Springer Series on S C T IGNALS AND OMMUNICATION ECHNOLOGY S C T IGNALS AND OMMUNICATION ECHNOLOGY Wireless Network Security Voice and Speech Quality Perception Y. Xiao, S. Shen, and D. Du (Eds.) Assessment and Evaluation ISBN 0-387-28040-5 U. Jekosch ISBN 3-540-24095-0 Wireless Ad Hoc and Sensor Networks A Cross-Layer Design Perspective Advanced ManMachine Interaction R. Jurdak Fundamentals and Implementation ISBN 0-387-39022-7 K.-F. Kraiss ISBN 3-540-30618-8 Cryptographic Algorithms on Reconfigurable Hardware Orthogonal Frequency Division Multiplexing F. Rodrgues-Henriquez, N.A. Saaqib, A. Diaz for Wireless Communications Perez, and C.K. Koc Y. (Geoffrey) Li and G.L. Stüber (Eds.) ISBN 0-387-33956-6 ISBN 0-387-29095-8 Multimedia Database Retrieval Circuits and Systems A Human-Centered Approach Based on Delta Modulation P. Muneesawang and L. Guan Linear, Nonlinear and Mixed Mode Processing ISBN 0-387-25267-X D.G. Zrilic ISBN 3-540-23751-8 Broadband Fixed Wireless Access Functional Structures in Networks A System Perspective AMLn—A Language for Model Driven M. Engels and F. Petre Development of Telecom Systems ISBN 0-387-33956-6 T. Muth ISBN 3-540-22545-5 Distributed Cooperative Laboratories RadioWave Propagation Networking, Instrumentation, and Measurements for Telecommunication Applications F. Davoli, S. Palazzo and S. Zappatore (Eds.) H. Sizun ISBN 3-540-40758-8 ISBN 0-387-29811-8 Electronic Noise and Interfering Signals The Variational Bayes Method Principles and Applications in Signal Processing G. Vasilescu ISBN 3-540-40741-3 V. Šmídl and A. Quinn ISBN 3-540-28819-8 DVB The Family of International Standards Topics in Acoustic Echo and Noise Control for Digital Video Broadcasting, 2nd ed. Selected Methods for the Cancellation of U. Reimers ISBN 3-540-43545-X Acoustical Echoes, the Reduction of Background Noise, and Speech Processing Digital Interactive TV and Metadata E. Hänsler and G. Schmidt (Eds.) Future Broadcast Multimedia ISBN 3-540-33212-x A. Lugmayr, S. Niiranen, and S. Kalli ISBN 3-387-20843-7 EM Modeling of Antennas and RF Components for Wireless Communication Adaptive Antenna Arrays Systems Trends and Applications F. Gustrau, D. Manteuffel S. Chandran (Ed.) ISBN 3-540-20199-8 ISBN 3-540-28614-4 Digital Signal Processing Interactive Video with Field Programmable Gate Arrays Methods and Applications U. Meyer-Baese ISBN 3-540-21119-5 R. I Hammoud (Ed.) Neuro-Fuzzy and Fuzzy Neural Applications ISBN 3-540-33214-6 in Telecommunications Continuous Time Signals P. Stavroulakis (Ed.) ISBN 3-540-40759-6 Y. Shmaliy ISBN 1-4020-4817-3 continued after index Wireless Network Security YANGXIAO,XUEMINSHEN, andDING-ZHUDU Springer Editors: Yang Xiao Xuemin (Sherman) Shen Department of Computer Science Department of Electrical & Computer Engineering University of Alabama University of Waterloo 101 Houser Hall Waterloo, Ontario, Canada N2L 3G1 Tuscaloosa, AL 35487 Ding-Zhu Du Department of Computer Science & Engineering University of Texas at Dallas Richardson, TX 75093 Wireless Network Security Library of Congress Control Number: 2006922217 ISBN-10 0-387-28040-5 e-ISBN-10 0-387-33112-3 ISBN-13 978-0-387-28040-0 e-ISBN-13 978-0-387-33112-6 Printed on acid-free paper. © 2007 Springer Science+Business Media, LLC All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now know or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. 9 8 7 6 5 4 3 2 1 springer.com CONTENTS Preface vii YangXiao,XueminShen,andDing-ZhuDu PartI:SecurityinGeneralWireless/MobileNetworks 1 Chapter1: HighPerformanceEllipticCurveCryptographicCo-processor 3 JonathanLutzandM.AnwarulHasan Chapter2: AnAdaptiveEncryptionProtocolinMobileComputing 43 HanpingLufeiandWeisongShi PartII:SecurityinAdHocNetwork 63 Chapter3: Pre-AuthenticationandAuthenticationModelsin AdHocNetworks 65 KatrinHoeperandGuangGong Chapter4: PromotingIdentity-BasedKeyManagementin WirelessAdHocNetworks 83 JianpingPan,LinCai,andXuemin(Sherman)Shen Chapter5: ASurveyofAttacksandCountermeasuresin MobileAdHocNetworks 103 BingWu,JianminChen,JieWu,andMihaelaCardei Chapter6: SecureRoutinginWirelessAd-HocNetworks 137 VenkataC.GirukaandMukeshSinghal vi TABLEOFCONTENTS Chapter7: ASurveyonIntrusionDetectionin MobileAdHocNetworks 159 TiranuchAnantvaleeandJieWu PartIII:SecurityinMobileCellularNetworks 181 Chapter8: IntrusionDetectioninCellularMobileNetworks 183 BoSun,YangXiao,andKuiWu Chapter9: TheSpreadofEpidemicsonSmartphones 211 BoZheng,YongqiangXiong,QianZhang,andChuangLin PartIV:SecurityinWirelessLANs 243 Chapter10: Cross-DomainMobility-AdaptiveAuthentication 245 HahnsangKimandKangG.Shin Chapter11: AAAArchitectureandAuthentication forWirelessLANRoaming 273 MinghuiShi,HumphreyRutagemwa,Xuemin(Sherman)Shen, JonW.Mark,YixinJiang,andChuangLin Chapter12: AnExperimentalStudyonSecurityProtocolsinWLANs 295 AveshKumarAgarwalandWenyeWang PartV:SecurityinSensorNetworks 323 Chapter13: SecurityIssuesinWirelessSensorNetworks usedinClinicalInformationSystems 325 JelenaMisˇic´andVojislavB.Misˇic´ Chapter14: KeyManagementSchemesinSensorNetworks 341 VenkataKrishnaRayi,YangXiao,BoSun,Xiaojiang(James)Du,andFeiHu Chapter15: SecureRoutinginAdHocandSensorNetworks 381 Xu(Kevin)Su,YangXiao,andRajendraV.Boppana AbouttheEditors 403 Index 407 PREFACE Wireless/mobile communications network technologies have been dramatically ad- vancedinrecentyears,inculdingthethirdgeneration(3G)wirelessnetworks,wireless LANs, Ultra-wideband(UWB),adhocandsensornetworks. However, wirelessnet- worksecurityisstillamajorimpedimenttofurtherdeploymentsofthewireless/mobile networks. Securitymechanismsinsuchnetworksareessentialtoprotectdataintegrity andconfidentiality,accesscontrol,authentication,qualityofservice,userprivacy,and continuityofservice. Theyarealsocriticaltoprotectbasicwirelessnetworkfunction- ality. Thiseditedbookcoversthecomprehensiveresearchtopicsinwireless/mobilenet- work security, which include cryptographic co-processor, encryption, authentication, keymanagement,attacksandcountermeasures,securerouting,securemediumaccess control,intrusiondetection,epidemics,securityperformanceanalysis,securityissuesin applications,etc. Itcanserveasausefulreferenceforresearchers,educators,graduate students,andpractitionersinthefieldofwireless/networknetworksecurity. The book contains 15 refereed chapters from prominent researchers working in thisareaaroundtheworld. Itisorganizedalongfivethemes(parts)insecurityissues fordifferentwireless/mobilenetworks. PartI:SecurityinGeneralWireless/MobileNetworks: Chapter1byLutz andHasandescribesahighperformanceandoptimalellipticcurveprocessoras wellasanoptimalco-processorusingLopezandDahab’sprojectivecoordinate system. Chapter2byLufeiandShiproposesanadaptiveencryptionprotocolto dynamicallychooseaproperencryptionalgorithmbasedonapplication-specific requirementsanddeviceconfigurations. PartII:SecurityinAdHocNetworks: Thenextfivechaptersfocusonsecurity in ad hoc networks. Chapter 3 by Hoeper and Gong introduces a security frameworkforpre-authenticationandauthenticatedmodelsinadhocnetworks. Chapter4byPan,Cai,andShenpromotesidentity-basedkeymanagementin ad hoc networks. Chapter 5 by Wu et al. provides a survey of attacks and countermeasuresinadhocnetworks. Chapter6byGirukaandSinghalpresents several routing protocols for ad-hoc networks, the security issues related to viii PREFACE routing, and securing routing protocols in ad hoc networks. Chapter 7 by AnantvaleeandWuclassifiesthearchitecturesforintrusiondetectionsystems inadhocnetworks. PartIII:SecurityinMobileCellularNetworks: Thenexttwochaptersdis- cuss security in mobile cellular networks. Chapter 8 by Sun, Xiao, and Wu introducesintrusiondetectionsystemsinmobilecellularnetworks. Chapter9 byZhengetal. proposesanepidemicsspreadmodelforsmartphones. PartIV:SecurityinWirelessLANs: Thenextthreechaptersstudythesecu- rityinwirelessLANs. Chapter10byKimandShinfocusesoncross-domain authentication over wireless local area networks, and proposes an enhanced protocol called the Mobility-adjusted Authentication Protocol that performs mutual authentication and hierarchical key derivation. Chapter 11 by Shi et al. proposes Authentication, Authorization and Accounting (AAA) architec- ture and authentication for wireless LAN roaming. Chapter 12 by Agarwal andWangstudiesthecross-layerinteractionsofsecurityprotocolsinwireless LANs,andpresentsanexperimentalstudy. PartV:SecurityinSensorNetworks: Thelastthreechaptersfocusonsecurity in sensor networks. Chapter 13 by Misˇic´ and Misˇic´ reviews confidentiality andintegritypolicesforclinicalinformationsystemsandcomparescandidate technologies IEEE 802.15.1 and IEEE 802.15.4 from the aspect of resilience of MAC and PHY layers to jamming and denial-of-service attacks. Chapter 14 by Rayi et al. provides a survey of key management schemes in sensor networks. The last chapter by Su, Xiao, and Boppana introduces security attacks,andreviewstherecentapproachesofsecurenetworkroutingprotocols inbothmobileadhocandsensornetworks. Although the covered topics may not be an exhaustive representation of all the securityissuesinwireless/mobilenetworks,theydorepresentarichandusefulsample ofthestrategiesandcontents. Thisbookhasbeenmadepossiblebythegreateffortsandcontributionsofmany people. First of all, we would like to thank all the contributors for putting together excellent chapters that are very comprehensive and informative. Second, we would liketothankallthereviewersfortheirvaluablesuggestionsandcommentswhichhave greatly enhanced the quality of this book. Third, we would like to thank the staff members from Springer, for putting this book together. Finally, We would like to dedicatethisbooktoourfamilies. Yang Xiao Tuscaloosa,Alabama,USA Xuemin (Sherman) Shen Waterloo,Ontario,CANADA Ding-Zhu Du Richardson,Texas,USA Part I SECURITY IN GENERAL WIRELESS/MOBILE NETWORKS 1 HIGH PERFORMANCE ELLIPTIC CURVE CRYPTOGRAPHIC CO-PROCESSOR JonathanLutz GeneralDynamics-C4Systems Scottsdale,Arizona E-mail: [email protected] M.AnwarulHasan DepartmentofElectricalandComputerEngineering UniversityofWaterloo,Waterloo,ON,Canada E-mail: [email protected] Foranequivalentlevelofsecurity,ellipticcurvecryptographyusesshorterkeysizesandis consideredtobeanexcellentcandidateforconstrainedenvironmentslikewireless/mobile communications. InFIPS186-2,NISTrecommendsseveralfinitefieldstobeusedinthe ellipticcurvedigitalsignaturealgorithm(ECDSA).Ofthetenrecommendedfinitefields, fivearebinaryextensionfieldswithdegreesrangingfrom163to571. Thefundamental buildingblockoftheECDSA,likeanyECCbasedprotocol,isellipticcurvescalarmul- tiplication. Thisoperationisalsothemostcomputationallyintensive. Inmanysituations itmaybedesirabletoacceleratetheellipticcurvescalarmultiplicationwithspecialized hardware. In this chapter a high performance elliptic curve processor is described which is optimizedfortheNISTbinaryfields.Thearchitectureisbuiltfromthebottomupstarting withthefieldarithmeticunits.Thearchitectureusesafieldmultipliercapableofperforming a field multiplication over the extension field with degree 163 in 0.060 microseconds. Architecturesforsquaringandinversionarealsopresented. Theco-processorusesLopez andDahab’sprojectivecoordinatesystemandisoptimizedspecificallyforKoblitzcurves. Aprototypeoftheprocessorhasbeenimplementedforthebinaryextensionfieldwith degree163onaXilinxXCV2000EFPGA.Theprototyperunsat66MHzandperformsan ellipticcurvescalarmultiplicationin0.233mseconagenericcurveand0.075msecona Koblitzcurve. 1. INTRODUCTION The use of elliptic curves in cryptographic applications was first proposed inde- pendentlyin[15]and[23]. Sincethenseveralalgorithmshavebeendevelopedwhose