STUDY OF WIMAX TECHNOLOGY, ITS ARCHITECTURE & SECURITY ISSUES Introduction of WiMAX 1.1 Introduction The explosive growth of the Internet over the last decade has lead to an increasing demand for high-speed, ubiquitous Internet access. Broadband Wireless Access (BWA) is increasingly gaining popularity as an alternative "last-mileâ&#x20AC;? technology to DSL lines and cable modems. Following the hugely successful global deployment of the 802.11wireless Local Area Network (LAN) standard, deployment of the IEEE 802.16d wireless Metropolitan Area Network (MAN) standard is currently in progress. This technology aims to provide fixed broadband wireless access to residential and small business applications, as well as enable Internet access in countries without any existing wired infrastructure in place. Standardization efforts are also underway for the 802.16e version that attempts to provide mobility to the end user in a MAN environment. The WiMAX Four (Worldwide Interoperability for Microwave Access) is an industry-led, non-profit corporation formed to promote and certify compatibility and interoperability of broadband wireless products. The organization is a non-profit association formed in 2003 by equipment and component Suppliers to promote the adoption of IEEE 802.16 compliant equipment by operators of broadband wireless access systems. 1.2 Definition WiMAX (Worldwide Interoperability for Microwave Access) is a wireless digital communications system. It is also known as IEEE 802.16 which is intended for â&#x20AC;&#x153;Wireless Metropolitan Area Networks" by the WiMAX Forum, formed in June 2001. WiMAX can provide Broadband Wireless Access (BWA) up to 30 miles (50 km) for fixed stations, and 3 10 miles (5 - 15 km) for mobile stations. In contrast, the Wi-Fi/802.11 wireless local area network standard is limited in most cases to only 100 - 300 feet (30 - 100m). WiMAX is a second-generation protocol that allows for more efficient bandwidth use, interference avoidance, and is intended to allow higher data rates over longer distances. The IEEE 802.16 standard defines the technical features of the communications protocol. The WiMAX Forum offers a means of testing manufacturer's equipment for compatibility, as well as an industry group dedicated to fostering the development and commercialization of the technology. WiMAX.com provides a focal point for consumers, service providers, manufacturers, analysts, and researchers who are interested in WiMAX technology, services, and products. Soon, WiMAX will be a very well recognized term to describe wireless Internet access throughout the world. 1.3 Type of WiMAX Basically there are two types of WiMAX technology. These are: -Fixed WiMAX -Mobile WiMAX 1.3.1 Fixed WiMAX Fixed WiMAX defines as 802.16d.WiMAX provides fixed service from a base station to a subscriber station, also known as Customer Premise Equipment (CPE). Some goals for WiMAX include a radius of service coverage of 18 miles from a WiMAX base station for point-to-multipoint, non-line-of-sight service. This service should deliver approximately 40 megabits per second (Mbps) for fixed access applications. For better understanding the type, we can have a look at the Figure 1.1, which clearly shows the snapshot of fixed wireless technology.
Figure: 1.1 Fixed WiMAX Access Network 1.3.2 Mobile WiMAX Mobile WiMAX or 802.16e standard was ratified by the IEEE in late 2005 as a potential to emerge as a real viable competitor to existing 3G technologies. This standard however, was based on a different formulation of OFDM than that chosen for the first product profile of 802.16-2004. The 802.16-2004 standards support both formulations-however, the OFDM 256FFT system was chosen for 802.16-2004.WiBro/Mobile WiMAX uses an OFDMAâ&#x201E;˘ technology called 1K-FFT. Service for the WiBro/Mobile WiMAX standard is in the 2.3 GHz spectrum range at least in Korea WiBro/Mobile. The next version of WiMAX 802.11m will incorporate even more mobile capabilities, bandwidth capacity and technology changes to improve mobile capability.
Figure: 1.2 Mobile WiMAX Technologies 1.4 WiMAX Standards IEEE 802.16: Broadband Wireless MAN Standard (WiMAX). The IEEE 802.16 defines the wireless Metropolitan Area Network (MAN) technology which is branded as WiMAX. The 802.16 includes two sets of standards, 802.16-2004 (802.16d) for fixed WiMAX and 802.162005(802.16e) for mobile WiMAX. The WiMAX wireless broadband access standard provides the missing link for the "last mile" connection in metropolitan area networks where
DSL, Cable and other broadband access methods are not available or too expensive. WiMAX also offers an alternative to satellite Internet services for rural areas and allows mobility of the customer equipment. IEEE 802.16 standards are concerned with the air interface between a subscriber's transceiver station and a base transceiver station. The fixed WiMAX standard which provides fixed, point-to-multi point broadband wireless access service and its product profile utilizes the OFDM 256-FFT (Fast Fourier Transform) system profile. The fixed WiMAX 802.162004 standard supports both Time Division Duplex (TDD) and Frequency Division Duplex (FDD) services - the latter of which delivers full duplex transmission on the same signal if desired. IEEE 802.16e, based on the early WiMAX standard 802.16a, adds mobility features to WiMAX in the 2 to 11 GHz licensed bands. 802.16e allows for fixed wireless and mobile Non Line of Sight (NLOS) applications primarily by enhancing the OFDMA (Orthogonal Frequency Division Multiple Access). IEEE 802.16 and WiMAX are designed as a complimentary technology to Wi-Fi and Bluetooth. The following table provides a quick comparison of 802.16 with to 802.11(WLAN) and 802.15.1 (Bluetooth): Table: 1.1 WiMAX Standards IEEE802.16d Parameters (802.16-2004 Fixed WiMAX) Frequency 2-66GHz Band: Range ~31 miles Maximum Data ~134 Mbps rate: Number of Thousands users:
IEEE802.16e (802.16-2005 Mobile WiMAX)
2 - 11GHz ~31 miles
2.4 â&#x20AC;&#x201C; 5.8GHz 2.4GHz ~100 meters ~10meters
1.5 Data Transmission Rates WiMAX supports very robust data throughput. The technology at theoretical maximums could support approximately 75 Mbps per channel (in a 20 MHz channel using 64QAM Âž code rate). Real world performance will be considerably lower perhaps maxing out around 45 Mbps/channel in some fixed broadband applications. WiMAX is often cited to possess a spectral efficiency of 5 bps/Hz, which is very good in comparison to other broadband wireless technologies, especially 3G. In practical terms, Sprint has stated that it intends to deliver service at 2 Mbps to 4 Mbps to its customers with Mobile WiMAX.The higher the frequency, the greater the bandwidth delivery potential and the shorter range potential. Lower frequencies enjoy much greater range capability, but trade that off with much lower bandwidth potential also, clear wire has stated that it believes it can deliver upwards of 10-15 Mbps once it has access to the full Sprint panoply of spectrum in addition to its own and once it has shifted to mobile WiMAX. WiMAX Architecture 2.1 WiMAX Architecture
The following section will provide a simple overview of wireless concepts and nomenclature to help the reader understand how WiMAX works and will assist the reader in communicating with the WiMAX industry. There are two scenarios for a wireless deployment: A) Point-to-point B) Point-to-Multipoint 2.1.1 Point-to-point Point to point is used where there are two points of interest: one sender and one receiver. This is also a scenario for backhaul or the transport from the data source (data center, co-lo facility, fiber POP, Central Office, etc) to the subscriber or for a point for distribution using point to multipoint architecture. Backhaul radios comprise an industry of their own within the wireless industry. As the architecture calls for a highly focused beam between two points range and throughput of point-to point radios will be higher than that of point-to-multipoint products.
Figure 2.1: Point-to point and point-to-multipoint configurations 2.1.2 Point-to-Multipoint As seen in the figure above, point-to-multipoint is synonymous with distribution. One base station can service hundreds of dissimilar subscribers in terms of bandwidth and services offered. 2.2 Line of sight or Non-line of sight Earlier wireless technologies (LMDS, MMDS for example) were unsuccessful in the mass market as they could not deliver services in non-line-of-sight scenarios. This limited the number of subscribers they could reach and, given the high cost of base stations and CPE, those business plans failed. WiMAX functions best in line of sight situations and, unlike those earlier technologies, offers acceptable range and throughput to subscribers who are not line of sight to the base station. Buildings between the base station and the subscriber diminish the range and throughput, but in an urban environment, the signal will still be strong enough to deliver adequate service. Given WiMAX ability to deliver services non-line-ofsight, the WiMAX service provider can reach many customers in high-rise office buildings to achieve a low cost per subscriber because so many subscribers can be reached from one base station.
Figure 2.2: Difference between line of sight and non-line of sight 2.3 The layer of WiMAX Basically there are two layer of WiMAX technology. These are 1) Physical layer 2) Medium Access Control (MAC) layer 2.3.1 Physical layer
Figure: 2.3 Physical layer of WiMAX The WiMAX physical layer is based on orthogonal frequency division multiplexing. OFDM is the transmission scheme of choice to enable high-speed data, video and multimedia communications and is used by a variety of commercial broadband systems, including DSL, Wi-Fi, Digital Video Broadcast-Handheld (DVB-H), and Media FLO, besides WiMAX. OFDM is an elegant and efficient scheme for high data rate transmission in a nonline-of-sight or multi-path radio environment. From the above Figure 2.3 we can realize the Physical Layer of WiMAX.
220.127.116.11 Adaptive Modulation and Coding in WiMAX WiMAX supports a variety of modulation and coding schemes and allows for the scheme to change on a burst-by-burst basis per link, depending on channel conditions. Using the channel-quality feedback indicator, the mobile can provide the base station with feedback on the downlink channel quality. For the uplink, the base station can estimate the channel quality, based on the received signal quality. 18.104.22.168 PHY-Layer Data Rates Because the physical layer of WiMAX is quite flexible, data rate performance varies based on the operating parameters. Parameters that have a significant impact on the physical-layer data rate are channel bandwidth and the modulation and coding scheme used. Other parameters, such as number of sub-channels, OFDM guard time, and over-sampling rate, also have an impact. 2.3.2 Medium Access Control (MAC) layer
Figure- 2.4 MAC layer of WiMAX The IEEE 802.16 MAC was designed for point-to-multipoint broadband wireless access applications. The primary task of the WiMAX MAC layer is to provide an interface between the higher transport layers and the physical layer. The MAC layer takes packets from the upper layer. These packets are called MAC Service Data Units (MSDUs) & organize them into MAC Protocol Data Units (MPDUs) for transmission over the air. For received transmissions, the MAC layer does the reverse. The IEEE 802.16-2004 and IEEE 802.16e-2005 MAC design includes a convergence sub-layer that can interface with a variety of higher-layer protocols, such as ATM TDM Voice, Ethernet, IP and any unknown future protocol. The 802.16 MAC is designed for pointto-multipoint (PMP) applications and is based on collision sense multiple access with collision avoidance (CSMA/CA).
The MAC incorporates several features suitable for a broad range of applications at different mobility rates, such as the following: Privacy Key Management (PKM) for MAC layer security. PKM version 2 incorporates support for Extensible Authentication Protocol (EAP). Broadcast and multicast support. Manageability primitives. High-speed handover and mobility management primitives. Three power management levels, normal operation, sleep and idle. Header suppression, packing and fragmentation for efficient use of spectrum. These features combined with the inherent benefits of scalable OFDMA make 802.16 suitable for high-speed data and burst or isochronous IP multimedia applications. Support for QoS is a fundamental part of the WiMAX MAC-layer design. WiMAX borrows some of the basic ideas behind its QoS design from the DOCSIS cable modem standard. Strong QoS control is achieved by using a connection-oriented MAC architecture, where all downlink and uplink connections are controlled by the serving BS. 2.4 Integration with an IP based Network
Figure- 2.5 IP Base network of WIMAX The WiMAX Forum has proposed an architecture that defines how a WiMAX network can be connected with an IP based core network, which is typically chosen by operators that serve as Internet Service Providers (ISP); Nevertheless the WiMAX BS provide seamless integration capabilities with other types of architectures as with packet switched Mobile Networks. For better understanding the type, we can have a look at the Figure 2.5, which clearly shows the snapshot of IP Base network of WIMAX. The WiMAX forum proposal defines a number of components, plus some of the interconnections (or reference points) between these, labeled R1 to R5 and R8: -SS/MS: the Subscriber Station/Mobile Station -ASN: the Access Service Network
-BS: Base station, part of the ASN -ASN-GW: the ASN Gateway, part of the ASN -CSN: the Connectivity Service Network -HA: Home Agent, part of the CSN -AAA: Authentication, Authorization and Accounting Server, part of the CSN -NAP: a Network Access Provider -NSP: a Network Service Provider It is important to note that the functional architecture can be designed into various hardware configurations rather than fixed configurations. For example, the architecture is flexible enough to allow remote/mobile stations of varying scale and functionality and Base Stations of varying size - e.g. femto, pico, and mini BS as well as macros. WiMAX Application 3.1 WiMAX Applications WiMAX is the most important technology in the world. WiMAX has following application. 3.1.1 WiMAX VoIP A fixed wireless solution not only offers competitive internet access, it can do the same for telephone service thus further bypassing the telephone company's copper wire network. Voice over Internet Protocol (VoIP) offers a wider range of voice services at reduced cost to subscribers and service providers alike. The diagram below Figure 3.1 illustrates a typical solution where a WiMAX service provider can obtain wholesale VoIP services at about $5/number/month and resell to enterprise customers at $50.
Figure: 3.1 VoIP - The â&#x20AC;&#x153;Killer appâ&#x20AC;? for WiMAX 3.1.2 Digital Television
WiMAX lets us deliver a 100% digital picture, room shaking sound and so much more. Once viewer got Sling Digital TV, they never want to go back to IP or satellite. With over 300 channels originating from more than 80 countries, the ultimate entertainment for the true TV lover, Sling IPTV features 31 commercial-free premium movie channels from Showtime, Star Movie Pack, HBO and Cinemas; NBA TV and all the great programming. Sling IPTV also offers the greatest range of local and â&#x20AC;&#x153;Internationalâ&#x20AC;? television available on any one network. 3.1.3 Internet Service Provider An Internet service provider (ISP), also sometimes referred to as an Internet access provider (IAP), is a company that offers its customers access to the Internet. The ISP connects to its customers using a data transmission technology appropriate for delivering Internet Protocol Paradigm, such as dial-up, DSL, cable modem, wireless or dedicated high-speed interconnects. ISPs may provide Internet e-mail accounts to users which allow them to communicate with one another by sending and receiving electronic messages through their ISP's servers. ISPs may provide services such as remotely storing data files on behalf of their customers, as well as other services unique to each particular ISP. 22.214.171.124 End-user-to-ISP connection ISPs employ a range of technologies to enable consumers to connect to their network. For users and small businesses, the most popular options include dial-up, DSL (typically Asymmetric Digital Subscriber Line, ADSL), broadband wireless, cable modem, fiber to the premises (FTTH), and Integrated Services Digital Network (ISDN) (typically basic rate interface). For customers with more demanding requirements, such as medium-to-large businesses, or other ISPs, DSL (often SHDSL or ADSL), Ethernet, Metro Ethernet, Gigabit Ethernet, Frame Relay, ISDN (BRI or PRI), ATM, satellite Internet access and Synchronous Optical Networking (SONET) are more likely to be used.
Figure: 3.2 Internet connectivity options from end-user to Tier 3/2 ISP's Typical home user connection -Broadband wireless access -Cable Internet -Dial-up
-ISDN -Modem -DSL -FTTH -Wi-Fi Typical business-type connection -DSL -Ethernet technologies -Leased line -SHDSL
126.96.36.199 ISP interconnection
Figure: 3.3 Internet Connections Just as their customers pay them for Internet access, ISPs themselves pay upstream ISPs for Internet access. An upstream ISP usually has a larger network than the contracting ISP and/or is able to provide the contracting ISP with access to parts of the Internet the contracting ISP by itself has no access to. In the simplest case, a single connection is established to an upstream ISP and is used to transmit data to or from areas of the Internet beyond the home network; this mode of interconnection is often cascaded multiple times until reaching a Tier 1 carrier. In reality, the situation is often more complex. ISPs with more than one Point of Presence (PoP) may have separate connections to an upstream ISP at multiple PoPs, or they may be customers of multiple upstream ISPs and may have connections to each one of them at one or more point of presence. 188.8.131.52 Peering
SPs may engage in peering, where multiple ISPs interconnect at peering points or Internet Exchange points (IXs), allowing routing of data between each network, without charging one another for the data transmitted—data that would otherwise have passed through a third upstream ISP, incurring charges from the upstream ISP. ISPs requiring no upstream and having only customers (end customers and/or peer ISPs) are called Tier 1 ISPs. Network hardware, software and specifications, as well as the expertise of network management personnel are important in ensuring that data follows the most efficient route, and upstream connections work reliably. A tradeoff between cost and efficiency is possible. 184.108.40.206 Virtual ISP A Virtual ISP (VISP) is an operation which purchases services from another ISP (sometimes called a "wholesale ISP" in this context) which allow the VISP's customers to access the Internet using services and infrastructure owned and operated by the wholesale ISP. 220.127.116.11 Free ISP Free ISPs are Internet Service Providers (ISPs) which provide service free of charge. Many free ISPs display advertisements while the user is connected; like commercial television, in a sense they are selling the users' attention to the advertiser. Other free ISPs, often called free nets, are run on a nonprofit basis, usually with volunteer staff. WiMAX and other Wireless Technologies 4.1 Comparisons of WiMAX & Wi-Fi Comparisons and confusion between WiMAX and Wi-Fi are frequent because both are related to wireless connectivity and Internet access. • WiMAX is a long range system, covering many kilometers, which uses licensed or unlicensed spectrum to deliver a point-to-point connection to the Internet. • Different 802.16 standards provide different types of access, from portable (similar to a cordless phone) to fixed (an alternative to wired access, where the end user's wireless termination point is fixed in location.) • Wi-Fi uses unlicensed spectrum to provide access to a network. • Wi-Fi is more popular in end user devices. • WiMAX and Wi-Fi have quite different Quality of Service (QoS) mechanisms. • WiMAX uses a mechanism based on connections between the base station and the user device. Each connection is based on specific scheduling algorithms. • Wi-Fi has a QoS mechanism similar to fixed Ethernet, where packets can receive different priorities based on their tags. For example VoIP traffic may be given priority over web browsing. • Wi-Fi runs on the Media Access Control's CSMA/CA protocol, which is connectionless and contention based, whereas WiMAX runs a connection-oriented MAC. Both 802.11 and 802.16 define Peer-to-Peer (P2P) and ad hoc networks, where an end user communicates to users or servers on another Local Area Network (LAN) using its access point or base station. With WiMAX, Wi-Fi like data rates are easily supported, but the issue of interference is lessened. WiMAX operates on both licensed and non-licensed frequencies, providing a regulated environment and viable economic model for wireless carriers. WiMAX can be used for wireless networking in much the same way as the more common Wi-Fi protocol.
4.2 WiMAX Compared to Mobile Telephone Data Systems The comparison between WiMAX and Mobile Telephone are given below: Mobile telephone systems are fully automatic wide-area high-capacity RF networks made up of a group of coverage sites called cells. As a subscriber passes from cell to cell, a series of handoffs ensures smooth call continuity. Mobile telephone systems have evolved to offer a mix of voice and packet data services. These systems are composed of interlinked cells that have the capability to transfer connections from tower to tower. The radio channel bandwidth is relatively narrow compared to WiMAX systems and the modulation types are less efficient (i.e. more robust). Therefore, the maximum data rates of mobile telephone data systems are lower than that of WiMAX. WiMAX is positioned to fit with cellular data and Wi-Fi systems. WiMAX systems are designed to provide centrally managed high speed data services over wide areas, whereas Wi-Fi systems are designed to provide self-managed wireless data services over relatively small geographic areas.
Figure 4.1 Comparisons between WiMAX and 3G Finally, mobile telephone data services are designed to provide a mix of voice and medium speed data services to customers as they move throughout a mobile system. Table: 4.1 Comparison of WiMAX with other Broadband Wireless Technologies Parameter Standards
Fixed WiMAX IEEE 802.162004
Peak down 9.4 Mbps in link data rate 3.5MHz with 3:1 DL-to-UL ratio TDD; 6 . 1 Mbps with 1:1
Mobile HSPA 1 x EV-DA Wi-Fi WiMAX Rev A IEEE 802.16e- 3GPP Release 3GPP2 IEEE 2005 6 802.11a/g/n 46 Mbps with 3:1 DL-to-UL ratio TDD; 32Mbps with 1:1
14.4 Mbps using all 15 codes; 7.2Mbps with 10 codes
3.1Mbps; 54Mbps Rev. B will shared using support 802.11 a/g; 4.9Mbps
Peak up link 3.3Mbps in data rate 3.5MHz using 3:1 DL-to-UL ratio; 6.5Mbps with 1:1 Bandwidth 3.5MHz and 7MHz in 3.5GHz band ; 10MHz in 5.8GHz band Modulation QPSK, 16 QAM, 64QAM Multiplexing TDM Duple- xing Frequency Coverage (typical) Mobility
7Mbps in 1.4Mbps 10MHz using initially; 3:1 DL-to-UL 5.8Mbps later ratio; 4Mbps using 1:1
More than 100Mbps peak layer 2 throughput using 802.11n
3.5MHz, 5MHz 7MHz, 5MHz, 10MHz and 8.75MHz initially
20MHz for 802.11 a/g; 20/40MHz for 802.11n
16 QPSK, 8 PSK, 16 QAM TDM/OFDMA TDM/CDMA TDM/CDM A TDD, FDD TDD initially FDD FDD 3.5GHz and 2.3GHz, 800/900/1,800 800/900/1,80 5.8GHZ 2.5GHz and /1,900/2,100 0 initially 3.5GHz initially initially /1,900MHz 3-5 miles < 2 miles 1-3 miles 1-3 miles
QPSK, 16 QPSK, QAM, 64-QAM QAM
BPSK, QPSK, 16 QAM, 64 QAM CSMA TDD 2.4GHz, 5GHz < 100 indoors; < 100 outdoors Low
4.3 Limitations of WiMAX A commonly-held misconception is that WiMAX will deliver 70 Mbit/s over 50 kilometers (~31 miles). In reality, WiMAX can either operate at higher bitrates or over longer distances but not both: operating at the maximum range of 50 km increases bit error rate and thus results in a much lower bitrate. Conversely, reducing the range (to <1km) allows a device to operate at higher bitrates. There are no known examples of WiMAX services being delivered at bit rates over around 3 Mbit/s. Security of WiMAX 5.1 Introduction This Chapter is based on wireless security system. Our first concern is to emphasis on different features of security and secondly we give an effort on different levels of security in WiMAX. Security specially considers the Authentication, Authorization & Accounting (AAA). 5.2 Security in Wireless Networks Security is an important concern for the network operator and the network user. In fact, the expectations of the network operator and the network user are not contradictory but complimentary. Any well designed network needs to deliver these perfectly reasonable expectations which can only be achieved by the equipment vendors, system integrators and network operators working together and making the right design choices. In Table 5.1 below, we have summarized these security expectations.
Table: 5.1 Security Expectations Stakeholder Security Concern Privacy Data integrity Network User Access to services Correct accounting
User authentication Device authentication Authorization Access control
Comment Protect from eavesdropping Protect user data from being tampered in transit User has the correct credentials Accuracy and efficiency of accounting Is the user who he says He is? Is the device the Correct device? Is the user authorized to receive a particular Service? Only authorized users have access to services
Security is handled at multiple layers of the network, each layer handling a complimentary aspect of security. Security functions can be mapped to different layers of the OSI 7-layer model as shown in Table 5.2 below. Table: 5.2 Security functions at various network layers Application Layer Transport Layer Network Layer Data Link Layer Physical Layer
Digital Signature, Certificate, End-toEnd Security Transport Layer Security (TLS) IPsec, AAA Infrastructure, RADIUS AES, PKI, X.509 WiMAX PHY
The security sub-layer specified by the IEEE 802.16e-2005 only deals with the Data Link Layer security. Link Layer authentication and authorization ensures that the network is only accessed by permitted users. Link Layer encryption ensures privacy and protects traffic data from eavesdropping by unauthorized third parties. Network Layer security measures protect the network from malicious attacks achieved through the use of firewalls and AAA servers. RADIUS is the most widely used protocol for AAA interactions. Mobile WiMAX network architecture addresses the use of these techniques by providing an AAA based secure roaming model. The Transport and Application layers provide additional security measures as deemed appropriate by the network operator, Application Service Providers (ASPs) or the end users themselves. 5.3 Attacks on Wireless LANs A malicious hacker can seek to disable or attempt to gain access to a wireless LAN in several ways. Some of these methods are eavesdropping (frame capture), jumming (denial of service), man-in-middle, management interface exploits, encryption cracking, and connection hijacking. This list is by no means exhaustive, and some of this method can be orchestrated in several different ways. It is beyond the scope of this book to present every possible means of wireless LAN attack. This text aimed at giving you insight into some possible methods of
attack so that security will be considered a vital part of your wireless LAN implementation. -Eavesdropping -Encryption Cracking -RF Jamming -Wireless Hijacking -Rogue Access Point -Penetration Attacks 5.4 Security in Mobile WiMAX In any communication system security is important portion, also important is in telecommunications. It is even more important when wireless systems are used because it is generally perceived that wireless systems easier to attack than wire line systems. For a ground-breaking broadband wireless standard such as WiMAX, addressing the security concerns head-on and specifying credible solutions has been an important objective. In this chapter we start by introducing the requirements and general principles of security in wireless networks. We then present the data link security sub layer functions as defined by the IEEE 802.16e-2005 standard for the WiMAX air interface. Finally, the network aspects of security and Mobile WiMAX network architecture sections deal with the network aspects of security in accordance with the WiMAX Forum Network Reference Model (NRM). 5.5 Security Functions WiMAX systems were designed at the outset with robust security in mind. The standard includes state-of-the-art methods for ensuring user data privacy and revenging unauthorized access, with additional protocol optimization for mobility. Security is handled by a privacy sub layer within the WiMAX MAC. The key aspects of WiMAX security are as follow. 5.5.1 Support for privacy User data is encrypted using cryptographic schemes of proven robustness to provide privacy. Both AES (Advanced Encryption Standard) and 3DES (Triple Data Encryption Standard) are supported. Most system implementations will likely use AES, as it is the new encryption standard approved as compliant with Federal Information Processing Standard (FIPS) and is easier to implement. The 128-bit or 256-bit key used for deriving the cipher is generated during the authentication phase and is periodically refreshed for additional protection. 5.5.2 Device/user authentication WiMAX provides a flexible means for authenticating subscriber stations and users to prevent unauthorized use. The authentication framework is based on the Internet Engineering Task Force (IETF) EAP, which supports a variety of credentials, such as username/password, digital certificates, and smart cards. WiMAX terminal devices come with built-in X.509 digital certificates that contain their public key and MAC address. WiMAX operators can use the certificates for device authentication and use a username/password or smart card authentication on top of it for user authentication. 5.3 Flexible key-management protocol The Privacy and Key Management Protocol Version 2 (PKMv2) is used for securely transferring keying material from the base station to the mobile station, periodically reauthorizing and refreshing the keys. PKM is a client-server protocol: The MS acts as the client; the BS, the server. PKM uses X.509 digital certificates and RSA (Rivest-Shamer-
Adleman) public-key encryption algorithms to securely perform key exchanges between the BS and the MS. 5.5.4 Protection of control messages The integrity of over-the-air control messages is protected by using message digest schemes, such as AES-based CMAC or MD5-based HMAC.11 5.5.5 Support for fast handover To support fast handovers, WiMAX allows the MS to use preauthentication with a particular target BS to facilitate accelerated reentry. A three-way handshake scheme is supported to optimize the reauthentication mechanisms for supporting fast handovers, while simultaneously preventing any man-in-the-middle attacks. 5.6 Data Link Layer Security We have like to discuss about Data link Layer Security below. 5.6.1 Authentication The Data Link Layer security functions encompass the essential functions of authentication, authorization and encryption which take place between the end user station [note that we will talk about mobile station (MS) but the same principles also apply to subscriber stations (SS)] and the base station (BS) over the IEEE 802.16e- 2005 air interface. Please note that in this section, for simplicity, we will attribute various security functions to the BS. We will now consider how these functions are performed. Authentication comes in two forms: -Unilateral authentication where the BS authenticates the MS and -Mutual authentication where the BS authenticates the MS and the MS authenticates the BS Every WiMAX implementation must have unilateral authentication. The choice of authentication method depends on the operator’s choice of type of EAP as follows: -EAP-AKA (Authentication and Key Agreement) for SIM based authentication, -EAP-TLS for X.509 based authentication -EAP-TTLS for MS-CHAPv2 The BS associates the MS’s authenticated identity to a paying subscriber and hence to the services the subscriber is authorized to access. Thus, through the exchange of AK, the BS determines the authenticated identity of the MS and the services it is authorized to access. 5.6.2 Security Association A Security Association (SA) is defined as the set of security information shared between a BS and one or more of the MSs connected to that BS in order to support secure communications across the WiMAX access network. Three types of SA have been defined, primary, static and dynamic. Each MS establishes a primary SA during the MS initialization phase. Static SAs are provided within the BS. Each MS can have several service flows on the go and can therefore have several dynamic SAs. The BS makes sure that the assigned SAs are compatible with the service types the MS is authorized to access. 5.6.3 Authorization Following authentication, MS requests authorization from the BS. This is a request for an AK as well as for an SA identity (SAID). The Authorization Request includes MS’s X.509 certificate, encryption algorithms and cryptographic ID. In response, the BS carries out the necessary validation (by interacting with an AAA server in the network) and sends back an
Authorization reply which contains the AK encrypted with the MSâ&#x20AC;&#x2122;s public key, a lifetime key and an SAID. After the initial authorization, the AAA via the BS periodically reauthorizes the MS. 5.6.4 Traffic Encryption As we have seen above, the authentication and authorization process results in the assignment of and Authorization Key, which is 160 bits long. The (KEK) Key Encryption Key is derived directly from the AK and is 128 bits long. The KEK is not used for encrypting traffic data; for this we require the Traffic Encryption Key which is generated as a random number in the BS using the TEK encryption algorithm where KEK is used as the encryption key. TEK is then used for encrypting the data traffic. Table below summarizes how the mobile WiMAX standard addresses the security requirements summarized in Table 5.3 below. Table: 5.3 WiMAX standard addresses security expectations Stakeholder
Protect from Eavesdropping
Protect user data from being tampered in transit
Access to services
User has the correct Credentials
How does WiMAX address it? RSA encryption, EAP-TLS, PKM protocol RSA encryption, EAP-TLS,PKM protocol X.509, EAP
Correct accounting Accuracy and efficiency of accounting User Is the user who he says authentication he is?
Device authentication Authorization
Is the device the correct device? Is the user authorized to receive a particular service? Only authorized users have access to services
RSA, EAP, PKMv2 Protocol RSA, EAP, PKMv2 Protocol
5.7 Network Aspects of Security As we have considered the security related interactions and protocols between the SS and the BS, now letâ&#x20AC;&#x2122;s consider what happens at the network level and where the intelligence may reside. Figure 5.1 shows typical access control architecture.
EAP WiMAX Liink Layer
Mobile Station (MS)
EAP AAA RADIUS
IP Clu d
Figure: 5.1 Typical Access Control Architecture Extensible Authentication Protocol (EAP) defined by IETF (RFC 3748) is a flexible framework which allows complex authentication protocols to be exchanged between the end user and the authenticator. In WiMAX, between the MS and the BS EAP runs over the WiMAX PHY and MAC utilizing the PKMv2 protocol as defined in 802.16e-2005. If the authenticator function is not in the BS, the BS relays the authentication protocol to the Authenticator (in the Access Services Network). It has client/server architecture and utilizes UDP messages. The authentication server is also the RADIUS server, whereas the authenticator acts as a RADIUS client. In addition to authentication, RADIUS also supports authorization and accounting functions. 5.8 ASN and CSN Interaction for Security Connectivity Service Network (CSN) is the core of the network. It controls and manages the ASNs and the subscribers with a variety of services such as AAA, Home Agent functions, DHCP server, etc. CSN is also responsible for connecting to other operator’s networks and enables inter-operator and inter-technology roaming. Figure 5.2 below shows the protocol stack for AAA in mobile WiMAX network implementation. It is worth noting that EAP ‘layer’ operates over the R1/R3/R5 reference points and the EAP methods (AKA, TSL/TTLS) operate over R2.
Figure: 5.2 Protocols for Mobile WiMAX AAA
When authentications of both the end user and the device need to be performed and these authentications terminate in different AAA servers, the favored approach in PKMv2 is to use EAP-TTLS instead of double authentication. In double authentication, first device authentication then user EAP authentication takes place before the MS is allowed access to IP services. In EAP-TTLS authentication however, double authentication is dispensed with and by virtue of tunneling to the appropriate AAA server, the same AAA server is used for both, thus shortening the authentication process. 5.9 Service Flow Management and Authorization Service Flow Management (SFM) and Service Flow Authorization (SFA) are the logical functional entities, closely associated with QoS, located in the ASN that act as policy enforcement and policy decision points. For ASN Profile C, the SFM function is located in the BS and the SFA function is located at the ASN GW. The Service Flow Manager (SFM) located in the BS is responsible for the creation, admission, activation, modification, and deletion of IEEE 802.16e-2005 service flows. It consists of an Admission Control (AC) function, data path function and the associated local resource information. AC decides whether a new service flow can be admitted to the system. Service Flow Authorization (SFA) is located at the ASN GW and is responsible for evaluating any service request against the subscriber's QoS profile. The Policy Functions (PFs) and its associated database reside in the CSN of both the home and the visited network. 5.10 EAP-TLS using a Device Certificate for MSS Credentials The use of EAP-TLS by the MSS to perform device authentication is assumed to be a fundamental capability, however device authentication has some limitations as documented below. EAP-TLS relies on the use of both client and server X.509 digital certificates to mutually authenticate the Device and Network. In the case of WiMAX the EAP-TLS authentication runs between the MSS and the AAA server managed by either an NAP or an NSP depending on how EAP-TLS is being used. EAP-TLS defines a mechanism for both the Server (AAA Server) and Client (MSS) to exchange and authenticate certificates. EAP-TLS provides a mechanism to encapsulate certificates and negotiate a secret MSK key securely. In general EAP-TLS provides a strong framework for validating: • Device Identity • Device Compatibility • Device Access Validity • Network Identity • Network Integrity Conclusion WiMAX services bring long time term evolution in wireless data market. WiMAX Technology is facing many hurdles in market while it has some great advantages which make it a technology of today. The single station of WiMAX can operate & provide coverage for hundred of users at a time and manage sending and receiving of data at very high speed with full of network security. The High speed of connectivity over long distance and high speed voice makes it more demanded in hardly populated areas plus compacted areas. WiMAX Technology perform a variety of task at a time such as offering high speed internet, providing telephone service, transformation of data, video streaming, voice application etc. Now everyone can connect internet anywhere and browse any site and make possible online conference with mobile internet, multimedia application never let the user bored, IPTV stay
up to date etc. WiMAX is a well known wireless network now days because it provides a low cost network substitute to internet services offered via ADSL, modem or local area network. The use of smart antenna in WiMAX network offering high quality widest array which enable the client to make possible communication on long route without any encryption. Its exclusive design is providing range from 2 to 10 GHz and outstanding time response. Security options of WiMAX Technology also offer very high security because of encryption system used by WiMAX. The WiMAX is providing exclusive homeland security. Now it can exchanges its data on whole network without any fear of losing data. The best advantage of WiMAX vendor technology is lack of history within mobile industry for protection. WiMAX push the existing technologies and forward on steady stream. WiMAX is a great technology for next generation with potential applications such as cellular backhaul, hotspot, VoIP mobiles and broadband connection but it have some limitation as under. The WiMAX other drawback is that any user closer to the tower can get high speed which is up to 30Mbit/s but if a user exists at the cell edge from the tower can obtain only 14Mbit/s speed. In all wireless technology the bandwidth is shared between users in a specified radio sector. Mostly user have a range of 2 to 8 or 12 Mbit/s services so for better result additional radio cards added to the base station to boost the capability as necessary.