Security in Wireless IP Networks
ByAcknowledging the higher risk of security problems in wireless networks opens up new problems due to the inherent mobility functionality associated with wireless networks. While mobility is a great convenience to wireless users, it demands a lot of intelligence and complexity on the network side. Mobility provides that users can establish a wireless subscription with one service provider in their hometown and can roam nationally or internationally.
This introduces a connection between roaming and security functionality that the users must be authenticated and authorized for gaining access to network services in the visiting network that they are currently roaming to. The user must provide credentials that are used to identify the home network where he or she belongs, and then the access is provided after performing the security functions. On the flip side, the security function also involves the home network to ensure that the user is an unalloyed user who has subscribed to its services. There are numerous security protocols in use on the Internet.
Taking mobility into consideration, IPSec provides a robust security framework to satisfy the requirements of the wireless IP networks. It offers access control, connectionless integrity, data origin authentication, protection against replays (a form of partial sequence integrity), confidentiality (encryption), and limited traffic flow confidentiality. IPSec security features are handled at the IP layer, offering protection for IP- and/or upper-layer protocols.
There are two traffic security protocols, the Authentication Header (AH) and the Encapsulated Security Payload (ESP), that are used as part of the IPSec.
AH provides connectionless integrity, data origin authentication, and an optional anti-replay service. The ESP may provide confidentiality (encryption) and limited traffic flow confidentiality and it may also provide connectionless integrity, data origin authentication, and anti-replay service. AH and ESP can be used individually or in combination with each other to provide a desired set of security services in IPv4 and IPv6.
A security association is uniquely identified by a triple consisting of a Security Parameter Index (SPI), an IP destination address, and a security protocol (AH or ESP) identifier. Internet Key Exchange (IKE) is the default automated key management protocol to negotiate protocols and algorithms and to create security associations and generate authentication keys. A security policy database can be used as input data to the IKE
Part of the thesis: Wireless IP, The Killer Application !?