|

Addison-Wesley / Prentice Hall

Computer Science

My Instructor Resource Center :  Log in or request access

Wireless Security and Privacy: Best Practices and Design Techniques
Tara M. Swaminatha
Charles R. Elden

ISBN-10: 0201760347
ISBN-13:  9780201760347

Publisher:  Addison-Wesley Professional
Copyright:  2003
Format:  Paper; 304 pp
Published:  09/10/2002
Status: Out of Print


We're sorry, this product is no longer available.
Please contact your Pearson rep if you are using this product and need instructor resources.



Foreword.


Preface.


About the Authors.


Acknowledgments.

I. ESTABLISH A FOUNDATION.

1. Wireless Technologies.

An Introduction to Wireless Architecture.

Usage Models.

Internet Bridge.

Conference.

Multipurpose Phone.

Synchronizer.

Devices.

Cell Phones and Personal Digital Assistants (PDAs).

Wireless Laptops.

Consumer Issues.

Technical Issues.

Network Arrangements and Technologies.

802.11b.

The Wireless Application Protocol (WAP).

Wireless Wide Area Networks.

Local Area Networks.

Personal Area Networks and Bluetooth.

Wireless LAN Appeal.

Case Studies.

The Hospital.

The Office Complex.

The University Campus.

The Home.

2. Security Principles.

Security Principles.

Authentication.

Access Control and Authorization.

Nonrepudiation.

Privacy and Confidentiality.

Integrity.

Auditing.

Development and Operation Principles.

Functionality.

Utility.

Usability.

Efficiency.

Maintainability.

Scalability.

Testability.

Management Principles.

Schedule.

Cost.

Marketability.

Margin.

The Security Analysis Process-I-ADD.

Identify.

Analyze.

Define.

Design.

Repeat.

The Foundation.

II. KNOW YOUR SYSTEM.

3. Technologies.

802.11 and 802.11b.

802.11 System Components.

802.11 Architecture Modes.

802.11b Physical Layer.

802.11 Media Access Control Layer.

802.11b Security and Wired Equivalent Privacy (WEP).

Bluetooth.

Bluetooth Physical Layer.

Bluetooth Protocol Architecture.

Bluetooth Profiles.

Bluetooth Security.

WAP.

WAP Overview.

Wireless Application Environment (WAE).

WAP Security.

4. Devices.

Personal Digital Assistants.

Palm OS Devices.

Palm Security.

Palm OS 4.0.

Pocket PC Devices.

BlackBerry (RIM 950 and 957).

BlackBerry APIs.

BlackBerry Security.

5 Languages.

Wireless Application Protocol (WAP).

WAP Browsers.

Wireless Markup Language (WML).

WMLScript.

J2ME.

The Future of J2ME.

III. PROTECT YOUR SYSTEM.

6. Cryptography.

Applied Cryptography Overview.

The Office Complex Case Study.

Primitives and Protocols.

Symmetric and Asymmetric Algorithms.

Cryptographic Attacks.

Symmetric Cryptography.

Symmetric Primitives.

Symmetric Protocols.

Asymmetric Cryptography.

Asymmetric Primitives.

Asymmetric Protocols.

Common Problems.

Cryptography by Itself.

Proprietary Cryptographic Protocols.

Common Misuses.

Choices.

Performance.

Effectiveness.

Decision Trade-Offs.

Key Points.

7. COTS.

COTS versus Custom Software.

Custom Software.

Virtual Private Network (VPN).

Hardware-Based VPNs.

Firewall-Based VPNs.

Software-Based VPNs.

Tunneling.

The Seven-Layer OSI Model.

PPTP.

L2TP.

IPSec.

SmartCards.

Biometric Authentication.

8. Privacy.

The Online Privacy Debate in the Wired World.

Privacy in the Wireless World.

The Players.

Related Privacy Legislation and Policy.

The Communications Assistance for Law Enforcement Act (CALEA).

E-911.

The Wireless Communications and Public Safety Act of 1999.

The U.S.A. Patriot Act of 2001.

Location-Based Marketing and Services and GPS.

The Middle Ground Answer.

Progress in the Wired World.

IV. I-ADD.

9. Identify Targets and Roles.

Identify Targets.

The Wireless Device.

The Service Provider.

Identify Roles.

Malicious Users.

Mapping Roles to Targets.

10. Analyze Attacks and Vulnerabilities.

Known Attacks.

Device Theft.

The Man in the Middle.

War Driving.

Denial of Service.

The DoCoMo E-Mail Virus.

Vulnerabilities and Theoretical Attacks.

Vulnerabilities of the Wireless Device.

Vulnerabilities of the Service Provider.

Vulnerabilities of the Gateway.

Vulnerabilities of the Web Server and the Backend Server.

11. Analyze Mitigations and Protections.

Protecting the Wireless Device.

Limiting the Vulnerability to Loss.

Limiting the Vulnerability to Theft.

Protecting the Physical Interface.

Protecting Access to the User Interface.

Protecting Personal Data on the PDA.

Protecting Corporate or Third-Party Information.

Protecting Access to Network and Online Services.

Protecting the Transceiver.

Protecting Vulnerabilities of the Service Provider.

Protecting the Transceiver Services.

Protecting Access to Its Subscribers.

Protecting the Transceiver.

Protecting the Administrative Server.

Protecting User-Specific Data.

Protecting the Network Server.

Protecting Corporate Proprietary Data and Resources.

Protecting Vulnerabilities of the Gateway.

Prioritizing.

Building Trust-Application Security.

12. Define and Design.

The Case Studies Revisited.

The Hospital.

The Office Complex.

The University Campus.

The Home.

Case Studies Conclusion.

Just the Beginning.

Afterword: The Future of Wireless Security.

Bibliography.

Index. 0201760347T08232002

View a Sample Chapter PDF:/samplechapter/0201760347.pdf

Tara M. Swaminatha is an information security administrator for the International Finance Corporation, a part of the World Bank Group. Tara is responsible for educating the IFC about information security, conducting technical product evaluations, offering security classes to employees, and assisting with the definition and implementation of plans for security best practices and technologies. Previously Tara was a software security consultant with Cigital's Software Security Group (SSG). The SSG provides software security risk analysis for a broad range of clients. Tara also worked for PEC Solutions on a team that developed software and infrastructure for agencies within the U.S. Department of Justice. She implemented configuration control practices, maintained integrity of the development and production environments, and performed software, hardware, and multi-system integration. Tara holds both a B.A. in sociology and an M.T. in special education from the University of Virginia, where she graduated with high distinction. While working at the IFC, Tara is also pursuing her J.D. at Georgetown University.

Charles R. Elden is an independent security consultant. He worked most recently at Cigital, where he was a manager and software security consultant with Cigital's Software Security Group. He has experience performing communication and software systems risk analysis and risk management. Previously he worked for the Central Intelligence Agency for 12 years and has worked for more than 11 years in the Directorate of Science and Technology's Office of Technical Services. Charles has extensive experience designing, developing, deploying, and exploiting secure and covert computing and communication systems. He received his M.S. in computer science from George Mason University and his B.S. in computer science/computer engineering from Michigan State University.



0201760347AB08232002

"The trick to sound security is to begin early, know your threats,... design for security, and subject your design to thorough objective risk analyses and testing. This book will help."

—From the Foreword by Gary McGraw, CTO of Cigital, and coauthor of Building Secure Software

As wireless technology emerges into the mainstream of the networking and communications markets, the wireless development community has a unique opportunity to be proactive, rather than reactive, in its approach to security. At this early point in the wireless industry, developers can anticipate future security needs and integrate security considerations into every stage of the development process. Wireless Security and Privacy shows developers how to take advantage of this exceptional opportunity.

Written for wireless development professionals new to security, and for security professionals moving into the wireless arena, this book presents the foundation upon which to design and develop secure wireless systems. It looks in depth at the key issues faced by those who develop wireless devices and applications, describes the technology and tools that are now available, and offers a proven methodology for designing a comprehensive wireless risk management solution.

In particular, Wireless Security and Privacy documents the I-ADD process, which offers a standardized, systematic approach for identifying targets, analyzing vulnerabilities, defining strategies, and designing security into the entire development lifecycle of a wireless system.

The book also examines such important topics as:

  • Fundamental wireless and security principles
  • Specific wireless technologies, including 802.11b, Bluetooth, and WAP
  • The security implications of the architecture of PDAs, cell phones, and wireless network cards for laptops
  • The security shortcomings of wireless development languages
  • Development of a risk model for a wireless system
  • Cryptography essentials
  • Privacy policy and legal issues
  • The role of COTS products in a comprehensive security solution
  • Analysis of known and theoretical attacks
  • Security, financial, and functionality tradeoffs

Several case studies run throughout the book, illustrating the application of important concepts, techniques, strategies, and models.

In all, this practical guide book builds a framework for understanding the present and future of wireless security and offers the specific security strategies and methodologies that are critical for success in this fast-moving market.



0201760347B08072002

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.

Copyright ©2009 Pearson Education, All rights reserved. Legal Notice | Privacy Policy | Permissions