Today's existing applications aims at four category of applications [2]:

• Healthcare industry
• Factory floors
• Banking industry
• Educational institutions

The security issues in the wireless environment are much more stressed than in the wired networks, but there are still products without any security functions and even the IEEE 802.11 specifies the security functions as an optional feature. Anyhow the security in the Internet is coming more and more vital and the IPSEC concept and IPv6 are going to demand the ciphering and authentication as mandatory functions in the network equipment. So there is a real need for developing the security in the wireless networks.

BACK TO TOP

2 Abbreviations and Definitions

In this document are following abbreviations (table 1) and definitions (table 2) used.

Table 1: Abbreviations

AP	Access Point
ATM	Asynchronous Transfer Mode
BER	Bit Error Rate
BSS	Basic Service Set; A set of stations communication wirelessly on the same channel in the same area. (in IEEE 802.11)
CA	Certificate Authority
CAC	Channel Access Control (in HIPERLAN)
CAM	Channel Access Mechanism (in HIPERLAN)
CCITT	Comité Consultatif International Télégraphique et Téléphonique (now ITU-T)
ESS	Extended Service Set; A set of BSSs and wired LANs with Access Points that appear as a single logical BSS. (in IEEE 802.11)
ETSI	European Telecommunications Standards Institute
ETR	ETSI Technical Report
GSM	Global System for Mobile communications
HIPERLAN	HIgh PErformance Radio Local Area Network
HM-entity	HIPERLAN MAC entity
ICV	Integrity Check Vector
IEEE	Institute of Electrical and Electronics Engineers
ISO	International Standard Organisation
IV	Initialization Vector
LAN	Local Area Network
MAC	Medium Access Control
MPDU	MAC Protocol Data Unit
PEM	Privacy Enhanced Mail
PHY	Physical layer
PRNG	Pseudo Random Number Generator
bps	bits per second
SKCS	Shared Key Cryptography System
UMTS	Universal Mobile Telecommunications System
WEP	Wired Equivalent Privacy

BACK TO TOP

Table 2: Definitions

ad-hoc	In ad-hoc configuration the wireless LAN has no fixed components
authentication	The identification of the parties
base	Usually fixed base station of the wireless LAN, sometimes referred as Access Point
cipher text	The data after ciphering
confidentiality	Only intended parties can access the data
coverage	The area where the transmission of the node can be heard
denial of service	An attack preventing the system from being used
eavesdropping	Capturing the data by an unintended party
end-to-end	From the sending node to the intended receiver
integrity	The message can not be modified or replaced by unintended parties
key management	The policy to distribute and save the private and public keys
plain text	The data to be send before ciphered
pre-arranged	In pre-arranged configuration the wireless LAN has some fixed components, like bases
private key	A sensitive key that must not be compromised
public key	A non-sensitive that can be published
shared key	A secret key common to many users or network nodes
station-to-station	From one node to the next one in the network
transitive trust	An attack exploiting the host-host or network-network trust

BACK TO TOP

3 Standards

This section describes two existing wireless network standards concentrating on the security functions they provide. The proprietary solutions (like Lucent Technologies WaveLAN), existing mobile telephone networks (like GSM) and future technologies (like wireless ATM or UMTS) are out of the scope of this paper.

BACK TO TOP

3.1 HIPERLAN

In this paper, the term "HIPERLAN" is used to refer to HIPERLAN, Type 1 [3].

HIPERLAN is ETSI's wireless broadband access standard, which defines the MAC sublayer, the Channel Access Control (CAC) sublayer and the physical layer. The MAC accesses the physical layer through the CAC, which allows easy adaptation for different physical layers. Currently defined physical layers use 5.15 - 5.30 GHz frequency band and support 2 048 Kbps synchronous traffic and up to 25 Mbps asynchronous traffic. HIPERLAN has following properties [3]:

• it provides a service that is compatible with the ISO MAC service definition in ISO/IEC 15 802-1 [4]
• its operations are compatible with the ISO MAC bridges specification ISO/IEC 10 038 for interconnection with other LANs [4]
• it may be deployed in pre-arranged or an ad-hoc fashion
• it supports node mobility
• it may have a coverage beyond the radio range limitation of single node
• it supports both asynchronous and time-bounded communication by means of a Channel Access Mechanism (CAM) with priorities providing hierarchical independence of performance
• its nodes may attempt to conserve power in communication by arranging when they need to be active for reception

The HIPERLAN specification [3] defines an encryption-decryption scheme for optional use in the HIPERLAN. In this scheme, all HM-enties of a HIPERLAN shall use a common set of shared keys, referred as the HIPERLAN key-set. Each of these keys has an unique key identifier. Plain text is ciphered by XOR operation with random sequence generated by confidential [5] algorithm, which uses as an input the secret key and initialization vector send in every MPDU (see figure 1). ETSI claims that defined scheme utilizes the level of protection of a wired LAN [3].
Figure 1: HIPERLAN encryption-decryption scheme [3]

It is impossible to say anything for sure about the protection level that the WEP offers, because the algorithms are not available. But the lack of the independent and public analysis arouses some suspicions about the strength of the algorithms. The HIPERLAN standard does not define any kind of authentication, which sounds very strange for this kind of system. In my humble opinion one should not trust the security level offered by the HIPERLAN specification in any sensitive application, but use some additional mechanism to gain the security requirements sat to the wireless LAN.

BACK TO TOP

3.2 IEEE 802.11 [6]

The IEEE 802.11 standard defines the physical layers and the MAC sublayers for the wireless LANs. There are three different physical layers: Frequency Hopping Spread Spectrum Radio, Direct Sequence Spread Spectrum Radio and Baseband Infrared. All physical layers can offer 2 Mbps data rate, the radio PHYs uses 2 400 - 2 483.5 MHz frequency band. The MAC layer is common for all three PHY and has the following features [2]:

• Support of Iso-chronous as well as Asynchronous data
• Support of priority
• Association/Disassociation to an AP in a BSS or ESS
• Re-association or Mobility Management to transfer of association from one AP to another
• Power Management to save in the battery time
• Authentication to establish identity of the terminals
• Acknowledgment to ensure reliable wireless transmission
• Timing Synchronization to coordinate the terminals
• Sequencing with duplication detection and recovery
• Fragmentation / Re-assembly

The IEEE 802.11 defines two authentication schemes: Open System Authentication and Shared Key Authentication. The former is actually a null authentication, all mobiles requesting the access are accepted to the network. The later one uses shared key cryptography to authenticate the mobile. When a mobile request authentication, the base sends 128 octet ( 1024 bits ) long random number to the mobile encrypted using shared key. The mobile decrypts the random number using the same shared key than the base and sends that back to the base. If the number that the base receives is correct, the mobile is accepted to the network. All mobiles allowed to connect to the network uses the same shared key, so this authentication method is only able to verify if the particular mobile belongs to the group of the mobiles allowed to connect to the network, but there is no way to distinct the mobiles from each other. There are also no means to authenticate the network by the mobile. The IEEE 802.11 does not define any key management functions.

The IEEE 802.11 defines an optional Wired Equivalent Privacy (WEP) mechanism to implement the confidentiality and integrity of the traffic in the network. WEP is used at the station-to-station level and does not offer any end-to-end security. WEP uses the RC4 PRNG [8] algorithm based on a 40 bit secret key and a 24 bit initialization vector (IV) send with the data. WEP includes an integrity check vector (ICV) to allow integrity check. One MPDU frame contains the clear text IV and ICV and the cipher text data block, so receiver is always able to decrypt the cipher text block and to check the integrity. The IV can always be new or reused for a limited time. The scheme is illustrated in figure 2.


Figure 2: WEP mechanism [7]

The PRNG algorithm used in IEEE 802.11 is RC4 [8] from RSA inc. The actual algorithm is not public, but has been studyed in independent research laboratories under nondisclossure agreements and no weaknesses has not yet been reported, which does not guarantee that these does not exist. Anyway the secret key used is only 40 bits long, which can be solved by brute-force attack in 2 seconds with $100 000 hardware and 0.2 seconds with $1 000 000 hardware according the 1995 figures [13]; today the hardware prices are significantly lower. And even with some additional strength gained with variable IV the protection level of WEP may not be considered strength enough for the most sensitive applications. The Shared Key Authentication scheme could be easily fooled using for example the play-back attack. So anyway an additional authentication mechanism is needed.

4 Threats and Vulnerabilities Compared to Wired LANs

In this section we will concentrate on the wireless LANs using the radio path as a transmission medium.

In the wireless LAN environment we have to deal with all the same security problems, which we have in the conventional wired LAN environment. But then we have some security issues, which are stressed when we are using the radio path. The currently know active attacks can be divided in the following categories [9]:

• Social engineering
• Impersonation
• Exploits
• Data driven
• Transitive trust
• Infrastructure
• Denial of Service

BACK TO TOP

4.1 Eavesdropping

Eavesdropping is very easy in the radio environment, when one sends a message over the radio path, everyone equipped with a suitable transceiver in the range of the transmission can eavesdrop the message. This kind of transceiver equipment, for example standard wireless LAN mobile, maybe with special antenna, are very reasonable priced. The sender or intended receiver has no means to know if the transmission has been eavesdrop or not, so this kind of eavesdropping is absolutely undetectable.

The frequency band and transceiver power used has a great effect on the range where the transmission can be heard. When we are using 2 or 5 MHz radio band and transceiver power up to 1 W, as in the case of the current wireless LAN standards, the traffic of wireless LAN can be eavesdropped from outside the building which the network is operating if there is no special electromagnetic shielding. So we can not truly trust that our network stays inside our office building.

In the wireless LAN environment the ease of eavesdropping justifies quite costly procedures to guarantee the confidentiality of the network traffic. In all wireless LAN standards this is taken care by some kind of link level ciphering done by MAC-entities, but the safety gained with these algorithms may not be good enough for the most demanding applications.

BACK TO TOP

4.2 Transitive Trust

When we have a wireless LAN as a part of our enterprise network, it offers one interface to the attacker, requiring no physical arrangements, to intrude on our network. In wired networks we can always track the wire from our computer to the next network node, but when we are working in the wireless environment there is no such way to find out with whom we are talking to. That makes the efficient authentication mechanisms crucial for the security of the wireless LANs. In all cases the both parties of the transmission should be able to authenticate each others.

The wireless LAN could be used as a launch pad to the transitive trust attack. If the attacker can fool our wireless LAN to trust the mobile he controls, then there is one hostile network node inside all firewalls of our enterprise network and it is very difficult to prevent any hostile actions after that. This kind of attack can be done from outside of our site with standard wireless LAN hardware compatible with our equipment. The only real protection against this kind of attacks is the strong authentication mechanism of the mobiles accessing the wireless LAN. The discovery of the unsuccessful attacks must rely on the logging of unsuccessful logging attempts, but it might be very hard to find out if there has been a real attack attempt, because in the normal operation there comes unsuccessful logon attempts due the high BER in radio path and from mobiles that belongs to some other wireless LAN.

The other kind of transitive trust attack, special for wireless networks, is fooling the mobile to trust the base controlled by attacker as our base. When mobile is switched on it usually tries first to logon the network with strongest signal and if that fails then the rest ones in the order of the signal power. Now, if attacker has a base with high transmission power, he may be able to fool our mobiles to try first to logon the attackers network. Now there is basically two possibilities: the attacker may let as to logon his network and make it pretend our network and find out the passwords secret keys, etc. or the attacker may just reject our logon attempts but record all the messages during the logon process and find out the secret keys or passwords used in authentication in our network by analyzing these messages. The former case is very difficult to implement without very detailed information about our network services and is probably detected very soon, but the later one requires just standard base hardware, maybe with a special antenna, compatible with our equipment, and is very difficult to detect, because the mobiles do not usually report unsuccessful logon tries to the upper layers and the are a lot of unsuccessful logon attempts even in the normal circumstances. The only protection against these attacks is an efficient authentication mechanism which allows the mobile authenticate the base without any disclosure of the secret keys or passwords it uses to logon our network.

BACK TO TOP

4.3 Infrastructure

The Infrastructure attacks are based on some weakness in the system: the software bug, configuration mistake, hardware failure, etc. This kind of situations will certainly occur in wireless LANs, too. But protection against this kind of attacks are almost impossible - You do not know about the bug until something happens. So the only thing to do is to keep the possible damages as small as possible.

BACK TO TOP

4.4 Denial of Service

Due the nature of the radio transmission the wireless LANs are very vulnerable against denial of service attacks. If attacker has powerful enough transceiver, he can easily generate such a radio interference that our wireless LAN is unable to communicate using radio path. This kind of attack can be done from outside of our site, for example from a van parked on the street or from an apartment in the next block. Equipment needed to commit this kind of attack can be bought from any electronic store with reasonable price and any short-wave radio enthusiast has the knowledge needed to construct the equipment.

The protection against this kind of attacks is very difficult and expensive. The only total solution is to have our wireless network inside of the faraday cage, but this is applicable only in the very rare cases. But it is easy for authorities to locate the transceiver used to generate interference, so the attacker has limited time before the transceiver is found.

In the other hand the wireless LANs are not so vulnerable than the wired LANs to the other kind of denial of service attacks. For example the fixed LAN node can be isolated from the network by simple cutting the wire, which is not possible in wireless environment. If attacker cuts down the power of the whole site, then all wired networks are usually useless, but the wireless LANs can be used in the ad-hoc configuration with laptops or other battery powered computers.

BACK TO TOP

5 Secure Solution

One can easily see that the standards described in chapter 3 does not fulfill the security requirements against the attacks described in chapter 4. This section will present some mechanisms and protocols that makes the wireless LANs safer.

BACK TO TOP

5.1 Design Goals

The major requirement for this kind of solution is the seamless integration into existing wired networks. It is very probable that we have plenty of fixed network nodes already installed in our enterprise network, so we should avoid any modifications needs to the existing nodes.

There are different alternatives for securing a connection: end-to-end security at the application level, end-to-end security at the transport layer and link security at the link layer. In current data networks are only few commonly used end-to-end security schemes (like SSL and SSH), so the link security is the only applicable approach, if we want to leave our existing network alone.

Dropping end-to-end mechanisms out rules the user authentication out. We have only station-to-station (or machine-to-machine) authentication left, since those are the entities primry communicating over the wireless link. Machine-to-machine authentication is in fact conceptually correct for a security protocol at the link layer [10].

Another design goal is the two-way authentication, for the reasons discussed in 4.2 it is vital that both the base and the mobile are able to authenticate each others. Authentication mechanism should enable the identification of the mobiles and allow distinct keys used in different bases and mobiles.

The final goal is to have some flexibility to utilize the future advances in the cryptography. The should also be some interoperability between all versions of the wireless products, even if there exist different regulatory limitations for the use of the cryptography.

BACK TO TOP

5.2 Design Overview

The solution discussed here needs several modifications for current wireless LAN products and standards, so the implementation of this solution is not currently feasible. But the aim is more to show the direction to which the evolution should go.

This is a hybrid solution: the authentication is done using public key cryptography and the ciphering of the transmission uses shared key cryptography. Shared keys are created during the authentication and may be changed during the transmission. The actual cryptography algorithms are not defined, because of the rapid development in this area.

BACK TO TOP

5.3 Authorization [10]

Table 3: Nomenlactures [10]

E(X,Y)	encryption of Y under key X
MD(X)	Message Digest of X
Pub_CA	Public Key of Certification Authority
Priv_CA	Private Key of Certification Authority
Pub_Mobile	Public key of Mobile Host
Priv_Mobile	Private Key of Mobile Host
Pub_Base	Public key of Base Station
Priv_Base	Private Key of Base Station
Cert_Mobile	Certificate of Mobile Host
Cert_Base	Certificate of Base Station
Sig(X,Y)	signature of Y with key X where Sig(X,Y) = E(X, MD(Y))
Signed(X,Y)	resulting signed message {Y, Sig(X,Y)}

BACK TO TOP

The authorization mechanism uses certificates formatted according to CCITT X.509 [11] used in X.500 and PEM. A certificate contains the following information: {Serial Number, Validity Period, Machine Name, Machine Public Key, CA name}. Each certificate is signed by CA which might in our case be the enterprise's own CA.

The first message send from the mobile to the base contains following information: {Cert_Mobile, CH1, List of SKCSs}. CH1 is randomly generated number. The List of SKCSs is transmitted to allow negotiation of the used algorithm, the algorithm identifier and the key size are sent in the list.

When the base has received the first message, it will attempt to verify the signature on Cert_Mobile. A valid signature proofs the public key in the certificate belongs to a certified mobile host but it is not sure if the certificate actually belongs to the mobile that submitted it. If the certificate is invalid, the base rejects the connection attempt.

Now the base will reply to the mobile by sending the message containing {Cert_Base, E(Pub_Mobile, RN1), Chosen SKCS, Sig(Priv_Base, {E(Pub_Mobile, RN1), Chosen SKCS, CH1, List of SKCSs}}}. Random Number RN1 is saved internally for later use. Chosen SKCS is one from the list sent by mobile and includes the algorithm identifier and the key size, the Chosen SKCS is the most secure from those supported by both the base and the mobile.

The mobile validates Cert_Base, if certificate is valid, the Mobile will verify using the public key of the Base the signature off the message. The signature is valid and the base authenticated if the CH1 and the List of SKCSs matches with those sent by mobile to the base. Since the list of SKCSs is included in the signature, the attacker can not send the weakened list of SKCSs by jamming original message and sending his own, and we need not to sign the first message.

Now the mobile sends to the base message containing: {E(Pub_Base, RN2), Sig{Priv_Mobile, {E(Pub_Base, RN2), E(Pub_Mobile, RN1)}}}. The RN2 is a random number generated by the mobile. The mobile will use the RN1 XOR RN2 as a session key for now on.

The Base verifies the signature of the message using Pub_Mobile obtained from Cert_Mobile in the first message. If the signature is valid, the mobile is authenticated. Next the base will decrypt E(Pub_Base, RN2) with it's own private key. Now the base can form the session key RN1 XOR RN2.

The session key is formed from two parts sent in different messages to gain better protection. Now the compromising of the mobile's private key does not compromise the whole traffic between the base and the mobile. Since the both halves of the session key are random and equal length, knowing either RN1 or RN2 tells nothing about the session key.

If all these steps has succeeded the mutual authentication has been done and the session is established. Figure 3 summarizes the authentication protocol. The correctness of this protocol is proofed in [10].

This authentication should be done in the MAC layer, before any network access is granted to the mobile. If we give to the mobile IP address before the authentication, it may be used as a launch pad even if it's authentication request is rejected.
Figure 3: Authentication Protocol [10]

BACK TO TOP

5.4 Integrity and Confidentiality

The confidentiality can be archived by using some existing symmetric cryptography algorithm, like IDEA or DES. Once the session key is agreed, using mechanism described in 5.3, available algorithms are strong enough for our purposes. Anyhow the high BER on the radio link may set some limitations for the selected algorithm.

The integrity is archieved by a fingerprint generated by some one-way hash function, like MD5 or SHA. There should be a fingerprint in each MPDU message, because of the high pakect loss rate in the wireless environment.

There should be some link level ciphering in any case. If we are using some ciphering in our fixed network (e.g. IPSEC), then we can select weaker ciphering for the wireless LANs in the link level. But there should in anyway be some ciphering: To defend against traffic analysis we have to cipher also the network layer headers.

BACK TO TOP

5.5 Key Change Protocol [10]

The nomelactures defined in the table 3 are used here. The key exchange may be initialized from both ends of the communication, the base initialized case is handled first.

First the base sends to the mobile a message: Signed(Priv_Base, { E(Pub_Mobile, New_RN1), E(Pub_Mobile, RN1) }) and the mobile responses with message: Signed(Priv_Mobile, { E(Pub_Base, New_RN2), E(Pub_Base, RN2) }).

If the mobile initializes the key exchange procedure, then it send to the base message: Signed(Priv_Mobile, { E(Pub_Base, New_RN2), E(Pub_Base, RN2) }) and the base responses with: Signed(Priv_Base, { E(Pub_Mobile, New_RN1), E(Pub_Mobile, RN1) }).

Again the value new_RN1 XOR new_RN2 is used as the new session key. The values RN1 and RN2 are always the last ones used. In both cases the RN1 always refers to the random number generated by the base and RN2 the random number generated by the mobile. The values of RN1 and RN2 are verified against the internally saved values and if those does not match, the key exchange is ignored. Now the key exchanges can not be played back and we do not need to save any sequence numbers.

BACK TO TOP

5.6 Key Management

The key management is one of the stuffest part implement convenient way. One possible procedure using the smart card technology is described below:

1. CA creates the private and public keys inside the smard card by the way that the private key is never readable from the smart card.
2. CA signs the public key with his private key and stored the signed public key to the smart card.
3. The smart card is given to the end user, which may now use the smart card in any wireless LAN mobile.

In order to avoid reading the private key from the smart card the public key cryptography system must be run inside the smart card and the calculation power of the smart cards sets some limitations for the efficiency of this approach. Of course the smart card reader is needed for each mobile used in the wireless LAN. But it is not very wild guess that the smart card technology will become more efficient and cheaper in the near future.

The concept described here is not the only one: it is also possible to use the Wep of Trust scheme for the key management (like in PGP) or the user may generate the key par by himself and then give the public key to the CA for the certificate signing, but the user identification must be somehow done also in this case.

BACK TO TOP

5.7 Solution Analysis

The solution described above fulfills are goals stated in 5.1: The authentication mechanism implements the mutual authentication. The negotiation of the symmetric cryptography algorithm gives some flexibility between different versions and allows future enhancements. The concept does not need any modifications to the existing networks.

This solution is designed for maximum security, which may limit the performance of the network. One may consider using faster ciphering for example the insensitive video clips, but a much better (and therefore slower) ciphering for sensitive traffic. There is no end-to-end security offered, that must be taken care in upper layers.

Key management using the smart cards has been found quite functional even in mass products, like GSM. The major challenge is the limited computing power in the smart card, which leads to the longer authentication time. The time used for authentication may become critical if mobile moves from one base station to another and the hand over procedure must be performed. The authentication procedure during hand over could be speed up by using different authentication scheme described in [12], but this kind of optimization is out of the scope of this paper. The longer computing time leads also to the greater power consuption, which is always one critical aspect in the mobile environment.

This concept does not support multiple CAs and in large networks that may become a problem, anyhow the multiple CA support could be archived with just minor modifications described in [10]. Another problem for this kind of concept is multicast support, this solution has no support for ciphered multicast.

BACK TO TOP

6 Conclusions

The current wireless LAN standards offer very unsatisfactory level of security and one could not truly trust them. When using products based on these standards must the security issues been taken care in the upper layers. The authentication mechanism described in 5.3 may be used over IP to perform end-to-end authentication, as described in [12], but this approach gives a potential launch pad for the attacker.

Some commonly used attacks are more stressed in wireless environment and some additional effort should be used to prevent those. The nature of the radio communication makes it practically impossible to prevent some attacks, like denial of service using radio interference. When the wireless networks are used in strategic applications, like manufacturing or hospitals, the possibility of this kind of attack should be taken into account with a great care.

As showed in chapter 5 the quite secure wireless LAN is possible to implement with current technology. The current hardware could be used with only some modifications in the MAC layer protocols and over that new MAC the current IP may be used without any problems. Anyway it is not probable that products supporting this level of security comes to the markets soon, mostly due the USA regulations; almost all manufactures are American.

BACK TO TOP

7 References

[1]

K. Pahlavan, A. Zahedi, P. Krishnamurthy. Evolving Wireless LAN Industry - Products and Standards. Invited paper PIMRC'97, Worcester Polytechnic Institute, 1997

[2]

A. Zahedi, P. Krishnamurthy, S. Bagchi, K. Pahlavan. An Update on the Evolution of the Wireless LAN Services. Worcester Polytechnic Institute, 1997

[3]

ETS 300 652. High PErformance Radio Local Area Network (HIPERLAN) Type 1; Functional specification. ETSI, 1996

[4]

ETS 300 652. High PErformance Radio Local Area Network (HIPERLAN) Type 1; Functional specification - URGENT TECHNICAL CORRECTION. ETSI, 1997

[5]

TR 101 054. Rules for the management of the HIPERLAN Standard Encryption Algorithm (HSEA). ETSI, 1997

[6]

draft standard IEEE 802.11. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE, 1996

[7]

W. Dipstraten, P. Belanger. 802.11 Mac Entity: MAC Basic Access Mechanism, Privacy and Access Control. <http://stdsbbs.ieee.org/groups/802/11/mac.pdf> 802.11 Tutorial, IEEE, 1996

[8]

Anon. RC4 FAQ. < http://www.rsa.com/rsalabs/newfaq/q87.html> , RSA FAQ, RSA Inc. 1996

[9]

M. J. Ranum. Internet Attacks <http://www.clark.pub.mjr/> 1996

[10]

A. Aziz, W. Diffie. Privacy and Authentication for Wireless Local Area Networks. <http://piggy.cs.nthu.edu.tw/paper/Mobile/PS/priv+auth-wirel-LAN.ps.gz> Sun Microsystems Inc., 1993

[11]

CCITT X.509 The Directory - Authentication Framework. CCITT, 1988

[12]

Vaduvur Bharghavan. Secure Wireless LANs. <http://shiva.crhc.uiuc.edu/Papers/ccs94.ps.gz> ACM Conference on Computers and Communications Security '94, University Of California at Berkley, 1994

[13]

T. Raivisto. Applying Cryptography to GSM Short Message Services. Master Thesis, Helsinki University of Technology, Espoo 1997