Chapter 17 WIRELESS NETWORK SECURITY
o IEEE 802.11 Wireless LAN Overview
· The Wi-Fi Alliance
· IEEE 802 Protocol Architecture
· IEEE 802.11 Network Components and Architectural Model IEEE 802.11 Services
o IEEE 802.11i Wireless LAN Security
· IEEE 802.11i Services
· IEEE 802.11i Phases of Operation Discovery Phase
· Authentication Phase Key Management Phase
· Protected Data Transfer Phase
· The IEEE 802.11i Pseudorandom Function
o Wireless Application Protocol Overview
· Operational Overview Wireless Markup Language WAP Architecture
· Wireless Application Environment WAP Protocol Architecture
o Wireless Transport Layer Security
· WTLS Sessions and Connections WTLS Protocol Architecture Cryptographic Algorithms
o WAP End-to-End Security
◆ IEEE 802.11 is a standard for wireless LANs. Interoperable standards- compliant implementations are referred to as Wi-Fi.
◆ IEEE 802.11i specifies security standards for IEEE 802.11 LANs, includ- ing authentication, data integrity, data confidentiality, and key manage- ment. Interoperable implementations are also referred to as Wi-Fi Protected Access (WPA).
◆ The Wireless Application Protocol (WAP) is a standard to provide mobile users of wireless phones and other wireless terminals access to telephony and information services, including the Internet and the Web.
◆ WAP security is primarily provided by the Wireless Transport Layer Secu- rity (WTLS), which provides security services between the mobile device and the WAP gateway to the Internet.
◆ There are several approaches to WAP end-to-end security. One notable approach assumes that the mobile device implements TLS over TCP/IP and the wireless network supports transfer of IP packets.
This chapter looks at two important wireless network security schemes. First, we look at the IEEE 802.11i standard for wireless LAN security. This standard is part of IEEE 802.11, also referred to as Wi-Fi. We begin the discussion with an overview of IEEE 802.11, and we then look in some detail at IEEE 802.11i.
The remainder of the chapter is devoted to security standards for Web access from mobile wireless devices, such as cell phones.We begin this part of the chapter with an overview of the Wireless Application Protocol (WAP), which is a set of standards for communication between mobile devices attached to a cellular network and a Web server. Then we examine the Wireless Transport Layer Security (WTLS) protocol, which provides security between the mobile device and a gateway that operates between the cellular network and the Internet. Finally, we cover end-to-end security services between WAP devices and Web servers.