CIS 513

Wireless Networks

T-Th 10:50-12:05

InfoSec Laboratory - Science Building 1012

Office Hours

Note that office hours will be announced in class and posted on office door.

Office Location

Room 1019, Cole Building

Office Telephone

404-880-6949

Email

kshujaee@cau.edu

Course

Number/Section

Course Title

Credit

Hours

Semester

Time

Level

(U/G)

CIS

513 Wireless Networks

3

Spring 07

10:50-12:05

UG/G

Brief Description

Topics may include various optical and wireless networks and security, enabling technologies, multiplexing techniques, broadcasting networks, network architectures and its security, protocols, personal communication service, network algorithms, and optimization problems. 

Prerequisites

if applicable

CIS 511: Data Communications

MAT 321

HTTP Links

http://www.cis.cau.edu/infosec/links

http://www.cis.cau.edu/

http://acm.org/

Course Length

3 hours credit for 16 weeks, 2 one hour and 15 minutes per week.  The total of 48 hours

Course Description:

This course provides an overview of Wireless network with the emphasizes in information security assurances. This course covers methods and techniques to secure wireless networks against threats and attacks. Topics include: Encrypt wireless traffic for privacy and authenticity, implement WPA and the 802.11i security standards to protect Wi-Fi networks, wireless network intrusion detection and prevention, and security trouble-shooting WLANs.

Course Objectives and Learning Outcomes:

This course provides the student with a background, foundation, and insight into the subject of Wireless Network. This knowledge will serve as a foundation for future study in selected aspects of this important field or as an important dimension to their effectiveness in the broader computer science field. The primary objectives of the course are to

• Understand the importance of wireless network and how it affects our changing world.
• Understand the basic concepts of wireless network and its security, especially the close relation between the objective of machine security and human factors
• Identify the key areas of information security and how they work in the wireless network environment.
• Learn how to critically analyze situations of computer use, identifying the issues, consequences, and viewpoints.

·        Identify and prioritize information assets.

·        Identify and prioritize threats to information assets.

·        Define an wireless network security strategy and architecture.

·        Plan for and respond to intruders in an information system

·        Describe legal and public relations implications of security and privacy issues.

·        Present a disaster recovery plan for recovery of information assets after an incident

Course outline and Major Topics

Introduction to Wireless LANs

·   Wireless components

·   Wireless LAN implementations

·   Wireless networking standards: 802.11x

·   Intercepting Wi-Fi traffic

·   Infrastructure models and roaming

·   Bluetooth WPANs (802.15)

·   WiMAX WWANs (802.16)

·   Wireless sensor networks

1.Transmission Fundamentals.

o        Time and frequency domain concepts

o        Transmission media

o        Multiplexing

2.  Communication Networks.

3. Protocols and the TCP/IP Suite.

4. Wireless communication technology.

o       Antennas and Propagation.

o       Signal Encoding Techniques.

o       Spread Spectrum.

o       Coding and Error Control.

1.      Error Detection.

2.      Block Error Correction Codes.

3.      Convolution Codes.

4.      Automatic Repeat Request.

5. Wireless networking.

o       Satellite Communications.

o       Cellular Wireless Networks.

o       Cordless Systems and Wireless Local Loop.

o       Mobile IP and Wireless Access Protocol

     6. Wireless network security strategy and architecture

              o  Wireless network with the emphasizes in information security assurances

       o  System Architecture study and its Security

7. wireless lans.

o       Wireless LAN Technology.

o       Wireless Application Protocol (WAP)

o       IEEE 802.11 Wireless LAN Standard.

o       Personal Area Networks (Bluetooth)

·   Appendix A. Standards and Standard-Setting Organizations.

·   Appendix B. Traffic Analysis.

·   Appendix C. Fourier Analysis.

·   Appendix D. Data Link Control Protocols.

8.  Security in Wireless Networks

·   Wireless attacks (Computer Network)

·     Define War Dialer attacks and hijacking tools

·   Jamming and RF interference

o       Identifying interference sources

o       Malicious and inadvertent interference

·   802.11 protocol attacks

o       Exploiting the collision avoidance mechanism

o       Forcing client de-authentication

·   Wireless security best practice

·   Secure routing

·   Secure localization

9.  Encrypting for Privacy and Authenticity

·   Encryption and authentication

·   Secret-key cryptography and PKI

·   Symmetric vs. asymmetric algorithms

·   RC4, AES, and RSA

·   Hashing with MD5 and SHA

·   Protecting data with digital signatures

·   Authenticating with digital certificates

·   WEP authentication and encryption

·   Exposing WEP flaws

o       Weak initialization vectors

o       Dictionary attacks

o       Static keys

·   Providing security with WPA

o       Retaining existing hardware

o       Correcting WEP deficiencies

o       Deploying pre-shared key authentication

·   Ensuring privacy with WPA

10. Creating Secure WLAN Topologies

·   Designing the wireless security landscape

o       Defining the trusted boundary

o       Centralized vs. distributed control

o       Enforcing access control

o       Establishing user credentials

·   Configuring security for roaming

o       Maintaining security contexts

o       802.11i pre-authentication

o       Roaming in a VPN environment

o      Define approval of operate

11. Monitoring and Auditing WLANs

·   Wireless intrusion detection systems

·   Creating wireless signatures

·   Detecting rogue access points

·   Monitoring access attempts

·   Generating audit trails

Teaching/Learning Methods: (lectures, videos, outside speakers, etc.)

This class is a lecture-focused course, with supplementing homework, assignments, lab and group project work and presentations.

We will use electronic means of communication including email, class web site. Changes will be announced in class and posted on the class web site. Please check it frequently.

We will follow the posted course schedule as closely as possible but it is subject to change based on speaker availability, etc. Changes will be announced in class.

Evaluation Methods

Grading and other policies and expectations:

Assignment Type Weight (%)

• Homework- 25%
• Article Critiques- 20%
• Class Project- 30%
• Class Participation/Attendance/Quizzes- 25%

All assignments and projects are required for passing the course.

CLASS PARTICIPATION AND ATTENDANCE
Discovery does not arise from instruction but from personal engagement with the controversies and potentials of a computerized society.  You have to be in class to contribute to and benefit from that personal engagement. As you saw above, a quarter of your grade depends on class participation and attendance. In this class, engagement will take several forms:

• You will be expected to read, summarize, and interpret the articles for yourself and others.
• You will be expected to study problems, techniques, and approaches individually and in groups, and then present your findings both orally and in writing.
• You will be expected to critique the perspectives/opinions of both authors and classmates in discussions and position papers.

At any class period, you may be asked to summarize and critique readings from the book or elsewhere in an “elevator speech” for the class. On such occasions, you are invited to refer to notes you've made in response to the readings. You may also be quizzed on the high points of the material.

If you are unable to attend class, notify the TA by email before the period begins for consideration of an excused absence.

Required Readings:

Title: Wireless Communications & Networks, 2^nd Edition (ISBN: 0-13-191835-4)

Author: William Stallings

Publisher: Prentice Hall

Supplemental Readings/Additional Bibliography:

• Computer Related Risks, by Peter G. Neumann, Addison-Wesley, 1995, ISBN 0-201-558
• Information Security: Protecting the Global Enterprise, by Donald L. Pipkin, Prentice Hall, 2000, ISBN 0-13-017323-1
• Information Warfare and Security, by Dorothy E. Denning, Addison-Wesley, 1999,
  ISBN 0-201-43303-6
•  Internet Besieged: Countering Cyberspace Scofflaws, edited by Dorothy E. Denning and Peter J. Denning, 1998, ISBN 0-201-30820-7

Government Reading

Executive Order 13010-Critical Infrastructure Protection (July 15, 1996)

http://www.fas.org/irp/offdocs/eo13010.htm

The President's Commission on Critical Infrastructure Protection (PCCIP) and their final report, "Critical Foundations" (Oct 1997) – Read article summary of the Report

http://www.marshall.org/article.php?id=65

PDD-63 – Critical Infrastructure Protection (May 22, 1998)

http://www.fas.org/irp/offdocs/pdd/pdd-63.htm

U.S. Commission on National Security/21st Century (Hart-Rudman Commission--September 1999)— Review just this web page information--

http://www.disinfopedia.org/wiki.phtml?title=National_Commission_on_Terrorism

Executive Order 13228 - Establishing the Office of Homeland Security and the Homeland Security Council (October 8, 2001)

http://www.fas.org/irp/offdocs/eo/eo-13228.htm

Executive Order 13231 - Critical Infrastructure Protection in the Information Age (October 16, 2001) http://www.fas.org/irp/offdocs/eo/eo-13231.htm

Homeland Security Act of 2002 (H.R. 5005) - http://www.dhs.gov/dhspublic/display?theme=85&content=412

Review--Contents and Title 1 on PDF pages 1-11

“The National Strategy For Homeland Security” (July 16, 2002)

http://www.whitehouse.gov/homeland/book/index.html

Read only— Letter from the President & Executive Summary

“National Strategy to Secure Cyberspace” (February 2003) http://www.whitehouse.gov/pcipb/

Read only— Letter from the President, Executive Summary, & Introduction

“National Strategy for the Physical Protection of Critical Infrastructures and Key Assets”

(February 2003)—Read only--Letter from the President and Executive Summary

http://www.dhs.gov/interweb/assetlibrary/Physical_Strategy.pdf

Executive Order 13231 of October 16, 2001 (as amended by E.O 13286 of February 26, 2003) “Critical Infrastructure Protection in the Information Age”

http://www.dhs.gov/interweb/assetlibrary/EO_13231_Revised.pdf

Homeland Security Presidential Directive (HSPD)-7 (Dec.17, 2003)

Subject: Critical Infrastructure Identification, Prioritization, and Protection

http://www.whitehouse.gov/news/releases/2003/12/print/text/20031217-5.html

“The DHS Strategic Plan--Securing Our Homeland” (February 24, 2004) Read just contents and summary

http://www.dhs.gov/interweb/assetlibrary/DHS_StratPlan_FINAL_spread.pdf

National Infrastructure Advisory Council (NIAC)-- (Just website info and members)

http://www.dhs.gov/dhspublic/display?theme=9&content=3445

Protected Critical Infrastructure Information (PCII) Program— (Just program overview

http://www.dhs.gov/dhspublic/display?theme=92&content=3755

Information Sharing and Analysis Centers (ISACs)—

http://www.dhs.gov/dhspublic/display?theme=73&content=1375&print=true