Wireless Communications Security For a complete listing of theArtech House Universal Personal Communications Series, turn to the back of this book. Wireless Communications Security Hideki Imai Mohammad Ghulam Rahman Kazukuni Kobara artechhouse.com Library of Congress Cataloging-in-Publication Data Imai, Hideki, 1943– Wireless communications security/Hideki Imai, Mohammad Ghulam Rahman, Kazukuni Kobara. p. cm. — (universal personal communications) Includes bibliographical references and index. ISBN 1-58053-520-8 (alk. paper) 1. Wireless communication systems—Security measures. 2. Mobile communica- tion systems—Security measures. I. Rahman, Mohammad Ghulam. II. Kobara, Kazukuni. III. Title IV. Artech House universal personal communications series. TK5103.2.I43 2005 621.384—dc22 2005053075 British Library Cataloguing in Publication Data Wireless communications security. — (Artech House universal personal communications series) 1. Wireless communication system—Security measures I. Imai, Hideki, 1943– II. Rahman, Mohammad Ghulam III. Kobara, Kazukuni 621.3’82 ISBN-10: 1-58053-520-8 Cover design by Igor Valdman © 2006 ARTECH HOUSE, INC. 685 Canton Street Norwood, MA 02062 Allrightsreserved.PrintedandboundintheUnitedStatesofAmerica.Nopartofthis book may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the publisher. Alltermsmentionedinthisbookthatareknowntobetrademarksorservicemarks havebeenappropriatelycapitalized.ArtechHousecannotattesttotheaccuracyofthis information.Useofaterminthisbookshouldnotberegardedasaffectingthevalidity of any trademark or service mark. International Standard Book Number: 1-58053-520-8 10 9 8 7 6 5 4 3 2 1 Contents Preface xi 1 Introduction 1 2 Cryptography 5 2.1 Introduction 5 2.2 Basic Concepts 5 2.2.1 CiphertextandPlaintext 5 2.2.2 TypesofCryptosystems 6 2.2.3 GoalsofaCryptosystem 7 2.2.4 Security 8 2.3 Symmetric Encryption Schemes 9 2.4 Perfect Secrecy: The One-Time Pad 9 2.5 Block Ciphers 11 2.5.1 Permutation 11 2.5.2 Substitution 12 2.5.3 Diffusion/Confusion 13 2.5.4 SPNetworks 14 2.5.5 BasicStructure 14 v vi Wireless Communications Security 2.5.6 ModesofUse 15 2.5.7 DES 17 2.5.8 AES 18 2.6 Stream Ciphers 19 2.6.1 Advantages 20 2.6.2 SecurityRemarks 20 2.6.3 SomeExamples 21 2.7 Asymmetric Cryptosystems and Digital Signatures 21 2.7.1 Public-KeyEncryption 22 2.7.2 PublicKeyInfrastructure(PKI)andCertificate Authorities(CA) 23 2.7.3 MathematicalBackground 25 2.7.4 Diffie-HellmanKeyAgreement 27 2.7.5 RSACryptosystem 28 2.7.6 ElGamalCryptosystem 29 2.7.7 NecessarySecurityforPracticalPublicKey EncryptionSystems 31 2.7.8 DigitalSignature 32 2.7.9 MathematicalBackground 33 2.7.10 RSASignatureScheme 35 2.7.11 DigitalSignatureAlgorithm(DSA) 36 2.7.12 NecessarySecurityforPracticalDigital SignatureSystems 36 References 38 3 Security Features in Wireless Environment 41 3.1 Introduction 41 3.2 Mobile Network Environment 42 3.3 General Security Threats of a Network 44 3.4 Limitations of Mobile Environment 45 3.5 Mobility and Security 46 Contents vii 3.6 Attacks in Mobile Environment 46 3.6.1 NuisanceAttack 47 3.6.2 ImpersonationAttack 48 3.6.3 InterceptionAttack 48 3.6.4 ReplayAttack 48 3.6.5 ParallelSessionAttack 48 3.7 Security Issues in Mobile Environment 49 3.7.1 Authentication 49 3.7.2 Anonymity 50 3.7.3 DeviceVulnerability 52 3.7.4 DomainBoundaryCrossing 52 References 53 4 Standard Protocols 55 4.1 IEEE 802.11 55 4.1.1 BriefHistory 55 4.1.2 IEEE802.11Architecture 56 4.1.3 IEEE802.11Layers 60 4.1.4 SecurityofIEEE802.11 62 4.1.5 KeyManagement 69 4.1.6 WeaknessesofWEP 70 4.2 Bluetooth 72 4.2.1 BluetoothOverview 72 4.2.2 BriefHistory 73 4.2.3 Benefits 74 4.2.4 BluetoothArchitectureandComponents 76 4.2.5 SecurityofBluetooth 78 4.2.6 ProblemsintheSecurityofBluetooth 89 Reference 90 5 Security in 2G Systems 91 5.1 GSM System 92 5.1.1 Introduction 92 viii Wireless Communications Security 5.1.2 ArchitectureoftheGSMNetwork 93 5.1.3 GSMSecurityFeatures 96 5.1.4 AttacksonGSMSecurity 103 5.2 I-mode Introduction 106 5.2.1 Introduction 106 5.2.2 I-modeSystemOverview 107 5.2.3 SSLOverview 108 5.2.4 ProtocolStack 110 5.2.5 HTTPTunnelingProtocol 114 5.2.6 Postscript 116 5.3 CDPD 116 5.3.1 Introduction 116 5.3.2 BasicIdea 118 5.3.3 BasicInfrastructure 119 5.3.4 HowaCDPDConnectionWorks 122 5.3.5 CDPDSecurity 125 References 129 6 Security in 3G and 4G Systems 131 6.1 3G Wireless Communications Systems 131 6.2 Third Generation Partnership Project (3GPP) 133 6.2.1 3GPPSecurityObjectives 133 6.3 3G Security Architecture 134 6.3.1 NetworkAccessSecurity 135 6.3.2 NetworkDomainSecurity 136 6.3.3 UserDomainSecurity 136 6.3.4 Provider-UserLinkSecurity 136 6.3.5 VisibilityandConfigurabilityofSecurity 137 6.4 Authentication and Key Agreement (AKA) in 3GPP 137 6.5 Confidentiality and Integrity 138 6.5.1 Confidentiality 139 Contents ix 6.5.2 DataIntegrity 140 6.6 4G Wireless Communications Systems 141 References 142 7 Wireless Application Protocol (WAP) 143 7.1 Introduction 143 7.2 WAP Protocol Stack 144 7.3 WAP PKI Model 147 7.3.1 WTLSClass2 148 7.3.2 WTLSClass3andSignText 152 7.4 Cipher Suite in WTLS 156 7.4.1 KeyExchangeSuite 156 7.4.2 EllipticCurveParametersinWTLS 160 7.4.3 BulkEncryptionandMACSuite 161 7.5 WAP-Profiled TLS 163 7.5.1 CipherSuites 164 7.5.2 SessionIDandSessionResume 167 7.5.3 Server/ClientAuthenticationandCertificate 168 7.5.4 TLSTunneling 168 7.6 WAP Identity Module 169 7.7 Further Information 170 References 171 About the Authors 175 Index 177