Upload
behroz-zarrinfar
View
37
Download
1
Tags:
Embed Size (px)
Citation preview
2
What is Wimax? Wireless Network Standard Wimax History Wimax Architecture
Wimax Security Architecture Security Sub Layer Security Mechanisms
Wimax Security Issue Reference
Topic
3
Wireless PAN
IEEE 802.15
Bluetooth&
ZigBee
Wireless Lan
IEEE 802.11
Wi-Fi(Wireless Fidelity)
Wireless MAN
IEEE 802.16
Wimax ( WorldWide
Interoperability For Microwave Access )
Wireless Network Standard
استانداردهاي تجهيزات بيسيم
Also known Low Rate Wireless PAN Properties:• Data Rate Maximum 250 Kbps• Range 10 to 100 Meters• Low Cost• Low power consumption• Frequency 2.4 GHz• ZigBee Next Generation Of
Bluetooth
4
Wireless PAN
5
Also known WLAN or WiFi Properties: • 802.11 Protocol kind :
a,b,g,n,ac,ad,af,ah• Data Rate Maximum 6.75 Gbps in
802.11ad• Range indoor from 20 to 60 meters• Range outdoor from 100 to 1000
meters• High Cost• Frequency 2.4 , 3.6 , 5 ,60 GHz
Wireless LAN
6
Wimax Standard History
IEEE 802.16 (2001) Frequency 10 – 66 GHZ (Line-of-Sight) Base Wimax
IEEE 802.16d (July 2004) Fixed Wimax Data Rate 70 Mbps
IEEE 802.16e (2005) Mobile Wimax Data Rate 15 Mbps
IEEE 802.16m (2011 ) Also known as Wimax Release 2 or WirelessMAN-
Advanced Mobile & Fix Wimax Data Rate 100 Mbps for Mobile and 1 Gbps for Fix
7
Providing portable mobile broadband connectivity across cities and countries through a variety of devices.
Providing a wireless alternative to cable and Digital Subscriber Line (DSL) for far broadband access.
Providing data, telecommunications (VoIP) and IPTV services Providing
a source of Internet connectivity as part of a business continuity plan.
Wimax Uses
کاربردهاي وايمکس
8
Wimax Architecture
WiMax can provide two forms of wireless service: none-line-of-sight and line-of-sight.
WiMax system includes two main parts WiMax receiver and WiMax tower.
Wimax Receiver : Subscriber Station (SS) // ايستگاه مشترک Wimax Tower : Base Station (BS) // ايستگاه پايه
9
Two main layers: Medium Access Control (MAC) layer and Physical layer (PHY).
SAPs (Service Access Point) are interfacing points. Mac layer have three Sub Layer : Convergence , Common
Part , Security ( Privacy )
Wimax Architecture
WiMAXتوضيحات در رابطه به دو اليه موجود در معماري پروتکل
10
Convergence Sub-layer (CS) maps higher level data services to MAC layer service flows and connections.
There are two type of CS : ATM CS which is designed for ATM network and service. Packet CS which supports Ethernet, point-to-point protocol (PPP), both
IPv4 and IPv6 internet protocols, and virtual local area network (VLAN).
Common Part Sub-layer (CPS) defines the rules and mechanisms for system access, bandwidth allocation and connection management, uplink scheduling, bandwidth request and grant, connection control and automatic repeat request (ARQ)
Security Sub-layer lies between MAC CPS and PHY layer. This sub-layer is responsible for encryption and decryption of data traveling to and from the PHY layer, and it is also used for authentication and secure key exchange.
Wimax Architecture
معماري پروتکل MACتوضيحات در رابطه به سه زيراليه موجود در اليه WiMAX
11
BS : Base Station SS : Sub Scriber Station X.509 : Digital certificate serving AK : Authorization Key SAID : Security Association ID TEK : Transport Encryption Key KEK : Key Encryption Keys HMAC : Hashed Message
Authentication Code AAA : Authentication , Authorization
, Accounting
Terms
X.509 Certificate
12
Three main features of security are: Authentication Authorization Traffic Encryption
Authentication Technique: Privacy & Key Management Protocols (PKM) Rivest-Shamir-Adleman (RSA) Extensible Authentication Protocol (EAP)
Authorization Technique: Security Associations (SA’s) are used to authorize user. Authorization include request for Authentication Key
and SA-Identity in exchange for subscriber’s certificate, encryption algorithm and cryptographic ID.
Traffic Encryption Technique: All the traffic between Subscriber Station (SS) and Base
Station (BS) is encrypted with Traffic Encryption Key.
Wimax Security Architecture
13
Wimax Security StepsStep 1: Authentication And Authorization
Base Station (BS)SubScriber Station (SS)
Message1: ( X.509 Manufacturer Certificate)
Message2: ( X.509 Certificate , Security Capabilities , SAID)
Message3: (Authorization SA ,AK )
گام اول ارتباط: درخواست ارتباط از ايستگاه مشترک به ايستگاه پايه
14
Wimax Security StepsStep 2: Key Exchange
Base Station (BS)SubScriber Station (SS)
Message1: (SAID, HMAC (1))
Message2: (SAID, HMAC (2))
Message3: (SAID, OldTEK, NewTEK, HMAC (3))
گام دوم ارتباط: تبادل کليد مابين ايستگاه مشترک و ايستگاه پايه
AAA Server
15
Wimax Security StepsStep 3: Traffic Encryption
Base Station (BS) SubScriber Station (SS)
Data Encrypted With TEK
Data Encrypted With TEK
Data stream is encrypted with the TEK when travelling to or from BS. The data stream can be encrypted using:
DES AES
TEK is shared during Key Exchange process and is encrypted using KEK. It can be encrypted using: 3 DES RSA AES
گام سوم ارتباط: تبادل داده بين دو ايستگاه با استفاده از TEKرمزگذاري
16
WiMax/802.16 is vulnerable to physical layer attacks such as jamming and scrambling.
Jamming is reducing the channel capacity. Scrambling is a sort of jamming, but for
short intervals of time and targeted to specific frames or parts of frames.
Intercept the radio signals in air.
Wimax Security IssueIn PHY Layer
مشکالت امنيتي وايمکس : در اليه فيزيکيارسال پارازيت دائمي1)ارسال پارازيت موقت2)قطع سيگنال3)
17
The attacker will be attack the link during authentication or key exchange process.
Wimax Security IssueIn MAC Layer
Base Station (BS)
SubScriber Station (SS)
MAN-IN-Middle
Original Connection
New Connection
18
Authentication of the SS (Man-in-the-Middle and Forgery) SS authenticates itself through its certificate, however, the BS does not . Rogue BS could place himself between SS and real BS and try to force SS
to authenticate itself and initiate a session by transferring an AK (forgery attack).
The attacker can generate his own Authorization Reply Message containing a self-generated AK and thus gain control over the communication of the attacked SS.
Wimax Security IssueIn MAC Layer
مشکالت امنيتي در وايمکس در هنگام احراز هويت
19
Key Exchange Phase-Attacks Attacker can act as a false BS for subscriber and issue
self generated keys to take over communication Attacker can act as false subscriber to request to renew
the keys again.
Wimax Security IssueIn MAC Layer
مشکالت امنيتي در وايمکس در هنگام تبادل کليد
20
Replay and DoS Attack against SS The SS send Authentication Information Messages to transmit all
relevant information to the BS. The BS responds to the last message with an Authorization Reply
Message. The BS can fall victim to a replay attack by which the attacker
intercepts an Authorization Request Message from an authorized SS and stores it.
He will not be able to derive the AK from the Authorization Response Message (since he does not possess the associated private key), he can repeatedly send the message to the BS, burdening the BS with the effect that this declines the real/authentic SS. This is a Denial-of-Service-Attack against the SS.
Wimax Security Issue
مشکالت امنيتي در وايمکس در نوع حمالت انکار سرويس
21
Tao Han, Ning Zhang, Kaiming Liu, Bihua Tang, and Yuan'an Liu. Analysis of mobile wimax security: Vulnerabilities and solutions. 5th IEEE International Conference on Mobile Adhoc and Sensor Systems, Sep 2008.
Evren Eren, "WiMAX Security Architecture - Analysis and Assessment" IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications Dortmund, Germany 6-8 September 2007.
Mahmoud Nasreldin, Heba Aslan, Magdy El-Hennawy, Adel El-Hennaey, "WiMAX Security", Proceedings of the 22nd International Conference on Advanced Information Networking and Applications, pp. 1335-1340, 2008.
Reference