Security Access in Wireless Local Area Networks From Architecture and Protocols to Realization deals with the method and technology of the WLANsecurity architecture， design and analysis of security protocols for WLAN，and WLAN security management.The book is intended for researchers in wireless communication， electricaland computer engineering， and for graduate students.The authors are with Xidian University， P. R. China， where Dr. Jianfeng Mais a professor of computer science and the director of the Key Laboratory of Computer Networks and Information Security （Ministry of Education）.

1 Introduction

 1.1 Overview

1.1.1 Architecture of WLAN

1.1.2 Transmission Technologies and Specifications

1.1.3 Series Specifications of IEEE 802.11

1.1.4 Applications

1.1.5 Development Trends

 1.2 Key Issues of WLAN Security

1.2.1 Security Access

1.2.2 Fast roaming and handoff

1.2.3 Secure Integration of Heterogeneous Wireless Networks

1.2.4 Privacy Protection

1.2.5 WLAN Security Management

1.2.6 TPM-based Security Access

 1.3 Realization

 Questions and discussion

 References

2 Security Architecture Framework

 2.1 Security Attacks and Requirements

2.1.1 Logical Attacks

2.1.2 Physical Attacks

2.1.3 Security Requirements

 2.2 Management-Based WLAN Security Architecture

2.2.1 The Design Methods of Security Architecture

2.2.2 Framework

2.2.3 Logical Realization of Key Components

2.2.4 Analysis

 2.3 Evolution of Security Architecture for WLAN Access

2.3.1 WEP

2.3.2 IEEE 802.1 X

2.3.3 WPA

2.3.4 IEEE 802.1 li Security Framework

2.3.5 WAPI

2.3.6 Others

 2.4 The Integrated Security Access Authentication Architecture for WLAN Terminals

2.4.1 Design Concepts

2.4.2 The Architecture Scheme

2.4.3 Flow of Integrated Authentication Operations

2.4.4 Prototype Implementation

 Questions and discussions

 References

3 Security Access Protocol

 3.1 Security Analysis of WAPI

3.1.1 WAPI Specification

3.1.2 WAPI Implementation Plan

3.1.3 Security Analysis of WAI in WAPI Implementation Plan

3.1.4 Implementation Plan Overcomes the Weaknesses of the Original WAPI

 3.2 Analysis and Improvement of WAPI

3.2.1 Universally Composable Security

3.2.2 Improvement of WAPI

3.2.3 Analysis of Improved Protocol

 3.3 Authentication Scheme that Compatible with 802.1 li and WAPI

3.3.1 Compatible Scheme

3.3.2 Security Analysis of Compatible Scheme

3.3.3 Compatibility Analysis of New Scheme

 3.4 WAPI-XG1 Access Authentication and Fast Handoff Protocol

3.4.1 Overview

3.4.2 Authentication Protocol

3.4.3 Unicast Key Agreement Protocol

3.4.4 Group key notification protocol

3.4.5 Security Analysis

3.4.6 Improved Authentication and Fast Handoff Protocols Based on WAPI-XG1

 3.5 Self-Certified Public Key based WAPI Authentication and Key Agreement Protocol

3.5.1 Authentication and Key Agreement Protocol

3.5.2 Authentication of Self-Certified Certificate and Key Agreement at STA

3.5.3 Security Analysis

3.5.4 Protocol Features and Performance Analysis

 Questions and discussion

 References

4 Security Protocols for Fast BSS Transition

 4.1 IEEE 802.1 1r

4.1.1 Introduction

4.1.2 Fast BSS Transition Protocol

4.1.3 Fast BSS Transition Flow

4.1.4 Security Consideration

 4.2 Security Solution for IEEE 802.1 lr Drafts

4.2.1 MIC Authentication Based Solutions

4.2.2 Hash Chain Based FT Mechanism

4.2.3 Mechanism Analysis

 4.3 FT Security Solution Based on Location

4.3.1 Proactive Neighbor Caching Mechanism Based on Moving Direction and QoS Guarantee

4.3.2 Active Probing Algorithm Assisted by Location

4.3.3 Secure FT Solution Based on Location

 Questions and discussion

 References

5 Security Protocols in WLAN Mesh

 5.1 Overview of WLAN Mesh

5.1.1 SnowMesh

5.1.2 SEE-Mesh

5.1.3 IEEE 802.1 1s Draft

5.1.4 Classification of Wireless Mesh Networks

5.1.5 Security Requirements of WLAN Mesh

 5.2 WLAN Mesh Authentication Schemes

5.2.1 Centralized Authentication

5.2.2 Distributed Authentication

5.2.3 Pre-Shared Key Authentication

5.2.4 MSA

5.2.5 4-way Mesh Handshake

5.2.6 Identity-based Mesh Authentication Protocol

 5.3 Protocols for Access Authentication， Secure Fast Handoff and Roaming

5.3.1 Access Authentication Protocol

5.3.2 Security Analysis

5.3.3 Performance Analysis

 5.4 Design and Implementation of Mesh Access Authentication System

5.4.1 Technological Foundations

5.4.2 Design and Implementation

 Questions and discussion

 References

6 Authenticated Key Exchange Protocol

 6.1 IKEv2

6.1.1 Introduction

6.1.2 The Initial Exchanges

6.1.3 The CREATE CHILD SA Exchange

6.1.4 The INFORMATIONAL Exchange

6.1.5 Authentication of the IKE SA

6.1.6 Extensible Authentication Protocol Methods

6.1.7 Generating Keying Material

6.1.8 Analysis of IKEv2

 6.2 Key Exchange Protocol in WLAN

6.2.1 Protocol Design Requirement

6.2.2 Wireless Key Exchange Protocol

6.2.3 Protocol Analysis

 6.3 Extension of Provably Secure Model for Key Exchange Protocol

6.3.1 Canetti-Krawczyk Model

6.3.2 Analysis and Extension for Canetti-Krawczyk Model

 Questions and discussion

 References

7 Privacy Protection for WLAN

 7.1 Mobile Anonymity

 7.2 IPSec-based Anonymity Connection Protocols in WLAN

7.2.1 Anonymity Architecture Model

7.2.2 Anonymity Connection Protocols

7.2.3 Implementation of protocols

7.2.4 Protocol Analysis

 7.3 Universally Composable Anonymous Authentication Protocol

 Questions and discussion

 References

8 Adaptive Security Policy

 8.1 Overview

8.1.1 Adaptive Security

8.1.2 Evolution of Adaptive Security Architecture

8.1.3 Dynamic Security Policy Framework

 8.2 Framework of WLAN Adaptive Security Policy

8.2.1 Requirement Analysis

8.2.2 Framework of Adaptive Security

8.2.3 Policy-Based Security Management Framework

 8.3 Adaptive Security Communication Model for WLAN

8.3.1 System Model

8.3.2 Evidence Theory Based Security Inference Method

8.3.3 Analytical Hierarchy Process Based Adaptive Security Policy Decision-Making

 Questions and discussion

 References

9 Evaluation Method of Security Performance

 9.1 View Model of Security Service

9.1.1 Service Classfication

9.1.2 QoSS Security Services View

9.1.3 Description of Security Service View

 9.2 Entropy Weight Coefficient Based WLAN Security Threat Quantification Model

9.2.1 Risk Parameters Description

9.2.2 Security Risk Evaluation Model

9.2.3 Model Aanalysis

 Questions and discussion

 References

10 Architecture of Trusted Terminal

 10.1 Trusted Computing Technology

10.1.1 TCG's Definition of Trust

10.1.2 Applications of Trusted Computing

10.1.3 Overview of TCG Architecture Specification

10.1.4 TMP Hardware Architecture

10.1.5 TMP Software Architecture

10.1.6 Relationships between TPM and TMP

 10.2 TC-based Security Architecture for Terminals

10.2.1 Security Kernel-Based Architecture

10.2.2 Micro Kernel-based Architecture

10.2.3 VMM-Based Architecture

10.2.4 LSM Mechanism-based Architecture

 Questions and discussion

 References

11 Architecture of Trusted Network Connect

 11.1 From Trusted Platform to Trusted Network

11.1.1 Trusted Transmission

11.1.2 Platform Authentication

11.1.3 Trusted Network Connect

 11.2 TPM-Based Trusted Architecture

11.2.1 Trusted Computing Model

11.2.2 Trusted Architecture of Mobile Terminal

11.2.3 Trusted Network Architecture

 11.3 Architecture of Mobile Device Accessing Trusted Network

11.3.1 Premise and Assumption

11.3.2 Access Entities

11.3.3 Architecture of Accessing Trusted Network

11.3.4 Analysis

 Questions and discussion

 References

Index