Chan Pak To Patrick. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 82-86). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / Contents --- p.iv / List of Figures --- p.vii / List of Tables --- p.viii / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.2 --- The Problems --- p.3 / Chapter 1.3 --- My Contribution --- p.4 / Chapter 1.4 --- Thesis Organization --- p.5 / Chapter 2 --- Wireless LAN Security Model --- p.6 / Chapter 2.1 --- Preliminary Definitions on WLAN --- p.6 / Chapter 2.2 --- Security Model --- p.7 / Chapter 2.2.1 --- Security Attributes --- p.7 / Chapter 2.2.2 --- Security Threats in WLAN --- p.8 / Chapter 2.2.3 --- Attacks on Authentication Scheme --- p.10 / Chapter 2.2.4 --- Attacks on Keys --- p.10 / Chapter 2.3 --- Desired Properties of WLAN Authentication --- p.11 / Chapter 2.3.1 --- Security Requirements of WLAN Authentication --- p.11 / Chapter 2.3.2 --- Security Requirements of Session Keys --- p.12 / Chapter 2.3.3 --- Other Desired Properties of WLAN Authentication --- p.12 / Chapter 3 --- Cryptography --- p.14 / Chapter 3.1 --- Overview on Cryptography --- p.14 / Chapter 3.2 --- Symmetric-key Encryption --- p.15 / Chapter 3.2.1 --- Data Encryption Standard (DES) --- p.15 / Chapter 3.2.2 --- Advanced Encryption Standard (AES) --- p.15 / Chapter 3.2.3 --- RC4 --- p.16 / Chapter 3.3 --- Public-key Cryptography --- p.16 / Chapter 3.3.1 --- RSA Problem and Related Encryption Schemes --- p.17 / Chapter 3.3.2 --- Discrete Logarithm Problem and Related Encryption Schemes --- p.18 / Chapter 3.3.3 --- Elliptic Curve Cryptosystems --- p.19 / Chapter 3.3.4 --- Digital Signature --- p.19 / Chapter 3.4 --- Public Key Infrastructure --- p.20 / Chapter 3.5 --- Hash Functions and Message Authentication Code --- p.21 / Chapter 3.5.1 --- SHA-256 --- p.22 / Chapter 3.5.2 --- Message Authentication Code --- p.22 / Chapter 3.6 --- Entity Authentication --- p.23 / Chapter 3.6.1 --- ISO/IEC 9798-4 Three-pass Mutual --- p.23 / Chapter 3.6.2 --- ISO/IEC 9798-4 One-pass Unilateral --- p.24 / Chapter 3.7 --- Key Establishment --- p.24 / Chapter 3.7.1 --- Diffie-Hellman Key Exchange --- p.24 / Chapter 3.7.2 --- Station-to-Station Protocol --- p.25 / Chapter 3.8 --- Identity-Based Cryptography --- p.25 / Chapter 3.8.1 --- The Boneh-Franklin Encryption Scheme --- p.26 / Chapter 3.8.2 --- Au and Wei's Identification Scheme and Signature Scheme --- p.27 / Chapter 4 --- Basics of WLAN Security and WEP --- p.29 / Chapter 4.1 --- Basics of WLAN Security --- p.29 / Chapter 4.1.1 --- "Overview on ""Old"" WLAN Security" --- p.29 / Chapter 4.1.2 --- Some Basic Security Measures --- p.29 / Chapter 4.1.3 --- Virtual Private Network (VPN) --- p.30 / Chapter 4.2 --- WEP --- p.31 / Chapter 4.2.1 --- Overview on Wired Equivalent Privacy (WEP) --- p.31 / Chapter 4.2.2 --- Security Analysis on WEP --- p.33 / Chapter 5 --- IEEE 802.11i --- p.38 / Chapter 5.1 --- Overview on IEEE 802.11i and RSN --- p.38 / Chapter 5.2 --- IEEE 802.1X Access Control in IEEE 802.11i --- p.39 / Chapter 5.2.1 --- Participants --- p.39 / Chapter 5.2.2 --- Port-based Access Control --- p.40 / Chapter 5.2.3 --- EAP and EAPOL --- p.40 / Chapter 5.2.4 --- RADIUS --- p.41 / Chapter 5.2.5 --- Authentication Message Exchange --- p.41 / Chapter 5.2.6 --- Security Analysis --- p.41 / Chapter 5.3 --- RSN Key Management --- p.43 / Chapter 5.3.1 --- RSN Pairwise Key Hierarchy --- p.43 / Chapter 5.3.2 --- RSN Group Key Hierarchy --- p.43 / Chapter 5.3.3 --- Four-way Handshake and Group Key Handshake --- p.44 / Chapter 5.4 --- RSN Encryption and Data Integrity --- p.45 / Chapter 5.4.1 --- TKIP --- p.45 / Chapter 5.4.2 --- CCMP --- p.46 / Chapter 5.5 --- Upper Layer Authentication Protocols --- p.47 / Chapter 5.5.1 --- Overview on the Upper Layer Authentication --- p.47 / Chapter 5.5.2 --- EAP-TLS --- p.48 / Chapter 5.5.3 --- Other Popular ULA Protocols --- p.50 / Chapter 6 --- Proposed IEEE 802.11i Authentication Scheme --- p.52 / Chapter 6.1 --- Proposed Protocol --- p.52 / Chapter 6.1.1 --- Overview --- p.52 / Chapter 6.1.2 --- The AUTHENTICATE Protocol --- p.56 / Chapter 6.1.3 --- The RECONNECT Protocol --- p.59 / Chapter 6.1.4 --- Packet Format --- p.61 / Chapter 6.1.5 --- Ciphersuites Negotiation --- p.64 / Chapter 6.1.6 --- Delegation --- p.64 / Chapter 6.1.7 --- Identity Privacy --- p.68 / Chapter 6.2 --- Security Considerations --- p.68 / Chapter 6.2.1 --- Security of the AUTHENTICATE protocol --- p.68 / Chapter 6.2.2 --- Security of the RECONNECT protocol --- p.69 / Chapter 6.2.3 --- Security of Key Derivation --- p.70 / Chapter 6.2.4 --- EAP Security Claims and EAP Methods Requirements --- p.72 / Chapter 6.3 --- Efficiency Analysis --- p.76 / Chapter 6.3.1 --- Overview --- p.76 / Chapter 6.3.2 --- Bandwidth Performance --- p.76 / Chapter 6.3.3 --- Computation Speed --- p.76 / Chapter 7 --- Conclusion --- p.79 / Chapter 7.1 --- Summary --- p.79 / Chapter 7.2 --- Future Work --- p.80 / Bibliography --- p.82
| Identifer | oai:union.ndltd.org:cuhk.edu.hk/oai:cuhk-dr:cuhk_325410 |
| Date | January 2005 |
| Contributors | Chan, Pak To Patrick., Chinese University of Hong Kong Graduate School. Division of Information Engineering. |
| Source Sets | The Chinese University of Hong Kong |
| Language | English, Chinese |
| Detected Language | English |
| Type | Text, bibliography |
| Format | print, viii, 86 leaves : ill. ; 30 cm. |
| Rights | Use of this resource is governed by the terms and conditions of the Creative Commons “Attribution-NonCommercial-NoDerivatives 4.0 International” License (http://creativecommons.org/licenses/by-nc-nd/4.0/) |
Page generated in 0.0017 seconds