34
Luis E. Palafox, J. Antonio Garcia-Macias
In this chapter we present the growing challenges related to security in wireless sensor networks. We show possible attack scenarios and evidence... Sample PDF
Security in Wireless Sensor Networks
Chapter 35
Mohamed Hamdi, Noreddine Boudriga
The applications of wireless sensor networks (WSNs) are continuously expanding. Recently, consistent research and development activities have been... Sample PDF
Security and Privacy in Wireless Sensor Networks: Challenges and Solutions
Chapter 36
A.R. Naseer, Ismat K. Maarouf, Ashraf S. Hasan
Since routing is a fundamental operation in all types of networks, ensuring routing security is a necessary requirement to guarantee the success of... Sample PDF
Routing Security in Wireless Sensor Networks
Chapter 37
Yawen Wei, Zhen Yu, Yong Guan
Localization of sensor nodes is very important for many applications proposed for wireless sensor networks (WSN), such as environment monitoring... Sample PDF
Localization Security in Wireless Sensor Networks
Chapter 38
Miao Ma
One of the severe security threats in wireless sensor network is false data injection attack, that is, the compromised sensors forge the events that... Sample PDF
Resilience Against False Data Injection Attack in Wireless Sensor Networks
Chapter 39
Jean-Marc Seigneur, Luminita Moraru, Olivier Powell
Weiser (1991) envisioned ubiquitous computing with computing and communicating entities woven into the fabrics of every day life. This chapter deals... Sample PDF
Survivability of Sensors with Key and Trust Management
Chapter 40
Yu Wang
Fault tolerance is one of the premier system design desiderata in wireless ad hoc and sensor networks. It is crucial to have a certain level of... Sample PDF
Fault Tolerant Topology Design for Ad Hoc and Sensor Networks
Chapter 41
Georgios Kambourakis, Angelos Rouskas, Stefanos Gritzalis
Security is always an important factor in wireless connections. As with all other existing radio technologies, the Bluetooth standard is often cited... Sample PDF
Evaluating Security Mechanisms in Different Protocol Layers for Bluetooth Connections
Chapter 42
Miguel A. Ruiz, Felipe Espinosa, David Sanguino, AbdelBaset Awawdeh
The electromagnetic energy source used by wireless communication devices in a vehicle can cause electromagnetic compatibility problems with the... Sample PDF
Bluetooth Devices Effect on Radiated EMS of Vehicle Wiring
Chapter 43
Security in WLAN  (pages 695-709)
Mohamad Badra, Artur Hecker
The great promise of wireless LAN will never be realized unless there is an appropriate security level. From this point of view, various security... Sample PDF
Security in WLAN
Chapter 44
Jahan Hassan, Björn Landfeldt, Albert Y. Zomaya
Wireless local area networks (WLAN) are rapidly becoming a core part of network access. Supporting user mobility, more specifically session... Sample PDF
Access Control in Wireless Local Area Networks: Fast Authentication Schemes
Chapter 45
Denis Trcek
Mass deployment of radio-frequency identification (RFID) technology is now becoming feasible for a wide variety of applications ranging from medical... Sample PDF
Security and Privacy in RFID Based Wireless Networks
Chapter 46
Giorgos Kostopoulos, Nicolas Sklavos, Odysseas Koufopavlou
Wireless communications are becoming ubiquitous in homes, offices, and enterprises with the popular IEEE 802.11 wireless local area network (LAN)... Sample PDF
Security and Privacy Approaches for Wireless Local and Metropolitan Area Networks (LANs & MANs)
Chapter 47
Sasan Adibi, Gordon B. Agnew, Tom Tofigh
An overview of the technical and business aspects is given for the corporate deployment of services over worldwide interoperability for microwave... Sample PDF
End-to-End (E2E) Security Approach in WiMAX: A Security Technical Overview for Corporate Multimedia Applications
Chapter 48
Symeon Chatzinotas, Jonny Karlsson, Göran Pulkkis, Kaj Grahn
During the last few years, mobile broadband access has been a popular concept in the context of fourth generation (4G) cellular systems. After the... Sample PDF
Evaluation of Security Architectures for Mobile Broadband Access
Chapter 49
Sasan Adibi, Gordon B. Agnew
Authentication is an important part of the authentication authorization and accounting (AAA) schemes and the extensible authentication protocol... Sample PDF
Extensible Authentication (EAP) Protocol Integrations in the Next Generation Cellular Networks
About the Contributors