BKWRLSSC.RVW 20020601 "Wireless Security", Randall K. Nichols/Panos C. Lekkas, 2002, 0-07-138038-8, U$65.00/C$102.95 %A Randall K. Nichols cto@infosec-technologies.com %A Panos C. Lekkas wireless_security@attglobal.net %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 2002 %G 0-07-138038-8 %I McGraw-Hill Ryerson/Osborne %O U$65.00/C$102.95 905-430-5000 800-565-5758 fax: 905-430-5020 %P 657 p. %T "Wireless Security: Models, Threats, and Solutions" When I was trying to describe this book, a colleague noted that it sounded like (job) security by distraction. The authors have managed to string together a number of points about different aspects of technology, many related to wireless communications and security, but, overall, not providing the reader with much that is relevant to the central topic. Chapter one, entitled "Why is Wireless Different," gives all the appearance of a political polemic. It sounds good, but analysis reveals very little actual meaning in the text. Contiguous statements actually have no relationship to each other. Instead of the promised material about wireless information warfare, chapter two presents a random collection of tidbits from communications and security topics. One table of threats breaks over a number of pages, mixing parts and becoming completely confused. A proposed "taxonomy" is nothing of the kind, with a set of completely orthogonal classification factors. Vulnerabilities of the wired telephone infrastructure and some completely unrelated material (how to make a spike microphone with a nail, two thumbtacks, a rubber band and a piezo crystal) leave no room for anything related to wireless security in chapter three. Chapter four's discussion of satellite communications, with a side diversion into generic cryptography and export controls, has no practical use. Lots of non-computational cryptographic systems and a discussion of pseudo-random number generators make for a very generic (absent a neat explanation of Diffie-Hellman key exchange) discussion of cryptography in chapter five. After a great deal of promotion of products sold by the authors, there is little space left for any examination of the use of cryptographic systems in wireless communications. Esoteric trivia such as linguistic spectral analysis and translation of a specific date to Mayan format have little to do with cryptography in speech systems in chapter six. Chapter seven's look at wireless LAN systems is astonishingly short, with little about protection except for a terse assertion of the weakness of the WEP (Wired Equivalent Privacy) protocol. (While there is some detail in the discussion of WEP, there is no explicit mention of the fact that the initialization vector is sent in plaintext, that RC4 has known weaknesses, and that initialization vector generation makes re-use almost inevitable. In addition there is implicit support for the common marketing misrepresentation that WEP uses a 64 bit, rather than 40 bit, key.) In chapter eight we get vague security theorizing rather than a review of the Wireless Application Protocol (WAP). There is a decent explanation of SSL/TLS (Secure Sockets Layer/Transport Layer Security) and a list of other security protocols in chapter nine, but then it ends with a very poor duplication of the SSL material in dealing with WTLS (Wireless Transport Layer Security). There is some detailed examination of the security aspects of the Bluetooth system, in chapter ten, but it is weakened by the lack of an overall conceptual framework. Chapter eleven looks at VoIP (Voice over Internet Protocol), but most of the points are covered elsewhere, and there is no attempt to explain the relevance to wireless systems. Instead of hardware considerations for end-to-end security, chapter twelve gives us random communications topics, some related to hardware and some not; some related to security and some not. Chapter thirteen is a detailed promotion for products of the authors. While there are points of interest and relevance to wireless security in this book, there is a great deal of irrelevant content, redundant duplication, and meaningless verbiage. The book, and most of the chapters, are only barely structured, with nothing in the way of an overall organization that would make relevant points easy to either find or understand. Wireless security is an important topic, but this volume will do very little to help readers achieve mastery of it. copyright Robert M. Slade, 2002 BKWRLSSC.RVW 20020601