1st Edition

Communication System Security

By Lidong Chen, Guang Gong Copyright 2012
    750 Pages 264 B/W Illustrations
    by Chapman & Hall

    Helping current and future system designers take a more productive approach in the field, Communication System Security shows how to apply security principles to state-of-the-art communication systems. The authors use previous design failures and security flaws to explain common pitfalls in security design.

    Divided into four parts, the book begins with the necessary background on practical cryptography primitives. This part describes pseudorandom sequence generators, stream and block ciphers, hash functions, and public-key cryptographic algorithms.

    The second part covers security infrastructure support and the main subroutine designs for establishing protected communications. The authors illustrate design principles through network security protocols, including transport layer security (TLS), Internet security protocols (IPsec), the secure shell (SSH), and cellular solutions.

    Taking an evolutionary approach to security in today’s telecommunication networks, the third part discusses general access authentication protocols, the protocols used for UMTS/LTE, the protocols specified in IETF, and the wireless-specific protection mechanisms for the air link of UMTS/LTE and IEEE 802.11. It also covers key establishment and authentication in broadcast and multicast scenarios.

    Moving on to system security, the last part introduces the principles and practice of a trusted platform for communication devices. The authors detail physical-layer security as well as spread-spectrum techniques for anti-jamming attacks.

    With much of the material used by the authors in their courses and drawn from their industry experiences, this book is appropriate for a wide audience, from engineering, computer science, and mathematics students to engineers, designers, and computer scientists. Illustrating security principles with existing protocols, the text helps readers understand the principles and practice of security analysis.

    Introduction
    Nodes, Links, and Layers
    Information Security Objectives and Protection Mechanisms
    Trust Model
    Threat Model
    Communication System Security

    PRACTICAL CRYPTOGRAPHY PRIMITIVES
    Pseudorandom Sequence Generators
    Feedback Shift Register Sequences
    Linear Spans and Berlekamp-Massey Algorithm
    Randomness Criteria of a PRSG
    Randomness Properties of m-Sequences
    Nonlinear Generators
    Blum-Blum-Shub (BBS) Generators
    Security Modes of PRSGs
    Known Attacks

    Design of Stream Ciphers
    Design Principles of Stream Ciphers
    Stream Ciphers in Communication Systems
    WG Stream Cipher
    Grain and Grain-Like Generators
    Trivium and Trivium-Like Generators
    Snow 3G
    AIDA/Cube Attacks

    Design of Block Ciphers, Hash Functions, and MAC
    Design Principles of Block Ciphers
    DES (Data Encryption Standard, NIST 1976)
    AES (Advanced Encryption Standard) Rijndael
    Encryption Modes
    Hash Functions
    Message Authentication Code (MAC)
    Birthday Attack and Time-Memory Trade-Off Attacks

    Public-Key Cryptographic Algorithms
    Security of Public-Key Cryptography
    Diffie-Hellman Key Exchange
    RSA Encryption and Digital Signature
    ElGamal Digital Signature Algorithm and Digital Signature Standard
    Elliptic Curve Digital Signature Algorithm (EC-DSA)
    Identity-Based Cryptography from Bilinear Pairing

    SECURITY MECHANISMS AND PROTOCOLS
    Security Infrastructure
    Infrastructure Support
    Authentication Server
    Certificate Authority
    Key Generation and Distribution Server
    Signing Server

    Establish Protected Communications
    Mutual Authentication
    Key Establishment
    Cryptographic Algorithm Negotiation
    Protected Communications

    Network Security Protocols
    Internet Security Protocols (IPsec)
    Transport Layer Security (TLS)
    The Secure Shell (SSH)
    Hop-by-Hop versus End-to-End Protection
    Intra-Domain versus Inter-Domain Protection
    Network Domain Security in Cellular Systems

    WIRELESS SECURITY
    Network Access Authentication

    Basic Concepts in Access Authentication
    Authentication and Key Agreement (AKA) in 3G and LTE
    Authentication, Authorization, and Accounting (AAA)
    Extensible Authentication Protocol (EAP)

    Wireless Network Security
    Special Aspects of Wireless Protection
    UMTS and LTE Air Link Protection
    IEEE 802.11 Security Solutions

    Security for Mobility
    Challenges in Establishing Protection for a Mobile Node
    Secure Handover in UMTS and LTE
    Options for Fast Authentication
    Secure Fast BSS Transition in IEEE 802.11
    Security in Mobile IP — Mobility Information Protection
    Media Independent Handover — Service Protection

    Broadcast and Multicast Key Distribution and Authentication
    Basic Models for Multicast Key Distribution
    Logic Key Tree Based Multicast Key Distribution
    Hash Chain Based Authentication
    Merkle Trees for Authentication

    SYSTEM SECURITY
    Trusted Platform

    The Platform
    Introduction to Trusted Platform
    Trust Principles and Basic Mechanisms
    Technologies and Methodologies for Trusted Platforms
    Trusted Platform in Practice

    Physical-Layer Security
    Shannon’s Perfect Secrecy
    Wyner’s Wiretap Channel
    Wiretap Codes for Achievable Secrecy Using Parity Check Codes
    Wiretap Codes for Achievable Secrecy Using Linear Codes
    Other Methods for Physical-Layer Security

    Spread-Spectrum Techniques for Anti-Jamming Attacks
    Some Basic Concepts of Digital Communications
    BPSK Direct-Sequence Spread-Spectrum Systems
    Frequency-Hopping Spread Spectrum
    The Jamming Attacks
    Code-Division Multiple Access (CDMA) and Jamming Capacity
    Bloom Filters and Or-Channel Schemes

    Appendix A: Computations in Finite Fields
    Appendix B: Some Mathematical Formulae
    Appendix C: Signals and Spectra in Physical Layer

    Index

    Notes, Exercises, and a Bibliography appear at the end of each chapter.

    Biography

    Lidong Chen is a mathematician in the Computer Security Division of the National Institute of Standards and Technology. She earned a Ph.D. in applied mathematics from Aarhus University. Dr. Chen was an associate editor of IEEE Communications Letters and has been a program committee member for numerous conferences in cryptography and security. Her research areas include cryptographic protocols, network security, and security in wireless and mobile applications.

    Guang Gong is a professor in the Department of Electrical and Computer Engineering at the University of Waterloo. She earned a Ph.D. in electrical engineering. Dr. Gong has been an associate editor of several journals, a co-chair and committee member of technical programs and conferences, and a recipient of awards such as the NSERC Discovery Accelerator Supplement Award and the Ontario Research Fund-Research Excellence Award. Her research interests are in the areas of sequence design, cryptography, and communication security.

    "For mathematicians, both students and researchers, the book gives comprehensive information about practical aspects of cryptography. … Each chapter is supplied with an appropriate number of exercises. They are well chosen to demonstrate and clarify the considered topics. A rich (but not excessively large) bibliography is given at the end of each chapter. This organization of the book is quite handy for the reader."
    —Nikolai L. Manev, Zentralblatt MATH 1263