• 1-800-526-8630U.S. (TOLL FREE)
  • 1-917-300-0470EAST COAST U.S.
  • +353-1-416-8900REST OF WORLD
Wireless Mobile Internet Security. 2nd Edition - Product Image

Wireless Mobile Internet Security. 2nd Edition

  • ID: 2330593
  • April 2013
  • 522 Pages
  • John Wiley and Sons Ltd

The mobile industry for wireless cellular services has grown at a rapid pace over the past decade. Similarly, Internet service technology has also made dramatic growth through the World Wide Web with a wire line infrastructure. Realization for complete wired/wireless mobile Internet technologies will become the future objectives for convergence of these technologies through multiple enhancements of both cellular mobile systems and Internet interoperability. Flawless integration between these two wired/wireless networks will enable subscribers to not only roam worldwide, but also to solve the ever increasing demand for data/Internet services. In order to keep up with this noteworthy growth in the demand for wireless broadband, new technologies and structural architectures are needed to greatly improve system performance and network scalability while significantly reducing the cost of equipment and deployment.

Dr. Rhee covers the technological development of wired/wireless internet communications in compliance with each iterative generation up to 4G systems, with emphasis on wireless security aspects. By progressing in a systematic matter, presenting the theory and practice of READ MORE >

Preface xiii

About the Author xxi

Acknowledgments xxiii

1 Internetworking and Layered Models 1

1.1 Networking Technology 2

1.1.1 Local Area Networks (LANs) 2

1.1.2 Wide Area Networks (WANs) 3

1.2 Connecting Devices 5

1.2.1 Switches 5

1.2.2 Repeaters 6

1.2.3 Bridges 7

1.2.4 Routers 7

1.2.5 Gateways 8

1.3 The OSI Model 8

1.4 TCP/IP Model 12

1.4.1 Network Access Layer 13

1.4.2 Internet Layer 14

1.4.3 Transport Layer 14

1.4.4 Application Layer 14

2 TCP/IP Suite and Internet Stack Protocols 15

2.1 Network Layer Protocols 15

2.1.1 Internet Protocol (IP) 15

2.1.2 Address Resolution Protocol (ARP) 28

2.1.3 Reverse Address Resolution Protocol (RARP) 31

2.1.4 Classless Interdomain Routing (CIDR) 31

2.1.5 IP Version 6 (IPv6 or IPng) 32

2.1.6 Internet Control Message Protocol (ICMP) 40

2.1.7 Internet Group Management Protocol (IGMP) 41

2.2 Transport Layer Protocols 41

2.2.1 Transmission Control Protocol (TCP) 41

2.2.2 User Datagram Protocol (UDP) 44

2.3 World Wide Web 47

2.3.1 Hypertext Transfer Protocol (HTTP) 47

2.3.2 Hypertext Markup Language (HTML) 47

2.3.3 Common Gateway Interface (CGI) 48

2.3.4 Java 49

2.4 File Transfer 49

2.4.1 File Transfer Protocol (FTP) 49

2.4.2 Trivial File Transfer Protocol (TFTP) 49

2.4.3 Network File System (NFS) 50

2.5 E-Mail 50

2.5.1 Simple Mail Transfer Protocol (SMTP) 50

2.5.2 Post Office Protocol Version 3 (POP3) 51

2.5.3 Internet Message Access Protocol (IMAP) 51

2.5.4 Multipurpose Internet Mail Extension (MIME) 52

2.6 Network Management Service 52

2.6.1 Simple Network Management Protocol (SNMP) 52

2.7 Converting IP Addresses 53

2.7.1 Domain Name System (DNS) 53

2.8 Routing Protocols 54

2.8.1 Routing Information Protocol (RIP) 54

2.8.2 Open Shortest Path First (OSPF) 54

2.8.3 Border Gateway Protocol (BGP) 55

2.9 Remote System Programs 55

2.9.1 TELNET 55

2.9.2 Remote Login (Rlogin) 56

2.10 Social Networking Services 56

2.10.1 Facebook 56

2.10.2 Twitter 56

2.10.3 Linkedin 57

2.10.4 Groupon 57

2.11 Smart IT Devices 57

2.11.1 Smartphones 57

2.11.2 Smart TV 57

2.11.3 Video Game Console 58

2.12 Network Security Threats 58

2.12.1 Worm 58

2.12.2 Virus 58

2.12.3 DDoS 58

2.13 Internet Security Threats 58

2.13.1 Phishing 58

2.13.2 SNS Security Threats 59

2.14 Computer Security Threats 59

2.14.1 Exploit 59

2.14.2 Password Cracking 60

2.14.3 Rootkit 60

2.14.4 Trojan Horse 60

2.14.5 Keylogging 61

2.14.6 Spoofing Attack 61

2.14.7 Packet Sniffer 62

2.14.8 Session Hijacking 62

3 Global Trend of Mobile Wireless Technology 63

3.1 1G Cellular Technology 63

3.1.1 AMPS (Advanced Mobile Phone System) 64

3.1.2 NMT (Nordic Mobile Telephone) 64

3.1.3 TACS (Total Access Communications System) 64

3.2 2G Mobile Radio Technology 64

3.2.1 CDPD (Cellular Digital Packet Data), North American Protocol 65

3.2.2 GSM (Global System for Mobile Communications) 65

3.2.3 TDMA-136 or IS-54 66

3.2.4 iDEN (Integrated Digital Enhanced Network) 66

3.2.5 cdmaOne IS-95A 67

3.2.6 PDC (Personal Digital Cellular) 67

3.2.7 i-mode 67

3.2.8 WAP (Wireless Application Protocol) 67

3.3 2.5G Mobile Radio Technology 67

3.3.1 ECSD (Enhanced Circuit-Switched Data) 69

3.3.2 HSCSD (High-Speed Circuit-Switched Data) 69

3.3.3 GPRS (General Packet Radio Service) 69

3.3.4 EDGE (Enhanced Data rate for GSM Evolution) 69

3.3.5 cdmaOne IS-95B 69

3.4 3G Mobile Radio Technology (Situation and Status of 3G) 70

3.4.1 UMTS (Universal Mobile Telecommunication System) 73

3.4.2 HSDPA (High-Speed Downlink Packet Access) 73

3.4.3 CDMA2000 1x 74

3.4.4 CDMA2000 1xEV (1x Evolution) 74

3.4.5 CDMA2000 1xEV-DO (1x Evolution Data Only) 74

3.4.6 CDMA2000 1xEV-DV (1x Evolution Data Voice) 74

3.5 3G UMTS Security-Related Encryption Algorithm 75

3.5.1 KASUMI Encryption Function 75

4 Symmetric Block Ciphers 81

4.1 Data Encryption Standard (DES) 81

4.1.1 Description of the Algorithm 82

4.1.2 Key Schedule 84

4.1.3 DES Encryption 86

4.1.4 DES Decryption 91

4.1.5 Triple DES 95

4.1.6 DES-CBC Cipher Algorithm with IV 97

4.2 International Data Encryption Algorithm (IDEA) 99

4.2.1 Subkey Generation and Assignment 100

4.2.2 IDEA Encryption 101

4.2.3 IDEA Decryption 106

4.3 RC5 Algorithm 108

4.3.1 Description of RC5 109

4.3.2 Key Expansion 110

4.3.3 Encryption 114

4.3.4 Decryption 117

4.4 RC6 Algorithm 123

4.4.1 Description of RC6 123

4.4.2 Key Schedule 124

4.4.3 Encryption 125

4.4.4 Decryption 128

4.5 AES (Rijndael) Algorithm 135

4.5.1 Notational Conventions 135

4.5.2 Mathematical Operations 137

4.5.3 AES Algorithm Specification 140

5 Hash Function, Message Digest, and Message Authentication Code 161

5.1 DMDC Algorithm 161

5.1.1 Key Schedule 162

5.1.2 Computation of Message Digests 166

5.2 Advanced DMDC Algorithm 171

5.2.1 Key Schedule 171

5.2.2 Computation of Message Digests 173

5.3 MD5 Message-Digest Algorithm 176

5.3.1 Append Padding Bits 176

5.3.2 Append Length 177

5.3.3 Initialize MD Buffer 177

5.3.4 Define Four Auxiliary Functions (F, G, H, I) 177

5.3.5 FF, GG, HH, and II Transformations for Rounds 1, 2, 3, and 4 178

5.3.6 Computation of Four Rounds (64 Steps) 178

5.4 Secure Hash Algorithm (SHA-1) 188

5.4.1 Message Padding 188

5.4.2 Initialize 160-bit Buffer 189

5.4.3 Functions Used 189

5.4.4 Constants Used 190

5.4.5 Computing the Message Digest 191

5.5 Hashed Message Authentication Codes (HMAC) 195

6 Asymmetric Public-Key Cryptosystems 203

6.1 Diffie–Hellman Exponential Key Exchange 203

6.2 RSA Public-Key Cryptosystem 207

6.2.1 RSA Encryption Algorithm 208

6.2.2 RSA Signature Scheme 212

6.3 ElGamal’s Public-Key Cryptosystem 215

6.3.1 ElGamal Encryption 215

6.3.2 ElGamal Signatures 217

6.3.3 ElGamal Authentication Scheme 219

6.4 Schnorr’s Public-Key Cryptosystem 222

6.4.1 Schnorr’s Authentication Algorithm 222

6.4.2 Schnorr’s Signature Algorithm 224

6.5 Digital Signature Algorithm 227

6.6 The Elliptic Curve Cryptosystem (ECC) 230

6.6.1 Elliptic Curves 230

6.6.2 Elliptic Curve Cryptosystem Applied to the ElGamal Algorithm 239

6.6.3 Elliptic Curve Digital Signature Algorithm 240

6.6.4 ECDSA Signature Computation 244

7 Public-Key Infrastructure 249

7.1 Internet Publications for Standards 250

7.2 Digital Signing Techniques 251

7.3 Functional Roles of PKI Entities 258

7.3.1 Policy Approval Authority 258

7.3.2 Policy Certification Authority 260

7.3.3 Certification Authority 261

7.3.4 Organizational Registration Authority 262

7.4 Key Elements for PKI Operations 263

7.4.1 Hierarchical Tree Structures 264

7.4.2 Policy-Making Authority 265

7.4.3 Cross-Certification 266

7.4.4 X.500 Distinguished Naming 269

7.4.5 Secure Key Generation and Distribution 270

7.5 X.509 Certificate Formats 271

7.5.1 X.509 v1 Certificate Format 271

7.5.2 X.509 v2 Certificate Format 273

7.5.3 X.509 v3 Certificate Format 274

7.6 Certificate Revocation List 282

7.6.1 CRL Fields 282

7.6.2 CRL Extensions 284

7.6.3 CRL Entry Extensions 285

7.7 Certification Path Validation 287

7.7.1 Basic Path Validation 287

7.7.2 Extending Path Validation 289

8 Network Layer Security 291

8.1 IPsec Protocol 291

8.1.1 IPsec Protocol Documents 292

8.1.2 Security Associations (SAs) 294

8.1.3 Hashed Message Authentication Code (HMAC) 296

8.2 IP Authentication Header 299

8.2.1 AH Format 300

8.2.2 AH Location 301

8.3 IP ESP 301

8.3.1 ESP Packet Format 303

8.3.2 ESP Header Location 304

8.3.3 Encryption and Authentication Algorithms 306

8.4 Key Management Protocol for IPsec 308

8.4.1 OAKLEY Key Determination Protocol 308

8.4.2 ISAKMP 309

9 Transport Layer Security: SSLv3 and TLSv1 325

9.1 SSL Protocol 325

9.1.1 Session and Connection States 326

9.1.2 SSL Record Protocol 327

9.1.3 SSL Change Cipher Spec Protocol 331

9.1.4 SSL Alert Protocol 331

9.1.5 SSL Handshake Protocol 332

9.2 Cryptographic Computations 338

9.2.1 Computing the Master Secret 338

9.2.2 Converting the Master Secret into Cryptographic Parameters 339

9.3 TLS Protocol 339

9.3.1 HMAC Algorithm 340

9.3.2 Pseudo-random Function 344

9.3.3 Error Alerts 349

9.3.4 Certificate Verify Message 350

9.3.5 Finished Message 351

9.3.6 Cryptographic Computations (for TLS) 351

10 Electronic Mail Security: PGP, S/MIME 353

10.1 PGP 353

10.1.1 Confidentiality via Encryption 354

10.1.2 Authentication via Digital Signature 355

10.1.3 Compression 356

10.1.4 Radix-64 Conversion 357

10.1.5 Packet Headers 361

10.1.6 PGP Packet Structure 363

10.1.7 Key Material Packet 367

10.1.8 Algorithms for PGP 5.x 371

10.2 S/MIME 372

10.2.1 MIME 372

10.2.2 S/MIME 379

10.2.3 Enhanced Security Services for S/MIME 382

11 Internet Firewalls for Trusted Systems 387

11.1 Role of Firewalls 387

11.2 Firewall-Related Terminology 388

11.2.1 Bastion Host 389

11.2.2 Proxy Server 389

11.2.3 SOCKS 390

11.2.4 Choke Point 391

11.2.5 Demilitarized Zone (DMZ) 391

11.2.6 Logging and Alarms 391

11.2.7 VPN 392

11.3 Types of Firewalls 392

11.3.1 Packet Filters 392

11.3.2 Circuit-Level Gateways 397

11.3.3 Application-Level Gateways 397

11.4 Firewall Designs 398

11.4.1 Screened Host Firewall (Single-Homed Bastion Host) 399

11.4.2 Screened Host Firewall (Dual-Homed Bastion Host) 400

11.4.3 Screened Subnet Firewall 400

11.5 IDS Against Cyber Attacks 401

11.5.1 Internet Worm Detection 401

11.5.2 Computer Virus 402

11.5.3 Special Kind of Viruses 403

11.6 Intrusion Detections Systems 404

11.6.1 Network-Based Intrusion Detection System (NIDS) 404

11.6.2 Wireless Intrusion Detection System (WIDS) 406

11.6.3 Network Behavior Analysis System (NBAS) 408

11.6.4 Host-Based Intrusion Detection System (HIDS) 409

11.6.5 Signature-Based Systems 410

11.6.6 Anomaly-Based Systems 411

11.6.7 Evasion Techniques of IDS Systems 412

12 SET for E-Commerce Transactions 415

12.1 Business Requirements for SET 415

12.2 SET System Participants 417

12.3 Cryptographic Operation Principles 418

12.4 Dual Signature and Signature Verification 420

12.5 Authentication and Message Integrity 424

12.6 Payment Processing 427

12.6.1 Cardholder Registration 427

12.6.2 Merchant Registration 433

12.6.3 Purchase Request 434

12.6.4 Payment Authorization 435

12.6.5 Payment Capture 437

13 4G Wireless Internet Communication Technology 439

13.1 Mobile WiMAX 440

13.1.1 Mobile WiMAX Network Architecture 440

13.1.2 Reference Points in WiMAX Network Reference Model (NRM) 442

13.1.3 Key Supporting Technologies 444

13.1.4 Comparison between Mobile WiMAX Network and Cellular Wireless Network 447

13.2 WiBro (Wireless Broadband) 448

13.2.1 WiBro Network Architecture 448

13.2.2 Key Elements in WiBro System Configuration 449

13.2.3 System Comparison between HSDPA and WiBro 451

13.2.4 Key Features on WiBro Operation 451

13.3 UMB (Ultra Mobile Broadband) 452

13.3.1 Design Objectives of UMB 453

13.3.2 Key Technologies Applicable to UMB 453

13.3.3 UMB IP-Based Network Architecture 455

13.3.4 Conclusive Remarks 456

13.4 LTE (Long Term Evolution) 457

13.4.1 LTE Features and Capabilities 457

13.4.2 LTE Frame Structure 458

13.4.3 LTE Time-Frequency Structure for Downlink 458

13.4.4 LTE SC-FDMA on Uplink 460

13.4.5 LTE Network Architecture 461

13.4.6 Key Components Supporting LTE Design 463

13.4.7 Concluding Remarks 464

Acronyms 467

Bibliography 473

Index 481

Dr. Man Young Rhee, Seoul National University, Korea. Man Young Rhee received his B.S.E.E degree from Seoul National University in 1952 and his M.S.E.E and Ph.D. degree from the University of Colorado in 1956 and 1958, respectively. Since 1997, Dr. Rhee has been an Invited Professor of Electrical and Computer Engineering, Seoul National University. He is also Professor Emeritus of Electrical Engineering at Hanyang University, Seoul, Korea. In addition, he has over 45 years of research and teaching experience in the field of communication technologies, coding theory, cryptography, and information security. Dr. Rhee has held a number of high level positions in both government and corporate sectors: President of Samsung Semiconductor Communications; President of Korea Telecommunications Company; Chairman of the Korea Information Security Agency at the Ministry of Information and Communication; President of the Korea Institute of Information Security and Cryptology; and Vice President of the Agency for Defense Development at the Ministry of National Defense.

Note: Product cover images may vary from those shown

RELATED PRODUCTS

Our Clients

Our clients' logos