Wireless security is built on a collection of cryptographic algorithms and security primitives providing the algorithmic underpinnings for the security services and supporting systems discussed in Chapter 1. The same algorithms that are used for wireless security are also used for Internet security in general. The differences primarily stem from how the algorithms are used in wireless and mobile Internet systems, which is the topic of future chapters. In this chapter, we review security algorithms and primitives that are common to both wireless security systems and Internet security systems in general.

Much of the material in this chapter is available from other sources in more detail than presented here. The material here is intended to present an overview of the cryptographic algorithms and security primitives commonly found in wireless Internet security systems. Before selecting an algorithm for design work, however, a more complete reference should be consulted. It is particularly important that the vulnerabilities of the algorithms are well understood. Uncompensated weaknesses or algorithms that are used in an inappropriate manner may result in opportunities for attack. Detailed information about the cryptographic algorithms and security primitives discussed in this chapter can be found in the books (Menezes, Oorschot, & Vanstone, 1997) and (Kaufman, Perlman, & Speciner, 2002). In addition, Wikipedia is an excellent reference on different cryptographic algorithms, for example (Wikipedia, 2008b) on the RSA public key algorithm. Wikipedia pages can be found simply by searching online in Wikipedia using the algorithm name as the key.

Private wired access networks, such as a local area network deployed by a company typically require a user to be located in a particular physical facility for the terminal to access a physical data port. Physical access to the premises is therefore required for network access; so many companies depend on physical access control to regulate wired network access. With private wireless access networks on the other hand, access to a specific physical location is not always necessary for network access. The radio signals from wireless access points typically cover a roughly circular area of best reception. If part of the area of best reception lies outside of the physical space controlled by physical access control devices such as keys and key cards, it is possible for an attacker to gain access to an unprotected network by simply setting up a terminal in the parking lot. Modifying a wireless access deployment to confine wireless signal reception to the inside of a building is not usually possible. Radio propagation is difficult to control and some wireless signal is always available outside the area of best reception. An attacker could even take advantage of a weak signal to gain unauthorized access. Wireless private networks, unlike wired networks, therefore require some kind of network access control system to verify the identity of prospective network users.

After the wireless terminal has successfully obtained network access at the link layer, the next step is to obtain an IP address, last hop router address, and other parameters that allow the terminal to obtain routing service at the network layer. In turn, the last hop router uses address resolution to map the IP address of the wireless terminal to its link layer address so packets can be delivered from the Internet to the wireless terminal. Local IP subnet configuration and address resolution have a separate set of security issues that are independent from network access authentication. Even if a terminal is authenticated as a legitimate user and is authorized for service at the link layer by network access control, a rogue terminal can launch attacks on the local IP subnet configuration and address resolution processes of other terminals if these processes are not adequately secured.

In this chapter, we discuss the security of local IP subnet configuration and address resolution. After a short look at the impact of the Internet routing and addressing architecture on mobility and how that relates to local IP subnet configuration and address resolution, we briefly review the protocols for local IP subnet configuration and address resolution in IP networks, both for IPv4 and IPv6. We then discuss threats to the local IP subnet configuration and address resolution processes. We develop a functional architecture for IP subnet configuration and address resolution security based on the threat analysis and the existing protocols.

Once a wireless terminal has cleared network access control, obtained an IP address on the local subnet, and has routing service for IP packets between the terminal and the network, the terminal has access to the higher-level services available on the global Internet – Web pages, IP telephony, streaming video and the like. From the point of view of routing and packet delivery service, a wireless terminal is no different than a wired terminal. A desktop PC connected to the Internet through DSL must go through a similar process to get Internet access as a wireless terminal and the resulting routing and packet delivery service is basically the same. Unlike the user of a desktop PC, however, the user of a wireless terminal is free to move the terminal to a new location. Such a movement may cross an invisible line in the access network topology between a geographical area where the current IP address continues to provide packet delivery service and where the address stops functioning. In other words, the terminal moves from one IP subnet to another causing IP handover to occur.

If the user's mobility patterns conform to the nomadic usage model discussed in Chapter 4, then starting network access control and local IP subnet configuration from the beginning are adequate for initiating routing and packet delivery service in the new subnet.

Users of wireless Internet services have a reasonable expectation that their activities are protected from eavesdropping and snooping by attackers even when confidentiality protection is not in use. All Internet traffic contains identifiers that allow application, transport, and network protocols to keep track of important entities and interactions. From a technical standpoint, privacy means that these identities are not traceable back to information allowing an eavesdropper to identify the user. If the identities are additionally masked from one or both endpoints in the protocols, then the communication is also anonymous. Privacy and anonymity are important security properties for certain types of transactions, and are different from confidentiality discussed in Chapter 1. The contents of a communication between two hosts can be protected by encryption to provide confidentiality from eavesdropping, while the identities of the two hosts are still exposed through unencrypted information necessary for routing. For wireless Internet communication, location privacy means that the geographic location of a particular wireless terminal cannot be inferred from the contents of the terminal's traffic or from unencrypted identifiers. As for general privacy, location anonymity means that the location is masked from endpoints as well as from eavesdroppers. Location privacy and location anonymity are issues for fixed terminals too, but because users typically carry wireless terminals with them, the risk for users is larger with wireless terminals.

In the next section, we briefly discuss the threat against general privacy of communications on the Internet and specific threats against location privacy for wireless terminals.

Wireless network operators and end users need the ability to utilize equipment from different vendors in their networks and in customer-accessible devices. Left to themselves, vendors of network equipment and of end-user access devices such as wireless terminals tend to produce equipment that is slightly different in various ways, hindering the ability of their customers to build multi-vendor networks from interoperable equipment pieces. The key to ensuring interoperability is to have a standardized system design with clearly specified interfaces between the various network devices and well-designed, standardized protocols on the interfaces. The process of systematically identifying requirements and functionality and mapping that into network entities, interfaces, and standardized protocols is the key to ensuring a design that meets real-world needs and in which the pieces work together well. This requirement is generally true for network systems, but it also applies specifically to security systems.

While standardization is the key to ensuring interoperability in complex multi-vendor systems, system architectures are the principal tool for guiding the design, implementation, and deployment process. In this chapter, we examine the topic of network system architecture. In the next section, we discuss the role of architecture in system standardization in more detail. Following that, we describe a particular approach to developing a system architecture, the functional architectural approach, that is used in some wireless network standardization processes.

Wireless Internet Security: Architecture and Protocols approaches wireless Internet security from the direction of system architecture. A system architecture is essentially a high-level blueprint that guides the detailed design, implementation, and deployment decisions that result in a real, usable system, just like the architectural plans for a building guide its construction. Architectures serve as tools for understanding how to design and evolve a complex information technology system. Architectures are regularly developed by wireless standardization bodies to guide the development of interoperable, standardized protocols on interfaces between equipment provided by multiple vendors, including wireless devices used by consumers. Corporations often provide architectures as guidelines for customers, describing how their products fit together with other equipment to provide solutions for their customers' information technology problems.

In the field of wireless security, the architectural approach has been neglected. This neglect is partially a result of the case-driven nature of network security. Most security systems have been developed in response to specific attacks that surface after the system has been deployed, rather than as a planned part of the initial system development process. Indeed, the original Internet architecture had almost no provisions for security. Internet users were assumed to be members of a co-operative community that would never attempt actions on the Internet harmful to others' interests. This approach is changing slowly, as system designers begin to internalize the disastrous results of grafting security onto a system after a successful attack has compromised the original design.

The Internet was originally developed with little or no security. As a government-run test bed for academic research, the user community was co-operative and nobody considered the possibility that one user or group of users would undertake operations harmful to others. The commercialization of the Internet in the early to mid 1990s resulted in the rise of the potential for adversarial interactions. These interactions are motivated by various harming concerns: the desire for profit at others' expense without providing any offered value, the need to prove technical prowess by disruption, etc. The introduction of widespread, inexpensive wireless links into the Internet in the late 1990s led to additional opportunities for disruption. Unlike wired links, wireless links know no physical boundaries, so physical security measures that are effective for securing the endpoints where terminals plug into wired networks are ineffective for wireless links. Some initial attempts to secure wireless links had the opposite effect: providing the appearance of security while actually exposing the end user to sophisticated attacks. Subsequently, wireless security has become an important technical topic for research, development, and standardization.

In response to the rise of security problems on the Internet, the technical community has developed a collection of basic technologies for addressing network security. While there are special characteristics of wireless systems that in certain cases distinguish wireless network security from general network security, wireless network security is a subtopic of general network security.