Session 11

Cryptography and Security Services: Mechanisms and Applications

Manuel [email protected]

M. Mogollon – 1

Session 11Wireless Security

M. Mogollon – 2Wireless WIMAX Wi-Fi Bluetooth

Session 12 – Contents

• Types of Wireless Networks— Wireless Metropolitan Area Networks (WMAN) - WiMax— Wireless Local Area Networks (WLAN) / Wi-Fi— Wireless Personal Area Network (WPAN)

– Bluetooth— Low-Rate Wireless Personal Area Network (LR-WPAN)

– Zigbee


Out

side

Cam

pus

Fixed

Walk

Vehicle

With

in C

ampu

s

Fixed/Desktop

Walk Leve

l of M

obili

ty CD

MA

20003XR

T

WIM

AX

(MIM

O) LAN

802.11n(M

IMO

)

The Wireless Landscape

Wireless Wide Area Network (WWAN)

• Metro/Geographical area• “Always On” Services• Ubiquitous public connectivity

with private virtual networks

Wireless Personal Area Network (WPLAN)

• Small form factor, low-cost, short range, low power, radio technology.

• Developed to link portable devices without cables.

• Non-licensed spectrum

4G

Mbps2 54 2000.1

Bluetooth

CD

MA

2000 1XRT

Wireless Local Area Nework (WLAN), and

Wireless Metropolitan Area Network (WMAN),

• Public or Private Site or Campus• Enterprise.• Non-licensed spectrum

78 1000

Zigbee

0.25

Low-Rate Wireless Personal Area Network (LR-WPAN)

• General-purpose, inexpensive, self-organizing mesh network.

• Low data rates and low power consumption; a year or two with a single alkaline battery.


Wireless Networks

250 KbpsApproximately 150 feet radius

IEEE 802.15.4LR-WPAN (Low-Rate Wireless Personal Area Networks) – Zigbee

1, 2, or 3 Mbps

Approximately 30 feet radius

IEEE 802.15WPAN (Wireless Personnal Area Network) – Bluetooth

54 MbpsApproximately 300 feet radius

EEE 802.11WLAN (Wireless Local Area Network) – WiFi

78 MbpsApproximately 30 miles radius

IEEE 802.16IWMAN (Wireless Metropolitan Area Network) - WIMAX

Data RateRangeStandardNetwork


WIMAX• WIMAX is very similar to a Wi-Fi but it operates at higher speeds, over greater

distances, and for a greater number of users. • From the point of view of the infrastructure, a WiMAX network is similar to a cellular

network.— A based station covers a very large area and can simultaneously operate as a subscriber station

and as a base station in a full mesh network using a line-of-sight link. — A subscriber station, which could be a small WIMAX receiver box, or a mobile station.

• WIMAX operates in two primary bands, the 10-66 GHz band used where line-of sight is necessary, and the licensed and un-licensed frequencies of 2 – 11 GHz for those physical environments where line-of-sight is not necessary.

• WIMAX also supports subscriber stations moving at vehicular speeds.— The spectrum at 2.5 GHz and below (2.5 GHz, 1.5GHz, 700MHz, etc.) is used because it has

better characteristics for full mobility deployment. • WIMAX throughput is around 38 Mbit/sec when using orthogonal frequency division

multiplexing (OFDM), and 78 Mbit/sec when OFDM is combined with multiple-input multiple-output (MIMO) antenna processing technology.

• WiMAX expands the availability of broadband service to residences, businesses and other locations with a high cost of wire deployment.— Low-density rural locations in developed countries— Emerging markets where user connectivity is sporadic.


WIMAX Network

Base Station 2

Base Station 1

Subscriber Station

Subscriber Station

Subscriber Station

Subscriber Station

CarrierBase Station 1 is acting as client to Base Station 2

Line of sight, 10 – 66 GHz band, 38 to 78

Mbit/sec

Fiber Optics


WIMAX Security

• WIMAX provides subscribers with privacy, authentication, and confidentiality across the broadband wireless network.

• WIMAX security has three component protocols as follows:— Secure encapsulation of the data exchanged.— Authentication for the subscriber station (SS) to obtain authorization

and traffic keying material from the base station (BS); also supports periodic reauthorization and key refresh.

— A privacy key management protocol (PKM) to provide the secure distribution of keying data from the BS to the SS.


WIMAX Key Generation

• The Privacy Key Management authentication protocol establishes a shared secret key, called an Authorization Key (AK), between the SS and the BS.

• Either RSA or EAP methods are used to generate the AK (Slide 8)• The Authorization Key is then used, by both the BS and the SS, to

generate MAC Keys, HMAC Keys and Key Encrypting Keys (KEK). (Slide 9).

• The KEK is used to encrypt keys for transport from the BS to the SS.

• The BS randomly generates the Traffic Encryption Key (TEK), enciphers it using KEK, and sends it to the SS in the TEK exchange. KEK and TEK have 128-bit lengths. The TEK-128 is encrypted with AES Key Wrap. (Slide 10).


WIMAX Key Generation

MSK= Master Session KeyPMK= Pairwise Master KeyAK = Authorization Key

Optional EIK

MSK -512-bit Primary Authorization Key transferred to SS by EAP method during the

authentication exchange

Truncate (MSK, 160)

PAK (160 bits)

Dot16KDF(PMK, SS MAC Address|BSID| AK, 160)

AK

PMK

MSK

Pre-PAK – 256-bit Primary Authorization Key transferred

from BS to SS using RSA during the authorization process

Dot16KDF(PAK, SS MAC Address|BSID| AK, 160)

AK

PAK

Pre-PAK

Dot16KDF(pre-PAK, SS MAC Address|BSID| EIK+PAK, 320)

EIK (160 bits) PAK (160 bits)

EIK

PAK = Primary Authorization KeyEIK = EAP Integrity KeyAK = Authorization Key


WIMAX Key Hierarchy

AK – 160-bit Authentication Key (AK) context

KEK

Dot16KDF(AK, SS MAC Address|BSID| CMAC_KEYS+KEK, 384)

CMAC_KEY_D

CMAC_KEY_U(128 bits)

KEK(64 or 128 bits)

CMAC_KEY_D(128 bits)

CMAC_KEY_U

Dot16KDF(AK, SS MAC Address|BSID| HMAC_KEYS+KEK, 448)

HMAC_KEY_U(160 bits)

KEK(128 bits)

HMAC_KEY_D(160 bits)

KEKHMAC_KEY_DHMAC_KEY_U

MAC Mode

HMACCMAC

MAC = Message Authentication CodeCMAC_KEY_U = Uplink CMAC KeyCMAC_KEY_D = Downlink CMAC KeyKEK = Key Encrypting Key

CMAC = Cipher MAC (MAC based on block cipher)HMAC_KEY_U = Uplink HMAC KeyHMAC_KEY_D = Downlink HMAC KeyKEK = Key Encrypting Key


WIMAX TEK and Group Keys

Derived by the BSKEK

TEKRNG Encryption Send to SS

KEK

GKEKRNG Encryption Send to SS

GKEK

GTEKRNG Encryption Send to SS

RNG = Random Number GeneratorTEK = Traffic Encrypting Key (64 or 128 bits)GKEK = Group Key Encryption KeyGTEK = Group Traffic Encrypting Key


Security Associations

• Security associations in WIMAX are used in the same way and have the same meaning as the security associations used in IPSec, as well as the security capabilities used in TLS and SSL.

• A Security Association (SA) associates the security parameters with the traffic to be protected.

• Once the SA for a specific connection is defined, it is assigned an identifier, the Security Association ID (SAID).

• When a connection is established between a BS and an SS, the two need to agree on, among other things, the following:— The encryption and authentication algorithms.— The crypto keys, the key sizes, and key lifetimes. — How to exchange keys, the initialization values, and other related security

parameters.


WIMAX Authorization and AK Exchange

Subscriber Station

Base StationAuthentication Information

• The authentication information message is strictly informative. It contains the SS X.509 certificate.

• A pre-PAK or MSK encrypted with the SS public key.• A 4-bit sequence number used to distinguish successive

generations of Pre-PAK or MSK.• A key lifetime.• The SAID used by the SS to obtain keying information.

Authorization Request• SS X.509 certificate.• List of crypto suites (security associations’ IDs) supported

by the SS.• SS Connection Identifier (CID).

Authorization Replay

Authentication Key

SS and BS create the PAK or PMK, and from the PAK or PMK derive the 160-bit AK.

Authentication Key

Creating the PAK or PMK and AK)


WIMAX Re-Authentication & TEK Exchange

Subscriber Station

Base Station

Re-Authentication• The SS sends re-authentication request signed by HMAC or

CMAC.

• The BS generates TEK as a random number and enciphers it using a wrapping algorithm keyed with the KEK.

• The BS sends the encrypted TEK to SS.• SS deciphers the encrypted TEK using the wrapping

algorithm keyed with KEK.

Key Request• SS requests a TEK.

Key Replay

SS and BS create CMAC or HMAC and KEK

Creating CMAC or HMAC and KEK

BS and SS are ready to send encrypted information using the data encryption algorithm specified in the cipher suite keyed with TEK.

Exchanged ciphertext messages are authenticated using HMAC or CMAC.


WIMAX Cryptographic Suites

ReservedAll remaining values

AES Key Wrap with 128-bit keyNo data authenticationMBS CTR mode 128 bits AES0x800004

AES ECB mode with 128-bit keyNo data authenticationMBS CTR Mode 128 bits AES0x800003

ECB mode AES with 128-bit keyNo data authenticationCBC-Mode 128-bit AES0x030003

AES Key Wrap with 128-bit keyCCM-ModeCCM-Mode 128bits AES0x020104

ECB mode AES with 128-bit keyCCM-Mode, 128-bitCCM-Mode 128-bit AES0x020103

RSA, 1024No data authenticationCBC-Mode 56-bit DES0x010002

RSA, 1024No data authenticationNo data encryption0x000002

3-DES, 128No data authenticationCBC-Mode 56-bit DES0x010001

3-DES, 128No data authenticationNo data encryption0x000001

TEK ExchangeData AuthenticationData EncryptionValue


WIMAX AES Residual Termination Block Processing

EK EK DK DK

Cn-1Pn-1

Pn-1

++

++

Cn-1

Pn Ö

cn-2Cn Ö

Pn CCn Ö

Cn C

Pn = Last plaintext block Pn-1 = Next to last plaintext blockCn = Last ciphertext block Cn-1 = Next to last ciphertext blockEK = Encryption with key K DK = Decryption with key K

b = Block size a = Number of bits in Pn

Ö = Padded bits C = Ciphertext of Ö

(b – a) bitsa bits

cn-2

b bits


Wireless LAN (WLAN) - WiFi

WLAN – AP

Subnet “B”

Roam From One tothe other

Subnet “A”

WLAN Security Switch

TerminalWLAN Mobile

Adaptor

TerminalPDA

WLAN – APWLAN – AP

WLAN – AP

WLAN Mobile Adaptor

PDA


IEEE 802.11 Standards

ESS Mesh NetworkingIEEE 802.11s

WAVE - Wireless Access for the Vehicular Environment (such as ambulances and passenger cars)

IEEE 802.11p

802.11n builds upon previous 802.11 standards by adding MIMO (multiple-input multiple-output) and orthogonal frequency-division multiplexing (OFDM). MIMO uses multiple transmitter and receiver antennas to allow for increased data throughput.

IEEE 802.11n

Enhanced security (2004)IEEE 802.11i

Spectrum Managed 802.11a (5 GHz) for European compatibility (2004)IEEE 802.11h

54 Mbit/s, 2.4 GHz standard (backwards compatible with b) (2003)IEEE 802.11g

Enhancements: QoS, including packet bursting (2005)IEEE 802.11e

International (country-to-country) roaming extensions (2001)IEEE 802.11d

Bridge operation procedures; included in the IEEE 802.1D standard (2001)IEEE 802.11c

Enhancements to 802.11 to support 5.5 and 11 Mbit/s (1999)IEEE 802.11b

54 Mbit/s, 5 GHz standard (2001)IEEE 802.11a

The original 1 Mbit/s and 2 Mbit/s, 2.4 GHz RF and IR standard (1999)IEEE 802.11


IEEE 802.11 Security Services

• Authentication— Open System— Shared Key

• Confidentiality— WEP

• Access control in conjunction with layer management.• Secure Roaming


WEP Encapsulation

RC4Initialization Vector (IV)

Secret Key (40, 104, 128)||

Header Payload

CRC-32Integrity Check Value

(ICV)

||

Keystream

Header IV Key Number Encrypted Payload ICV

WEP Frame

+ Encrypted Payload ICV

802.11 Frame


IEEE 802.11i• Several reports were written revealing 802.11 security weaknesses. • In June 2004, the IEEE Standards Association approved the IEEE 802.11i a

security enhancement amendment to the original IEEE 802.11 specification.• The IEEE 802.11i amendment added stronger encryption, authentication,

and key management strategies for wireless data and system security.• The amendment proposed two new data-confidentiality upgrades:

— An interim software upgrade solution that didn’t need hardware upgrades– The Temporal Key Integrity Protocol (TKIP)

— A final solution with different hardware and, therefore, not compatible with the previous version of WEP.– CTR [counter mode] with CBC-MAC [cipherblock chaining (CBC) with a message

authentication code (MAC)] Protocol (CCMP), and IEEE 802.1X's to control access to the network.

• The 802.11i amendment also provided improvement for the following security issues: — Key management— Data origin authenticity— Replay detection


EAP-TLS EAP-TTLSEAP-MD5PEAP

Auth

entic

atio

n Plus others such as EAP-SIM, EAP-FAST and LEAP

EAP Implementations

Encr

yptio

n &

Inte

grity

EAP

Port Control

TKIP

802.1X

RC4

CCMP

802.1X

AESEncryption Cipher

802.1X

WEP

RC4

802.11IEEE 802.11i (RSN)

WPA/WPA2

802.11i (RSN)

WPA2WI-FI Alliance

Encryption Algorithm

Enterprise

RADIUS Servers Cisco ACS, Microsoft IAS, FreeRADIUS, Juniper SBR

User Credentials EitherCertificates Username/Password EitherEither

WPA2 released: 09/2004 802.11i ratified: 06/2004WPA released: 04/2003802.11 ratified: 06/1997

WPA2 cipher suite is indicated in the Robust Security Network (RSN) Information Element.

Also, supported by WPA but not certified in, as CCMP(AES). Hence some vendors implement WPA with AES.

Integrity Algorithm MIC

802.11 Security Framework

PSK PersonalWI-FI Alliance Modes:


TKIP Encapsulation

TATK

TSC

TTAK

DA + SA + Priority + Plaintext MSDU Data

MIC Key MichaelPlaintext MSDU + MIC

Fragment(s) (if

necessary)

Phase 1 Key

Mixing Phase 2 Key

Mixing

WEP SeedIV

RC4 Key RC4(128 bits)

Ciphertext MPDU

TA = Transmitter Address TK = Temporary KeyTSC = TKIP Sequence Counter MIC = Message Integrity CodeDA = Destination Address SA = Source Address


CBC – MAC Authentication

+

Input Block 1

CIPHK

Output Block 1

B0

Formatting Encoding Function

+

Input Block 2

CIPHK

Output Block 2

B1

+

Input Block r

CIPHK

Output Block r

Br

Y0 = CIPHK(B0) Y1 = CIPHK(Y0 XOR B1) Yr = CIPHK(Yr -1 XOR Br)

Input Data (N, A, P) Output Data (B0, B1, B2, ……, Br)

r = The number of blocks in the formatted input data (N, A, P).Yr = The CBC-MAC resultMSBs(X) = The bit string consisting of the s left-most bits of the bit string

X.T = The MAC that is generated as an internal variable in the

CCM processes.Tlen = The bit length of the MAC.

T = MSBTlen(Yr)


CtrmCtr1Ctr0

Counter (CTR) Mode Encryption

Input Block 1

CIPHK

Output Block 1

Flag, N, Counter 1

Enc

rypt Input Block 2

CIPHK

Output Block 2

Input Block m

CIPHK

Output Block m

Flag, N, Counter 2

Flag, N, Counter m

S0 = CIPHK(Ctr0). S1 = CIPHK(Ctr1). Sm = CIPHK(Ctrm).

m = The number of blocks in the formatted payload, equal to Plen/128.Plen = The bit length of the payload.MSBs(X) = The bit string consisting of the s left-most bits of the bit string X.T = The MAC that is generated as an internal variable in the CCM

processes.Tlen = The bit length of the MAC.

S = S1 || S2 || …….|| Sm

||

Confidentiality Authentication

))(( SMSBPC Plen ))( 0SMSBT Tlen


IEEE 802.1X EAP Authentication

802.1X EAP Request

Supplicant(Station)

Authenticator (Access Point)

Authentication Server (Radius)

802.1X EAP ResponseAccess Request (EAP Request)

EAP Authentication Access Protocol (Exchange PMK)

Accept / EAP Success / Key Material (PMK)

802.1X EAP Success

802.1X EAP Start

At this moment the 802.1X Controlled Port is still blocked to

the station


4-Way HandshakeSupplicant

(Peer, Client)Authenticator (Access Point)

PMK is known-generate SNonce

Message 1 EAPOL – Key (ANonce, Unicast)

PMK is known-generate ANonce

Message 2 EAPOL – Key (SNonce, Unicast, MIC)

Message 3 EAPOL – Key (Install PTK, Unicast, MIC, Encrypted GTK)

Message 4 EAPOL – Key (Unicast, MIC)

Derive PTK

Install PTK and GTK Install PTK

Derive PTK. If needed, generate

GTK.


Pairwise and Group Key Hierarchy

Pairwise Master Key (PMK)

Pairwise Transient Key (PTK)TKIP 512 bitsCCM 384 bits

EAPOL-Key Key Confirmation Key

(KCK) L(PTK 0-127)

EAPOL-Key Key Encryption Key

(KEK)L(PTK 128-255)

Temporal KeyTKIP L(PTK 256-511)CCMP L(PTK 256-383

PRF- X(PMK, Pairwise key expansion, AA, SPA, ANonce, SNonce)

AA = Authenticator AddressSPA = Supplicant AddressANonce = Authenticator’s NonceSNonce = Supplicant’s NonceGNonce = Group’s Nonce


Pairwise and Group Key Hierarchy

Group Master Key (GMK)

Group Temporal Key (GTK)(X bits)

Temporal KeyTKIP L(PTK 0-255)CCMP L(PTK 0-127

PRF- X(GMK, “Group key expansion”, AA || GNonce)

AA = Authenticator AddressSPA = Supplicant AddressANonce = Authenticator’s NonceSNonce = Supplicant’s NonceGNonce = Group’s Nonce


Securing WLAN

• Use Wireless Security Switches• Use Strong Encryption• Turn Off SSID Broadcasting• Change the Default Administrative Password and SSID• Turn Off the System• Use MAC Filtering• Control the Wireless Signal Output• Use VPN• Use WLAN Audits


Bluetooth• Conceived as a low-cost, low-profile, low-power, short-range radio

technology, open standard.• Designed to create small wireless networks for interconnecting

devices such as wireless headsets, printers, keyboards, and mice.• Used to enhance wireless connectivity by connecting almost any

device to any other device.• Works as an ad-hoc network, typically created on a temporary and

random basis.• Consists of up to eight Bluetooth devices in a network, called a

piconet, working in a master-slave relationship, with one device designated as master and the rest as slaves.

• Employs a dynamic topology in which the master controls and reconfigures the changing network topologies.

• Creates a chain of piconets, referred to as a scatter-net, in which a slave from one piconet acts as the master of another piconet.


Bluetooth Frequency and Power Operation

Less than 30 feetN/A1 mW3

Up to 30 feet1 mW2.5 mW2

Up to 300 feet1 mW100 mW1

RangeMin Output PowerMax Output PowerPower Class

• Bluetooth operates in the 2.4 GHz industrial, scientific, and medical (ISM) non-license spectrum.

• The system uses frequency-hopping, spread spectrum (FHSS) transmission.

• Devices in a piconet use a specific hopping pattern of 79 frequencies in the ISM band that changes frequency about 1,600 times per second.

• The master device controls and sets up the network’s pseudo-random, frequency-hopping sequence, and the slaves synchronize to the master.


Bluetooth Security

128 bitsRandom number

8 – 128 bitsPrivate user key, encryption configurable length (byte-wise)

128 bitsPrivate user key (Link Key), authentication

48 bitsBluetooth device address

Bit LengthVariable

• Provides confidentiality and authentication for peer-to-peer communications over short distances.

• Four variables are used for security:— Bluetooth device address— Two secret keys— A pseudo-random number that is regenerated for each new transaction.


Bluetooth Key Generation

Key Generator Function E2

BD_ADDR, PIN, PIN length, IN_RAND

Kinit


BD_ADDR, RAND

KA CA


BD_ADDR, PIN, PIN length, IN_RAND

Kinit


BD_ADDR, RAND

KBCB

initBB KCK initAA KCK

BAAB KKK BAAB KKK


EN_RAND, COF, Link Key (KAB)

KC


EN_RAND, COF, Link Key (KAB)

KC

KAB = Link Key

KC = Encryption Key

Bluetooth Device 1 Bluetooth Device 2

++


Bluetooth Authentication

Random Number Generator (RNG)

Abort Connection

Allow Connection

Bluetooth Device 1(Claimant)

Bluetooth Device 2(Verifier)

Address BD_ADDR

Link Key(Kab)

Link Key (Kab)

E1 Encryption Algorithm


Same?No

Yes

ACOSRES

SRESACO

96 bits 32 bits 96 bits32 bits

AU_RAND

ACO = Authentication Ciphering OffsetLink Key = Link Key (128 bits)AU_RAND = Authentication Random Number (128 bits)BD_ADDR = Bluetooth Device 1 (Claimant) Address (48 bits)


KC (128 bits)

KC (128 bits)

Bluetooth Encryption

Ciphertext (Packet)

EN_RANDA

ClockA = Master Real-Time Clock (26 bits)EN_RAND = Encryption Random Number (128 bits)BD_ADDR = Bluetooth Device A (Master) Address (48 bits)K’C = Encryption Key (128 bits)Constant = 111000 (6 bits)

Key Generator

Function (E3)


Link Key

COF

Bluetooth Device A(Master)

Random Number Generator (RNG)

Key Generator

Function (E3)


Link Key

COF

BD_ADDRA

Bluetooth Device B(Slave)

ClockA ClockA

Plaintext (Packet) + Plaintext

(Packet)+

111001111001

Key Reduction Expansion Function

K’C

(128 bits)

Key Reduction Expansion Function

K’C(128 bits)


Bluetooth Encryption Engine

LFSR1

LFSR2

LFSR3

LFSR4

c0t

x4t

x3t

x2t

x1t

x4t

x3t

x2t

x1t

XOR

++

T1

T2

XOR

Yt

Ct

Ct + 1

Z-1

Z-1

St + 1

1bit

3 bits

2 bits

2 bits

2 bits

2 bit

3 bits

2 bits

2 bits/2

Encryption Stream Zt

(1 bit)

Summation Combiner Logic

Initi

al V

alue

Blend


Bluetooth Encryption Engine Initialization

33 - 39

31 X1t

+36

+28

+4

+

33

31 X4t

+24

+28

+4

+

25 - 31

24 X3t

+16

+24

+12

+

25

24 X2t

+8

+20

+12

+ADR[2] CL[1] K’C[12] K’C[8] K’C[4] K’C[0] CL24

ADR[3] ADR[0] K’C[13] K’C[9] K’C[5] K’C[1] CL[0]L 001

ADR[4] CL[2] K’C[14] K’C[10] K’C[6] K’C[2] CL25

ADR[5] ADR[1] K’C[15] K’C[11] K’C[7] K’C[3] CL[0]u 111

CL[0]L = CL3 CL2 CL1 CL0 (4 bits)

CL[0]u = CL7 CL6 CL5 CL4 (4 bits)ADR[n], CL[n], K’c[n] have 8 bitsCLn has 1 bit


Bluetooth Encryption Engine Run-up

Z[3] Z[7] Z[11] Z[14] Z[15] 7 - 1

31 X1t

+36

+28

+4

+

Z[2] Z[6] Z[10] Z[13]

31 X4t

+24

+28

+4

+

Z[1] Z[5] Z[9] Z[12]7- 1

24 X3t

+16

+24

+12

+

Z[0] Z[4] Z[8]

24 X2t

+8

+20

+12

+

Z[15]0

Z[12]0


To Probe Further• Bluetooth Special Interest Group (SIG) – 2004, “Specification of the Bluetooth System V2.” Retrieved on

December 19, 2005, from https://www.bluetooth.org/spec/• Dworkin, M (December 2001). Recommendation for Block Cipher Modes of Operation Methods and Techniques.

NIST Special Publication 800-38A. Natl. Inst. Stand. Technol. Retrieved December 19, 2005, from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf

• Dworkin, M (May 2005). Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. NIST Special Publication 800-38B. Natl. Inst. Stand. Technol. Retrieved December 21, 2005, from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf

• Dworkin, M (May 2004). Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. NIST Special Publication 800-38C. Natl. Inst. Stand. Technol. Retrieved December 21, 2005, from http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf

• Fluher, S., Mantin, I., and Shamir, A. (2001). Weaknesses in the Key Scheduling Algorithm of RC4. 8th Annual Workshop Selected areas in Cryptography. August 2001.

• IEEE Std 802.16e – 2005, “Part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems .”• IEEE Std 802.15.1 – 2005, “Part 15.1: Wireless medium access control (MAC) and physical layer (PHY)

specifications for wireless personal area networks (WPANs).”• IEEE Std 802.11i – 2004, “Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)

specifications Amendment 6: Medium Access Control (MAC) Security Enhancements.”• Karygiannis, T, Owens L. (2002). Wireless Network Security, 802.11. Bluetooth and Handheld Devices. NIST

Special Publication. Downloaded on November 15, 2004, from http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf

• Shinder, D. (2005). 10 Ways to Wireless Security. Tech Republic. Retrieved October 10, 2005, from http://insight.zdnet.co.uk

• Wi-Fi Security – Addressing Concerns. Hewlett Packer. Downloaded on October 10, 2003 from http://h50012.www5.hp.com/createuse/learning/ITguide_planning.asp

Documents

Session 11