Preface xviiAcknowledgments xxiiiAbout the Companion Website xxvPart I Introduction and Mathematics Background 11 Introduction 31.1 General Computer Communication Network Architecture 31.1.1 Wired Communication Network Infrastructure 31.1.2 Wireless Communication Network Infrastructure 41.2 Different Types of Wireless Communication Systems 51.2.1 Classification of Wireless Communication Systems 51.2.1.1 Based on Coverage 51.2.1.2 Based on Topology 61.2.1.3 Based on Mobility 61.2.2 Wireless Personal Area Networks 71.2.3 Wireless Local Area Networks 71.2.4 Wireless Wide Area Networks 71.3 Network Security and Wireless Security 91.3.1 Network Security 91.3.2 Security Threats in Wireless Networks 101.4 Summary 112 Basic Network Security Concepts 132.1 Security Attacks 132.1.1 Passive Attacks 132.1.1.1 Eavesdropping 132.1.1.2 Traffic Analysis 142.1.2 Active Attacks 152.2 Security Services 162.2.1 Access Control 172.2.2 Authentication 172.2.3 Confidentiality 182.2.4 Integrity 182.2.5 Non-repudiation 192.2.6 Availability 192.3 Security Mechanisms 212.3.1 Encipherment 212.3.2 Authentication 212.3.3 Access Control 222.3.4 Digital Signature 222.3.5 Data Integrity 232.3.6 Traffic Padding and Routing Control 232.3.7 Notarization 242.4 Other Security Concepts 242.4.1 Levels of Impact 242.4.2 Cryptographic Protocols 252.5 Summary 253 Mathematical Background 273.1 Basic Concepts in Modern Algebra and Number Theory 273.1.1 Group 273.1.1.1 Abelian Group 283.1.1.2 Cyclic Group 283.1.2 Ring 293.1.3 Field 293.2 Prime Numbers, Modular Arithmetic, and Divisors 303.2.1 Prime Numbers 303.2.2 Modular Arithmetic 303.2.3 Divisors and GCD 313.2.4 Multiplicative Inverse 333.3 Finite Field and Galois Field 343.4 Polynomial Arithmetic 353.4.1 Ordinary Polynomial Arithmetic 353.4.2 Polynomial Arithmetic in Finite Fields 363.4.3 Modular Polynomial Arithmetic 373.4.4 Computational Considerations 393.4.5 Generating a Finite Field with a Generator 403.5 Fermat's Little Theorem, Euler's Totient Function, and Euler's Theorem 413.5.1 Fermat's Little Theorem 413.5.2 Euler Totient Function phi(n) 423.5.3 Euler's Theorem 433.6 Primality Testing 443.7 Chinese Remainder Theorem 463.8 Discrete Logarithm 483.9 Summary 49Part II Cryptographic Systems 514 Cryptographic Techniques 534.1 Symmetric Encryption 534.2 Classical Cryptographic Schemes 534.2.1 Classical Substitution Ciphers 544.2.1.1 Caesar Cipher 544.2.1.2 Monoalphabetic Cipher 554.2.1.3 Playfair Cipher 574.2.1.4 Polyalphabetic Cipher 584.2.1.5 Autokey Cipher 594.2.1.6 One-Time Pad 604.2.2 Classical Transposition Ciphers 604.2.2.1 Rail Fence Cipher 604.2.2.2 Row Transposition Cipher 604.2.2.3 Product Cipher 614.2.3 More Advanced Classical Ciphers 614.2.3.1 Rotor Machines 614.2.3.2 Steganography 614.3 Stream Cipher 624.3.1 Rivest Cipher 4 624.4 Modern Block Ciphers 634.4.1 Overview of Modern Block Ciphers 634.4.2 Feistel Block Cipher 644.4.2.1 Ideal Block Cipher 644.4.2.2 Feistel Cipher Structure 654.4.3 Block Cipher Design 674.5 Data Encryption Standards (DES) 674.5.1 Overview of DES 674.5.2 Initial Permutation (IP) 684.5.3 DES Round Function 694.5.3.1 DES S-Boxes 714.5.3.2 DES Permutation Function 724.5.4 DES Key Schedule 724.5.5 DES Security 744.5.6 Multiple Encryption and DES 754.6 Summary 765 More on Cryptographic Techniques 775.1 Advanced Encryption Standards 775.1.1 The AES Cipher: Rijndael 775.1.2 AES Data Structure 775.1.3 Details in Each Round 795.1.3.1 Substitute Bytes 795.1.3.2 Shift Rows 815.1.3.3 Mix Columns 815.1.3.4 Add Round Key 825.1.3.5 AES Key Expansion 825.1.3.6 AES Decryption 845.1.3.7 AES Implementation Aspects 845.2 Block Cipher Modes of Operation 855.2.1 Electronic Codebook (ECB) Mode 855.2.2 Cipher Block Chaining (CBC) Mode 865.2.3 Cipher Feedback (CFB) Mode 875.2.4 Output Feedback (OFB) Mode 885.2.5 The Counter (CTR) Mode 895.2.6 Last Block in Different Modes 905.2.7 XTS-AES Mode 905.3 Public Key Infrastructure 925.3.1 Basics of Public Key Cryptography 925.3.2 Public-Key Applications 945.3.3 Security of Public Key Schemes 945.4 The RSA Algorithm 955.4.1 RSA Key Setup 955.4.2 RSA Encryption and Decryption 965.4.3 RSA Security Analysis 965.4.3.1 Factoring Problem 975.4.3.2 Timing attacks 975.4.3.3 Chosen Ciphertext Attacks 975.5 Diffie-Hellman (D-H) Key Exchange 975.5.1 Finite-Field Diffie-Hellman 975.5.2 Elliptic-Curve Diffie-Hellman 985.5.3 Diffie-Hellman Key Exchange Vulnerability 985.6 Summary 996 Message Authentication, Digital Signature, and Key Management 1016.1 Message Authentication 1016.1.1 Message Authentication Functions 1016.1.2 Message Authentication Code 1026.1.3 Hash Functions 1036.1.4 Size of MAC and Hash Value 1046.2 MAC and Hash Algorithms 1056.2.1 Data Authentication Algorithm 1056.2.2 A Basic Hash Function Structure 1066.2.3 Secure Hash Algorithm (SHA) 1066.2.4 SHA-512 1076.2.4.1 SHA-512 Compression Function 1086.2.4.2 SHA-512 Round Function 1096.2.5 Whirlpool 1116.2.6 Other MAC Functions 1126.2.6.1 Keyed Hash Functions as MACs 1126.2.6.2 Cipher-Based MAC 1136.3 Digital Signature and Authentication 1146.3.1 Digital Signature Properties 1156.3.2 Digital Signature Standard and Algorithm 1166.3.3 The Elliptic Curve Digital Signature Algorithm 1176.3.3.1 ECDSA Domain Parameters 1176.3.3.2 ECDSA Private/Public Keys 1186.3.3.3 ECDSA Digital Signature Generation 1196.3.3.4 ECDSA Digital Signature Verification 1206.3.4 Authentication Protocols 1206.4 Key Management 1226.4.1 Key Distribution with Symmetric Key Encryptions 1226.4.2 Symmetric Key Distribution Using Public Key Cryptosystems 1236.4.3 Distribution of Public Keys 1246.4.4 Public Key Infrastructure 1266.4.5 X.509 Authentication Service 1266.5 Summary 128Part III Security for Wireless Local Area Networks 1297 WLAN Security 1317.1 Introduction to WLAN 1317.1.1 Wi-Fi Operating Modes 1317.1.2 Challenges in WLAN Security 1327.1.3 Tricks that Fail to Protect WLAN 1337.2 Evolution of WLAN Security 1337.3 Wired Equivalent Privacy 1357.3.1 WEP Access Control 1357.3.2 WEP Integrity and Confidentiality 1367.3.3 WEP Key Management 1367.3.4 WEP Security Problems 1377.3.4.1 Problems in WEP Access Control 1387.3.4.2 Problems in WEP Integrity 1387.3.4.3 Problems in WEP Confidentiality 1387.3.4.4 Problems in WEP Key Management 1397.3.5 Possible WEP Security Enhancement 1407.4 IEEE 802.1X Authentication Model 1407.4.1 An Overview of IEEE 802.1X 1407.4.2 Protocols in IEEE 802.1X 1417.4.3 Mapping the IEEE 802.1X model to WLAN 1437.5 IEEE 802.11i Standard 1437.5.1 Overview of IEEE 802.11i 1437.5.2 IEEE 802.11i Access Control 1437.5.3 IEEE 802.1i Key Management 1457.5.4 IEEE 802.11i Integrity and Confidentiality 1477.5.4.1 TKIP Mode 1477.5.4.2 AES-CCMP Mode 1487.5.5 Function Michael 1487.5.6 Weakness in 802.11i 1507.6 Wi-Fi Protected Access 3 and Opportunistic Wireless Encryption 1507.6.1 WPA3-Personal 1507.6.2 WPA3-Enterprise 1507.6.3 Opportunistic Wireless Encryption 1517.7 Summary 1528 Bluetooth Security 1538.1 Introduction to Bluetooth 1538.1.1 Overview of Bluetooth Technology 1538.1.2 Bluetooth Vulnerabilities and Threats 1548.1.2.1 Bluesnarfing 1558.1.2.2 Bluejacking 1558.1.2.3 Bluebugging 1558.1.2.4 Car Whisperer 1558.1.2.5 Fuzzing Attacks 1558.1.3 Bluetooth Security Services and Security Modes 1568.1.3.1 Bluetooth Security Services 1568.1.3.2 Bluetooth Security Modes 1568.2 Link Key Generation 1578.2.1 Link Key Generation for Security Modes 2 and 3 1578.2.2 Link Key Generation for Security Mode 4 1588.2.3 Association Model in Mode 4 1598.2.3.1 Numeric comparison 1598.2.3.2 Out-of-Band (OOB) 1608.2.3.3 Passkey entry 1628.3 Authentication, Confidentiality, and Trust and Service Levels 1638.3.1 Authentication 1638.3.2 Confidentiality 1648.3.3 Trust and Security Service Levels 1658.4 Cryptographic Functions for Security Modes 1, 2, and 3 1668.4.1 SAFER+ 1668.4.1.1 Overview of the SAFER+ Structure 1668.4.1.2 SAFER+ Round Function 1668.4.1.3 SAFER+ Key Schedule for 128-Bit Key 1688.4.2 Function E1(s) 1688.4.3 Function E21(s) 1708.4.4 Function E22(s) 1708.4.5 Function E3(s) 1718.4.6 Function E0(s) 1718.5 Cryptographic Functions in Security Mode 4 (SSP) 1738.5.1 Function P192(s) 1738.5.2 Function f1(s) 1748.5.3 Function g(s) 1748.5.3.1 Function f2(s) 1748.5.3.2 Function f3(s) 1748.6 Summary 1749 Zigbee Security 1779.1 Introduction to Zigbee 1779.1.1 Overview of Zigbee 1779.1.2 Security Threats Against Zigbee 1789.2 IEEE 802.15.4 Security Features 1799.2.1 Security Levels 1799.2.2 IEEE 802.15.4 Frame Structure 1809.3 Zigbee Upper Layer Security 1829.3.1 Zigbee Security Models 1829.3.2 Security Keys in Zigbee 1839.3.3 Zigbee Network Layer Security 1849.3.4 Zigbee Application Support Layer Security 1849.3.5 Other Security Features in Zigbee 1859.4 Security-Related MAC PIB Attributes 1879.5 Mechanisms Used in Zigbee Security 1889.5.1 AES-CTR 1889.5.2 AES-CBC-MAC 1899.5.3 Overview of the AES-CCM 1899.5.4 Nonces Applied to the Security Mechanisms 1899.5.5 Matyas-Meyer-Oseas Hash Function 1909.6 Summary 19110 RFID Security 19310.1 Introduction to RFID 19310.1.1 Overview of RFID Subsystems 19310.1.2 Types of RFID Tags 19310.1.3 RFID Transactions 19410.1.4 RFID Frequency Bands 19410.2 Security Attacks, Risks, and Objectives of RFID Systems 19510.2.1 Security Attacks to RFID Systems 19510.2.2 RFID Privacy Risks 19510.2.3 Security Objectives 19610.3 Mitigation Strategies and Countermeasures for RFID Security Risks 19610.3.1 Cryptographic Strategies 19610.3.1.1 Encryption 19610.3.1.2 One-Way Hash Locks 19610.3.1.3 EPC Tag PINs 19710.3.2 Anti-Collision Algorithms 19710.3.2.1 Tree-Walking 19710.3.2.2 The Selective Blocker Tag 19710.3.3 Other Mitigation Strategies 19810.3.3.1 Physical Shielding Sleeve (The Faraday Cage) 19810.3.3.2 Secure Reader Protocol 1.0 19810.4 RFID Security Mechanisms 19910.4.1 Hash Locks 19910.4.1.1 Default Hash Locking 19910.4.1.2 Randomized Hash Locking 20010.4.2 HB Protocol and the Enhancement 20010.4.2.1 HB Protocol 20010.4.2.2 HB+ Protocol 20210.4.2.3 HB++ Protocol 20310.5 Summary 205Part IV Security for Wireless Wide Area Networks 20711 GSM Security 20911.1 GSM System Architecture 20911.1.1 Mobile Station 20911.1.2 Base Station Subsystem 21011.1.3 Network Subsystem 21111.2 GSM Network Access Security Features 21211.2.1 GSM Entity Authentication 21211.2.2 GSM Confidentiality 21411.2.3 GSM Anonymity 21511.2.4 Detection of Stolen/Compromised Equipment in GSM 21511.3 GSM Security Algorithms 21511.3.1 Algorithm A3 21611.3.2 Algorithm A8 21611.3.3 Algorithm COMP128 21611.3.4 Algorithm A5 22011.3.4.1 A5/1 22011.3.4.2 Algorithm A5/2 22311.4 Attacks Against GSM Security 22511.4.1 Attacks Against GSM Authenticity 22511.4.1.1 Attacks Against GSM Confidentiality 22611.4.2 Other Attacks against GSM Security 22711.5 Possible GSM Security Improvements 22711.5.1 Improvement over Authenticity and Anonymity 22711.5.2 Improvement over Confidentiality 22811.5.3 Improvement of the Signaling Network 22811.6 Summary 22812 UMTS Security 22912.1 UMTS System Architecture 22912.1.1 User Equipment 22912.1.2 UTRAN 23012.1.3 Core Network 23112.2 UMTS Security Features 23112.3 UMTS Network Access Security 23212.3.1 Authentication and Key Agreement 23212.3.1.1 The AKA Mechanism 23212.3.1.2 Authentication Vector Generation 23412.3.1.3 AKA on the UE Side 23612.3.2 Confidentiality 23712.3.3 Data Integrity 23812.3.4 User Identity Confidentiality 23912.4 Algorithms in Access Security 24012.4.1 Encryption Algorithm f8 24012.4.1.1 Integrity Algorithm f9 24112.4.2 Description of KASUMI 24212.4.2.1 An Overview of KASUMI Algorithm 24212.4.2.2 Round Function Fi(s) 24412.4.2.3 Function FL 24412.4.2.4 Function FO 24412.4.2.5 Function FI 24512.4.2.6 S-boxes S7 and S9 24512.4.2.7 Key Schedule 24712.4.3 Implementation and Operational Considerations 24812.5 Other UMTS Security Features 24912.5.1 Mobile Equipment Identification 24912.5.2 Location Services 24912.5.3 User-to-USIM Authentication 24912.6 Summary 25013 LTE Security 25113.1 LTE System Architecture 25113.2 LTE Security Architecture 25313.3 LTE Security 25513.3.1 LTE Key Hierarchy 25513.3.2 LTE Authentication and Key Agreement 25713.3.3 Signaling Protection 25813.3.3.1 Protection of Radio-Specific Signaling 25913.3.3.2 Protection of User-Plane Traffic 25913.3.4 Overview of Confidentiality and Integrity Algorithms 25913.3.4.1 Confidentiality Mechanism 25913.3.4.2 Integrity Mechanism 26013.3.5 Non-3GPP Access 26113.4 Handover Between eNBs 26113.4.1 Overview 26113.4.2 Key Handling in Handover 26213.4.2.1 Initialization 26213.4.2.2 Intra-eNB Key Handling 26413.4.2.3 Intra-MME Key Handling 26513.4.2.4 Inter-MME Key Handling 26613.5 Security Algorithms 26813.5.1 128-EEA2 26813.5.2 128-EIA2 26913.5.3 EEA3 27013.5.4 EIA3 27113.6 Security for Interworking Between LTE and Legacy Systems 27313.6.1 Between LTE and UMTS 27313.6.1.1 Idle Mode Mobility from E-UTRAN to UTRAN 27313.6.1.2 Idle Mode Mobility from UTRAN to E-UTRAN 27413.6.1.3 Handover Mode from E-UTRAN to UTRAN 27513.6.1.4 Handover Mode from UTRAN to E-UTRAN 27613.6.2 Between E-UTRAN and GERAN 27713.6.2.1 Idle Mode 27713.6.2.2 Handover Mode 27713.7 Summary 278Part V Security for Next Generation Wireless Networks 27914 Security in 5G Wireless Networks 28114.1 Introduction to 5GWireless Network Systems 28114.1.1 The Advancement of 5G 28114.1.2 5GWireless Network Systems 28214.2 5G Security Requirements and Major Drives 28314.2.1 Security Requirements for 5GWireless Networks 28314.2.2 Major Drives for 5GWireless Security 28414.2.2.1 Supreme Built-in-Security 28414.2.2.2 Flexible Security Mechanisms 28514.2.2.3 Automation 28514.2.3 Attacks in 5G Wireless Networks 28614.2.3.1 Eavesdropping and Traffic Analysis 28614.2.3.2 Jamming 28614.2.3.3 DoS and DDoS 28714.2.3.4 Man-In-The-Middle (MITM) 28714.3 A 5G Wireless Security Architecture 28714.3.1 New Elements in 5G Wireless Security Architecture 28714.3.2 A 5G Wireless Security Architecture 28814.3.2.1 Network Access Security (I) 28814.3.2.2 Network Domain Security (II) 28914.3.2.3 User Domain Security (III) 28914.3.2.4 Application Domain Security (IV) 28914.4 5GWireless Security Services 28914.4.1 Cryptography in 5G 28914.4.2 Identity Management 29014.4.3 Authentication in 5G 29114.4.3.1 Flexible Authentication 29114.4.3.2 Authentication Through Legacy Cellular System 29114.4.3.3 SDN Based Authentication in 5G 29314.4.3.4 Authentication of D2D in 5G 29414.4.3.5 Authentication of RFID in 5G 29414.4.4 Data Confidentiality in 5G 29514.4.4.1 Power Control 29514.4.4.2 Artificial Noise and Signal Processing 29714.4.5 Handover Procedure and Signaling Load Analysis 29714.4.6 Availability in 5G 29714.4.7 Location and Identity Anonymity in 5G 30014.5 5G Key Management 30014.5.1 3GPP 5G Key Architecture 30014.5.2 Key Management in 5G Handover 30114.5.3 Key Management for D2D Users 30214.6 Security for New Communication Techniques in 5G 30314.6.1 Heterogeneous Network and Massive MIMO in 5G 30314.6.2 Device-to-Device Communications in 5G 30414.6.3 Software-Defined Network in 5G 30614.6.4 Internet-of-Things in 5G 30814.7 Challenges and Future Directions for 5G Wireless Security 30814.7.1 New Trust Models 30814.7.2 New Security Attack Models 30814.7.3 Privacy Protection 30914.7.4 Flexibility and Efficiency 30914.7.5 Unified Security Management 30914.8 Summary 31015 Security in V2X Communications 31115.1 Introduction to V2X Communications 31115.1.1 Generic System Architecture of V2X Communications 31115.1.2 Dedicated Short Range Communications 31215.1.3 Cellular Based V2X Communications 31315.2 Security Requirements and Possible Attacks in V2X Communications 31415.2.1 Security Requirements 31415.2.2 Attacks in V2X Communications 31515.2.3 Basic Solutions 31615.3 IEEEWAVE Security Services for Applications and Management Messages 31615.3.1 Overview of the WAVE Protocol Stack and Security Services 31615.3.2 Secure Data Service and Security Service Management Entity 31815.3.3 CRL Verification Entity and P2P Certificate Distribution Entity 31915.4 Security in Cellular Based V2X Communications 32015.4.1 LTE-V2X Communication Security 32015.4.2 5G-V2X Communication Security 32215.5 Cryptography and Privacy Preservation in V2X Communications 32315.5.1 Identity Based Schemes 32315.5.2 Group Signature Based Schemes 32515.5.3 Batch Verification Schemes 32615.5.4 Reputation and Trust Based Schemes 32715.5.5 Identity Anonymity Preservation 32815.5.6 Location Anonymity Preservation 32815.6 Challenges and Future Research Directions 32915.6.1 Highly Efficient Authentication Schemes 32915.6.2 Efficient Revocation Mechanisms 33015.6.3 Advancing OBU and TPD Technologies 33015.6.4 Advancing Cryptography and Privacy Preservation Schemes 33015.6.5 Advancing Solutions to HetNet, SDN, and NFV 33015.6.6 Advancing Artificial Intelligence in V2X Communication Security 33015.7 Summary 331References 333Index 345

Yi Qian, PhD, is a Professor in the Department of Electrical and Computer Engineering at the University of Nebraska-Lincoln, USA. He is a recipient of the Henry Y. Kleinkauf Family Distinguished New Faculty Teaching Award in 2011, the Holling Family Distinguished Teaching Award in 2012, the Holling Family Distinguished Teaching/Advising/Mentoring Award in 2018, and the Holling Family Distinguished Teaching Award for Innovative Use of Instructional Technology in 2018, all from University of Nebraska-Lincoln, USA.Feng Ye, PhD, is an Assistant Professor in the Department of Electrical and Computer Engineering at the University of Dayton, USA. He received his PhD from the University of Nebraska-Lincoln, USA, in 2015. He is the author or co-author over 60 technical papers.Hsiao-Hwa Chen, PhD, is Distinguished Professor in the Department of Engineering Science at the National Cheng Kung University in Taiwan. He received his PhD from the University of Oulu, Finland, in 1991. He is the author or co-author of over 400 technical papers.