References | Real 802.11 Security: Wi-Fi Protected Access and 802.11i

Abaddon. July 2002. Airjack. http://802.11ninja.org,

Aboba, B., and D. Simon. 2001. IEEE 802.11 security and 802.1X. IEEE 802.11-00/034r1.

Abraham, D., G. Dolan, G. Double, and J. Stevens. 1991. Transaction security system. IBM Systems Journal 39: 206 229.

Advanced Encryption Standard (AES). 2002. Technical Report FIPS 197. U.S. National Institute of Standards.

air. www.sourceforge.net/projects/airsnort.

Anderson, R. 2001. Security Engineering. New York: John Wiley and Sons.

Arbaugh, W.A. May 2001. An inductive chosen plaintext attack against WEP/WEP2. www.cs.umd.edu/waa/wepwep2-attack.html.

Arbaugh, W. A., W. L. Fithen, and John McHugh. 2000. Windows of vulnerability: a case study analysis. IEEE Computer 33(12): 52 59.

Arbaugh, W. A., N. Shankar, and J. Wan. 2001. Your 802.11 network has no clothes. In Proceedings of the First IEEE International Conference on Wireless LANs and Home Networks. Pp. 131 144.

Arbaugh, W. A., N. Shankar, J. Wan, and K. Zhang. 2002. Your 802.11 network has no clothes. IEEE Wireless Communications Magazine 9(6): 44 51.

N. Asokan, V. Niemi, and K. Nyberg. 2002. Man-in-the-Middle. In Tunnelled Authentication Protocols, Cryptology ePrint Archive, Report 2002/163. www.eprint.iacr.org/2002/163.

Bellare, M., J. Kilian, and P. Rogaway. 2000. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences 61(3): 362 399.

Bellovin, S. M., and M. Merritt. 1991. Limitations of the Kerberos authentication system. In USENIX Conference Proceedings. Dallas, TX: USENIX. Pp. 253 267.

Bellovin, S. M., and M. Merritt. 1992. Encrypted key exchange: password-based protocols secure against dictionary attacks. In Proceedings of the IEEE Symposium on Research in Security and Privacy. Pp. 72 84.

Bishop, M. 2002. Computer Security: Art and Science, 1^st ed. Boston: Addison-Wesley.

Blunk, L., and J. Vollbrecht. 1998. PPP Extensible Authentication Protocol (EAP). Technical Report RFC 2284. IETF.

Borisov, N, I. Goldberg, and D. Wagner. 2001. Intercepting mobile communications: the insecurity of 802.11. In Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking. Pp. 180 188.

Cheswick, W., S. Bellovin, and A. Rubin. 2003. Firewalls and Internet Security, 2^nd ed. Boston: Addison-Wesley.

Computer Emergency Response Team. October 2000. Windows based DDoS agent. http://www.cert.org/incident_notes/IN-2000-01.html.

Daemen, J., and V. Rijmen. 2000. Smart Card Research and Applications, The Block Cipher Rijndael. New York: Springer-Verlag. Pp. 288 296.

Daemen, J., and V. Rijmen. 2001. Rijndael, the advanced encryption standard. Dr. Dobb's Journal, 26(3): 137 139.

Davie, B., L. Peterson, and D. Clark. 1999. Computer Networks: A Systems Approach, 2^nd ed. San Francisco, CA: Morgan Kaufmann.

Dierks, T., and C. Allen. 1999. The TLS Protocol. Technical Report RFC 2246, IETF.

eth. www.ethereal.com.

Ferguson, Michael N. An Improved MIC for 802.11 WEP, 2002. Document number IEEE 802.11-02/020r0. Available from http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/2-020.zip.

Fluhrer, S., I. Mantin, and A. Shamir. 2001. Weaknesses in the key scheduling algorithm of RC4. In Eighth Annual Workshop on Selected Areas in Cryptography.

Hassell, J. 2003. RADIUS: Securing Public Access to Private Resources. Cambridge, MA: O'Reilly and Associates.

Hopper, D. I. Secret Service agents probe wireless networks in Washington. www.securityfocus.com/news/899.

IEEE. 1997. LAN MAN standards of the IEEE Computer Society: wireless LAN medium access control (MAC) and physical layer(PHY) specification. IEEE Standard 802.11.

IEEE. 2001. Standards for local and metropolitan area networks: Standard for port based network access control. IEEE Draft P802.1X/D11.

Jonsson, J. 2002. On the security of CTR + CBC-MAC. In SAC 2002 - Ninth Annual Workshop on Selected Areas of Cryptography.

Kocher, P., J. Jaffe, and B. Jun. 1999. Differential power analysis. Lecture Notes in Computer Science 1666: 388-397.

Krawczyk, H., M. Bellare, and R. Canetti. 1997. HMAC: Keyed-Hasing for Message Authentication. Technical Report RFC 2104. IETF.

Mantin, I., and A. Shamir. 2001. A practical attack on broadcast RC4. In Proceedings of FSE 2001.

Menezes, A. J., P. C. Van Oorschot, and S. A. Vanstone, eds. 1996. Handbook of Applied Cryptography. New York: CRC Press.

Mishra, A., and W. A. Arbaugh. 2002. An Initial Security Analysis of the IEEE 802.1X Standard. Technical Report CS-TR-4328. College Park: University of Maryland.

Neuman, B. C., and T. Ts'o. 1994. Kerberos: an authentication service for computer networks. IEEE Communications Magazine 32(9): 33 38.

Neumann, P. G. Computer-Related Risks. 1995. Reading: Addison-Wesley.

Norris, M., and Steve Pretty. 2000. Designing the Total Area Network: Intranets, VPNS and Enterprise Networks Explained. New York: John Wiley and Sons.

Petroni, N. L., Jr., and W. A. Arbaugh. 2003. The dangers of mitigating security design flaws: a wireless case study. IEEE Security and Privacy Magazine 1(1): 28 36.

Pfleeger, C. P., S. L. Pfleeger, and W. H. Ware. 2002. Security in Computing, 3^rd ed. Upper Saddle River, NJ: Prentice Hall PTR.

Poulsen, K. 2001. War driving by the bay. www.securityfocus.com/news/192. Dallas Con Information Security Conference.

Rogaway, P., M. Bellare, J. Black, and T. Krovetz. 2001. OCB: a block-cipher mode of operation for efficient authenticated encryption. In ACM Conference on Computer and Communications Security. Pp. 196 205.

Rescorla, E. 2001. SSL and TLS. Boston: Addison-Wesley.

Rivest, R. 2001. RSA security response to weaknesses in key scheduling algorithm of RC4. www.rsasecurity.com/rsalabs/technotes/wep.html.

Rivest, R., A. Shamir, and L. Adleman. 1979. On Digital Signatures and Public Key Cryptosystems. Technical Report MIT/LCS/TR-212. Cambridge, MA: MIT Laboratory for Computer Science.

Salkever, A. 2000. Hollywood vs. the hackers vs. free speech. www.businessweek.com/bwdaily/dnflash/aug2000/nf20000825_720.htm.

Schneier, B. 1996. Applied Cryptography, 2^nd ed. New York: John Wiley & Sons.

Shamir, A., and I. Mantin. 2001. A practical attack on broadcast RC4. In Proceedings of Fast Software Encryption. Pp. 152 164.

Simon, D., and B. Aboba. 1999. PPP EAP TLS Authentication Protocol. Technical Report RFC 2716, IETF.

Simpson, W. 1996. PPP Challenge Handshake Authentication Protocol (CHAP). Technical Report RFC 1994, IETF.

Spitzner, L. 2002. Honeypots: Tracking Hackers. Boston: Addison-Wesley.

Stoll, C. 1989. The Cuckoo's Egg. New York: Doubleday.

Stubblefield, A., J. Ioannidis, and A. D. Rubin. 2002. Using the Fluhrer, Mantin, and Shamir attack to break WEP. In Network and Distributed System Security Symposium (NDSS).

U.S. Government Accounting Office. May 1998. Information Security Management, Learning from Leading Organizations. www.gao.gov/cgi-bin/getrpt?GAO-01-376G.

U.S. National Security Agency. 1999. Venona project. www.nsa.gov/docs/venona/index.html.

Vernam, G. S. 1926. Cipher printing telegraphy systems for secret wire and radio telegraphic communications. Journal of the AIEE 45: 109 115.

Viega, J., M. Messier, and P. Chandra. 2002. Network Security with OpenSSL. Cambridge, MA: O'Reilly and Associates.

Walker, J. 2000. Unsafe at any key size; an analysis of the WEP encapsulation. IEEE 802.11-00/362.

Thomas Wu. 1998. The Secure Remote Password Protocol. In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, San Diego, CA Pp. 97 111.