MOBILE WiMAX SECURITY

MOBILE WiMAX SECURITY

Student Name: Claudia CardenasStudent ID: 41416538

Supervisor Number: Rajan Shankaran

ITEC 810

Contents

2. Mobile WiMAX

1. Introduction

3. Security Threats

4. Security in Mobile WiMAX

5. Vulnerabilities Assessment

6. Conclusion

2

ITEC 810

Introduction

Customers’ Demands Greater e-commerce usage High speed.MobilityLower costsMobile Internet

3

Key Problems

ITEC 8104

VulnerabilitiesVulnerabilities

EE

CC

DD

AAEavesdropping Unauthorised modification of

messages

Masquerading: Unauthorised access

Goals

ITEC 8105

ITEC 810

Contents

2. Mobile WiMAX

1. Introduction

3. Security Threats

4. Security in Mobile WiMAX

5. Vulnerabilities Assessment

6. Conclusion

6

Mobile WiMAX

Flexibility

ITEC 8107

Mobille WiMAX Architecture

ITEC 8108

Access Service Network

Base Station Connection with the mobile subscriber Maintain the connection. Maintain the Status. Traffic Scheduling

The Access Service Network Gateway (ASN-GW)

Collecting and forwarding the traffic. AAA functionality QoS Management

ITEC 8109

Mobile WiMAX Network Architecture

Different kind of users. Different deployments. Ability to grow. Internetworking.

QoS for each service and connection.

IP and non-IP network are integrated

ITEC 81010

Protocol Layers

ITEC 81011

ITEC 810

Contents

1. Introduction

3. Security Threats

4. Security in Mobile WiMAX

5. Vulnerabilities Assessment

6. Conclusion

12

Security Threats

ITEC 81013

Threats

Threats to PHY Layer

Threats to MAC Layer

Threats to PHY Layer

Jamming Attack Scrambling Attack Water Torture Attack

ITEC 81014

Threats to MAC Layer

Threats to Mac Management message in Initial Network Entry

Threats to Access Network Security Threats to Authentication

ITEC 81015

ITEC 810

Contents

1. Introduction

3. Security Threats

4. Security in Mobile WiMAX

5. Vulnerabilities Assessment

6. Conclusion

16

Security in Mobile WiMAX

ITEC 81017

Encryption Overview

It is only applied to the payload. It is not applied to the MAC management messages. SS’s encryption capabilities are negotiated during

registration process. BS determines the encryption method to be used.

ITEC 81018

Encryption Mode Reference

DES in CBC mode DES algorithm [FIPS 46-3, FIPS 74, FIPS81]

AES in CCM mode AES algorithm [NIST Special Publication 800-38C, FIPS-197]

AES in CTR mode AES algorithm [NIST Special Publication 800-38A, FIPS 197, RFC 3686]

AES in CBC mode AES algorithm [NIST Special Publication 800-38A, FIPS 197, RFC 3686]

Authentication Overview

ITEC 81019

Authorization

ITEC 81020

ITEC 810

Contents

1. Introduction

3. Security Threats

5. Vulnerabilities Assessment

6. Conclusion

21

Vulnerabilities Assessment

Lack of mutual authentication. It could be the cause of impersonation.

This vulnerability is mitigated IEEE 802.16e by including the mutual authentication

ITEC 81022

Weak encryption algorithms.

It could lead an integrity and confidentiality problem.

IEEE 802.16e not only supports DES-CBC, but also, several modes of AES that make the encrypting communications more secure

ITEC 81023

Interjection of reused TEKs.

This characteristic makes easier perform a replay attack.

Valuable information and the traffic encryption key could be disclosed to unauthorized parties

IEEE802.16e introduces AES-CCM. It offers per packet randomization. Each data packed include its own unique

packet number

ITEC 81024

Unencrypted management messages

These messages are not encrypted, so they are susceptible to eavesdropping attacks.

IEEE 802.16e-2005 offers integrity protection for specific unicast management messages

However this digest is not appended to initial network entry management messages

ITEC 81025

Other Results

Three way TEK exchange and the authorization process.

No one vulnerability was found [Datta,2005].

The key management protocol was analysed by Yaksel and once again this software could not find any security hole.

The Multi-Broadcast Service (MBS) The protocol is secure on its own. (Kao,2006)

ITEC 81026

Initial Network Entry

ITEC 81027

Proposed Solution

SS → KMC: [SS, nonce1]Kss

KMC → SS: [Ks]Kss, [Ks]Kbs, nonce1, H([Ks]Kss, [Ks]Kbs, nonce1)

SS → BS: [Ks]Kbs, nonce2,H([Ks]Kbs, nonce2) BS → SS : [rand2]Ks

SS → BS : [rand2-1]Ks

ITEC 81028

ITEC 810

Contents

1. Introduction

3. Security Threats

6. Conclusion

29

Conclusion

The best aspirant technologies to serve the broadband demands on wireless access.

In terms of the PHY layer most of these attacks can be counteracted by using different signals and proper configuration of the protocol.

Some of MAC flaws have been fixed by the enhanced security of IEEE 802.16e but not all of them.

The lack of encryption of MAC management messages that can affect the initial network entry process.

A solution based on the key session and the key management centre was proposed.

Further studies and simulations should be done in order to assess the different solutions offered.

ITEC 81030

ITEC 810

Thank Thank You !You !

31