WP Mobile WiMAX Security

8/6/2019 WP Mobile WiMAX Security

1/20

WHITEPAPER

WHITE PAPER

Makes Mobile WiMAX Simple

Mobile WiMAX Security


2/20

WHITEPAPER


Glossary 3

Abstract 5

Introduction to Security in Wireless Networks 6

Data Link Layer Security 8

Authentication 8

Security Association 9

Authorization 10

Traffic Encryption 10

Summary 11

Network Aspects of Security 12

Mobile WiMAX Network Architecture 13

Network Reference Model 13

ASN Profile C and Security 15

ASN and CSN Interaction for Security 16

Connectivity Service Network (CSN) 18

Summary 19

2

Copyright Airspan Networks Inc. 2007



3/20

WHITEPAPER

Glossary

AAA Authentication, Authorization and Accounting

AES Advanced Encryption Standard

AK Authorization Key

AKA Authentication and Key Agreement

ASN Access Service Network

ASN GW ASN gateway

BS Base Station

CHAP Challenge Handshake Authentication Protocol

CSN Connectivity Service Network

EAP Extensible Authentication Protocol

EAP-AKA EAP-Authentication and Key Agreement

EAP-PSK EAP PreShared Key

EAP-SIM EAP-Subscriber Identity Module

EAP-TLS EAP-Transport Layer Security

EAP-TTLS EAP-Tunnelled Transport Layer Security

EMSK Enhanced Master Session Key

IP Internet Protocol

IPsec IP security

KEK Key Encryption Key

MAC Media Access Control

MIP Mobile IP

MS Mobile Station

MSK Master Session Key

3




4/20

WHITEPAPER

NAP Network Access Provider

NAS Network Access Server

NSP Network Service Provider

PAP Password Authentication Protocol

PEAP Protected EAP

PK Public Key

PKI Public Key Infrastructure

PKM Private Key Management

PMK Pairwise Master Key

PPP Point-to-Point Protocol

RADIUS Remote Authentication Dial In User Service

RSA Rivest-Shamir-Adleman

SA Security Associations

SIM Subscriber Identity Module

TEK Traffic Encryption Key

TLS Transport Layer Security

TTLS Tunnelled TLS

USIM Universal SIM

X.509 ITU-T standard for PKI digital certificates

4




5/20

WHITEPAPER

Abstract

Security is an important topic in telecommunications. It is even more important

when wireless systems are used because it is generally perceived that wireless

systems easier to attack than wireline systems.

For a ground-breaking broadband wireless standard such as WiMAX, addressing the

security concerns head-on and specifying credible solutions has been an important

objective. Lessons learnt from weaknesses in Wi-Fi security have been incorporated

into the IEEE 802.16 standard.

In this white paper we start by introducing the requirements and general principles

of security in wireless networks. We then present the data link security sublayerfunctions as defined by the IEEE 802.16e-2005 standard for the WiMAX air interface.

Finally, the Network Aspects of Security (page 12) and Mobile WiMAX Network

Architecture (page 13) sections deal with the network aspects of security in

accordance with the WiMAX Forum Network Reference Model (NRM).

5




6/20

WHITEPAPER

Introduction to Security in Wireless Networks

Security is an important concern for the network operator and the network user. The

network operator wants to know that the users and the devices connected to their

network are who they say they are (to prevent malicious attacks, user spoofing), that

they are accessing services that they are authorised to access and that the network

users pay for the services they have used. The network users want to ensure that their

privacy is protected, that the integrity of the data they send and receive is not

compromised, that they can access the services they have subscribed to and that they

are not over charged for those services.

In fact, the expectations of the network operator and the network user are not

contradictory but complimentary. Any well designed network needs to deliver these

perfectly reasonable expectations which can only be achieved by the equipment

vendors, system integrators and network operators working together and making the

right design choices. In table 1 below, we have summarised these security

expectations

Table 1 Security Expectations

6



Stakeholder Security Concern Comment

Privacy Protect fromeavesdropping

Data integrity Protect user data frombeing tampered intransit

Access to services User has the correctcredentials

Correct accounting Accuracy and efficiencyof accounting

User authentication Is the user who he sayshe is?

Device authentication Is the device thecorrect device?

Authorization Is the user authorizedto receive a particularservice?

Access control Only authorized usershave access to services

NetworkUser

NetworkOperator


7/20

WHITEPAPER Security is handled at multiple layers of the network, each layer handling a

complimentary aspect of security. Security functions can be mapped to different

layers of the OSI 7-layer model as shown in Figure 1 below.

Figure 1 Security functions at various network layers

The security sublayer specified by the IEEE 802.16e-2005 only deals with the Data

Link Layer security. Link Layer authentication and authorization ensures that the

network is only accessed by permitted users. Link Layer encryption ensures privacy

and protects traffic data from eavesdropping by unauthorised third parties.

Network Layer security measures protect the network from malicious attacks achieved

through the use of firewalls and AAA servers. RADIUS is the most widely usedprotocol for AAA interactions. Mobile WiMAX network architecture addresses the use

of these techniques by providing an AAA based secure roaming model.

The Transport and Application layers provide additional security measures as deemed

appropriate by the network operator, application service providers (ASPs) or the end

users themselves. The security measures employed at the higher layers are outside the

scope of this white paper.

7



7 Application LayerDigital signatures, certificates, end-

to-end security

4Transport Layer Transport layer security (TLS)

3 Network Layer IPsec, AAA infrastructure, RADIUS

2 Data Link Layer AES, PKI, X.509

1 Physical Layer WiMAX PHY


8/20

WHITEPAPER

Data Link Layer Security

Authentication

The Data Link Layer security functions encompass the essential functions of

authentication, authorization and encryption which take place between the end user

station [note that we will talk about mobile station (MS) but the same principles also

apply to subscriber stations (SS)] and the base station (BS) over the IEEE 802.16e-

2005 air interface.

Please note that in this section, for simplicity, we will attribute various security

functions to the BS. In reality all these functions may not reside in the BS and may be

performed in conjunction with other nodes in the network as will be explained indetail in the Mobile WiMAX Network Architecture section on page 13.

We will now consider how these functions are performed.

Authentication comes in two forms:

unilateral authentication where the BS authenticates the MS and

mutual authentication where the BS authenticates the MS and the MS

authenticates the BS

Every WiMAX implementation must have unilateral authentication. Experience has

shown that mutual authentication is also extremely useful to have.

Authentication is achieved using a public key interchange protocol which ensures not

only authentication but also the establishment of encryption keys. In public key

interchange schemes each participant must have a private key and a public key. The

Public key is known widely whereas the private key is kept secret.

WiMAX 802.16e-2005 standard defines a Privacy Key Management (PKM) protocol

which allows for three types of authentication:

a RSA based authentication - X.509 digital certificates together with RSA encryption

b EAP based authentication (optional)

c RSA based authentication followed by EAP authentication

PKM authentication protocol establishes a shared secret key called Authorization Key

(AK) between the MS and the BS. Once a shared AK is established between the BS

and the MS, Key Encryption Key (KEK) is derived from it. KEK is then used to encrypt

subsequent PKM exchanges of Traffic Encryption Key (TEK).

8




9/20

WHITEPAPER In the RSA based authentication, a BS authenticates the MS by virtue of its unique

X.509 digital certificate which has been issued by the MS manufacturer. The X.509

certificate contains the MSs Public Key (PK) and its MAC address. When requesting

an AK, the MS sends its digital certificate to the BS which validates the certificate and

then uses the verified PK to encrypt an AK which is then sent back to the MS. All MSs

that use RSA authentication have factory installed private/public key pairs (or an

algorithm to generate the keys dynamically) together with factory installed X.509

certificates.

In the case of EAP based authentication the MS is authenticated either through a

unique operator issued credential, such as a SIM or though an X.509 certificate as

described above. The choice of authentication method depends on the operators

choice of type of EAP as follows:

EAP-AKA (Authentication and Key Agreement) for SIM based authentication,

EAP-TLS for X.509 based authentication

EAP-TTLS for MS-CHAPv2 (Microsoft-Challenge Handshake Authentication Protocol)

The BS associates the MSs authenticated identity to a paying subscriber and hence to

the services the subscriber is authorized to access. Thus, through the exchange of AK,

the BS determines the authenticated identity of the MS and the services it isauthorized to access.

Security Association

A Security Association (SA) is defined as the set of security information shared

between a BS and one or more of the MSs connected to that BS in order to support

secure communications across the WiMAX access network.

Three types of SA have been defined, primary, static and dynamic. Each MS

establishes a primary SA during the MS initialization phase. Static SAs are provided

within the BS. Dynamic SAs are created and destroyed in real time in response to the

creation and termination of service flows. Each MS can have several service flows onthe go and can therefore have several dynamic SAs. The BS makes sure that the

assigned SAs are compatible with the service types the MS is authorised to access.

9




10/20

WHITEPAPER Authorization

Following authentication, MS requests authorization from the BS. This is a request for

an AK as well as for an SA identity (SAID). The Authorization Request includes MSs

X.509 certificate, encryption algorithms and cryptographic ID.

In response, the BS carries out the necessary validation (by interacting with an AAA

server in the network) and sends back an Authorization reply which contains the AK

encrypted with the MSs public key, a lifetime key and an SAID. These processes are

further discussed in the Mobile WiMAX Network Architecture section on page 13.

After the initial authorization, the AAA via the BS periodically reauthorizes the MS.

Traffic Encryption

As we have seen above, the authentication and authorization process results in the

assignment of and Authorization Key, which is 160 bits long. The Key Encryption Key

is derived directly from the AK and is 128 bits long. The KEK is not used for

encrypting traffic data; for this we require the Traffic Encryption Key which is

generated as a random number in the BS using the TEK encryption algorithm where

KEK is used as the encryption key. TEK is then used for encrypting the data traffic.

10




11/20

WHITEPAPER Summary

Table 2 below summarises how the mobile WiMAX standard addresses the security

requirements summarised in Table 1 on page 6 above.

Table 2 How WiMAX standard addresses security expectations

11



Stakeholder Security Concern Comment How does WiMAXaddress it?

Privacy Protect from RSA encryption,eavesdropping EAP-TLS, PKM protocol

Data integrity Protect user data from RSA encryption,being tampered in EAP-TLS, PKM protocoltransit

Access to services User has the correct X.509, EAPcredentials

Correct accounting Accuracy and efficiency AAA architectureof accounting

User authentication Is the user who he says X.509, EAP-TTLShe is?

Device authentication Is the device the X.509, EAP-TTLScorrect device?

Authorization Is the user authorized RSA, EAP, PKMv2to receive a particular protocolservice?

Access control Only authorized users RSA, EAP, PKMv2have access to services protocol

NetworkUser

NetworkOperator


12/20

WHITEPAPER

Network Aspects of Security

Up until now we have considered the security related interactions and protocols

between the SS and the BS. Now lets consider what happens at the network level

and where the intelligence may reside.

Figure 2 below shows a typical access control architecture.

Figure 2 Typical access control architecture

Extensible Authentication Protocol (EAP) defined by IETF (RFC 3748) is a flexible

framework which allows complex authentication protocols to be exchanged between

the end user and the authenticator.

In WiMAX, between the MS and the BS EAP runs over the WiMAX PHY and MAC

utilising the PKMv2 protocol as defined in 802.16e-2005. If the authenticator

function is not in the BS, the BS relays the authentication protocol to the

authenticator (in the Access Services Network).

From the authenticator to the authentication server (typically in the Home

Connectivity Service Network) EAP is carried over RADIUS.

RADIUS is a widely used standard. It has a client/server architecture and utilises UDP

messages. The authentication server is also the RADIUS server, whereas the

authenticator acts as a RADIUS client. In addition to authentication, RADIUS also

supports authorization and accounting functions.

12



Mobile Station(MS)

IP

Cloud

AuthenticationServer

Authenticator

EAP

AAA - RADIUS

EAP

WiMAX Link Layer


13/20

WHITEPAPER

Mobile WiMAX Network Architecture

We will now consider this Mobile WiMAX network architecture as defined by the IEEE

802.16e-2005 standard from a security point of view and map the concepts from

earlier sections onto this network architecture.

Network Reference Model

Mobile WiMAX end-to-end network architecture model follows the Network

Reference Model (NRM), the first release of which is shown below. The NRM was

developed by WiMAX Forums Network Working Group (NWG).

Figure 3 Mobile WiMAX Network Reference Model

13



Another ASNOther

OperatorsCSN

Mobile Station(MS)

BS

BS

ASNGW(FA)

IPCloud

IPCloud

AAA HA

IMS

CRM Billing

CSNConnectivity Service Network

ASNAccess Service Network

NAPNetwork Access Provider

HOME NSPNetwork Service Provider

R5R4

R1

R2

R3

R6

R6

R8

Internet

ASPs

Legacy CoreNetworks

2G/3G MobileNetworks


14/20

WHITEPAPER Network Reference Model reference points are summarised in the table below:

The IEEE 802.16e-2005 standard calls for the ability to manage subscriber mobilityat a number of layers as well as to authenticate, account and apply policy on a

per subscriber basis. This is achieved by dividing the WiMAX network into two

main parts:

Access Service Network (ASN) and

Connectivity Service Network (CSN).

The ASN consists of the WiMAX base stations and the ASN Gateway, whereas, the

CSN is at the core of the network providing control and management functions such

as AAA, DHCP, FTP and IMS.

A key element of the ASN is the ASN Gateway, which controls and aggregates thetraffic from one or more WiMAX base stations, and managing handover between

them, which includes maintaining authentication, service flows and key distribution

between base stations.

14


R1 Interface between the MS and the ASNFunctionality: air interface

R2 Interface between the MS and the CSNFunctionality: AAA, IP host configuration, mobility management

R3 Interface between the ASN and CSNFunctionality: AAA, policy enforcement, mobility management

R4 Interface between ASNs

Functionality: mobility managementR5 Interface between CSNs

Functionality: internetworking, roaming

R6 Interface between BTS and ASN gatewayFunctionality: IP tunnel management to establish and release MS connection

R8 Interface between Base stationsFunctionality: handoffs

Table 3 NRM Reference Point Summary



15/20

WHITEPAPER ASN Profile C and Security

The NWG has defined three ASN profiles, referred as profile A, B and C from which

vendors and service providers can select their preferred solution. Profile A and C both

use centralized ASN Gateways, however, in Profile C the base stations are responsible

for implementing the Radio Resource Management (RRM) and Handover

management functions. Profile B embeds the key ASN functionality inside the base

station, which removes the need for a centralised ASN gateway. Recently Profile A has

been withdrawn leaving just Profiles B and C. Airspan currently offers profile C

compliant solutions in collaboration with the specialist ASN Gateway vendor Starent.

Airspans ASN Gateway portfolio is called ControlMAX.

Table 4 below maps the functionality split (including the security functionality) of ASN

between the BS and the ASN Gateway for an ASN profile C implementation.

Table 4 ASN Profile C functionality split for

15



Category Function ASN Profile C

BS ASN GW

Security Authenticator

Authentication relay

Key distributor

Key receiver

Data path function

Handover control

Context server and client

MIP foreign agent

Radio resource controller

Radio resource agent

Paging Paging controller

Paging agent

Quality of service SF authorisation

SF manager

Handoff

Management

Radio Resource

Management (RRM)


16/20

WHITEPAPER For an ASN Profile C implementation, the interactions between the BS and ASN

Gateway over R6 for discharging the security functions are shown in Figure 5 below.

Figure 5 ASN Profile C security architecture

ASN and CSN Interaction for Security

Connectivity Service Network (CSN) is the core of the network. It controls and

manages the ASNs and the subscribers with a variety of services such as AAA, Home

Agent functions, DHCP server, etc. CSN is also responsible for connecting to other

operators networks and enables inter-operator and inter-technology roaming.

Figure 6 below shows the protocol stack for AAA in mobile WiMAX network

implementation. It is worth noting that EAP layer operates over the R1/R3/R5

reference points and the EAP methods (AKA, TSL/TTLS) operate over R2.

16



AuthenticationRelay

Base Station

Key receiver

Authenticator

ASN Gateway

Key distributor

ASN (Profile C)

AAA Server

R6

Authenticationkey transfer

protocol

Authenticationrelay protocol


17/20

WHITEPAPER

Figure 6 Protocols for Mobile WiMAX AAA

When authentications of both the end user and the device need to be performed and

these authentications terminate in different AAA servers, the favoured approach in

PKMv2 is to use EAP-TTLS instead of double authentication.

In double authentication, first device authentication then user EAP authentication

takes place before the MS is allowed access to IP services. In EAP-TTLS authentication

however, double authentication is dispensed with and by virtue of tunnelling to the

appropriate AAA server, the same AAA server is used for both, thus shortening the

authentication process.

17



EAP-TLS, EAP-TTLS, PEAP

EAP

AAA Protocol

UDP/IP

MS BS ASN GW AAA Proxy AAA Server

PKM v2 EAP

802.16

Authentication

relay encapsulation

protocol

ASN Visited CSN Home CSN


18/20

WHITEPAPER Service Flow Management and Authorization

Service Flow Management (SFM) and Service Flow Authorization (SFA) are the logical

functional entities, closely associated with QoS, located in the ASN that act as policy

enforcement and policy decision points. For ASN Profile C, the SFM function is

located in the BS and the SFA function is located at the ASN GW.

The Service Flow Manager (SFM) located in the BS is responsible for the creation,

admission, activation, modification, and deletion of IEEE 802.16e-2005 service flows.

It consists of an Admission Control (AC) function, data path function and the

associated local resource information. AC decides whether a new service flow can beadmitted to the system.

Service Flow Authorization (SFA) is located at the ASN GW and is responsible for

evaluating any service request against the subscriber's QoS profile. If the SFA already

has the user QoS profile then it evaluates the incoming service requests against the

users profile. If the SFA does not have the user profile then it sends the service

request to the Policy Function (PF) for decision making. The Policy Functions (PFs) and

its associated database reside in the CSN of both the home and the visited network.

18




19/20

WHITEPAPER

Summary

In this white paper we set out to de-mystify the whole topic of wireless security and

to put it into some kind context that makes it easier to understand the key concepts.

Security is of crucial importance in deploying a successful mobile WiMAX network. It

is an important issue both for the end users and the network operators and must be

addressed and resolved from Day 1.

In the past there have been well publicised security loopholes in security

implementations. IEEE 802.16e-2005 standard has embraced the lessons learnt and

has specified a comprehensive set of solutions. It is up to the equipment vendors,

systems integrators and network operators to work together to implement anetwork-wide security policy appropriate for the network.

19




20/20

WHITEPAPER

Worldwide Headquarters:

Airspan Networks Inc.

777 Yamato Road, Suite 105,

Boca Raton, FL 33431-4408, USA

Tel: +1 561 893 8670 Fax: +1 561 893 8671

Main Operations:

Airspan Communications Limited

Cambridge House, Oxford Road

Uxbridge, Middlesex, UB8 1UN, UK

Tel: +44 (0) 1895 467 100 Fax: +44 (0) 1895 467 101

For more information about Airspan, its

products and solutions, please visit our

website:

www.aispan.com

Or write to us at one of the addresses below.

We will be delighted to send you additiopnal

information on any of our products and their

applications around the world.

Airspan has sales offices in

the following countries:

Europe

Finland

Poland

Russia

United Kingdom

Middle East

United Arab Emirates

Africa

South Africa

Asia Pacific

Australia

China

Indonesia

Japan

Philippines

Sri Lanka

Documents

WP Mobile WiMAX Security