Information Technology Reference
In-Depth Information
2.1.2
Integrity
Information should not be editable by others. A message received by the
recipient B should be identical to the original message sent by the sender A.
2.1.3
Non-repudiatebility
Non-repudiatebility includes
Non-repudiatebility
of origin of a message
: agent B has a valid and
irrefutable evidence that the agent A has been the one who sent the message
and
•
Non-repudiatebility of
receiving a message
: A has valid evidence that B
has received the message.
•
2.2
Protocols developed for the security of wireless communications
Radio communications present an intrinsic problem of security. In a cable
network generally data is not encrypted and once intercepted (sniffed) they
are clearly visible. However, to enter into the network and to perform a
sniffing of the traffic, you must physically connected to it and control the
traffic flowing through the cables. In a wireless network instead, it is possible
to listen to the communications that are taking place in the network through a
proper radio equipment. 802.11 is a standard established by the IEEE, which
provides the parameters of protection for this type of networks [5]:
•
encryption with static wired equivalent privacy (WEP) keys and
•
authentication WEP/EAP.
2.2.1
Encryption with static WEP keys
WEP is an encryption algorithm designed with the aim of making a wireless
connection as secure as a connection via cable. According to this protocol on
access point, two keys are preconfigured to 40 or 128 bits used by an
algorithm, implemented at both ends, coding all the traffic in transit.
The main drawback of this system is the maintenance of the keys. If the key,
that should be kept secret, is stolen, all the encrypted information is com-
promised. The more a key remains active, the more it is vulnerable. A peculiarity
of the 802.11 standard is also the lack of a protocol for management of
encryption keys, requiring that they should be manually handled on the various
terminals. This limits the effectiveness of security systems, such as WEP.
2.2.2
WEP/EAP authentication
Extensible Authentication Protocol (EAP) is an extension created to make
more secure the WEP protocol. EAP is based on dynamic change of keys.
This makes the decrypting process more difficult to reach. Currently there are
