3
2
2
.
4
.
3
cdma
2000
cdma2000 is an evolution from IS-95 an
d
i
s able to support high rate data over the
air interface. cdma2000 is currently under the standardization of Third Generation
Partners
hi
p Pro
j
ect 2
(
3GPP2
)
an
d
i
s a fa
m
il
y of stan
d
ar
d
s. c
d
ma2000 1x
h
as
b
een
w
id
e
l
y
d
ep
l
oye
d
over t
h
e wor
ld
. Over t
h
e
b
an
d
w
id
t
h
of 1.25 MHz
,
c
d
ma2000 1x
(
1x means s
i
ng
l
e carr
i
er
)
can support a pea
k
rate of 307.2
kb
ps. c
d
ma2000 1xEV-
DO (1x evolution data o
p
timized) can
r
each a
p
eak rate of 2.4 Mb
p
s. The
cdma2000 1xEV-DV (1x evolution for inte
g
rated data and voice) is furthe
r
e
x
p
ected to deliver a maximal rate of 3.09 Mb
p
s.
In this
p
art, we
p
rovide a brief int
r
oduction on cdma2000 1x, cdma2000 1xEV-
DO, and cdma2000 1xEV-DV.
cdma2000 1x
cdma2000 1x operates in various frequency bands of 450, 800, 900, 1,700, 1,800,
1
,
900
,
an
d
2
,
100 MHz
,
an
d
i
sfu
ll
y
b
ac
k
war
d
compat
ibl
e w
i
t
h
I
S
-95.
Wh
en compare
d
w
i
t
h
IS-95, c
d
ma2000 1x
h
as
hi
g
h
er vo
i
ce capac
i
ty,
s
upportin
g
35 voice calls per sector per carrier. In contrast, the voice capacit
y
fo
r
IS-95 is 22 voice channels
p
er secto
r
p
er carrier. This increase
i
n voice capacit
y
is
due to a number of factors. Over the forward link, fast
p
ower
c
ontrol is emplo
y
ed;
a 1/4 code rate is introduced; and transmit diversity can be im
p
lemented. Over the
reverse link, the capacity improvement mainly comes from the newly adopted
coherent demodulation.
For vo
i
ce an
d
d
ata, t
h
ere are t
h
ree common
l
y use
d
c
h
anne
l
s. T
h
e fun
d
amenta
l
c
h
anne
l
(
FCH
)
i
s to carry vo
i
ce,
d
ata, an
d
s
i
gna
li
ng at rate
s
from 1,200
b
ps to 14.4
kb
ps. T
h
e
hi
g
h
d
ata rates are support
ed
b
y t
h
e supp
l
ementa
l
c
h
anne
l
(
SCH
)
,
whose
p
eak rate can be 16 or 32 times of FCH. The dedicated control channel is
u
sed for si
g
nalin
g
or burst
y
data access.
For data traffic, cdma2000 1x can s
u
pport a peak data rate of 153.6 kbps
u
u
(release 0) and can be further increased to 307.2 kb
p
s (release A). The theoretical
maximal rate for cdma2000 1x is 628 kb
p
s, which is achieved by combining two
SCHs at 307.2 kb
p
s
p
lus an FCH at a rate
o
f 14.4 kb
p
s. At the
p
eak rate of 153.6
kb
ps, t
h
e average rate
i
s aroun
d
50–90
kb
ps.
At t
h
e BS, mu
l
t
i
p
l
e SCHs can
b
e use
d
ov
e
r
t
h
e forwar
d
li
n
k
as
l
ong as t
h
ere are
e
noug
h
Wa
l
s
h
co
d
es an
d
transm
i
ss
i
o
n power. At an MS, t
h
e num
b
er o
f
s
i
mu
l
taneous
SC
Hs
i
s
li
m
i
te
d
to two. T
h
e SCH can
b
e e
i
t
h
er
i
n
di
v
id
ua
lly
ass
ig
ne
d
t
o an MS, or s
h
are
d
amon
g
a num
b
er of MSs.
Furthermore, turbo code has been introduced in cdma2000 1x. It has coding
rates of 1/2, 1/3, and 1/4, and is de
r
ived from two 8-state
p
arallel concatenate
d
codes. Turbo code can deliver better
p
erf
o
rman
ce
than
co
n
vo
l
u
ti
o
n
codes
w
it
h
l
ong co
di
ng
bl
oc
k
s. T
h
erefore,
i
t
i
s on
l
y use
d
on t
h
e SCH w
h
en a frame
h
as more
th
an 360
bi
ts.
T
ransm
i
t
di
vers
i
ty
i
s a
l
so a
d
opte
d
i
n c
d
ma20
0
0 1x
,
w
hi
c
h
i
s ca
ll
e
d
ort
h
ogona
l
t
ransm
i
t
di
vers
i
t
y
. It
i
s an
i
mp
l
ementat
i
on of t
h
e ort
h
o
g
ona
l
space t
i
me
bl
oc
k
co
d
e. Bas
i
ca
lly
two ort
h
o
g
ona
l
s
ig
na
l
s are tra
n
s
m
i
tt
ed
fr
o
m t
wo
ant
e
nna
ele
m
e
nt
s
D. Shen and V.O.K. Li
33
at the BS. At the MS, the received si
g
nals are optimall
y
combined to achieve the
diversity gain.
An important feature in cdma2000 1x is the newly introduced location
capability. The g
p
sOne position technology from Qualcomm has been integrate
d
i
nto
d
ev
i
ce c
hi
pset su
i
tes. H
ighly
accurate pos
i
t
i
on
i
n
g
can
b
e ac
hi
eve
d
t
h
rou
gh
(
A-GPS
)
networ
k
ass
i
ste
d
-GPS. Convent
i
o
n
a
l
GPS requ
i
res severa
l
m
i
nutes to
p
ro
d
uce
l
ocat
i
on resu
l
ts. W
i
t
h
t
h
e ass
i
stance of t
h
e networ
k
, A-GPS can prov
id
e
p
ositionin
g
within secon
d
s. When GPS si
g
nal is not available, e.
g
., for indoo
r
p
ositionin
g
, advanced forward link trian
g
ulation and other mixed techniques are
adopted to provide location information, at reduced accurac
y
. The introduction o
f
l
ocation features would inevitably promot
e
a wide range of applications such as
s
ecurity, navigation, location-base
d
services
,
and mobile commerce.
cdma2000 1xEV-DO
Th
e tec
h
n
i
ca
l
spec
i
f
i
cat
i
on for 1xEV-DO
i
s
I
S-856, re
l
ease
d
by
3GPP2. T
h
e c
hi
p
rate
i
s st
ill
1.2288 Mcps w
i
t
h
a
b
an
d
w
id
t
h
of 1.25 MHz. T
h
e 1xEV-DO
i
s
d
es
ig
ne
d
to eff
i
c
i
ent
ly
transfer
d
ata. For vo
i
ce, w
i
t
h
t
h
e a
dd
e
d
QoS features, vo
i
ce
over IP can be ado
p
ted. With the o
p
timiza
t
ion for data onl
y
, the data rate is
g
reatl
y
i
ncreased with res
p
ect to cdma2000 1x. The
p
eak forward link data rate can be as
hi
g
h as 2.4 Mbps. Avera
g
e data rate f
o
r
a user can be as hi
g
h as 300–800 kbps.
One reason for t
h
e en
h
ance
d
spectru
m
eff
i
c
i
ency
i
s t
h
e sepa
r
at
i
on of vo
i
ce an
d
d
ata. Vo
i
ce
h
as
di
fferent c
h
aracter
i
st
i
cs an
d
QoS requ
i
rements w
i
t
h
d
ata. Fo
r
e
xamp
l
e, vo
i
ce traff
i
c
i
s
d
e
l
ay sens
i
t
i
ve. A
d
e
l
ay over 100 ms
i
s not
d
es
i
ra
bl
e fo
r
vo
i
ce. To re
d
uce
d
e
l
a
y
, vo
i
ce traff
i
c common uses s
h
ort frame s
i
ze. However,
sh
ort frame s
i
ze a
l
so
l
ea
d
s to a
dd
e
d
over
h
ea
d
an
d
re
d
uce
d
eff
i
c
i
enc
y
. On t
h
e ot
h
e
r
h
an
d
,
d
ata are
b
urst
y
i
n nature an
d
more t
o
l
era
bl
e of
d
e
l
a
y
. T
h
erefore,
l
on
g
frame
s
ize can be adopted to improve efficienc
y
.
Another improvement in efficienc
y
comes from the turbo codin
g
on data
f
rames. Turbo codin
g
is most effective for lon
g
frames. For voice, the benefit o
f
t
urbo coding can hardly be enjoyed.
Besides BPSK and QPSK, higher level modulation schemes 8PSK and 16-
QAM are used to achieve data rates above 1 Mb
p
s. The data rates of 1xEV-DO
are f
l
ex
ibly
a
dj
uste
d
accor
di
n
g
to t
h
e c
h
anne
l
con
di
t
i
on. T
h
e MS constant
ly
mon
i
tors t
h
e rece
i
ve
d
s
ig
na
l
qua
li
t
y
from t
h
e BS an
d
sen
d
s report to t
h
e BS on
e
xpected channel qualit
y
. With favorable channel co
n
dition, hi
g
h transmission
rates can be used. When channel qualit
y
deteriorates, the data rate is adaptivel
y
r
educed.
T
he data rates over the forward and reverse link are asymmetric. This is natural
f
or data services since the data traffic is intrinsically asymmetric, with the forward
l
ink dominating the reverse link. The rever
s
e link data rate doubles from 9.6 kb
p
s
up to 153.6
kb
ps.
The power control policy is different
between cdma2000 1x and cdma2000
t
1xEV-DO. For vo
i
ce traff
i
c
i
n c
d
ma2000 1x
,
th
e purpose of power contro
l
i
s to
achieve the desi
g
nated SINR with the least transmission
p
ower. In cdma2000 1xEV
-
DO, the hi
g
hest power is used to deliver the maximal achievable rate to a user.
2 Fun
d
amenta
l
s of
Wi
re
l
ess
C
ommun
i
cat
i
ons
34
Flexible resource mana
g
ement is utilized between BS and MSs to achieve hi
g
h
s
ystem t
h
roug
h
put. T
h
i
s
i
s v
i
a
bl
e
d
ue to t
h
e
d
e
l
ay
i
nsens
i
t
i
ve nature of t
h
e
d
ata
s
erv
i
ce. T
h
e management of resources
i
s t
h
e
j
o
b
of t
h
e sc
h
e
d
u
l
er, w
hi
c
h
w
ill
di
str
ib
ute t
h
em
i
n a fa
i
r manner to
di
fferent users. T
h
e c
h
anne
l
con
di
t
i
on s
h
ou
ld
b
e
i
ncorporate
d
i
nto t
h
e sc
h
e
d
u
li
n
g
process so t
h
at t
h
rou
gh
put an
d
QoS can
b
e
p
roper
ly
b
a
l
ance
d
. For users
i
n
d
eep fa
d
es
,
i
t
i
s more eff
i
c
i
ent to
di
vert t
h
e t
i
me
sl
ots to ot
h
er users w
i
t
h
g
oo
d
c
h
a
n
nel
co
n
di
t
io
n
s.
T
his
is
t
he
so
-
c
a
lled
m
ul
t
iuser
diversit
y
in wireless data networks.
1xEV-DO full
y
supports IP. Therefore, securit
y
mechanisms such as virtual
p
rivate network can be overlaid on to
p
of 1xEV-DO. The 1xEV-DO air interface
will be trans
p
arent to users, since 1xEV-DO is itself a PDN.
1xEV-DO is used for data sessions only. Dual mode devices will support both
c
d
ma2000 1x vo
i
ce an
d
1xEV-DO
high
sp
e
e
d
d
ata serv
i
ce.
Wh
en a ca
ll
comes to
a user w
i
t
h
an on
g
o
i
n
g
d
ata
c
onnect
i
on
,
t
h
e use
r
is
n
o
t
i
f
ied.
If t
he
use
r
decides
t
o
pi
c
k
up t
h
e ca
ll
, t
h
e
d
ata serv
i
ce
i
s temporar
ily
suspen
d
e
d
d
ur
i
n
g
t
h
e per
i
o
d
of
co
n
ve
r
s
ati
o
n
.
Th
e
dev
i
ce
w
ill automaticall
y
transfer to t
h
e
cd
ma2000 1x air
i
nterface. In this wa
y
, a user will no
t
m
iss a call durin
g
1xEV-DO data service,
an
d
th
e
tran
s
mi
ss
i
o
n
be
t
wee
n
vo
i
ce
an
d
1xEV-DO data service is seamless and
t
rans
p
aren
t
t
o a user.
cdma2000 1x-EV-DV
Th
e focus of 1xEV-DV
i
s to
i
ncrease t
h
e forwar
d
li
n
k
d
ata rate w
h
en support
i
ng
b
ot
h
d
ata an
d
vo
i
ce. H
i
g
h
spec
t
ra
l
eff
i
c
i
ency
i
s ac
hi
eve
d
w
i
t
h
t
h
e
i
ntro
d
uct
i
on of
a
new c
h
anne
l
, forwar
d
pac
k
et
d
ata c
h
anne
l
(
F-PDCH
)
. On F-PDCH, t
h
e pea
k
d
ata
rate can
b
e as
high
as 3.09 M
b
ps.
T
o
i
mprove eff
i
c
i
enc
y
, resource s
h
ar
i
n
g
i
s performe
d
amon
g
MSs. T
h
ere are
t
hree
p
ossible modulation schemes: QPSK, 8PSK, and 16-QAM. T
y
pe II h
y
bri
d
automatic re
p
eat re
q
uest (H-ARQ) is ado
p
ted
.
In this t
y
pe of ARQ, incremental
redundanc
y
is transmitted with turbo codes.
2.4.4 Un
i
versal Mob
i
le Telecommun
i
cat
i
on
Sy
stem
UMTS is the most widely supported
third generation mobile communications
d
system. 3G systems are intend
e
d to provide global mobility with a wide range o
f
services, including telephon
y
, paging, messaging, Internet
,
and broadband data. The
Int
e
rnat
io
na
l
T
eleco
m
m
unication Union started the
m
m
process of
d
ef
i
n
i
n
g
t
h
e stan
d
ar
d
f
or t
hi
r
d
g
enerat
i
on s
y
stems, referre
d
to a
s
Int
e
rnat
io
na
l
M
obile
T
eleco
mm
u
n
i
-
c
ations 2000 (IMT-2000). ETSI was res
p
onsible
f
or UMTS standardization. In 1
99
8
3GPP was formed to continue t
h
e
technical s
p
ecification work.
Services
UMTS offers teleservices (like s
p
eech or SMS) and bearer services, which
p
rovide
t
h
e capa
bili
ty for
i
nformat
i
on transfer
b
etween access po
i
nts. It
i
s poss
ibl
e to
D. Shen and V.O.K. Li
35
connect
i
on esta
bli
s
h
ment an
d
d
ur
i
n
g
on
g
o
i
n
g
sess
i
on or connect
i
on. Bot
h
connection-oriented and connectionless
s
ervices are offered for PTP and PMP
communication.
T
he data rates for UMTS are:
•
144
kb
ps for rura
l
out
d
oor an
d
sate
lli
te
•
3
84
kb
ps for ur
b
an out
d
oor
•
2
.048 Mbps for indoor or low-ran
g
e outdoor
Bearer services have different QoS
p
ara
m
eters for maximum transfer dela
y
, dela
y
variation, and bit error rate. Fou
r
QoS classes are defined in UMTS:
r
•
C
onversational clas
s
.
This includes voice and video telephony. The speech
codec in UMTS will employ the ad
a
ptive multirate technique. It has eight
s
ource rates
,
f
rom 4.75 to 12.2 kb
p
s. Voice acti
v
i
ty detector is used with
b
ac
kg
roun
d
no
i
se eva
l
uat
i
on. In
vid
eo te
l
ep
h
on
y
, UMTS spec
i
f
i
e
d
H
.
264M f
o
r
ci
r
cui
t-
swi
t
ch
e
d
connect
i
ons an
d
sess
i
on
i
n
i
t
i
at
i
on protoco
l
for
IP mu
l
t
i
me
di
a app
li
cat
i
ons.
•
Streamin
g
class
.
In this class, multimedia data are transferred as a stead
y
and continuous stream. Some exam
p
les are multimedia, video on demand,
and webcast. Usuall
y
streamin
g
media is less sensitive to dela
y
. Therefore,
b
uffering can be adopted to smooth out delay jitter.
•
I
nteractive c
l
ass. T
hi
s type of app
li
cat
i
on
r
equ
i
res
i
nteract
i
on
b
etween
p
art
i
es. For examp
l
e, We
b
b
rows
i
n
g
an
d
networ
k
g
am
i
n
g
b
e
l
on
g
to t
h
e
i
nt
e
ra
c
t
ive
cl
a
ss.
•
B
ack
g
round class
.
T
hi
s
i
s t
h
e tra
di
t
i
ona
l
b
est effort serv
i
ce
,
suc
h
as ema
il,
SMS, and file downloadin
g
.
L
ocation services are also
p
rovided in UMTS. Similar to cdma2000, the
l
ocation methods in UMTS include:
1
.Ce
ll
-
id
b
ase
d
pos
i
t
i
on
i
ng
2
.Pos
i
t
i
on
i
ng
b
ase
d
on t
i
me
di
fference of arr
i
va
l
3
. Networ
k
-ass
i
ste
d
GPS
(
A-GPS
)
Architecture
An UMTS networ
k
cons
i
sts of t
h
ree
i
nteract
i
ng
d
oma
i
ns: core networ
k
(
CN
)
,
UMTS terrestr
i
a
l
ra
di
o access networ
k
(
UTRAN
)
, an
d
user equ
i
pment
(
UE
)
. T
h
e
ma
i
n funct
i
on of t
h
e core networ
k
i
s to prov
id
e sw
i
tc
hi
ng, rou
ti
ng, an
d
trans
i
t fo
r
user traffic. Core network also contain
s
the databases and network mana
g
emen
t
f
unctions. Fi
g
. 2.20 shows th
e
UMTS network elements.
T
he CN architecture for UMTS is base
d
o
n GPRS. All e
q
ui
p
ment have to be
modified for UMTS o
p
eration and services.
T
he CN can be divided into circuit-
s
witched and packet-switched parts. Circuit-switching equipment such as MSC
an
d
GSMC rema
i
n t
h
e same as
i
n GSM. T
h
e pac
k
et
d
oma
i
n
i
s manage
d
b
y SGSN
an
d
GGSN
,
t
h
e same as
i
n GPRS. T
h
e exte
r
na
l
networ
k
s a
l
so
h
ave two types:
c
i
rcu
i
t-sw
i
tc
h
e
d
networ
k
s suc
h
as P
S
TN
a
n
d
ISDN, an
d
pac
k
et-sw
i
tc
h
e
d
networ
k
s
such
a
s
t
he
Int
e
rn
e
t
.
2 Fun
d
amenta
l
s of
Wi
re
l
ess
C
ommun
i
cat
i
ons
negotiate and renegotiate the characteristics of a bearer service at session o
r
36
U
TRAN
p
rovides the air interface access method for user e
q
ui
p
ment. In
UMTS
,
t
h
e
b
ase stat
i
on
i
s referre
d
to as No
d
e-B
,
w
hil
e BSC
i
s ca
ll
e
d
ra
di
o
networ
k
contro
ll
er
(
RNC
)
.
Th
e funct
i
ons of No
d
e-B
i
nc
l
u
d
e:
•
Ra
di
o transm
i
ss
i
on an
d
recept
i
on
•
M
odul
at
io
n
/de
m
odul
at
io
n
•
C
hannel coding
•
Microdiversity
•
E
rror handling
•
Cl
ose
d
l
oop power contro
l
Fi
g. 2.20
.
UMTS system arc
hi
tecture
D. Shen and V.O.K. Li
3
7
T
he functions of RNC include:
•
Ra
di
o resource contro
l
•
A
d
m
i
ss
i
on contro
l
•
Ch
anne
l
a
ll
ocat
i
on
•
Power contro
l
sett
i
n
g
s
•
Han
dove
r
co
ntr
o
l
•
Macrodiversity
•
C
iphering
•
Segmentation/reassembly
•
Broa
d
cast s
ig
na
li
n
g
•
Open-
l
oop power contro
l
Fig
. 2.21. UMST
l
o
gi
ca
l
e
l
ements an
d
i
nterfaces
U
E cons
i
sts of two parts:
•
Mo
bil
e equ
i
pment
i
s t
h
e ra
di
o
te
rm
i
na
l
used
f
o
r ra
dio
co
mm
u
n
ic
at
io
n
.
•
UMTS su
b
scr
ib
er
id
ent
i
t
y
mo
d
u
l
e
(
USIM
)
performs t
h
e same ro
l
e as t
h
e
SIM card. Its functions are mainl
y
related to securit
y
aspects, such as
a
u
th
e
nti
c
ati
o
n
.
U
MTS has the same t
y
pes of id
e
ntit
y
as in GPRS, such as IMSI, TMSI, P
-
T
M
S
I
,
IMEI
,
etc.
U
MTS spec
i
f
i
es
i
nterfaces
b
etween
l
og
i
ca
l
networ
k
e
l
ements. T
h
e ma
j
or ones
i
nc
l
u
d
e:
•
Uu
i
nterface: t
h
e
i
nterface
b
etween UE an
d
UTRAN
,
w
hi
c
h
i
s a
l
so t
h
e
ra
dio
i
nt
e
rfa
ce.
•
C
u
i
nterface: t
h
e
i
nterface
b
etween
US
IM car
d
an
d
U
E.
•
Iu interface: this interface connects UTRAN to the CN.
•
Iur interface: the interface between RNCs.
•
Iu
b
i
nterface: t
h
e
i
nterface t
h
at connects No
d
e-B w
i
t
h
RN
C
.
F
ig
. 2.21
ill
ustrates t
h
e re
l
at
i
ons
hi
p
b
et
w
een t
h
e
l
o
gi
ca
l
networ
k
e
l
ements an
d
i
nterfaces.
2 Fun
d
amenta
l
s of
Wi
re
l
ess
C
ommun
i
cat
i
ons
3
8
Radio Access
Th
e a
i
r
i
nterface tec
h
no
l
ogy of UTRAN
i
s ca
ll
e
d
w
id
e
b
an
d
CDMA
(
WCDMA
)
.
W
CDMA
h
as two
b
as
i
c operat
i
on mo
d
es:
f
requency-
di
v
i
s
i
on
d
up
l
ex
i
ng
(
FDD
)
an
d
t
i
m
e
-
divisio
n
d
up
l
ex
i
n
g
(
TDD
)
.
Th
e ma
j
or parameters of t
h
e FDD stan
d
ar
d
are summar
i
ze
d
as fo
ll
ows:
•
C
hi
p
rate: 3.84 Mc
p
s
•
Bandwidth: 5 MHz
•
C
hannel coding schemes: convolutiona
l
coding and turbo coding, which is
used
f
o
r
d
ata traff
ic
•
Mo
d
u
l
at
i
on sc
h
eme: QPS
K
•
Pu
l
se s
h
ape: root-ra
i
se
d
cos
i
n
e
wi
t
h
a r
oll
o
f fa
c
t
o
r
o
f 0
.
22
•
Frame len
g
th: 10 ms
•
Power control rate: 1,500 Hz
•
Power control ste
p
size: 0.5, 1, 1.5, 2 dB
•
P
h
ys
i
ca
l
l
ayer sprea
di
ng factor: 4-25
6
for up
li
n
k
, 4-512 for
d
own
li
n
k
Th
e max
i
ma
l
d
ata rate for WCDMA FDD mo
d
e
i
s 384
kb
ps an
d
can
b
e
i
ncreased to 2 Mb
p
s.
T
he FDD mode re
q
uires a
p
air of 5-MHz bands. In certain situations, there are
no such paired bands. Further, the traf
fic over 3G networks is expected to be
f
f
asymmetric, which means traffic over downlink will be much heavier than u
p
link.
T
herefore, the
p
aired bandwidth allocation is not flexible and suitable fo
r
asymmetric traffic.
Th
e TDD mo
d
e of WCDMA
i
s
b
etter su
i
te
d
for unpa
i
re
d
b
an
d
s an
d
asymmetr
i
c traff
i
c. T
hi
s
i
s
b
ecause TDD ne
ed
s on
l
y one frequency
b
an
d
, an
d
t
h
e
ti
me s
l
ots for up
li
n
k
an
d
d
own
li
n
k
ca
n
be adaptively adjusted. The major
n
parameters of WCDMA TDD are:
•
C
hi
p
rate: 1.28 or 3.84 Mc
p
s.
•
Bandwidth: 1.6 MHz (at 1.28 Mc
p
s) or 5 MHz (at 3.84 Mc
p
s).
•
C
hannel coding: convol
u
t
ional and turbo coding.
•
Modulation:
Q
PSK.
•
Frame
l
en
g
t
h
: 10 ms.
•
Nu
m
be
r
o
f
slo
t
s/
fram
e:
15
.
• P
owe
r
co
ntr
ol
rat
e:
100
o
r 200 Hz
ove
r
up
li
n
k
, 800 Hz over
d
own
li
n
k
.
•
Power control ste
p
size: 1, 2, 3 dB.
•
Physical layer spreading f
a
ctor: 1, 2, 4, 8, 16.
f
f
•
Th
e TDD mo
d
e a
l
so emp
l
oys a num
b
e
r
of tec
h
no
l
og
i
es suc
h
as
j
o
i
nt
d
etect
i
on an
d
smart antenna to furt
h
er
i
mprove capac
i
ty. It can
b
e expecte
d
th
at goo
d
spectra
l
eff
i
c
i
ency can
b
e ac
hi
eve
d
w
i
t
h
t
hi
s TDD mo
d
e.
2.4.5 Security Features in cdma2000 and UMTS
UMTS and cdma2000 bear man
y
resembl
a
n
ces in terms of securit
y
features.
T
herefore, we elaborate onl
y
on the securit
y
schemes in UMTS.
D. Shen and V.O.K. Li
39
T
he UMTS securit
y
framework is an enhance
m
ent and extension of the securit
y
f
eatures in 2G systems. The major secu
r
ity aspects are still the authentication of
UE and encryption between UE and the serving network (SN).
Authentication and Key Agreement
Th
e aut
h
ent
i
cat
i
on an
d
k
ey generat
i
on proce
d
ure
i
n UMTS
i
s
c
a
ll
e
d
aut
h
ent
i
cat
i
on
an
d
k
e
y
a
g
reement
(
AKA
)
, w
hi
c
h
i
s use
d
for aut
h
ent
i
cat
i
on an
d
g
enerat
i
on of
k
e
y
s for encr
y
pt
i
on an
d
i
nte
g
r
i
t
y
protect
i
on
.
It
should
be
n
o
t
e
d
t
h
at
U
MT
S
a
ll
ows
t
h
e
U
E to aut
h
ent
i
cate t
h
e networ
k
. T
h
is
is
c
a
lled
m
u
t
u
a
l
a
u
t
he
nt
ic
at
io
n
.
In
contrast, onl
y
UE is authenticated in GSM, and a UE can never re
j
ect the network.
W
ith mutual authentication, it is
p
ossible for the UE to re
j
ect the network.
T
he AKA
p
rocedure is im
p
lemented at the USIM card at UE and AuC of the
networ
k
. T
h
e aut
h
ent
i
cat
i
on process at t
h
e networ
k
s
id
e
i
nvo
l
ves
h
ome
e
nv
i
ronment
(
HE
)
an
d
SN. T
h
e HE ma
i
n
l
y cons
i
sts of t
h
e HLR an
d
AuC. T
h
e
SN refers to SGSN for pac
k
et-sw
i
tc
h
e
d
d
ata an
d
VLC
/
MSC for c
i
rcu
i
t-sw
i
tc
h
e
d
d
ata
.
Th
e operat
i
on of AKA
h
as two sta
g
e
s. T
h
e f
i
rst sta
g
e
i
s to transfer t
h
e
authentication vector (AV) from the HE to the SN. The AV contains securit
y
c
r
ede
ntial
s
suc
h a
s
c
hallen
g
e–response authentication data and encr
y
ption ke
y
s. It
s
hould be
p
ointed out that the transfer be
t
w
een HE and SN sh
o
u
l
d
be
secu
r
ed.
F
or
this
p
ur
p
ose, mobile a
pp
lication
p
art (
M
AP)
p
rotocol is used, which
p
rovides
s
ecure mechanisms for the AV transfer. The second stage is the execution of the
one-pass challenge–response procedure at the SN to achieve mutual authentication
b
etween t
h
e USIM an
d
t
h
e networ
k
. S
i
m
il
ar to GSM
,
t
h
e aut
h
ent
i
cat
i
on
i
s a
l
so
b
ase
d
on a pres
h
are
d
128-
bi
t secret
k
e
y
, K, w
hi
c
h
i
s store
d
i
n
b
ot
h
USIM an
d
Au
C
i
n HE.
In UMTS, a number of al
g
orithms are desi
g
ned for authentication purpose an
d
are different from those in GSM. The
a
l
g
orithms related to a
u
th
e
nti
c
ati
o
n
ar
e
fr
o
m
f
0 to f5*. In Table 2.3, we list
t
he securit
y
-related al
g
orith
m
s in UMTS. In
p
ractice, the authentication algorithms (from f0 to f5*) are operator specific. This
means it is up to the operator to decide the exact algorithms for implementation.
3
GPP developed a set of algorithms c
a
l
led MILENAGE as an exam
p
le set of
a
l
gor
i
t
h
ms.
In t
h
e aut
h
ent
i
cat
io
n process, t
h
e f0 a
l
go
r
i
t
h
m
i
s use
d
to generate t
h
e ran
d
om
number RAND. An authentication token AUTN is also
g
enerated b
y
the
SGSN/VLR. At the network side, fun
c
t
ion f1 is invoked to produce messa
g
e
authentication code (MAC-A). Then t
h
e challen
g
e messa
g
e, composed of RAND,
AUTN, and MAC-A, is sent to the UE. Within the AUTN, there is also a se
q
uence
number (SQN). The function f5 may be optionally used to p
r
o
duce an anonymity
key (AK) for the concealment of SQN in the challenge. This is achieved by
XOR
i
ng SQN w
i
t
h
AK.
2 Fun
d
amenta
l
s of
Wi
re
l
ess
C
ommun
i
cat
i
ons
40
W
hen UE receives the challen
g
e, UE authenticates the network b
y
comparin
g
t
h
e
l
oca
l
compute
d
MAC w
i
t
h
t
h
e rece
i
ve
d
MAC-A. After aut
h
ent
i
cat
i
on of t
h
e
networ
k
, an aut
h
ent
i
cat
i
on response
(
RES
)
i
s compute
d
b
y t
h
e USIM emp
l
oy
i
ng
t
h
e f2 a
l
gor
i
t
h
m. T
h
en RES
i
s
s
ent
b
ac
k
to t
h
e networ
k
f
or t
h
e aut
h
ent
i
cat
i
on o
f
UE. In t
h
e meant
i
me
,
a 1
2
8
-
bi
t c
i
p
h
er
k
e
y
(
CK
)
i
s ca
l
cu
l
ate
d
by
t
h
e f3 a
lg
or
i
t
h
m,
an
d
a 128-
bi
t
i
nte
g
r
i
t
y
k
e
y
(
IK
)
by
t
h
e f4 a
lg
or
i
t
h
m.
In UMTS, conf
id
ent
i
a
li
ty
i
s ac
hi
eve
d
t
h
roug
h
encrypt
i
on. T
h
e CK
i
s 128
bi
ts,
w
hi
c
h
d
ou
bl
es t
h
e 64-
b
i
t
k
ey
i
n GSM. T
h
e a
dd
e
d
bi
ts s
i
gn
i
f
i
cant
l
y
i
mprove
encryption security. Another difference bet
ween GSM and UMTS is the scope of
t
t
e
ncr
y
pt
i
on. In GSM, c
i
p
h
er
i
n
g
en
d
s at BT
S,
an
d
i
nformat
i
on f
l
ow
b
etween BTS
a
nd BSC is in the clear. However, in man
y
practical s
y
stems, several links
f
0 random challen
g
e
g
eneration function
f
1 n
e
t
wo
r
k
a
u
t
he
nt
ic
at
io
n f
u
n
c
t
io
n
f1
*
res
y
nc
h
ron
i
zat
i
on messa
g
ea
u
t
he
nt
ic
at
io
n f
u
n
c
t
io
n
f
2 user c
h
a
ll
enge–response generat
i
on funct
i
on
f
3 cipher ke
y
derivation function
f
4 inte
g
rit
y
derivation function
f5 anonymity key derivation f
unction for norm
f
f
al
operat
i
on
f5* anonymity key derivation f
unction for resynchronization
f
f
f
6 MAP encryption algorith
m
f
7 MAP inte
g
rit
y
al
g
orithm
f
8 UMTS encr
y
pt
i
on a
lg
or
i
t
h
m
f
9 UMTS
i
ntegr
i
ty a
l
gor
i
t
hm
T
a
b
l
e
2
.
3
.
Secur
i
t
y
a
lg
or
i
t
h
ms
i
n UMTS
D. Shen and V.O.K. Li
al
gor
i
t
h
m funct
i
on
Confidentiality and Integrity
41
b
etween BTS an
d
BSC are a
l
so t
h
roug
h
ra
di
o
.
T
h
erefore, encrypt
i
on ta
k
es p
l
ace
b
etween M
S
an
d
RN
C
i
n
U
MT
S
.
E
ncr
y
pt
i
on ensures t
h
e conf
id
ent
i
a
li
t
y
of t
h
e messa
g
es. On t
h
e ot
h
er
h
an
d
,
i
t
i
s
necessar
y
to protect encr
y
pte
d
messa
g
es from
b
e
i
n
g
ma
li
c
i
ous
ly
mo
di
f
i
e
d
. T
hi
s
i
s
achieved b
y
the i
n
t
e
g
rit
y
al
g
orithms. Th
e integrity mechanism
is to produce a
m
messa
g
e authentication code (MAC). In UMTS, i
n
te
g
rit
y
protection is onl
y
ado
p
ted for the si
g
nalin
g
messa
g
es between MS and RNC.
Th
e encrypt
i
on an
d
i
ntegr
i
ty a
l
gor
i
t
h
ms
i
n UMTS are a
ll
b
ase
d
on t
h
e Kasum
i
M
ore spec
i
f
i
ca
lly
, t
h
e encr
y
pt
i
on a
lg
or
i
t
h
m
i
s f8. It pro
d
uces
k
e
y
stream
bl
oc
k
s
of 64
bi
ts
,
w
hi
c
h
i
s t
h
en XORe
d
w
i
t
h
t
h
e p
l
a
i
ntext
da
ta. It requ
i
res a 128-
bi
t C
K
that is
g
enerated b
y
f3.
T
he inte
g
rit
y
al
g
orithm is f9. It is also based on Kasumi but operates in the
cipher-block-chainin
g
mode. It takes the messa
g
e as the input and operates with
the IK produced by f4. The final output from
f9 is a 64-bit cipher block. Afterward
m
i
t
i
s truncate
d
to 32
bi
ts to pro
d
uce t
h
e MAC. T
h
e MAC
i
s t
h
en transferre
d
toget
h
er w
i
t
h
t
h
e encrypte
d
message. At t
h
e rece
i
ver, t
h
e MAC
i
s re-generate
d
an
d
compare
d
w
i
t
h
t
h
e rece
i
ve
d
MAC. If t
h
e two a
g
ree, t
h
e
i
nte
g
r
i
t
y
of t
h
e messa
g
e
i
s
aff
i
rm
ed.
2.5 Summary
In t
hi
s c
h
apter, we prese
n
t
ed
a
b
r
ie
f
i
ntr
oduc
t
io
n
of
the
f
u
n
d
am
e
nta
ls
o
f
wi
r
eless
communications. We described the cellular standards of GSM, GPRS, IS-95,
cdma2000, and UMTS. We also introduced the security aspects of these standards.
References
2 Fun
d
amenta
l
s of
Wi
re
l
ess
C
ommun
i
cat
i
ons
cipher. Kasumi is a block cipher with eight
rounds of operation. It operates on
t
64-
bi
t
d
ata
bl
oc
k
w
i
t
h
a
k
ey
l
engt
h
of 128
bi
ts.
1.
J. Eberspä
cher, H J. V
ä
ä
gel, C. Be ttstetter, GSM Switching, Services and
ö
ö
P
rotocols, 2nd Edition, Wile
y
, New York, 2001.
2.
T. Halonen, J. Romero, J. Melero, GSM, GPRS and EDGE Performance,
W
ile
y
, New York, 2002.
3
.
D
. Goo
d
man, “Secon
d
generat
i
on w
i
re
l
ess
i
nformat
i
on networ
k
s
,
” IEEE
Trans. Ve
hi
cu
l
ar Tec
h
no
l
., vo
l
. 40, no. 2, pp
.
366
–
3
7
4
, May
1991
.
4
.
M
. Ra
h
nema, “Overv
i
ew of t
h
e GSM system an
d
protoco
l
arc
hi
tecture,”
I
EEE Commun. Ma
g
., pp. 92–100, Ju
ly
1993.
5.
A
. Me
h
rotra, L. S. Go
ldi
n
g
, “Mo
bili
t
y
an
d
secur
i
t
y
mana
g
ement
i
n t
h
e GSM
s
y
stem and some proposed future improvements,” Proc. IEEE, vol. 86, no.
7,
pp
. 1480
–
1
497, Jul
y
1998.
6
.
B
. Schneier, Applied Cr
y
pto
g
raph
y
: Protocols, Al
g
orithms, and Source
Code in C
,
2nd Edition
,
Wiley, New York, 1996.
42
D. Shen and V.O.K. Li
7
. N. Fer
g
uson, B. Sc
h
ne
i
er, Pract
i
ca
l
Cr
y
pto
g
rap
hy
, W
il
e
y
, New Yor
k
, 2003.
8
.
A
. Bir
y
ukov, A. Shamir, D. Wa
g
ner, “Realti
m
e cr
y
ptanal
y
sis of A5/1 on a
P
C,” Fast Software E
n
cr
y
ption Workshop 2000,
N
ew York Cit
y
, USA, 10–
12 A
p
ril 2000.
9
.
P
. E
kd
a
hl,
T. Jo
h
ansson
,
“Anot
h
er at
t
ac
k
on A5
/
1
,
” IEEE Trans. Inform.
T
h
eory, vo
l
. 49, no. 1, pp.
284
–
289
, January
2003
.
10
.
P
. Stuc
k
mann
,
T
h
e GSM Evo
l
ut
i
on:
M
o
bil
e Pac
k
et Data Serv
i
ce, W
il
ey,
New Yor
k,
2003.
11.
G
. San
d
ers, L. T
h
orens, M. Re
i
s
ky
,
O
. Ru
lik
, S. De
yli
tz, GPRS Networ
k
s,
W
il
e
y
, New Yor
k
, 2003.
12
.
M
. Moul
y
, M B. Pauttet, “Current evolution of the GSM s
y
stems,” IEEE
P
ersonal Commun.,
pp
. 9–19, October 1995.
13
.
G. Brasche, B. Walke, “Concepts, ser
vices, and protocols of the new GSM
r
r
P
hase 2+ General Packet Radio Ser
v
ice,” IEEE Commun. Mag., pp. 94–104,
A
ugust 1997.
14.
A. Furuskar, S. Mazur, F. Mü
ller, H. Olofsson, “EDGE: enhanced data rates
ü
ü
for GSM an
d
TDMA
/
136 evo
l
ut
i
on
,
”
I
EEE Persona
l
Commun., pp. 56–66,
J
une
1999
.
15
.
J. Cai, D. Goodman, “General Packet Radio Service in GSM,” IEEE
Commun. Ma
g
., pp. 122–
1
31, October 1997.
16
.
R
. Kalden, I. Meirick, M. Me
y
er, “Wireless Internet access based on
G
PRS,” IEEE Personal Commun.,
pp
. 8–18, A
p
ril 2000.
1
7.
H
. Zhang, “Service disciplines for guaranteed performance service in
packet-switching networks,” Proc. IEEE, vol. 83,
pp
. 1374–1396, Octobe
r
199
5.
18
. Y. Cao, V.O.K. L
i
, “Sc
h
e
d
u
li
ng a
l
gor
i
t
h
ms
i
n
b
roa
db
an
d
w
i
re
l
ess
n
etwor
k
s
,
” Proc. IEEE
,
v
o
l
. 89, no. 1, pp. 76
–
8
7, January
2001
.
1
9
.
H
. Fattah, C. Leun
g
, “An overview of schedulin
g
al
g
orithms in wireless
m
ultimedia networks,” IEEE Wireless C
o
mmun.,
pp
. 76–83, October 2002.
2
0
.
W
.C.Y. Lee, “Overview of cellular CDMA,” IEEE Trans. Vehicula
r
Technol., vol. 60, no. 2,
pp
.
291
–
302
, May
1991
.
21
. E. Dinan, B. Jabbari, “Spreading codes for direct sequence CDMA an
d
wid
e
b
an
d
C
DMA ce
ll
u
l
ar networ
ks
,”
IEEE
C
ommun.
M
ag., pp.
48
–5
4
,
S
eptem
b
er 1998.
22
.
A
.J. V
i
ter
bi
, CDMA: pr
i
nc
i
p
l
es of Sprea
d
Spectrum Commun
i
cat
i
on,
A
ddison-Wesle
y
, Readin
g
, MA, 1995.
2
3
.
R
. Rrasad, CDMA for Wireless Personal Communications, Artech House,
USA
, 1996.
2
4. L. Harte, CDMA IS-95 for Cellular and PCS, McGraw-Hill, New York,
1999.
2
5.
V
. Garg, IS-95CDMA and cdma2000: Cellular/PCS Systems
I
mp
l
ementat
i
on, Prent
i
ce-Ha
ll
,
En
gl
ewoo
d
C
li
ffs, NJ, 2000.
26
.
V
. Van
ghi
, A. Damn
j
anov
i
c, B. Vo
j
c
i
c
, T
h
e c
d
ma2000 S
y
stem for Mo
bil
e
Commun
i
cat
i
ons, Prent
i
ce-Ha
ll
, En
g
l
ewoo
d
C
li
ffs
,
NJ
,
2004.
27
. T. O
j
anpera, R. Prasad, “An overview of third-
g
eneration wireless personal
c
ommunication,” IEEE Personal Commun.,
pp
. 59–65, December 1998.
43
2 Fun
d
amenta
l
s of
Wi
re
l
ess
C
ommun
i
cat
i
ons
2
8
.
T. O
j
anpera, R. Prasa
d
, “An overv
i
ew of a
i
r
i
nterface mu
l
t
i
p
l
e access for
I
MT-2000/UMTS,” IEEE Commun. Ma
g
., p
p
.
82–95, Se
p
tember 1998.
2
9.
D
. Knisel
y
, S. Kumar, S. Laha, S. Nanda, “Evolution of wireless data
services: IS-95 to cdma2000,” IEEE Commun. Ma
g
., pp. 140–149, Octobe
r
1998
.
30
.
B
. Sar
ik
aya, “Pac
k
et mo
d
e
i
n w
i
re
l
ess networ
k
s: overv
i
ew of trans
i
t
i
on to
thi
r
d
generat
i
on,” IEEE Commun. Mag., pp. 164–172, Septem
b
er 2000.
3
1
.
J H. Par
k,
“W
i
re
l
ess Internet access for mo
bil
e su
b
scr
ib
ers
b
ase
d
on t
h
e
G
PRS
/
UMTS networ
k
,” IEEE Commun. Ma
g
., pp. 38–49, Apr
il
2002.
3
2
.
R. Parr
y
, “c
d
ma2000 1xEV-DO: a 3G w
i
re
l
ess Internet access s
y
stem,”
I
EEE Potential,
pp
. 10–13, October/November 2002.
3
3
.
A
. Soon
g
, S J. Oh, A. Damn
j
anovic,
Y
.C. Yoon, “Forward hi
g
h speed
w
i
re
l
ess pac
k
et
d
ata serv
i
ce
i
n IS-2000 – 1xEV-DV
,
”
I
EEE Commun. Mag.,
pp. 171–177, August 2003.
34
.
A
. Samu
ki
c
,
“UMTS Un
i
versa
l
Mo
bil
e Te
l
ecommun
i
cat
i
on Serv
i
ce:
d
eve
l
opment of stan
d
ar
d
s for t
h
e t
hir
d
g
enerat
i
on,” IEEE Trans. Ve
hi
cu
l
ar
Tec
h
no
l
., vo
l
. 47, no. 4, pp. 1099–1104
,
Novem
b
er 1998.
3
5
.
E. Da
hl
man
,
B. Gu
d
mun
d
son
,
M.
Nil
sson
,
J. S
k
o
ld,
“UMTS
/
IMT-2000
based on wideband CDMA,” IEEE Commun. Ma
g
., pp.70–80, September
1
998.
3
6
.
J. Huber, D. Weiler, H. Brand, “UMTS, the
m
ob
il
e
m
u
ltim
ed
ia
v
i
s
i
o
n f
or
I
MT-2000: a focus on stan
d
ar
di
zat
i
on
,
” IEEE Commun
.
Mag., pp.
129
–
136
,
S
eptem
b
er 2000.
3
7.
H
. Ho
l
ma
,
A. Tos
k
a
l
a
,
WCDMA for UMTS: Ra
di
o Access for T
hi
r
d
G
enerat
i
on Mo
bil
e Commun
i
cat
i
ons
,
2n
d
Edi
t
i
on, W
il
e
y
, New Yor
k
, 2002.
38.
K
. Boman
,
G. Horn
,
P. Howar
d,
V. N
i
em
i
, “UMTS secur
i
t
y
,” E
l
ectron.
C
ommun. J., pp. 191–
2
04
,
Octo
b
er 2002.
39
.
G
. Koien, “An introduction to access securit
y
in UMTS,” IEEE Wireless
C
ommun.,
pp
. 8–1
8
, Februar
y
2004.
40
.
G
. Rose, G. Koien, “Access securit
y
in cdma2000, includin
g
a comparison
with UMTS access security,” IEEE Wireless Commun., pp. 19–25, February
2004
.
3 Wireless Security
W
B. Lee
Feng C
hi
a Un
i
vers
i
ty, 100 Wen Hua Roa
d
, Ta
i
wan
3.1 Introduction
Fo
ll
ow
i
ng t
h
e rap
id
d
eve
l
opment of t
h
e w
i
re
l
ess commun
i
cat
i
on serv
i
ces an
d
t
h
e
v
a
s
t a
dv
an
ce
m
e
nt
o
f t
he
m
obile
commerce commun
i
t
y
at
l
ar
g
e, secur
i
t
y
i
ssues
t
h
at are of cruc
i
a
l
i
mportance to t
h
e w
i
re
d
env
i
ronment are resurfac
i
n
g
an
d
creat-
i
ng a similar degree of impact. A
t
heart, these security requirem
e
nt
s
f
o
r th
e
w
ir
e-
l
ess are essentially equivalent to the wired counterpart, which necessitates meeting
t
h
e t
h
ree fun
d
amenta
l
d
eman
d
s
b
e
l
ow.
•
Conf
id
ent
i
a
li
t
y
: T
h
e
assu
ran
ce
t
h
at t
he
d
ata
is
n
o
t r
eve
a
led
t
o
u
na
u
t
ho
r
i
z
ed
p
art
i
es.
•
Authentication: The assurance
t
hat the identities w
h
ich the communicating
entities proclaim are indeed their true identity.
•
Integr
i
ty: T
h
e assurance t
h
at
d
ata rece
i
ve
d
are exact
l
y as sent
b
y t
h
e genu
-
i
ne sen
d
er
(i
.e., conta
i
n no mo
di
f
i
cat
i
on
,
i
nsert
i
on
,
d
e
l
et
i
on, or rep
l
ay
)
.
Furthermore, as our lives are
g
raduall
y
becomin
g
more and more dependant on
i
nformation and with wireless communica
t
ion increasingly gaining dominance as
Non-repudiation: Provides protection against denial
by one of the entities involved
l
i
n a commun
i
cat
i
on of
h
av
i
n
g
part
i
c
i
pate
d
i
n a
ll
or part of t
h
e commun
i
cat
i
on.
A
l
t
h
ou
gh
t
h
ese top
i
cs are a
l
rea
dy
i
ntense
ly
di
scusse
d
, an
d
man
y
pract
i
ca
l
methods and mature approaches have taken shape, there are still significant differ-
e
n
ces
that f
o
r
b
i
d
us
t
o
fit
t
h
ese
w
ir
ed
so
l
u
ti
o
n
s
o
nt
o
t
h
e
wireless systems due to a
f
ew
i
ntr
i
ns
i
c
li
m
i
tat
i
ons. T
h
ese
li
m
i
tat
i
ons can
b
e organ
i
ze
d
i
nto two ma
j
or cate
-
g
or
i
es, t
h
ose re
l
at
i
ng to t
h
e mo
bil
e
d
ev
i
ces an
d
t
h
ose concern
i
ng w
i
re
l
ess networ
k
e
n
vi
r
o
nm
e
nt
s.
3.1.1 Mobile Device
Due to power an
d
s
i
ze
li
m
i
tat
i
ons, mo
bil
e
d
ev
i
ce processors are usua
lly
conse-
quently restricted, and incapable of
performing complicated computations. On
f
the other hand, memor
y
capacit
y
is equall
y
limited, althou
g
h extension memor
y
car
d
can
b
e a
dd
e
d,
t
h
ere are st
ill
of
li
tt
l
e
ass
i
stance, an
d
h
ar
dl
y
h
e
l
p
i
mprove t
h
e
t
h
e
m
e
an
s
f
o
r
e
l
ec
tr
o
ni
c
an
d
m
ob
il
e
commerce, one other additional securit
y
attr
ib
ute t
h
at must
b
e ta
k
en
i
nto account.
3
Wireless Securit
y
4
5
overa
ll
performance. T
h
ese com
bi
ne
d
restr
i
ct
i
ons attac
h
t
h
e fo
ll
ow
i
n
g
i
nf
l
u
-
e
nces on security.
•
Because t
h
e processor on mo
bil
e
d
ev
i
ces
i
s on average computat
i
ona
ll
y
i
n
-
f
er
i
or to or
di
nary
d
es
k
top computers, t
h
ey usua
ll
y
d
o not accommo
d
ate
a
d
e
q
uate
p
erformance w
h
en
d
ea
li
n
g
w
i
t
h
computat
i
ona
lly
i
ntens
i
ve pu
bli
c
k
e
y
encr
y
pt
i
on
/d
ecr
y
p
ti
on operat
i
ons
(
e.
g
. RSA [3.1]
)
.
•
T
he memory storage on mobile devices is res
p
ectiv
e
ly smaller, thus plac-
i
ng restrictions on both the size of
k
ey length and digital certificate.
3.1.2
Wi
reless
N
etwork Env
i
ronment
Wi
t
h
respect to w
i
re
d
networ
k
, t
h
e w
i
re
le
s
s me
di
um supports narrower
b
an
d
w
id
t
h
.
E
ven as t
h
e 2.5
G
an
d
3
G
stan
d
ar
d
s states to offer a transm
i
ss
i
on rate of up to
3
84
kb
ps for t
h
e mo
bil
e transm
i
ss
i
on an
d
2M
b
ps for stat
i
onar
y
commun
i
cat
i
on,
th
ese f
ig
ures are, for t
h
e most part, over
ly
opt
i
m
i
st
i
c. Un
d
er rea
li
st
i
c c
i
rcum
-
s
tances, various factors such as signal strength, environmental disturbances an
d
communication density can alter the actual experience. Also, due to the open-
ness of w
i
re
l
ess c
h
anne
l
, t
h
e coverage area of t
h
e w
i
re
l
ess s
i
gna
l
must a
l
so
b
e
carefu
ll
y ca
l
cu
l
ate
d
to avo
id
poss
ibl
e e
a
v
es
d
ropp
i
ng or ot
h
er
a
ct
i
ve attac
k
s. A
ll
i
n a
ll
, t
h
e
i
nf
l
uences, w
hi
c
h
li
m
i
te
d
b
an
d
w
id
t
h
an
d
ra
di
o wave
h
ave on secur
i
t
y
,
ar
e
a
s
f
ollows:
•
Because bandwidth is limited, the transmission load is naturally restricted.
Wh
en t
h
e
di
g
i
ta
l
cert
i
f
i
cate or encrypte
d
message
b
ecomes over
l
y
l
engt
h
y,
transm
i
ss
i
on cost w
ill
r
i
se, an
d
users w
ill
exper
i
ence extra wa
i
t
i
ng t
i
me. I
t
i
s t
h
erefore
i
mportant to m
i
n
i
mi
ze t
h
e pa
yl
oa
d
transm
i
tte
d
.
•
Due to t
h
e
i
ntr
i
ns
i
c propert
y
of w
i
re
l
ess networ
k
, eaves
d
ropp
i
n
g
on t
h
e
transmission content can easily be carried
out without being causing detec-
d
tion, thus it is necessary to
s
et up appropriate safety measures to lower the
r
i
s
k
of pr
i
vacy v
i
o
l
at
i
on.
Whil
e port
i
n
g
secur
i
t
y
mec
h
an
i
sm
s
see
n
i
n t
he
wi
r
ed
networ
k
, for examp
l
e en-
cr
y
pt
i
on
/d
ecr
y
pt
i
on,
digi
ta
l
s
ig
nature etc., to ac
hi
eve secur
i
t
y
requ
i
rements suc
h
as
confidentialit
y
, aut
h
entication and inte
g
rit
y
on the
w
ireless environment, we mus
t
l
ower the com
p
utation cost in order to compl
y
to the mobile devices’ com
p
utation
capa
bili
ty, re
d
uce t
h
e
k
ey
l
engt
h
s an
d
t
h
e
i
mmense quant
i
ty of
di
g
i
ta
l
s
i
gnature
i
n
-
f
ormat
i
on to a
ll
ow t
h
e
i
r storag
e
w
i
t
hi
n mo
bil
e
d
ev
i
ces
,
manage t
h
e
b
an
d
w
id
t
h
consumpt
i
on to accommo
d
ate t
h
e re
l
at
i
ve
ly
s
l
ow transm
i
ss
i
on rate, an
d
a
l
so se
l
ec
t
r
a
di
o wave covera
g
e area to re
d
uce t
h
e c
h
ance of
i
nformat
i
on
l
ea
k
a
g
e.
T
his cha
p
ter focuses on
t
h
e
d
i
scuss
i
o
n
of
wireless related securit
y
issues. The
use of public ke
y
cr
y
ptos
y
stem is competentl
y
adapted to such
t
asks; nevertheless,
i
n or
d
er for
i
t to wor
k
correct
l
y, a comp
l
ete cert
i
f
i
cat
i
on
i
nfrastructure must
b
e
i
n
pl
ace to guarantee t
h
e va
lidi
ty of
i
n
di
v
id
ua
l
’s pu
bli
c
k
ey. T
h
us we exp
l
a
i
n
h
ow
s
uc
h
an
i
nfrastructure can
b
e setup
i
n t
h
e w
i
re
l
ess env
i
ronment.
S
ect
i
on 3.2 w
ill
46
p
resent a met
h
o
d
t
h
at w
i
re
l
ess env
i
ronment
i
s use
d
to ensure t
h
e
l
eg
i
t
i
macy o
f
p
u
bli
c
k
e
y
. As prom
i
s
i
n
g
as pu
bli
c
k
e
y
cr
y
ptos
y
stems ma
y
appear, t
h
e
y
st
ill
h
ave
t
h
e ser
i
ous s
h
ortcom
i
n
g
of consum
i
n
g
an excess amount of t
i
me an
d
even w
i
t
h
s
ymmetric key cryptosystem jointly employed to enhance the calculation speed,
the huge computation l
o
a
d, conse
q
uent of the
p
ublic
k
ey operation, is still beyond
t
h
ose t
h
at mo
bil
es
d
ev
i
ces are capa
bl
e
o
f
h
an
dli
ng. As a resu
l
t,
i
n Sect
i
on 3.3 we
i
ntro
d
uce e
lli
pt
i
c curve cryptosystem – a faster an
d
muc
h
more eff
i
c
i
ent mem
b
e
r
(i
n terms of
k
e
y
l
en
g
t
h)
of t
h
e pu
bli
c
ke
y
cr
y
ptos
y
stem t
h
at n
i
ce
ly
su
i
te
d
for
i
m-
pl
ementat
i
on
i
n t
h
e w
i
re
l
ess env
i
ro
n
m
ents. Furt
h
ermore
,
d
ue to t
h
e c
h
aracter
i
st
i
c
of mobilit
y
, puttin
g
a centralized server in char
g
e of storin
g
and maintainin
g
eac
h
e
ntit
y
’s authentication information and han
d
l
in
g
most of the computation work is
necessary to ease t
h
e tas
k
of ac
hi
ev
i
ng mo
bil
e secur
i
ty. T
h
i
s top
i
c w
ill
b
e pursue
d
on Sect
i
on 3.4. An
d
f
i
na
ll
y, summary
i
s g
i
ven
i
n Sect
i
on 3.5.
3.2 Mobile Certificate
Generall
y
, in the field of cr
y
pto
g
raph
y
, the primar
y
means of achievin
g
informa-
tion communication securit
y
are throu
g
h encr
y
ption. The method of encr
y
ption
can be largely classified into symmetric and asymmetric cryptosystems, also re
-
f
erred to respectively as secret key and public key cryptosystems. In symmetric
cryptosystem
(
e.g., DES [3.2], AES [3.3]
)
, eac
h
commun
i
cat
i
ng party s
h
ares a se-
cret
k
ey to secure t
h
e commun
i
cat
i
on, o
b
serva
bl
e from F
i
g. 3.1.
Fi
g. 3.1.
S
ymmetr
i
c
k
ey cryptosystem framewor
k
As
th
e
b
a
s
i
c
f
u
n
c
ti
o
nal
u
nit
s
o
f th
e
sy
mmetric cr
y
ptos
y
stems are comprised o
f
s
ubstitution and transposition, they can be exceedingly fast and extremely suite
d
f
or im
p
lementation on hardware. Due to the above reason, symmetric cryptosys-
tems are we
ll
a
d
apte
d
for use on t
h
e w
i
re
l
ess env
i
ronment
;
h
ow
e
ver
,
f
or reasons
t
h
at w
ill
b
e exp
l
a
i
ne
d
, symmetr
i
c cryptosystem
s
are not ent
i
re
l
y a
d
eq
u
ate for so
l
v
-
i
n
g
a
ll
t
h
e secur
i
t
y
pro
bl
ems.
W
B
.
L
e
e
3 W
i
re
l
ess Secur
i
ty 47
Fi
g
. 3.2
.
Ke
y
mana
g
ement problem (
n
(
n
−
1)/2 ke
y
s)
•
Ke
y
mana
g
ement pro
bl
e
m
˖
I
n E-commerce, t
h
e rat
i
o of transact
i
n
g
part-
n
ers
i
s proport
i
ona
l
to t
h
e num
b
er o
f
k
eys t
h
at must
b
e manage
d
, an
d
t
hi
s
g
rowt
h
b
ecomes
i
mpract
i
ca
l
for t
h
e mo
bil
e
d
ev
i
ces w
h
en transact
i
on
d
e-
man
d
s
i
ncreases. As can
b
e seen
i
n F
ig
. 3.2,
i
t’s eas
y
to un
d
erstan
d
t
h
at,
f
or n part
i
c
i
pants,
n
(
n
−
1
)/
2
k
e
y
s nee
d
to
b
e
k
ept secret.
•
Ina
bili
t
y
to support non-re
p
udi
at
io
n m
ech
an
is
m
:
W
i
t
h
s
y
mmetr
i
c cr
y
pto
-
s
ystem, the two communication p
a
rticipants will have the same secret key,
thus making it impossible to distinguish the originator of the cipher, caus-
i
ng non-repu
di
at
i
on pract
i
ca
ll
y
i
nfeas
ibl
e.
From t
h
e prev
i
ous
di
scuss
i
on we can reason t
h
a
t
symmetric cryptosystem alone is
t
not enoug
h
f
or t
h
e secur
i
ng o
f
wi
re
l
ess systems, an
d
must ta
k
e
i
nto account anot
h
e
r
met
h
o
d
– pu
bli
c
k
e
y
cr
y
ptos
y
stem
–
to prov
id
e non-repu
di
at
i
on,
f
or examp
l
e. In
p
u
bli
c
k
e
y
cr
y
ptos
y
stem, ever
y
user owns a
p
a
i
r o
f
k
e
y
s; one
f
or encr
y
pt
i
on an
d
an-
o
ther for decr
y
ption. The ke
y
used for decr
y
ption,
a
lso known as the private ke
y
, is
usuall
y
kept secret and includes applicati
o
ns such as si
g
nin
g
a di
g
ital si
g
nature. The
encrypt
i
on
k
ey, a
l
so re
f
erre
d
to as t
h
e pu
bli
c
k
ey, can
b
e use
d
f
or encrypt
i
on as we
ll
as t
h
e ver
ifi
cat
i
on o
f
t
h
e owner o
f
di
g
i
ta
l
si
gnatures (s
h
own
i
n F
i
g. 3.3). Due to t
h
e
p
u
bli
c
k
e
y
i
s assume
d
to
b
e
k
nown to ever
y
one, commun
i
cat
i
n
g
mem
b
ers t
h
at
A
B
C
D
E
F
G
H
4
8
F
i
g
. 3.3
.
Public ke
y
mana
g
ement (
n
public ke
y
s)
emp
l
oy asymmetr
i
c cryptosystems nee
d
on
l
y ma
i
nta
i
n t
h
e
i
r own pa
i
r of
k
eys
an
d
can successfu
ll
y accomp
li
s
h
t
h
e requ
i
rement of non-repu
di
at
i
on t
h
roug
h
t
h
e
use of
digi
ta
l
s
ig
nature. However, pu
bli
c
k
e
y
cr
y
ptos
y
stem
b
ase
d
i
ts pr
i
nc
i
p
l
es
on mat
h
emat
i
ca
l
h
ar
d
pro
bl
ems, suc
h
as factor
i
n
g
ver
y
l
ar
g
e num
b
ers an
d
so
l
v
-
i
n
g
discrete lo
g
arithm, as opposed to the simpler operations of substitution and
transposition found in s
y
mmetric cr
yp
tos
y
stems, and hence require
g
reater bur-
d
en. If
di
rect
l
y app
li
e
d
onto t
h
e mo
bil
e
d
ev
i
ces,
i
t w
ill
most
lik
e
l
y
b
e too muc
h
of a
b
ur
d
en.
In reme
dy
of t
hi
s s
i
tuat
i
on, current app
li
cat
i
ons u
s
u
a
lly
enta
il
t
h
e use of a
sy
mmetr
i
c
k
e
y
cr
y
ptos
y
stem to en
c
r
y
pt t
h
e messa
g
e an
d
an as
y
mmetr
i
c
k
e
y
cr
y
ptos
y
stem to encr
y
pt the ke
y
use
d
for the s
y
mmetric cr
y
ptos
y
stem. This
method of mixin
g
s
y
mmetric and as
y
mmetric
c
r
y
ptos
y
stem is both secure and ef-
f
icient. However
,
before any public key cryptosystem can be safely applied, one
must first make certain of its authenticity, furthermore, the identity of the public
k
e
y
’s owner must
b
e correct
ly
assoc
i
at
e
d
. For t
h
ese purposes, a truste
d
aut
h
or
i
t
y
i
s
requ
i
re
d
to create, for eac
h
pu
bli
c
k
e
y
, a correspon
di
n
g
cert
i
f
i
cate to ensure
i
ts au
-
thenticit
y
and connection with the ri
g
htful
ow
n
e
r
.
Thi
s
e
ntir
e
fra
m
ewo
rk i
s
th
e
so
called public ke
y
infrastructure (PKI).
T
he core of PKI is X.509 [3.4], where the digital certificate is used to assure the
i
dentity of the subject an
d
s
igned by a trusted t
h
ird party, the so called certifica-
t
i
on aut
h
or
i
ty
(
CA
)
. Hence, ver
i
fy
i
ng t
h
e
correctness of t
h
e cert
i
f
i
cate
i
s a fun
d
a
-
menta
l
b
u
ildi
ng
bl
oc
k
for
p
u
bli
c
k
ey app
li
cat
i
ons.
However, verification of the X.509’s certificate must couple with the abilit
y
of
g
reater processin
g
power and a lot of memor
y
spaces. Unfortunatel
y
, it is not
Private key
Pri
Pri
Private key
Pri
Pri
Private key
Pr
Pri
ic
Public
ic
keys
key
key
s
rivate key
Pri
ri
rivate key
Pri
ri
rivate key
Pr
Pr
Private key
Pri
Pri
rivate key
Pr
r
B
C
D
E
F
G
H
W
B
.
L
e
e
3
W
i
re
l
ess Secur
i
ty 49
s
u
i
ta
bl
e for t
h
e mo
d
ern mo
bil
e
d
ev
i
ces
,
b
e
c
ause w
i
re
l
ess networ
k
i
s a resource
constra
i
ne
d
env
i
ronment. Hence, t
h
e
l
en
g
t
h
o
f
ce
rt
i
f
ic
at
e
should
be
sho
rt
e
n
ed
f
or
t
ransm
i
ss
i
on over w
i
re
l
ess networ
k
. Bes
id
es
,
t
h
e restr
i
ct
i
ons
i
n t
h
e resource of
wireless mobile devices
g
reatl
y
limit th
e deployment of
the X.509’ Certificate
f
Verification Framework
[
3.5
]
. For example, RSA al
g
orithm defined in X.509 must
use 512-bit key. However, RSA 512-b
i
t key generation takes approximately 4
minutes on mobile
p
hone’s
pr
o
cessor. Singing with the key takes about 7 seconds.
The
issues
ar
e
m
uch
wo
r
se
wi
t
h
t
he
102
4
-
bi
t RSA w
h
ere t
h
e
k
e
y
g
enerat
i
on ta
k
es
3
0 m
i
nutes.
S
uc
h
li
m
i
tat
i
ons
l
ea
d
to t
h
e
c
h
a
ll
en
g
e of tun
i
n
g
ex
i
st
i
n
g
w
i
re
d
tec
h-
nolo
g
ies or developin
g
new one to make t
h
e
m
su
ita
b
l
e
t
o
th
ese
m
ob
il
e
dev
i
ces
in
t
he wireless world. Therefore, the PKI has also been modified to the form o
f
W
PKI [3.6].
W
AP forum established the WPKI framework not as a new PKI standard but as
an
e
xt
e
n
sio
n
o
f t
he
tra
di
t
ion
al
PKI t
o
t
he
wi
r
eless
e
n
vi
r
o
nment. It ut
ili
zes two ap-
p
roac
h
es to sat
i
sf
y
t
h
e mo
bil
e
d
ev
i
ce’s req
u
i
rement: 1
)
It ma
k
es use of e
lli
pt
i
c
curve cr
y
pto
g
raph
y
, and 2) It reduces certain fields within the X.509 certificate to
cut down on the total len
g
th. The s
p
ecifics will be illustrated more clearl
y
in Sec
-
t
ion 3.2.1. Aside from those differences
,
WPKI is also a certificate-based infra-
st
ruc
t
ure.
At present, many
i
nternat
i
ona
l
organ
i
zat
i
ons are stu
d
y
i
ng t
h
e WPKI tec
h
no
l-
ogy. In part
i
cu
l
ar, USA, Japan an
d
var
i
ous European countr
i
es
h
ave
i
n
d
epen
d
-
e
ntl
y
demonstrated the maturit
y
of their own information securit
y
techniques
and industr
y
. For example, WAP PKI proposed b
y
WAP Forum, i-mode securit
y
i
nfrastructure presented by Japanese firm NTT DoCoMo and the PALM security
s
tructure developed by the American company are all examples of complete
wor
ki
ng mo
d
e
l
s t
h
at are support
i
ng pract
i
ca
l
app
li
cat
i
ons w
i
t
hi
n t
h
e w
i
re
l
ess
d
oma
i
n to
d
ay.
3.2.1 Certificate Formats
In an
e
ff
o
rt t
o
lowe
r t
he
am
ou
nt
o
f
p
u
bli
c
k
e
y
cert
i
f
i
cate stora
g
e, WPKI cert
i
f
i
cate
f
ormat spec
i
f
i
cat
i
on a
d
opte
d
two
m
easures; f
i
rst
i
s to cont
i
nue t
h
e use of X.509
s
tandard with a few reductions on the ex
c
ess fields; secondly, elliptic curve cryp-
t
ography is used to replace the traditional public key cryptosystems on the task o
f
e
ncrypt
i
on an
d
di
g
i
ta
l
s
i
gnatures. T
h
e pr
i
ma
r
y
b
enef
i
t of t
hi
s c
h
ange
i
s t
h
at extra
s
torage can
b
e conserve
d
s
i
nce t
h
e s
i
ze of t
h
e cert
i
f
i
cate
i
s re
d
uce
d
an
d
a
l
so t
h
e
t
ransm
i
ss
i
on cost a
ddi
t
i
ona
lly
m
i
n
i
m
i
ze
d
.
The
r
esul
t
o
f t
he
a
bove
e
ff
o
rt
s
is
t
h
a
t
b
ot
h
t
h
e stora
g
e s
i
ze an
d
t
h
e computat
i
on cost
h
ave
d
ecrease
d
tremen
d
ous
ly
fo
r
t
he WPKI solution. Fi
g
. 3.4 will ill
us
trat
e
th
e
d
iff
e
r
e
n
ces
o
f
ce
rtifi
c
at
e
f
o
rmat
s
between X.509 and WPKI. WPKI has an
a
d
ditional merit, wh
ic
h li
es
in it
s
co
n
-
f
ormance w
i
t
h
t
h
e tra
di
t
i
ona
l
PKI cert
i
f
i
cate fo
r
mat, t
hi
s compat
ibili
ty a
d
vantage,
can best be seen when integration of
the wireless network and wired is called for.
f
50
F
ig. 3.4
.
Certificate formats of X.509 and WPKI
3.2.2
C
ert
ifi
cate
U
RLs
Genera
ll
y, t
h
ere are two ways to transfer cert
i
f
i
cate to mo
bil
e
d
ev
i
ce: one
i
nvo
l
ves
s
tor
i
ng t
h
e cert
i
f
i
cate w
i
t
hi
n t
h
e mo
bil
e
d
ev
i
ce pr
i
or to
d
e
li
very suc
h
as
i
n t
h
e
f
orm of t
h
e SIM car
d;
t
h
e ot
h
e
r
e
nta
il
s transm
i
tt
i
n
g
t
h
e
c
ert
i
f
i
cate t
h
rou
gh
w
i
re
l
ess
ne
t
wo
r
k
t
o
t
he
m
obile
device.
Due to the
p
roblems of limited stora
g
e capacit
y
an
d
t
he mobilit
y
characteristic,
storing the certif
icate and querying for the certificate doesn’t seem like a practical
f
f
s
o
l
ut
i
on.
Accor
di
ng
l
y, w
i
re
l
ess networ
k
removes t
h
e storage cert
i
f
i
cates on mo
bil
e
d
e-
v
i
ces, an
d
i
nstea
d
ma
i
nta
i
n a cop
y
of cert
i
f
i
cate URL w
hi
c
h
po
i
nt
s
t
o
t
he
loc
at
io
n
wh
ere t
h
e rea
l
cert
i
f
i
cate
i
s store
d
. W
h
en ver
i
f
i
ers nee
d
to conf
i
rm a part
i
cu
l
ar c
li-
ent’s identit
y
, the
y
can follow the certificate URL address to arrive at the location
on which the client’s certificate is stored,
t
o accom
p
lish the verification work.
This method of transferring the payload
from the resources-constrained mobile
d
d
ev
i
ces to t
h
e re
l
at
i
ve
l
y resource-aff
l
uent ver
i
f
i
ers can effect
i
ve
l
y m
i
t
i
gate t
h
e
computat
i
on an
d
b
an
d
w
id
t
h
o
b
stac
l
e.
3.2.3 Certificate Revocation
A
l
t
h
ou
gh
X.509
d
ef
i
nes man
y
sc
h
e
m
es for revocat
i
on of pu
bli
c
k
e
y
cert
i
f
i
cates
w
hile the user identit
y
and the correspondin
g
public k
e
y
are no lon
g
er re
g
arded as
l
e
g
al one, these X.509 Certificate Revocation List
(
CRL
)
[3.7] schemes are not
s
uitable for mobile client b
e
c
ause a large CRL must be se
n
t
to the mobile client.
V
ersion
V
ersion
S
erial Number
Si
g
nature Al
g
orithm ID Si
g
nature Al
g
orithm ID
I
ssuer
I
ssuer
V
a
lidi
t
y
Per
i
o
d
Va
lidi
t
y
Per
i
o
d
S
ubject Subjec
t
Su
bj
ect Pu
bli
c Ke
y
Informat
i
on Su
bj
ect Pu
bli
c Ke
y
Informat
i
on
I
ssuer Un
i
que I
d
ent
i
f
i
e
r
Sub
j
ect Unique Identifer
Ext
e
n
s
i
o
n
s
Centrification Authority
,
s
Digital Signature Centrification Authorit
y
,
s Digital Signature
W
B
.
L
e
e
3
W
i
re
l
ess Secur
i
ty 51
T
he restriction of storage and bandwidth e
n
v
ironment cause mobile client difficult
t
o support t
h
e X.509 CRL. Bes
id
es, t
h
e
m
o
bil
e c
li
ent a
l
so must consume power
an
d
b
an
d
w
id
t
h
to contact an on
-
li
ne cert
i
f
i
cate status respon
d
er, suc
h
as OCSP
protocol [3.8], to query the current
status of mobile client‘s certificate.
t
One wa
y
to resolve this problem is t
o
adopt the short-lived
g
atewa
y
certificates
that issued continuously for each small period
of time, and the revocation of the
d
s
hort-lived certificate is done by simple
d
is-continual issuing of the certificate. In
s
uc
h
a way, t
h
e r
i
s
k
of
i
mpersonat
i
on
i
sm
i
n
i
m
i
ze
d
b
y t
h
e s
h
ort exp
i
rat
i
on
d
ate.
However
,
t
hi
s met
h
o
d
wou
ld
ra
i
se t
h
e e
f
fort of CA and WAP gateway. The reason
f
f
i
s that WAP
g
atewa
y
must usuall
y
g
enerate a ke
y
pair and the correspondin
g
cer-
In order to
p
rotect the wireless c
o
mmunication for transaction security,
W
PKI’s
h
uge potent
i
a
l
w
ill
un
d
ou
b
te
dl
y
b
e furt
h
er exp
l
ore
d
. Its tec
h
no
l
ogy w
ill
cont
i
nue to en
h
ance an
d
w
ill
eventua
ll
y
b
e
c
o
me t
h
e center of w
i
re
l
ess secur
i
ty
r
ese
ar
ch.
3.3 Elliptic Curve Cryptography for Mobile Computing
E
lliptic Curve Cr
y
pto
g
r
a
ph
y
is a branch of public-ke
y
cr
y
pto
g
raph
y
proposed b
y
Victor Miller and Neal Koblitz [3.
9
] in the mid 1980s. It is an alternative method
to the older RSA syste
m
a
nd offers the relative advant
a
ges of higher performance
i
n terms of spee
d
an
d
space usage. T
hi
s ma
k
es
i
t espec
i
a
ll
y su
i
te
d
for
i
mp
l
ementa-
t
i
on on
d
ev
i
ces w
i
t
h
li
m
i
te
d
compu
t
a
t
i
on capa
bili
ty, storage area,
b
attery power,
an
d
co
mm
u
ni
c
ati
o
n
b
an
dw
i
d
th
.
An elliptic curve is the set of solutions (
x
(
(
,
y
) which satisf
y
an elliptic curve
e
q
uation of the form
y
2
=
x
=
3
+
ax
+
b
.
If
4
a
3
+2
7
b
2
≠
0, then the elli
p
tic curve
y
2
=
x
=
3
+
ax
+
b
can be used to form a group. An elliptic curve group over real num
-
E
ac
h
c
h
o
i
ce of t
h
e num
b
ers
(
a
,
b
)
y
i
e
ld
s a
di
fferent e
lli
pt
i
c curve. For examp
l
e,
th
e e
lli
pt
i
c curve w
i
t
h
equat
i
on
y
2
=
x
3
−
4
x + 0.67
i
s s
h
own
b
e
l
ow
i
n F
ig
. 3.5.
Elliptic Curves over Z
p
Z
Z
C
alculations over the real numbers are slow and inaccurate due to round-off error.
C
r
y
pto
g
raphic applications require fas
t
a
nd
p
recise arithmetic; thus elli
p
tic curve
g
roups over the finit
e
fields o
f
F
P
F
a
re used in
p
ractice.
An elli
p
tic curve with the underlying field of
F
P
F
c
an be formed by choosing the
var
i
a
bl
es
(
a
,
b
) within the field of
F
f
P
F
.
T
h
e e
lli
pt
i
c curve
includes all points (
x
(
(
,
y
)
F
P
F
.
tificate, and the CA must validate the re
q
uested certificate and issue a WTLS
certificate frequently.
bers consists of the
p
oints on the corres
p
o
nding elliptic curve, to
g
e
ther with an
e
xtra po
i
n
t
O
ca
ll
e
d
t
h
e p
o
i
nt at
i
nf
i
n
i
t
y
.
w
hi
c
h
sat
i
sf
y
t
h
e e
lli
pt
i
c curve equat
i
on mo
d
u
l
o
p
,
w
h
ere x an
d
y
ar
e
n
u
m
be
r
s
in
52
Fi
g. 3.5
.
T
h
e grap
h
o
f
y
2
=
x
=
3
−
4
x
+
0
.
6
7
For exam
p
le:
y
2
mod
p
=
x
3
+
ax
+
b
mod
p
has an underlying field o
f
F
P
F
if
a
and
b
are in
F
P
F
.
If
x
3
+
a
x
+
b
conta
i
ns no repeat
i
ng factors
(
or, equ
i
va
l
ent
l
y,
i
f
4
a
3
+
2
7
b
mo
d
p
i
s
not 0
)
, t
h
en t
h
e e
lli
pt
i
c curve can
b
e u
s
e
d
to form a group. An e
lli
pt
i
c curve
g
roup over
F
P
F
consists of the points on the corresponding elliptic curve, together
P
wi
t
h
a spec
i
a
l
po
i
nt
O
ca
ll
e
d
t
h
e po
i
nt at
i
nf
i
n
i
t
y
. T
h
ere are f
i
n
i
te
ly
man
y
po
i
nts
on such an elli
p
tic curve.
23
With
.
a
=
1 an
d
b
= 0, t
h
e e
lli
pt
i
c curve equat
i
on
i
s
y
2
(
mo
d
23
)
=
x
3
+
x
(
mo
d
23
)
.
Th
e 23 po
i
nts w
hi
c
h
sat
i
sfy t
hi
s equat
i
on are:
(
0,0
)
(
1,5
)
(
1,18
)
(
9,5
)
(
9,18
)
(
11,10
)
(
11,13
)
(
13,5
)
(
13, 18
)
(
15, 3
)
(
15, 20
)
(
16, 8
)
(
16, 15
)
(
17, 10
)
(
17, 13
)
(
18, 10
)
(
18, 13
)
(
19, 1
)
(
19, 22
)
(
20, 4
)
(
20, 19
)
(
21, 6
)
(
21, 17
)
, we can eas
ily
v
erify these points to be correct, for ex
a
m
p
le, the
p
oint (9, 5) satisfies this e
q
ua-
t
i
o
n
s
in
ce:
x
3
+
x
+
≡
9
3
+9
≡
729+9
≡
2 mod 23
≡
2
5
≡
5
2
≡
y
2
mod 23
Th
ese po
i
nts are
g
rap
h
e
d
as
b
e
l
ow
i
n F
ig
. 3.6:
Y
X
W
B
.
L
e
e
F
2
As a very small example, consi
d
e
r an elli
p
tic curv
e
over the field
3 W
i
re
l
ess Secur
i
t
y
5
3
F
ig. 3.6. Points of e
q
uation
y
2
−
x
−
3
+
x
+
ove
r
F
23
F
F
Elliptic Curve over F
p
FF
A
dditio
n
E
lliptic curve
g
roups are additive
g
roups; that is, their basic function is addition.
T
he addition of two
p
oints in an elli
p
t
ic curve is defined
g
eometricall
y
as follows:
Su
pp
ose that
P
and
P
Q
are two distinct
p
oints on an elli
p
tic curve, and the
P
is
P
no
t
-
Q
.
To add
p
oints
P
and
P
Q
,
a line is drawn through these two
p
oints. This line
w
ill
i
ntersect t
h
e e
lli
pt
i
c curve
i
n exact
l
y one more po
i
nt, ca
ll
e
d
-
R
. T
h
e po
i
nt -
R
i
s ref
l
ecte
d
i
n t
h
e x-a
x
i
s to t
h
e po
i
nt
R
.
T
h
e
l
aw for a
ddi
t
i
on
i
n an e
lli
pt
i
c curve
g
roup is
P
+
P
Q
=
R
an
d
ill
us
trat
ed
in Fi
g
. 3.7.
Wh
en
Q
=
−
P
−
,
t
h
en
P
+
P
Q
=
O
. In t
hi
s case t
h
a
t
x
1
=
x
2
bu
t
y
1
≠
y
2
,
t
h
e
li
ne
throu
g
h
P
and
P
Q is a vertical line, which therefore intersects
E
at
E
O
. Reflectin
g
O
across the x-axis yields the same poin
t
O
.
Therefore
,
in this case
P
+
P
Q
=
O
. This
c
ondition is illustrate
d
in Fig. 3.8.
Y
X
22
21
2
0
1
9
18
17
16
1
5
14
13
12
11
10
9
8
7
6
5
4
3
2
1
0
1
23456
7
8
9
10 11 12 13 14 15 16 1
7
18 1
9
20 21 2
2
5
4
X
Y
)
,
(
3
3
y
x
R
=
)
,
(
2
2
y
x
Q
=
)
,
(
1
1
y
x
P =
0
:
y
wx
y
L
+
=
)
,
(
3
3
y
x
R
−
=
−
F
ig. 3.7
.
A
ddi
t
i
on of po
i
nts
X
Y
)
,
(
1
1
y
x
P
=
)
,
(
2
2
y
x
Q
=
Fig. 3.8
.
A
ddi
ng po
i
nt w
h
en
Q
=
−
P
−
When Q =
P
, to double this point, draw the tan
g
ent line and find the other
po
i
nts of
i
ntersect
i
on
S
.
T
h
en
P + Q = P + P = 2P = S
. This condition is illus-
S
t
rate
d
i
n F
i
g. 3.9. In
t
u
i
t
i
ve
l
y, for a po
i
n
t
P
= (
P
x
(
(
,
y
)
an
d
a pos
i
t
i
ve
i
nteger
n
,
we can
d
ef
i
ne
n
⋅
p
⋅
=
P
+
P
P
+ +
P
P
(
P
n
t
i
mes
)
; t
h
at
i
s, mu
l
t
i
p
li
cat
i
on
i
s
d
ef
i
ne
d
as repeate
d
a
ddi
t
i
on.
W
B
.
L
e
e
3 Wireless Security 5
5
X
Y
)
,
(
3
3
y
x
S
=
)
,
(
1
1
y
x
P
=
)
,
(
3
3
y
x
S
−
=
−
0
:
y
wx
y
L
+
=
Fi
g. 3.9. Dou
bli
ng of po
i
nts
Alg
e
b
ra
i
c Descr
i
pt
i
o
n
o
f
Addi
t
i
on
Rev
i
ew
i
ng from F
i
g. 3.7, to ca
l
cu
l
ate
P
+
P
Q
,
w
h
ere
P
≠
Q
,
P
= (
x
(
(
1
,
y
1
)
an
d
Q
= (
x
(
(
2
,
y
2
)
, we must f
i
rst
d
er
i
ve
L
:
y
=
w
⋅
x
+
y
0
t
h
at passes t
h
roug
h
P
and
P
Q
,
w
h
ere
1
2
1
2
x
x
y
y
w
−
−
=
is the slo
p
e an
d
y
0
=
y
1
−
w
⋅
x
1
.
N
ext, findin
g
t
h
e
intersection
p
oints
−
R
−
= (
x
(
(
3
,
y
3
) of the line L and elli
p
tic
curve, where
x
3
=
w
2
−
x
1
−
x
−
2
,
y
3
=
−
(
w
⋅
x
3
+
y
0
)
.
Finall
y
, obtainin
g
R
= (
x
(
(
3
,
y
3
)
=
P
+
P
Q
.
W
h
en
P
=
P
Q
= (
x
(
(
1
,
y
1
)
, on
l
y t
h
e ca
l
cu
l
at
i
on of s
l
ope
1
2
2
3
y
a
x
dx
d
y
w
+
=
=
o
f
L
i
s
di
fferent. T
h
e rest
i
s t
h
e same as w
h
en
P
≠
Q
.
In summar
y
, if
P
= (
P
x
(
(
P
x
,
y
P
y
y
)
an
d
Q
= (
x
(
(
Q
,
y
Q
)
with
P
-Q, then
R
= P + Q =
(
x
(
(
R
x
,
y
R
y
y
) is determined b
y
the followin
g
rules:
x
R
x
=
(
w
2
– x
P
x
–
x
Q
)
mod
p
,
an
d
y
R
y
y
=
(
w
(
x
(
(
P
x
–
x
R
x
)
−
y
P
y
y
)
mod
p
,
56
w
here the slo
p
e
w
=
°
°
°
°
¯
°
°
°
°
°
°
®
°
°
°°
°
°
=
+
≠
−
−
Q
P
p
y
a
x
Q
P
p
x
x
y
y
P
P
P
Q
P
if
m
od
)
2
3
(
ifmo
d
)
(
2
Q
.
For examp
l
e,
if
P
= (15, 3) and
P
Q
=
(
21, 6
)
i
n
y
2
=
x
3
+ x
over
F
23
F
,
to f
i
n
d
R
=
P
+ Q
,
then
S
te
p
1
)
Calculate slo
p
e
w
=
)
1
5
21
3
6
(
−
−
m
od
23 =
)
6
3
(
m
od
23 =
)
2
1
(
m
od
23 = 12
.
S
tep 2
)
C
a
l
cu
l
ate
R
= P +
Q
’s coordinates (
x
(
(
R
x
,
y
R
y
y
)
, w
h
ere
x
R
x
=
(
12
2
–
1
5
–
21
)
m
o
d
23
=
108
mo
d
23
=
16
,
an
d
y
R
y
y
=
(12(15 – 16) – 3) mod 23 = 15 mod 23 = 8.
T
h
us
de
ri
ve
R = P +
Q
= (16, 8).
In the followin
g
, we will
de
m
o
n
s
trat
e
w
hat i
f
R
=
P
+
P
.
S
te
p
1)
C
om
p
ute
w
=
)
3
2
1
(
15
)
3
(
2
⋅
+
⋅
m
od
23 =
)
6
9
(
m
od
23 =
)
2
3
(
m
od
23
= 1
3
Fin
d
R
’
s
coo
r
di
nat
es
)
,
(
R
R
y
x
, w
h
ere
x
R
x
=
(
132 – 15 – 15
)
mod 23 = 139 mod 23 = 1, and
d
d
y
R
y
=
(
13
(
15 – 1
)
– 3
)
mo
d
23 = 179 mo
d
23 = 18.
S
o deduce
R
= 2
P
= (1, 18).
P
C
ompared to Fi
g
. 3.6, we can discover t
h
e resultin
g
points (16, 8) and (1, 18)
still remain on the elli
p
tic cur
v
e
, because all the
p
oints
y
2
=
x
3
+
x
o
v
er
F
23
F
f
orms
a group, therefore, addition of any points within this group, will land eventually in
t
h
e group.
3.3.1 Analo
g
to DLP
At t
h
e foun
d
at
i
on of p
u
blic key cryptosystems is a math
u
e
mat
i
ca
l
funct
i
on t
h
at
i
s
computationall
y
infeasible to solve. Here, the difficult
y
of s
o
l
vin
g
the Elliptic
C
urve Discrete Lo
g
arithm Problem (ECDLP) is
t
he core of the Elli
p
tic Curve
C
ryptosystem, and described as follows.
G
i
ven an e
llip
tic
cu
r
ve
E
defined over a finite field
E
F
q
FF
, a
p
oint
P
∈
E
[
F
q
FF
]
of or
-
der
n
,
and a
p
oint
Q
,
determine a number
l
such that
l
Q
=
l
P.
E
CDLP
l
oo
k
s fa
i
r
l
y s
i
m
il
ar to t
h
e D
i
screte Logar
i
t
h
m Pro
bl
em
(
DLP
)
di
s-
cusse
d
over t
h
e
GF
(
F
F
P
)
, an
d
t
h
ere
i
s
i
n
d
ee
d
a way to map ECDLP to DLP, an
d
W
B
.
L
e
e
S
te
p
2)