Chaos Based Constellation Scrambling in OFDM Systems: Security &

Interleaving Issues

Muhammad AsifKhan l , Mohammad Asim2, Varun leoti3 , Rana Shahid Manzoor4

Department ofElectrical and Electronic Engineering
Universiti Teknologi, PETRONAS, Malaysia

Emails:lasf_kh@yahoo.com.2engrasimkhan@gmail.com.
3varun-ieoti@petronas.com.my, 4engr.shahid@gmail.com

Abstract- Recently, chaos based cryptography has

attracted significant attraction of the researchers due to
their simplicity of implementation, complex behavior and
extreme sensitivity to initial conditions. In this paper an
efficient technique to introduce security at physical
(PHY) layer is proposed in 802.11 i design to provide
security in Medium Access Control. Since it does not
emphasize on availability, several denial ofservice (DoS)
attacks are possible. The DoS attacks are easy to mount
because management and controlframes are unprotected
and so are MAC headers. This paper proposes a security Fig. 1. Block diagram of proposed OFDM system
scheme at PHY layer by scrambling OFDM constellation
symbols to encrypt data transmission to resist against
control and availability to protect against various attacks
these malicious attacks. In addition, it can also acts as
[1]. In addition, for reliable data transmission coding is
random interleaver. Analysis shows that, it has good
typically combined with interleaving to spread the error
random interleaver properties and also memory efficient.
bursts. The basic principle of interleaver is to spread
The scrambling matrix is based on a key derived from a
error bursts. In wireless channels error associated with
one dimensional chaotic nonlinear dynamical system
de-modulator tends to occurs in bursts, corresponds to
using logistic map. The initial condition of the map
time when the channel in deep fades. The most popular
acting as the derived key is dependent on the external
error control scheme used today is Reed-Solomon outer
key. The scrambling is completely reversible with the use
code concatenated with an inner convolutional combined
of appropriate key. However, use of a wrong initial
with interleaver.
condition even at 4th decimal point produces entirely
different sequence resulting in erroneous constellations
with equal probability. a)Security Issues:
Wireless technology continuously evolving and
providing advancement in speed, bandwidth nad
security. As considering the security of Wireless LAN
(WLAN) which is vulnerable to number of passive and
active attacks [2]. All these attacks disrupt data
I. INTRODUCTION transmission of WLAN. IEEE 802.11 i, the security
standard for wireless LAN, provides effective data
Orthogonal Frequency Division Multiplexing (OFDM) confidentiality, mutual authentication and integrity to
has been considered a promising candidate to achieve secure against active and passive attacks. However"
high data transmission in mobile environment. Recently, some Denial-of-Service (DoS) attacks still remain
OFDM systems have been applied for fixed and mobile because, at MAC layer, some of the information are
transmission. The growing attractiveness of such systems left unprotected Le. the MAC header, management
has put a demand for greater security for reliable data and control frames. The attacker eavesdrops these
transmission. For secure data transmission in wireless frames to initialize attacks. Most of the work reported in
communications means to be able to provide effective the literature focuses their attention on enhancing the
data authentication, confidentiality, integrity, access security at MAC layer [3, 4]. As the security is the
978-1-4244-2328-6/08/$25.0002008 IEEE
function of higher layers PHY layer is also vulnerable to
such DoS attacks. An adversary snoops transmitted
frames to disrupt the network and/or jams the Traffic
passing through the network. It is appropriate to
introduce PHY security in order to make WLAN robust
against such attacks.
CBS
.. Key

To achieve secure transmission in wireless

communication various approaches are suggested in
literature. The IEEE WLAN standard 802.11 features a
security architecture, which is called WEP (Wired
Equivalent Privacy). The WEP protocol employs RC4
cipher [5]. However, WEP has not been able to make
attacfs as difficult as its designers hoped. The flaws give Fig.2. Block cliagram of our proposed chaos based scrambling
rise to number of attacks that allow eavesdropping and scheme.
tempering with the wireless transmission [6-9] . Various
other security enhancements has been also suggested [10, of interleaver is often characterized by the diversity order
11]. associated with the resulting probability of error. This
diversity order is typically a function of the minimum
IEEE 802.11i, an IEEE standard ratified June 24, 2004, Hamming distance of the code. Thus, designs for
is designed to provide enhanced security in the Medium Interleaving on fading channels must focus on
Access Control (MAC) layer for 802.11 networks. The maximizing the diversity order of the code.[13] The
802.11 i specification defines two classes of security interleaver plays a fundamental role in turbo codes[14].
algorithms: Robust Security Network Association The effect of permuting the information symbols could
(RSNA), and Pre-RSNA. Pre-RSNA security consists of be that the consecutive entries are not damaged by error
Wired Equivalent Privacy (WEP) and 802.11 entity bursts. This will depend on some properties of interleaver
authentication. RSNA provides two data confidentiality [15].
protocols, called the Temporal Key Integrity Protocol
(TKIP) and the Counter-mode/CBC-MAC Protocol i) Properties ofRandom Interleaver:
(CCMP). In addition it also 802.1X authentication and In order to evaluate the performance of interleaver, it
key management protocols. 802.11 i appears not to should have the properties of dispersion and spread
emphasize on availability of WLAN as primary [15,16].
objective, leaving it vulnerable to many DoS attacks even
if the strong data confidentiality and authentication The spreading measures how separated the elements are
protocols are used after permutation that were originally close, such that
DoS attacks, which aim to prevent access to network
resources, can be devastating and difficult to protect Ii - il < 5 implies In(O -nU)1 > 5, for 1 ~ S ~ q (1)
against. DoS attacks involve flooding the network with
traffic, choking the transmission lines and preventing Where S is the spreading factor and q is the total number
other legitimate users from accessing services on the of input symbols.
network. There are critical differences in the interaction
between the network, data-link, and physical layer that The dispersion measures the randomness of the
increase the risk of DoS attacks on wireless network. The interleaver. It is defined as the number of elements in the
analysis of various DoS attacks exploiting availability of set:
WLAN and proposed potential countermeasures has been
suggested [12]. D(n) ={U - i,n(j) -n(i))IO ~ i < j < q} (2)

b) Interleaver Issues: The normalized dispersion is I

2 D(n)l. The dispersion is
q(q-l)
The scrambling also acts as random interleaver. The
basic premise of interleaving is to spread error bursts due good if normalized dispersion close to 1.
to deep fades over many codewords such that each
received codeword only exhibits at most a few A class of S- random interleaver was introduced in
simultaneous symbol errors. To improve the performance [17]. The s- random interleaver was design by manually
of data transmission, coding is combined with selected spread factor S. The s- random interleavers have
interleaving to mitigate the effect of burst error. good random interleaver properties but they are not
Interleaving is a form of diversity and the performance memory efficient. In addition, the complexity of s-

978-1-4244-2328-6/08/$25.00eJ2008 IEEE
random interleaver is increased with decrease in unique combination. The matrix when multiplied with
spreading factor as the size is increased. To improve the constellation symbols scrambles the position of the
design of interleaver for memory efficient applications, elements. It is difficult to recover the data with different
interleaver is constructed algebraically because their key.
scrambling pattern is completely specified by a well
define mathematical formula with a few seeding
parameter but does not have good random properties [15, III. CHAOS BASED SCRAMBLING
16]. a) Chaotic logistic Map
The Chaotic logistic map is a well known 1-0 chaotic
This paper proposes a unique chaos based scrambling map. Since the chaotic logistic map is convenient to
of OFOM constellation symbols for securing system at implement, we have selected it for demonstrating our
PHY layer. In addition, this scrambling algorithm also scrambling algorithm. However, it should be mentioned
acts as random interleaver. It has good random properties that even other 1-0 chaotic maps can be employed for
and it is also memory efficient because it can also scrambling purpose - maps which have uniform
comp1etely specified by a mathematical formula, which is probability distribution functions such as Piecewise linear
logistic map in our case. All the previous techniques for chaotic maps [18-20].
securing such systems are employed at higher sub layers.
The scrambling is reversible with the use of symmetric The chaotic logistic map is given by (4)
key. It uses 1-0 chaotic map to generate the scrambling
matrix. The initial condition of 1-0 chaotic logistic map x n + 1 = rx n (1 - x n ) (4)
serves as key to generate scrambler. The results show that
all data are recovered with zero error. The proposed
where 0 < x n < 1 and 3.47 < r < 4
scrambling method is extremely sensitive to the initial
conditions, hence, with different initial conditions, it is By iterating the chaotic logistic map with a unique
unable to recover the data correctly and, in the erroneous initial value 0 < xO < 1
data deciphered, the probability of occurrence of the each
constellation symbol is uniform
b) Scrambling Algorithm
This paper is organized as follows: Section 2 describes The block diagram of our proposed Chaos Based
the proposed scrambling based security. Section 3 Scrambling (CBS) scheme is given in fig.2. The chaotic
describes the proposed chaos based scrambling logistic map produces chaotic sequence within the
algorithm. Section 4 describes security analysis. Section domain E (0,1). The scrambling matrix is generated in
V describes the interleaver analysis. The last section following way. A new position matrix P of size 1 x N as
concludes the paper. in (5) is generated, where position elements signify the
location of' l' in scrambling matrix.
II. SCRAMBLING BASED SECURITY
P = {Pi,Pi+l,·" ,PN} (5)
The scrambling reorders the constellation symbols in an
OFOM system. The scrambling matrix can be visualized
as in eq.3. The matrix design is in such a way that each where Pi are the position elements.
row has one '1' and rest of the elements are zero and no
two rows are same. For N x N matrix, possible The design methodology of position matrix is based on
combinations are there. For each scrambling matrix new the so-called mixing property of the chaotic dynamical
key is used, each key entails mapping to a systems. A bit more formally, the mixing property is
defined in the following way [21]:
• For any two open intervals I and J (lvhich can be
0 0 1 0 0 0 arbitrarily small, but must have a nonzero length) one
0 0 0 0 1 0 can find initial values in 1 lvhich, lvhen iterated, lvill
0 1 0 0 0 0 eventually lead to points in J
s= 0 0 0 0 0 1
(3)
Hence according to the mixing property, for any initial
1 0 0 0 0 0 condition Ie, from any interval 1, a chaotic dynamical
0 0 0 1 0 0 system will traverse all the intervals chaotically during
the course of the iterations.

978-1-4244-2328-6/08/$25.0002008 IEEE
 To generate the dynamic position matrix, domain the OFDM baseband signal by applying the IFFT,
E (0,1) is equally divided into subdomains. Each
subdomain is sequentially numbered from 0 to N-l. Now X n = IFFT{X e } (10)
starting with the initial condition Ie, a new position
matrix is generated by iterating the chaotic dynamical where, X n is the frequency domain vector signals
system. During the course of iteration, when the chaotic
respectively. At receiver same procedure follows to
logistic map falls in the specific subdomain, the number
descramble the constellation symbols.
assigned to that subdomain is being stored in the new
position matrix. If the chaotic map has already traversed
the specific subdomain or interval, then the position IV. SECURITY ANALYSIS
corresponding to that subdomain is being ignored. Hence
iterations will continue until the chaotic map traverses all Wireless LANs are highly susceptible to numerous
the subdomains. malicious attacks. In wireless system layer abstraction is
very important concept, requiring each layer to provide
Finlllly the scrambling matrix S of size N x N is independent fu'nctionality separately to strengthen the
generated by using position matrix generated by the security of the system. At link layer and higher layers
above mentioned methodology. The complete scrambling security mechanisms are used to protect the transmission
matrix after assigning each position is written as data in order to prevent attacker to manipulate useful
information. Even if the strong confidentiality and mutual
authentication protocols
Si,k Si,k+l Si,N
Si+l,k Si+l,k+l Si+l,N
Si,k =
(6)
SN,k SN,k+l SN,N

The above matrix can be written as

T
S -{S·
- Z' S·z+,
1··· , SN}
(7)

where Si is the row vector.

The algorithm works in such a way that each row

vector in scrambling matrix contains "I" as in (8)
QPSK Constellation symbols
(8)
Fig. 3. Probability of occurrence of constellation points with
where j is any other row vector of scrambling matrix slightly different initial condition.

S E [i,N] are used at MAC layer, it still leaves many weak spots for
attacker to explore. At MAC layer only data frames are
encrypted while leaving management and control frames
This scrambling matrix is reversible to correctly unprotected. In addition, MAC headers are also left
recover the data with symmetric key. unencrypted. In what follows, it is shown that by
providing the security at the physical layer by the
c) Proposed OFDM System. proposed CBS which scrambles the complete MPDU
The proposed OFDM System shown in Fig. 1 can be (MAC Protocol Data Unit) frame, how the Wireless LAN
easily implemented. The scrambling matrix is multiplied can be made secure against some of the current
with N randomly generated symbols as, prevailing threats.

(9) a) Key Sensitivity

To evaluate the performance against key sensitivity of
where, X N ,S are input symbols and scrambling our proposed chaos based scrambling, randomly
matrix of size N x 1and N x N respectively. We obtain generated symbols are scrambled with scrambling
978-1-4244-2328-6/08/$25.0002008 IEEE
algorithm. Simulation in MATLAB® has been performed In our proposed CBS each frame scrambled contain 64
in order to evaluate the performance of the proposed symbols, so there are 64! possible symbols combinations.
algorithm. For the modulation of randomly generated In the proposed CBS, we transmit 1000 random OFDM
data, we consider QPSK and 4QAM for N=64 and N=256 frames which lead to 64000! or 264000 possible
carriers for 1000 OFDM frames. combinations. Hence it is infeasible to exhaustively
At receiver when descrambled with same initial search all the probable secret positions as each frame is
condition, all constellation symbols are recovered with encrypted/ scrambled by the proposed CBS with the
zero error. However, when the same data is recovered different initial condition. However when more than one
with slightly different initial condition, almost all the frame is encrypted with the same initial condition, then
constellation symbols are in error. The probability of the security of the proposed scheme will be low against
error is uniformly distributed in symbols. The probability the chosen plaintext attack which is evaluated in section
of occurrence of each constellation symbols when III. From the above discussion, it is evident that
decrypted with slightly different initial shown in Fig. 3. encrypting each frame with the distinct initial condition
The number of differing positions in the two scrambling makes it infeasible for the attacker to break the proposed
matrixes generated with the two slightly different initial CBS through exhaustive searching technique.
conditions is almost 98%. It confirms that with the
slightly different initial condition it is infeasible to c) Data Forgery Attacks
recover the data. The MAC address which is not encrypted, can serve as
starting point to initialize different forgery attacks. The
b) Traffic Analysis/Passive Eavesdropping attacker eavesdrops the unprotected information and
The security mechanism in the WLAN aims to achieve masquerades as access point (AP) to initialize de-
the security level comparable to that of the wired LANs. authentication & disassociation attacks. In that case
However due to the characteristics of the WLANs, the attacker initializes session-hijacking attacks by
attacker can sniff and store all the traffic of WLAN. disconnecting devices. Typically an intruder forces a
Hence it is very important to analyze whether the attacker legitimate user to terminate its connection to an access
may learn any meaningful information from the stored point.
traffic of the WLAN. By snooping unprotected frames at MAC layer,
Hence providing the security at the physical layers by intruder initializes Man-in-the-Middle attack to snoop
the proposed chaos based scrambling scheme each their credentials by inserting himself between legitimate
transmitting frame is encrypted/scrambled with unique client and AP. By doing this the attacker forges the
key. The initial condition of logistic map serves as the unprotected frames, modifies the frames and forwards it
primary key to our proposed CBS algorithm. Let this to the recipient. Intruder pretends to be authorized AP to
primary key be lC I that is used to encrypt! scramble the client and authorized client to AP and fool them both.
first frame. Let the frame to be scramble is denoted by F All these attacks are prevented by our proposed CBS
can be shown as scheme. The unprotected frames at MAC layer and MAC
(11 ) header are protected so the data recorded at MAC layer is
completely wrong, and wrong frame format don't give
where SI is the first scrambled frame. any information to intruder. For attacker there is no
information at all as the transmitted data is encrypted at
To generate the new key to encrypt the second frame
PHY layer. Data insertion attacks are also not possible
F2, the next output of logistic map after scrambling the
because the data is encrypted and intruder needs to break
first frame serve as a key to encrypt F z is lCz. The
the key in order to get the correct data. Intruder needs to
remaining keys from lC3 to lCN to encrypt the frames F 3
check all possible key combination to get the correct key.
to FN respectively can be generated in the same way. The
encrypted/ scrambled frames Sz to SN each with a unique
key can be shown as
d) Denial ofService (DoS) Attacks
One of the active attacks in WLAN is Denial of Service
(12) attacks (DoS). Typical DoS attacks involve flooding the
network and preventing legitimate user to access the
network resources. By using the characteristics of
WLAN, attacker can launch DoS attack to disrupt the
SN = CBS(FN ,ICN) (13) network traffic. At link layer one type of attack is to forge
the unprotected management frame to de-authenticate and
disassociate frames in order to prevent the legitimate
where SN is the total number of scrambled frames. clients to use the network resources. The adversary forges
978-1-4244-2328-6/08/S25.00C2008 IEEE
the control frame to initialize attack to disrupt the virtual v. RANDOM INTERLEAVER
carrier sense mechanism [12]. Hence the introduction of ANALYSIS
the CBS at PHY layer also secures such information
which is left unprotected at link layer. Therefore, PHY
In order to evaluate the performance of proposed CBS,
layer security could help to prevent attacker to exploit the
MATLAB® is used to construct the programs for spread
protocol weaknesses and resist against DoS attacks. To
and dispersion.
initialize DoS attacks requires reasonable effort by
attacker. The cross layer security design strengthens the The spreading factors (s,t) such that
WLAN security.
Ii - il < S implies InCO - nU)1 > t, for 1 :::; S ~ N (14)
e) Known Plaintext Attack
It is an attempt to decode the current plaintext using the
current ciphertext and previous samples of plaintext and The spreading is the maximum value such that S ~ t. the
their qorresponding ciphertext. This attack is more likely
to succeed than the ciphertext-only attack. In this type of closer S is to j, where N is the total number of input
attack the unauthorized receiver knows what the plaintext symbols, the better the spreading is. Our proposed CBS
was for some previous messages, however he cannot generate symbols which have very low probability of
choose those plaintext samples. Therefore the samples he minimum spreading value which is 2. The average spread
has mayor may not enable him to decode the current of proposed CBS is!!.., more than 90% of the bits have the
message and recover the secret key. 2

Generally permutation only schemes are considered to spread S2$-.

be insecure if the same secret key (initial conditions
/control parameters) is used for the encryption of more
than one sets of data (let's say more than one frames). The s-random and algebraic interleavers have the
One way to break permutation only schemes with only dispersion around 0.8 and 0.5 respectively. The dispersion
one known frame or set of data would be to see the effect factor approximately 0.8 considered good. The dispersion
of the permutation on the corresponding input and output factor for proposed CBS has been carried out for different
differentials (Llxi'~Yi) in the two frames since initial conditions, the variation of dispersion for different
initial condition are 0.81-0.83. The dispersion and spread
permutation with the same secret key will map the
of proposed algorithm is given in TABLE 1.
corresponding bytes (lh bytes) within the frames to same
location j. As permutation-only schemes do not change
VI. CONCLUSION
the value of the input data, hence input differential ~i

will be equal to the corresponding output differential ~Yi.

In this paper, securing of OFDM at PHY Layer is
Now assume that the adversary has the access to the one reported. A novel security mechanism is proposed for the
known set of the data-Ji, then the second set of the data OFDM system, where the constellation symbols are
P2' which has the same length as Ji, can be recovered as: dynamically scrambled. In addition, the scrambling also
P2 = 11 Ef) Cm' where Cm = C~ Ef) C; and C~, C; are the acts as random interleaver. The inherent logic for the

encrypted form of Ji and P2 , respectively. Here Cm TABLE 1: Dispersion and spread of proposed CBS
servers as equivalent to the secret key and can be called as
mask frame. Initial Min.
length Dispersion
condition Spread
However, if the frames are being encrypted (permuted)
by the encryption algorithm using different secret keys
0.1111 64 - 128 0.81308-0.81299 1
(initial conditions/control parameters), then the
corresponding input differential lui will not be equal to 0.234 64 - 128 1
0.81399-0.81435
the corresponding output differential ~Yi. Hence the
adversary will not be able to recover the second frame (or 0.334 64 - 128 0.82887-0.8222 1
set of data) P2 using em even ifhe has the access to li.
0.505 64 - 128 0.83234-0.81225 1
From the above discussion, it is obvious that it is not
possible to break CBS using known plaintext attack if the
0.723 64 - 128 0.82341-0.81004 1
frames are scrambled using different secret keys.
978-1-4244-2328-6/08/$25.0002008 IEEE
 0.8020 64 - 128 0.81696-0.81705 1 [6]. W. Arbaugh, N. Shankar, and Y. C. W. Justin Wan, "Your
802.11 Wireless Network has No Clothes," Department of
Computer Science, UMCP, March, 2001.
0.999 64 - 128 0.8234-0.81348 1
[7]. S. Fluhrer, L. Mantin, and A. Shamir. Weaknesses in the key
scheduling algorithm of RC4. the Eighth Annual Workshop
on Selected Areas in Cryptography, August 2001.
[8]. Stubblefield, 1. Ioannidis, and A. Rubin. Using the Fluhrer,
Mantin, and Shamir Attack to Break WEP. AT&T Labs
generation of the scrambling matrix of our proposed Technical Report, August 2001.
scrambling algorithm is based on the so called mixing [9]. D. Verton. Your Wireless LAN Can Be Hacked - Flaws in
property of the chaotic dynamical systems. The proposed 802.11 can leave data vulnerable. PCWorld.com.
method is extremely sensitive to the initial condition, [10]. Y. Xiao, C. Bandela, Y. Pan. Vulnerabilities and Security
Enhancements for the IEEE 802.11 WLANs. IEEE globecom
hence slightly different initial condition results in almost
proceeding. 2005
completely different position matrix. It is shown that by [11]. Y. Xiao, Y. Pan, X. Du, C. Bandela and K. Dass. Security
scrambling the transmission data could help to resist mechanism, attacks, and security enhancements for the IEEE
against DoS attacks. Securing PHY layer enhance the 802.11 WLANs. Submitted to international journal of wireless
and mobile lomputing, special issue on Medium Access Control
securitY at MAC layer. Our propose scheme helps to
for WLANs, PANs and Sensor Network, February. 2005
assist upper layers, strength security and resist against [12]. 1. Bellardo, S. Savage 802.11 Denial-of-Service attacks: Real
DoS attacks. Data privacy and data forgery attacks can be vulnerabilities and practical solution. Usenix Security
prevented. PHY layer security by our propose scheme Symposium. 2003.
[13]. A. Goldsmith, wireless communication. Cambridge university
substantially increase the entry barrier for break in. As
press, 2005.
interleaver, our CBS has good random interleaver [14]. J. D. Andersen, Turbo code tutorial,
properties. It is memory efficient because its scrambling www.coe.montana.edu/ee/rwolff/EE548/EE548-06/turbocodes/
pattern completely defined by mathematical formula. turbotutorial. pdf
[15]. C. A. Leon, analysis of dispersion and spreading properties of
Also permutation has its own inverse, same algorithm is
interleavers for turbo codes. Computer research conference,
used for both interleaving and deinterleaving. Our April 2004
proposed CBS can easily be constructed for any [16]. Y. B. Luis, L. O. Peraz, I. Rubio, Properties of a class of
interleaving size permutations over finite fields and applications to turbo codes.
PRISM. 2004.
[17]. S. Dolinar,D. Divsalar, Weight distribution for turbo codes
using random and nonrandom permutations. The
REFERENCES telecommunication and data acquisition progress report 42-122,
April-june 1995.
[1]. T. Karygiannis, L. Owens. Wireless Network Security 802.11, [18]. A. Baranovsky and D. Daems. The design of one dimensional
Bluetooth and Handheld Devices. National Institute of chaotic maps with prescribed statistical properties. International
Standards (NIST) special publication 800-48, November 2002. journal of bifurcation of chaos & fractals, Vol 5, No.6,
[2]. K. Hiltunen. WLAN attacks and risks. pp.1585-1598, 1995.
www.comlab.hut.fi/opetus/333/2004slides/topic30.pdf. [19]. M. Asim. A Hybrid chaotic image encryption scheme based on
[3]. Y. Xiao, Y. Pan, X. Du, C. Bandela, K. Dass Security S-box and ciphertext feedback. Master thesis, Universiti
mechanism, attacks, and security enhancements for the IEEE Teknologi, PETRONAS, 2007.
802.11 WLANs. Submitted to international journal of wireless [20]. M. Asim & V. Jeoti. Hybrid chaotic image encryption scheme
and mobile computing, special issue on Medium Access Control based on S-box and ciphertext feedback. To appear in IEEE,
for WLANs, PANs and Sensor Network, February. 2005. International conference on Intelligent and Advanced Systems,
[4]. C. He, 1. C. Mitchell security analysis and improvements for 2007.
802.1 Ii. The 12th Annual Network and Distributed System [21]. Peitgen, Jurgens and Saupe. Chaos and Fractals-New Frontiers
Security Symposium (NDSS'05), pages 90-110. February. 2005 of Science, Second Editon, Springer-Verlag, 2004.
[5]. Stubblefield, 1. Ioannidis, and A. Rubin. Using the Fluhrer,
Mantin, and Shamir Attack to Break WEP. AT&T Labs
Technical Report, August 2001.

978-1-4244-2328-6/08/$25.0002008 IEEE