References

References

Abaddon. July 2002. Airjack. http://802.11ninja.org,

Aboba, B., and D. Simon. 2001. IEEE 802.11 security and 802.1X. IEEE 802.11-00/034r1.

Abraham, D., G. Dolan, G. Double, and J. Stevens. 1991. Transaction security system. IBM Systems Journal 39: 206?229.

Advanced Encryption Standard (AES). 2002. Technical Report FIPS 197. U.S. National Institute of Standards.

air. www.sourceforge.net/projects/airsnort.

Anderson, R. 2001. Security Engineering. New York: John Wiley and Sons.

Arbaugh, W.A. May 2001. An inductive chosen plaintext attack against WEP/WEP2. www.cs.umd.edu/waa/wepwep2-attack.html.

Arbaugh, W. A., W. L. Fithen, and John McHugh. 2000. Windows of vulnerability: a case study analysis. IEEE Computer 33(12): 52?59.

Arbaugh, W. A., N. Shankar, and J. Wan. 2001. Your 802.11 network has no clothes. In Proceedings of the First IEEE International Conference on Wireless LANs and Home Networks. Pp. 131?144.

Arbaugh, W. A., N. Shankar, J. Wan, and K. Zhang. 2002. Your 802.11 network has no clothes. IEEE Wireless Communications Magazine 9(6): 44?51.

N. Asokan, V. Niemi, and K. Nyberg. 2002. Man-in-the-Middle. In Tunnelled Authentication Protocols, Cryptology ePrint Archive, Report 2002/163. www.eprint.iacr.org/2002/163.

Bellare, M., J. Kilian, and P. Rogaway. 2000. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences 61(3): 362?399.

Bellovin, S. M., and M. Merritt. 1991. Limitations of the Kerberos authentication system. In USENIX Conference Proceedings. Dallas, TX: USENIX. Pp. 253?267.

Bellovin, S. M., and M. Merritt. 1992. Encrypted key exchange: password-based protocols secure against dictionary attacks. In Proceedings of the IEEE Symposium on Research in Security and Privacy. Pp. 72?84.

Bishop, M. 2002. Computer Security: Art and Science, 1st ed. Boston: Addison-Wesley.

Blunk, L., and J. Vollbrecht. 1998. PPP Extensible Authentication Protocol (EAP). Technical Report RFC 2284. IETF.

Borisov, N, I. Goldberg, and D. Wagner. 2001. Intercepting mobile communications: the insecurity of 802.11. In Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking. Pp. 180?188.

Cheswick, W., S. Bellovin, and A. Rubin. 2003. Firewalls and Internet Security, 2nd ed. Boston: Addison-Wesley.

Computer Emergency Response Team. October 2000. Windows based DDoS agent. http://www.cert.org/incident_notes/IN-2000-01.html.

Daemen, J., and V. Rijmen. 2000. Smart Card Research and Applications, The Block Cipher Rijndael. New York: Springer-Verlag. Pp. 288?296.

Daemen, J., and V. Rijmen. 2001. Rijndael, the advanced encryption standard. Dr. Dobb's Journal, 26(3): 137?139.

Davie, B., L. Peterson, and D. Clark. 1999. Computer Networks: A Systems Approach, 2nd ed. San Francisco, CA: Morgan Kaufmann.

Dierks, T., and C. Allen. 1999. The TLS Protocol. Technical Report RFC 2246, IETF.

eth. www.ethereal.com.

Ferguson, Michael N. An Improved MIC for 802.11 WEP, 2002. Document number IEEE 802.11-02/020r0. Available from http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/2-020.zip.

Fluhrer, S., I. Mantin, and A. Shamir. 2001. Weaknesses in the key scheduling algorithm of RC4. In Eighth Annual Workshop on Selected Areas in Cryptography.

Hassell, J. 2003. RADIUS: Securing Public Access to Private Resources. Cambridge, MA: O'Reilly and Associates.

Hopper, D. I. Secret Service agents probe wireless networks in Washington. www.securityfocus.com/news/899.

IEEE. 1997. LAN MAN standards of the IEEE Computer Society: wireless LAN medium access control (MAC) and physical layer(PHY) specification. IEEE Standard 802.11.

IEEE. 2001. Standards for local and metropolitan area networks: Standard for port based network access control. IEEE Draft P802.1X/D11.

Jonsson, J. 2002. On the security of CTR + CBC-MAC. In SAC 2002 - Ninth Annual Workshop on Selected Areas of Cryptography.

Kocher, P., J. Jaffe, and B. Jun. 1999. Differential power analysis. Lecture Notes in Computer Science 1666: 388-397.

Krawczyk, H., M. Bellare, and R. Canetti. 1997. HMAC: Keyed-Hasing for Message Authentication. Technical Report RFC 2104. IETF.

Mantin, I., and A. Shamir. 2001. A practical attack on broadcast RC4. In Proceedings of FSE 2001.

Menezes, A. J., P. C. Van Oorschot, and S. A. Vanstone, eds. 1996. Handbook of Applied Cryptography. New York: CRC Press.

Mishra, A., and W. A. Arbaugh. 2002. An Initial Security Analysis of the IEEE 802.1X Standard. Technical Report CS-TR-4328. College Park: University of Maryland.

Neuman, B. C., and T. Ts'o. 1994. Kerberos: an authentication service for computer networks. IEEE Communications Magazine 32(9): 33?38.

Neumann, P. G. Computer-Related Risks. 1995. Reading: Addison-Wesley.

Norris, M., and Steve Pretty. 2000. Designing the Total Area Network: Intranets, VPNS and Enterprise Networks Explained. New York: John Wiley and Sons.

Petroni, N. L., Jr., and W. A. Arbaugh. 2003. The dangers of mitigating security design flaws: a wireless case study. IEEE Security and Privacy Magazine 1(1): 28?36.

Pfleeger, C. P., S. L. Pfleeger, and W. H. Ware. 2002. Security in Computing, 3rd ed. Upper Saddle River, NJ: Prentice Hall PTR.

Poulsen, K. 2001. War driving by the bay. www.securityfocus.com/news/192. Dallas Con Information Security Conference.

Rogaway, P., M. Bellare, J. Black, and T. Krovetz. 2001. OCB: a block-cipher mode of operation for efficient authenticated encryption. In ACM Conference on Computer and Communications Security. Pp. 196?205.

Rescorla, E. 2001. SSL and TLS. Boston: Addison-Wesley.

Rivest, R. 2001. RSA security response to weaknesses in key scheduling algorithm of RC4. www.rsasecurity.com/rsalabs/technotes/wep.html.

Rivest, R., A. Shamir, and L. Adleman. 1979. On Digital Signatures and Public Key Cryptosystems. Technical Report MIT/LCS/TR-212. Cambridge, MA: MIT Laboratory for Computer Science.

Salkever, A. 2000. Hollywood vs. the hackers vs. free speech. www.businessweek.com/bwdaily/dnflash/aug2000/nf20000825_720.htm.

Schneier, B. 1996. Applied Cryptography, 2nd ed. New York: John Wiley & Sons.

Shamir, A., and I. Mantin. 2001. A practical attack on broadcast RC4. In Proceedings of Fast Software Encryption. Pp. 152?164.

Simon, D., and B. Aboba. 1999. PPP EAP TLS Authentication Protocol. Technical Report RFC 2716, IETF.

Simpson, W. 1996. PPP Challenge Handshake Authentication Protocol (CHAP). Technical Report RFC 1994, IETF.

Spitzner, L. 2002. Honeypots: Tracking Hackers. Boston: Addison-Wesley.

Stoll, C. 1989. The Cuckoo's Egg. New York: Doubleday.

Stubblefield, A., J. Ioannidis, and A. D. Rubin. 2002. Using the Fluhrer, Mantin, and Shamir attack to break WEP. In Network and Distributed System Security Symposium (NDSS).

U.S. Government Accounting Office. May 1998. Information Security Management, Learning from Leading Organizations. www.gao.gov/cgi-bin/getrpt?GAO-01-376G.

U.S. National Security Agency. 1999. Venona project. www.nsa.gov/docs/venona/index.html.

Vernam, G. S. 1926. Cipher printing telegraphy systems for secret wire and radio telegraphic communications. Journal of the AIEE 45: 109?115.

Viega, J., M. Messier, and P. Chandra. 2002. Network Security with OpenSSL. Cambridge, MA: O'Reilly and Associates.

Walker, J. 2000. Unsafe at any key size; an analysis of the WEP encapsulation. IEEE 802.11-00/362.

Thomas Wu. 1998. The Secure Remote Password Protocol. In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, San Diego, CA Pp. 97?111.



    Part II: The Design of Wi-Fi Security