Intranet上應用多層雙扭式階梯架構

全文

(1)

(2)

(3) ! " ##$ %&'($ ) *. +, ) $ * ! +. -./0123%&456789:;<=;>?@AB;C (Internet)

(4) !" #$%"&'()* +, -. /012 Client-Server 3 -.4562789 :;<#=9:;<#>?62 CA( ce rtifi cate authority)@ABCD2 EFG -.&'H I JK' LMNOPQRS>?TU”L MV”W”XYV” E Client-Server -.Z[LMJ \]LMVWXYV^_`a [bcdef LM-.ghij k lLM -.( Inter -Torsion Mechanism in Tier Form Security Archite cture )ij klLM-. mnop. qP_rs9: tu vdDwxy629:. jz{@|da9: }8~uJda;<. LMV >?-.62 5@n o`iNoLMKS rs `|”XYV” S | ij3 kl LM-.TU”LMV”W”XY V” S562[+ -.Dw] +, ,. 1. Introduction: Today the internet environment is much less collegial and trustworthy. It contains all the dangerous situation, nasty people, and risk that one can find in society as a whole [5]. In a workshop held by the IAB back in 1994 [8], scaling and security were considered to be the two most important problems for the internet. Internet se curity can only be achieved by providing the following two classes of security services [3,8]:1.Access control services that protect computing and networking resour ces from unauthorized use. 2.Communication security services provide authenticaiton, data confidentiality and integrity, as well as nonrepudiation services to communication peer. To provide a safety internet environm ent, the fir ewall is used to filter the message and acts as the proxy server of the members (nodes) in the Intranet. But as we know that the fir ewall suffe rs from the attacks which may be initiated in the Intranet, or be the outer attackers who ar e logging on the nodes in the Intranet. The original idea of ITMTFA is to use the fire wall to be as the communication agent, when a node A in the Intranet wants to communicate with node B which may be in or out the Intranet. The negotitation between node A and agent, and node B and agent will be made to get two session keys: SkA and SKB. The message from node A will be encrypted by SkA and be sent to agent, the encrypted mess age will be decrypt ed by SkA and reencrypted by SkB in agent, and then the r eencrypted message will be sent to node B. Using SkB, node B can get the original message sent from node A. The Function Torsion (FT) will be applied to SkA and SkB to get the new session keys for next communication between node A and B. FT is processed by a randomly logic operation on the old session key and randomly permuting on the result to form the ne w session key, we call the a ction in FT as Inter-Torsion. The form between node and agent is the reason why we call the scheme as Tier Form. In the second se ction, we introduce the Intr anet and fir ewall technology, we focus on the screening router and proxy server of fir ewall technology. In the third section, we will scrutinizingly elucidate the inter-torsion mechanism in tier form archite cture we proposed. Next, we analyz e the security and performanc e of the ITMTFA. Consequently, some simulations are done to obtain the results and analyze them in this section. Finally,. Abstract In this paper, a security architecture called the Inter-Torsion Mechanism in Tier-Form Architecture (ITMTFA) is proposed and it’s applied to Intranet to provide a security environment for message transmission. In ITMTFA, the firewall is used to be as the agent of the members in the Intranet also; it supports the one time key security environment to the members who are communicating with other nodes which may be in or out the Intranet. This is the reason why the scheme is called as Tier-Form. The one-time key will be changed by a trans formation scheme called as Function Torsion (FT) which is performed in the agent (fir ewall) a ft er the key is used. FT is processed by a randomly logic operation on the old session key and randomly permuting on the result to form the new session key. Based on the advantage of one time key and random function FT, the ITMTFA can provide a very high security environment in the Intranet or between Intranets. 1.

(5) conclusions are drawn in the fifth section.. Screening routers and proxy serve rs are usually combined in hybrid systems, where screening routers mainly protect against IP spoofing attacks. The most widely deployed configurations are dual-homed firewalls [1], scre ened host fir ewalls, and scr eened subnet fir ewalls. The firewall technology is interesting because it doesn’t use cryptogr aphy. However, most of the fir ewall systems curr ently offer ed support some sort of IP layer encryption. Another interesting featur e of the fir ewall technology is related to the fact that its use is not restricted to TCP/IP protocols or the Internet. Indeed, a similar technology c an, in principle, be used in any packet-s witched network, such as an X.25 or ATM network. Firewall systems can help us control damage,regulate tra ffic flow and protect the network in case of an internet intrusion. But the firewall systems still have some limitations. Firewall systems have no data confidentality functions and can’t protect against internal threats. In order to enhance the security of the Intranet. We propose a technique using the existent firewall to supplement the Intranet with the sc ant security functions. This technique we proposed is c alled inter-torsion mechanism in tier form architecture(ITMTFA).. 2. Intranet and firewall: In the internet environment, we have more interest in Intranet [1]. Bec ause more and more businesses and enterprises have their own Intranet. Most of these Intranets use a intermediate systems that can be plugged between their network and the internet to establish a controlled link, and to erect an outer se curity wall or perimete r. The aim of this perimeter is to protect the network from network-based threats and attacks, and to provide a single choke point where security and audit can be imposed. These intermediate systems are c alled firewalls, or firewall system [1,2,8]. The firewall system usually consists of scre ening routers and proxy s ervers.A sc reening router is a multiport IP router that applies a set of rul es to each imcoming IP packet, and de cides whethe r it is to be forwa rded or not. The screening route r filters IP packets, based on inform ation that is available in packet he ade rs, such as protocol numbers,source and destination IP address and port numbers, connection flags, and eventually some other IP options. A proxy server is a se rver process running on a fi rewall system to perform a speci fic TCP/IP function as a proxy on behal f of the network use rs. A proxy is, in essence, an application-laye r gateway; which links one network to another for a spe ci fic network application. The user contacts a proxy serve r using a TCP/IP application, such as telnet ,ftp or STMP, and the proxy server asks the users for the name of the remote host to be ac cess ed. When the user responds and provides a valid user identification and authentication information, the proxy contacts the remote host, and replay IP packets between the two communication points. The whole porcess can be made transpar ent to the users. The identification and authentication information that a user provides may be used for user-level authentication. In the simplest case, this inform ation consists of the use r identi fication and password. However, i f a fire wall is accessible from the Internet, it is recommended to use strong authentication mechanisms, such as one-time password or challenge-response systems [3]. The advantages of scr eening routers ar e simplicity and low (hardwar e) costs. The disadvantages are related to the difficulties in setting up packet filter rules corr ectly, the costs of managing screening routers, and the lack of user-level authentication. The advantages of proxy servers are use r-level authentication, logging, and accounting. The disadvantages a re rel ated to the fact that for full bene fit, an application-laye r gateway must be built specific ally for each application. This fact may severely limit the deployment of new applications. More recently, an all-in-one proxy package called SOCKS [1] has become available. SOCKS basically consists of a proxy to be run on a fire wall system, as well as a package of library routines to be linked into network application programs [8].. 3. Inter-torsion mechanism in tier form architecture: The skeleton of Inter-Torsion Mechanism in Tier Form Architecture is shown in figure 1. . . . .

(6) . Firewall. Firewall. . . Figure 1: The skeleton of ITMTFA. Seeing the form of this architecture is very like tier, so this’s the reason why we call it tier form archite cture. The tier form system adopts symmetric cryptosystem. By using torsion action in connection, we can use at least two different keys to encrypt or decrypt the information tranfe rred between nodes. By increasing the complexity of the session keys, we improve the security of the system. In the inter-torsion mechanism we employ one trans formation function called Function Tosrion (FT). The FT is similar to one-time key technique [3]. But FT needlessly worry exposing the seed-key, since FT performs random trans form ating and random permuting on session key without any seed key. An intruder can’t get the initial key even he has cumulated enough session keys. Inter-torsion mechanism is the core of this archite cture. We need a trusted third party to perform the FT function. The existent fir ewall system is the best choice in an Intr anet. So we use the existent firewall as the major component called agent doing the main computation in this architecture. 3.1 Inter-torsion mechanism: 2.

(7) Why we name the transformation acted on session key as inter-torsion. The reason is that the operation of trans formation is very similar to torsion. Every time we use different session keys for connection betwe en two nodes. Figure 2.1 and 2.2 illustrate how inter-torsion mechanism works. In this case, we assume node A in Intranet_A wants to connect to node C in Intranet_B. The process of ITMTFA can be divided into three steps: 1. Authentication step: The authentication and session key exchange protocols are per form ed betwe en node A and agent A, agent A and agent B, agent B and node C, and the session key SK1, SK2 and SK3 are taken respectably. 2. Message transmission step: Message M sent from node A will r each node C following below process:. Figure 2.1: The old connection state. New Connection . .

(8). . Figure 2.2: The new connection state. 3.2 Authentication and Session Key Exchange Protocol [4] Before we show our strategy of inter-torsion mechanism in tier form archite cture, we should show the authentication and session key exchange protocol first. By using this protocol, the connection peers can authenticate the identity of ea ch other. At the same time, they can share a common session key created by Diffi e-Hellman algorithm[6]. We have interest in three protocols which are similar, but they have their own merit and drawba ck. Protocol 1 is the fundamental protocl. It is weak and can’t against the replay attack. Protocol 2 is stronger than protocol 1, but it still has some drawback. Protocl 3 is the strongest of the three protocol. It’s strong enough to against the replay attack and most network attacks. Client owns the Xclient, Certclient, and Agent owns the Xagent, Certagent. The X is the randomly assigning value in client and agent for gener ating of initial session key. The Cert is the certi fic ate of client and agent, it contains the IP address, Y, valid data, and the digest of these information signed by the Certific ate Authority (CA). The Esk (M) means that the message M is encrypted by the session key SK. The protocols are shown below:. AgentB → NodeC : E SK 3 [D SK 2 [ESK 2 [ M ]]] = ESK 3 [M ] At node C decrypts Esk3[M] with SK3, the message M is taken. 3. Function torsion step: The function torsion shown on session 3.3 will be per forming in agent A and agent B to get the new session keys NSK1, NSK2, and NSK3. NSK2 may be made by agent A or agent B depends on their negotiation. The new session key will be encrypt ed by old session key and be sent back to node A and node C. The method of encryption can be DES, IDEA or just only XOR. Due to the fully random gener ating of session key, although the XOR is simple but it still holds very high security. Old Connection firewall_B (agent B).

(9) . . . firewall_A (agent A). SK : Session Key.

(10) . . Certclient = {IPclient, Yclient, DateClient, [h(IPclient, Yclient, DateClient)]SCA} Certagent = {IPagent, Yagent, Dateagent, [h(IPagent, Yagent, Dateagent)]SCA } (Protocol_I). Y Client = α x client , Y Agent = α x Agent. (1) Client→Agent : CERTClient ∗ Agent computesS K = (Y client ) x Agent mod N = α x client x Agent mod N. ( 2) Client ← Agent. : CERT.

(11) . . AgentA→ AgentB: E SK 2 [DSK 1 [ ESK 1 [M ]]] = E SK 2 [M ].

(12) . .

(13). firewall_A NSK : New Session Key (agent A). NodeA → AgentA: ESK 1 [M ]. . firewall_B (agnet B).

(14) . Agent. 3.

(15) ∗ Client computes SK = (Y Agent ) x Client mod N = α x client x Agent mod N (3)Client ↔ Agent ESK[IPagent, IPclient]. At the last step, client and agent will verify the [IPagent, IPclient]. If it is correct, the session key is taken. (Protocol_II). Y Client = α − xclient , Y Agent = α − x Agent. (1) Client→ Agent. :. α. rClient + xClient. , CERTClient. ∗ rClient + x Client r Agent ) mod N = α r client r Agent mod N +x Agent , CERT Agent. Agent computesS K = (Y client*α ( 2) Client ← Agent. :. α. r Agentt. Client computes SK = (Y Agent*α. ∗ r Agent+ x Agent rClient ) mod N = α r client rAgent mod N. (3)Client ↔ Agent ESK[IPagent, IPclient] Protocol II gets a random value r to help generating different SK on every new connection. (Protocol_III). Y Client = α − xclient , Y Agent = α − x Agent. (1) Client→ Agent : Sigclient(α. r Client + xClient. ), CERTClient. Agent verifies the signature of client, then ∗ rClient + x Client r Agent ) mod N = α r client r Agent mod N r Agentt + x Agent ), CERT Agent Sig agnet (α. Agent computesS K = (Y client*α ( 2) Client ← Agent. :. Client verifies the signature of agent, then. Client computes SK = (Y Agent*α. ∗ rAgent + x Agent rClient ) mod N = α rclient rAgent mod N. (3)Client ↔ Agent ESK[IPagent, IPclient] Protocol III is similar to Protocol II, except for signature on α r i + x i . 3.3 Function Torsion FT: Now we show the proceeding of trans formation function FT. First, we divide the old session key SK into eight pieces that we name SKi. SK is recomputed by some simple functions like XOR to get the new session key NSK. For example: NSKi+1=SK((i+2)mod 8)+1 ⊕ SK((i+4) mod 8)+1 or NSKi+1=SK((i+1)mod 8)+1 ⊕ SK((i-1) mod 8)+1. Then we randomly combine the NSKi to get the new session key. We make a general form of FT that is performed by a fully random function that contains three random steps. General Form of FT: (1) Partition step: We divide the old session key into n pieces, named Ski 1 ≤ i ≤ n, . N is one integer in the interger. group{8,16,32,64} and it’s always randomly chosen. SK = [ SK1, SK2, SK3,L, SKN ] is the general form o f SK. Every SKi has 64/N bits. (2) Combination step: Let NSKi = (Ri1*Sk1) ⊕(Ri2*Sk2) ⊕(Ri3*Sk3) ⊕…(Rin*Skn). R i = Ri1 , Ri 2 , R i3 ,..., R in ,.1 ≤ i ≤ n, Rij = 0 or 1. Ri is a binary array which dete rmine the combination of sub key of SKi to form the new session key NSKi. R = [R 1 , R 2 , R 3 ,..., R n ]T ,R is a N × N binary matrix, the limitations of Ri is that at least two element of the arr ay ar e nonz ero in e ach Ri. And no two same Ri will apper in one R. A fully random R can be chosen to form all new sub keys of new session key.. [. 4. ].

(16) (3) Permutation step: After we get the NSKi from step(2). We randomly permuting these NSKi to form the NSK. The NSK = [ NSK a , NSK b , NSK c , L , NSK m ] whe. au av. U. n i ≠ j . 1 ≤ a, b, L, m ≤ n, NSK i ≠ NSK is the gener al form of NSK. The permutation of these NSKi that compose the NSK is processed randomly. With the fully random gener ation steps of NSK we mentioned above, the intruders almost cannot break this process. So we can get a very high security one time key system.. U. au av'. W. V. au' av. V. Figure 3: Intruder-in-the-middle attack. The intruder-in-the-middle attack can not do any damage to our ar chitectur e. Since the Diffi e-Hellman key exchange protocol we used in our architecture is protected by the trusted third party: Certificat e Authority (CA). We use the CA to authenticate and sign the public value of client or agent. Take advantage of the CA, we can prevent the public value in Diffi e-Hellman key exchang e protocol from falsi fying. Consequently make sweeping gener alizations, we think our architecture is strong enough to defense the most attacks on the network that we mentioned above. ITMTFA is similar to the one-time key technique, but we don’t have the problem of worrying the exposing of seed. The one–time key technique uses the seed to help gener ating the one-time session key. An attacker can cumulate enough session keys to conjectur e the seed. Onc e the seed is exposed, the generation of session keys will be not safe any more, although the probability of exposing seed is very low. The seed is the merit but also the drawba ck of the one-time key technique. Learning the one-time key’s lesson, we loosen the relation between the seed and every s ession key. In ITMTFA, every session key almost independent of the seed key besides the first gener ated session key. The generation of session keys is one way and random. The attacker can’t conjectur e the next session key by analyzing the existent session key unless he knows the generation function of session keys. But the agent randomly chooses the generation function of session key, where for e it’s not easy to conjecture the session keys. And further, we use at lease two differ ent session keys for the conne ction between two communication peers. We divide the connection between two peers into several sub-connections. Every sub-conne ction uses a independent session key. And the session keys will be randomly changed when every new connection is established. Although we do the transform of session keys on the connection between two peers for the security reason, but we should also consider the efficiency of the whole connection. Consequently, we discuss the efficiency of the ITMTFA at next session.. 4. Security and Performance analysis of ITMTFA: As shown on chapter3, we know the session key will change step by step, and the generating of ne w session key is fully random proc ess. So that it can get very high security environment. Now we analyze the se curity and the performance of ITMTFA. 4.1 Security Analysis: After we propose the ITMTFA, what we should do is analyzing the security of this architecture. Contemplating the existent attacks, we can analyze the influence of these attacks seriatim as follow: Ciphertext-Only attack [3]. The attacker can only get some ciphertexts, and he wants to directly acquire the plaintext from the ciphertext. This attack can not do any mischief to our ar chitectur e, since the session key will be changed every new connection. Known-Plaintext attack [3]. The attacker has some pairs of pl aintext and ciphe rtext: {m1, C1}, {m2, C2}, {m3, C3}…{mi, Ci}. He wants to acquire the session key or next ciphertext from the pairs of plaintext and ciphertext. Identically, this attack can’t do any mischief. Although the attacke r may get the session key, but the session key can not do any help for breaking our a rchitecture. The reason is the same as the foregoing. Chosen-Text Attack [3]. The Chosen-Text Attack is a more power ful attack that can be divided into two sub-attacks: (a) Chosen-Plaintext attack, (b) Chosen-Ciphertext attack. We assume the attacker has the ability to select or control plaintext or ciphertext. The attacke r can choose some pairs of plaintext and ciphertext that are easily attacked for him. Even the attacker can get the session key using chosen-text attack, our architecture still can protect the attack. Since the session keys will be changed randomly when eve ry new connection is established. Although the attacker has one session key, he still can not guess what next key will be. Replay attack[3]. The attacker intercepts the message and replays the message a ft er a while. The attacker can impersonate other people on the network in this way. But in our architecture, the replay attack c an not do any help for the attacker. Intruder-in-the- middle attack[8]. The attack is used to break the Diffie -Hellman key exchange protocol. Figure_4 illustrates how it works: U and V are the communication peers, and W is the intruder.. 4.2 Performance analysis: Besides the security of the inter-torsion mechanism in tier form archite cture, we also consult the perfo rmanc e of the archite cture. We can do some simulations of possible situations to achieve our purpose. In the simulations, we configured a SUN ULTRASPARC II running the Solaris 2.6 OS as the agent. By analyzing the result of simulation, 5.

(17) we can de cide if the ar chitectur e is operable or not. And we can choose a better way to operat e the inter-torsion mechanism in tier form architecture, to reduce the overhead of FT. In the first simulation, we consider the overhead of ITMTFA. When a message is transmitted between two nodes. The location of the two nodes may be one of three cases. Case1, two nodes are located in the same Int ranet. Case2, two nodes are loc ated in the neighbor Intr anet. In case3, there are more than one third network located between the Intranets where the two nodes are in. when two nodes are located in the same Intranet, the message can be transmitted directly from one node to another node without any intermediary operation in general case. But in ITMTFA, the operation of encrypting, decrypting, reencrypting, and decrypting per formed by two nodes and fir ewall (agent) is its overhead. But from the result shown on figure 4, we can find that the overhead is acceptable. W ith o u t I T M T F A. Wi thout I TM TFA.

(18) . 1 20.

(19) . 40 20 0 1 280. 256 0. 3 840. 512 0. 6 400.

(20) . Figure 4: The simulation result of Case 1. In case2 or case3, the message must be transmitted through one or more firewalls. Due to the scheme of store and forward, whole message must be r eceived, checked and for warded to next node by the firewall (agent). The operation per formed in ITMTFA can be considered as the message translating and can be piped in the scheme o f store and forwa rd. From the results of figur e 5 and figur e 6, we can find that the ove rhead is much light in case2 and case3. Wit hout IT MT FA. Wit h ITM TF A (2 agent s). 1 40. 1 20. 1 00. 38 4. 80. 5 12. 6 40. 12 80. 8 sub-keys. 60. 25 60. 38 40. 16 sub-keys. 32 su b-keys. 200. 40. 180 20. 160 0. 6 4. 12 8. 25 6. 38 4. 5 12. 6 40. 12 80. 25 60. 38 40. 5 12 0. 6 40 0. 140.

(21) . system load.

(22) . 25 6. 5 12 0. 6 40 0. The length of session key used in ITMTFA is 64 bits. The encrypting method can be DES, IDEA, or just only XOR. Because any session key is used only one time, and the FT is fully random. So we don’t need to use the complex enc rypting method to protect the one time key. In ITMTFA, the message blocks will XOR with the session key. Encryption: Esk [M]=M⊕SK, SK is a 64 bits session key. Decryption: Dsk[Esk[M ]] = SK⊕M⊕SK = M, Dsk is the decrypting. The session key will be changed by FT into new session key. As the described in session3, the session key is divided into n parts and the FT is applied on the n parts. In combination step of FT, a random n × n binary matrix R and a random pe rmutation will be made to form the ne w session key. If we divided the session key into 8 parts, 16 parts, or 32 parts, the degree of random matrix R and random permutation a re (8x8,1x8),(16x4,1x16), and (32x2,1x32). The complexity of random binary matrix R are 8x8, 16x4, and 32x2 respe cted, it means that the complexity of random binary matrix R are similar when the session keys are divided into 8,16,32 parts. But the degree of r andom permutation is the largest when n is 32. It means that more divided parts in the session key has more complexity in tranform ation. Figure 7 shows the differ ent system load when n is 8,16 and 32. As the shown result, we can find that there is not significant diffe rence in system load where as n is 8, 16 or 32. In fact we can get that the assignment of n=8,16,32,64 is a random process also. So that we have three random steps in FT, they are random dividing, random combinating, and random permuting.. 60. 64 0. 12 8. Figure 6: The simulation result of Case 3.. W it h I T M T F A ( 1 a g e n t). 512. 40.

(23) . 80. 38 4. 60. 6 4. 1 00. 256. 80. 0. 1 20. 12 8. 1 00. 20. 1 40. 64. W ith IT MT FA (3 agent s). 1 40. 120 100. Figure 5: The simulation result of Case 2.. 80 60 40 20 0 1. 2. 3. 4. 5. 10. 20. 30. 40. 5 0 1 00 2 00 400 800. running FT process number. Figure 7: system load of running FT. 6.

(24) 5. Conclusion:. [6] L. J. Hughes, Jr. “The security technology of Internet ” p69, published by New Rider. [7] Randy J. Hinrichs, "Intranets: What's The Bottom Line?", published by SunSoft/Prentice Hall, 1997 ; http://www.intranetjournal.com/expert.html. [8] Rolf Oppliger “Internet Security: FIREWALLS and BEYOND”, Communication of the ACM, May 1997/Vol.40, NO.5.. In this paper, we provide a technique to enhance the security of Intranet. Our technique is similar to one time key technique, but doesn’t have the problem of se ed key. The main prerogative of our technique is that we divide a connection into sever al sub-connections. Every sub-conne ction uses it’s own session key and the session key will be changed when a ne w conne ction is established. Consequently, we can use at least two different keys to encrypt or decrypt the information tranferr ed between two nodes. According to this, we can provide more security than the stiuation that always only one session key used to protect a connection. Any two nodes in diffe rent Intranet can communicate more secur ely. Gener ally speaking, the number of session keys used to protect the connection for two nodes in different Intr anet is three. Besides, two nodes in an Intranet can communicate more secur ely. Since any information trans fe rred between them is protected by the session key. Additionally, the manager of the Intranet c an monitor and control some connections inside the Intranet by getting the takeover of agent if the condition is necessary. We have to consult the per formance and se curity. So we employ existent firewall system as the agent. The Inter-Torsion Mechanism in Tier Form Architecture we proposed uses the existent firewall system to provide data confidentiality and protect against internal threats fit the Intranet. In order to estimate the per formance of ITMTFA, two simulations are made. The result of first simulation shows that the overheads of the encrypting in tier form are toler able or very light wherever the two nodes are loc ated. There ar e thre e random processes in FT to form the new session key, and the result of simulation shows that the more divided parts in session key c an get more security, but can not due the significant overhead in system load. Show as the simulation and the discussion on attack protecting, ITMTFA can make a very high security environment for Intranet. Acknowledgments This work is supported by the National Science Council, Taiwan, the Republic of China. Under the Grant NSC 88-2213-E-151-007. References: [1] Chapman, D. and Zwicky, E. “Internet Security Firewalls.” O’Reilly, Sebastopol, Calif., 1995. [2] Cheswick, W., and bellovin, S. “Firewalls and Internet Security: Repelling the Wiley hacker.” Addison-Wesley, Reading, Mass., 1994. [3] C. S. Laih, Lein Harn and C.C. Chang “Contemporary Cryptography and Its Applications” published by Unalis Corporation, Sep. 1995. [4] C. S. Park “On Certificate-Based Security Protocols for Wireless Mobile Communication Systems” IEEE Network. Sep. / Oct. 1997. [5] D.W. Davies and W.L. Price “Security of Computer Networks”, John Wiley & Sons, 1989. 7.

(25)