UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos [email protected] “Securing

UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering

Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr

“Securing WiMAX converged networks: threats and solutions”

““Securing WiMAX converged Securing WiMAX converged networks: threats and solutionsnetworks: threats and solutions ””

““Securing WiMAX converged Securing WiMAX converged networks: threats and solutionsnetworks: threats and solutions ””

M. TsagkaropoulosM. Tsagkaropoulos

Dept. Of Electrical and Computer EngineeringWireless Telecommunications Laboratory

University of PatrasPatras 26500

GreeceTel: +30-2610-997301Fax: +30-2610-997302

Email: [email protected]




Agenda:

WiMAX implementation

Security Architecture of 802.16 (WiMAX)

Vulnerabilities and possible solutions

Open Issues

Conclusions




1990 1995 2000 2005 2010 2015

Fix

edM

ob

ile

Po

rtab

le

modemPSTN

14.4 kbps

ISDN64 kbps

modemPSTN

56.6 kbps

ADSL256 kbps516 kbps

xDSL2 Mbps

GSM9.6 kbps

HSCSD28.8 kbps

GPRS40 kbps

EGDE384 kbps

W-CDMA384 kbps

W-CDMA2 Mbps

HSDPA10 Mbps

OFDMA50 Mbps

802.11b10 Mbps

802.11g56 Mbps

802.1670 Mbps

Broadband technology starts about here

Change of Telecoms TrendsChange of Telecoms Trends




Converged Network ConceptConverged Network Concept

IP Network

ManagementControl Signalling

APWiMAX

GGSNSGSN

UMTS/WCDMA

AP

WLAN

AAA

Application

Policing

ServerFarm

Internet




What is WiMAX ?• WiMAX - Worldwide Interoperability for Microwave Access• WiMAX: broadband wireless network based on IEEE 802.16 standard,

which ensures compatibility and interoperability between broadband wireless access (BWA) equipment.– Efficient range of up to 48km.– Provides wireless last-mile broadband access in the Metropolitan Area

Network (MAN).– Performance comparable to traditional cable, DSL, or T1 offerings– Enables non line-of-sight performance - broadband network access widely

available without the expense of stringing wires.

• WiMAX Key points: High speed of broadband service Wireless rather than wired access Broad Coverage




Security Architecture of WiMAX (1)

• IEEE 802.16 specifies the PHY Layer and MAC Layer for BWA

• MAC Layer sublayers:– Service Specific Convergence Sublayer : maps higher level

data services to MAC layer service flows and connections.– MAC Common Part Sublayer : rules and mechanisms for

system access, bandwidth allocation, connection management and QoS decisions for transmission scheduling.

– Security Sublayer : provides:• privacy, authentication, and confidentiality • protects against unauthorized access to data transport services






Security Sublayer




Security Architecture of WiMAX (2)

• The security architecture of WiMAX is based on two component protocols :– an encapsulation protocol: defines a set of supported

cryptographic suites and the rules for applying those algorithms.

– a key management protocol (PKM) : synchronize

keying data between Subscriber Station (SS) and Base Station (BS); the BS enforces conditional access to network services.




Security Layer basic components

• Security Associations (SA)

• X.509 certificates

• Privacy Key Management (PKM) authorization protocol

• Privacy Key Management protocol

• Encryption




Security Analysis• Improvements:

– Robust protection in the form of certificate-based encryption

– X.509-based PKI (public key infrastructure) certificate authorization

• Base station validates the client’s digital certificate before permitting access to the physical layer.

– Protection of integrity of data traffic




Vulnerabilities(1)• Physical threats

– JammingJamming :insert noise strong enough to decrease the capacity of the channel dramatically.

– ScramblingScrambling: similar to jamming but it targets to specific frames or part of frames for short intervals of time.

– Insert malicious dataInsert malicious data: properly tuned transmitter can write on to the channel.

Possible solutions– Increase the power of signals or their bandwidth (spreading

techniques, powerful transmitter or high gain transmission antennas and high gain receiving antennas)

– Mechanism to authenticate the data received




Vulnerabilities (2)• MAC threats

– Lack of mutual authentication between the SS and the BS

• Eavesdropping of management traffic or user traffic• Replay Attack: repeat messages

– Denial of service (DoS) attacks

Possible solutions– Transient information in the message ( timestamp or a serial

number)– Forward Error Correction mechanisms– Enhanced authentication mechanisms




Open Issues• Mutual authentication of communicating entities

(issue of appropriate certificates)

• Secure encryption scheme of 802.16

• Data encryption that adopts: confidentiality, data origin authentication, (connectionless) data integrity, anti-replay service.




Conclusions• WiMAX has a potential market:

Basic component of last mile connections in upcoming NGN Networks

• Successful only if:Ensured security of end-to-end communicationsAdvanced security implementation

NEXT STEPNEXT STEP Review of current security infrastructure Mobility schemes that guarantee security and QoS




Thank you for your attentionThank you for your attention


WirelessWireless Telecommunication LaboratoryTelecommunication Laboratory

Michail TsagkaropoulosMichail Tsagkaropoulosmailto: [email protected]

http://www.wltl.ee.upatras.gr/multimedia_security

Documents

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos [email protected] “Securing