MOBILE WiMAX SECURITY

1
MOBILE WiMAX SECURITY

• Student Name Claudia Cardenas
• Student ID 41416538
• Supervisor Number Rajan Shankaran

2
Contents
1. Introduction
3. Security Threats
5. Vulnerabilities Assessment
3
Introduction

• Customers Demands
• Greater e-commerce usage
• High speed.
• Mobility
• Lower costs
• Mobile Internet

4
Key Problems
5
Goals
6
Contents
1. Introduction
3. Security Threats
5. Vulnerabilities Assessment
7
Mobile WiMAX

• Flexibility

8
Mobille WiMAX Architecture
9
Access Service Network

• Base Station
• Connection with the mobile subscriber
• Maintain the connection.
• Maintain the Status.
• Traffic Scheduling
• The Access Service Network Gateway (ASN-GW)
• Collecting and forwarding the traffic.
• AAA functionality
• QoS Management

10
Mobile WiMAX Network Architecture

• Different kind of users.
• Different deployments.
• Ability to grow.
• Internetworking.

• QoS for each service and connection.
• IP and non-IP network are integrated

11
Protocol Layers
12
Contents
1. Introduction
3. Security Threats
5. Vulnerabilities Assessment
13
Security Threats
14
Threats to PHY Layer

• Jamming Attack
• Scrambling Attack
• Water Torture Attack

15
Threats to MAC Layer

• Threats to Mac Management message in Initial
  Network Entry
• Threats to Access Network Security
• Threats to Authentication

16
Contents
1. Introduction
3. Security Threats
5. Vulnerabilities Assessment
17
Security in Mobile WiMAX
18
Encryption Overview

• It is only applied to the payload.
• It is not applied to the MAC management messages.
• SSs encryption capabilities are negotiated
  during registration process.
• BS determines the encryption method to be used.

19
Authentication Overview
20
Authorization
21
Contents
1. Introduction
3. Security Threats
5. Vulnerabilities Assessment
22
Vulnerabilities Assessment

• Lack of mutual authentication.
• It could be the cause of impersonation.
• This vulnerability is mitigated IEEE 802.16e by
  including the mutual authentication

23
Weak encryption algorithms.

• It could lead an integrity and confidentiality
  problem.
• IEEE 802.16e not only supports DES-CBC, but also,
  several modes of AES that make the encrypting
  communications more secure

24
Interjection of reused TEKs.

• This characteristic makes easier perform a replay
  attack.
• Valuable information and the traffic encryption
  key could be disclosed to unauthorized parties
• IEEE802.16e introduces AES-CCM.
• It offers per packet randomization.
• Each data packed include its own unique packet
  number

25
Unencrypted management messages

• These messages are not encrypted, so they are
  susceptible to eavesdropping attacks.
• IEEE 802.16e-2005 offers integrity protection for
  specific unicast management messages
• However this digest is not appended to initial
  network entry management messages

26
Other Results

• Three way TEK exchange and the authorization
  process.
• No one vulnerability was found Datta,2005.
• The key management protocol was analysed by
  Yaksel and once again this software could not
  find any security hole.
• The Multi-Broadcast Service (MBS)
• The protocol is secure on its own. (Kao,2006)

27
Initial Network Entry
28
Proposed Solution

• SS ? KMC SS, nonce1Kss
• KMC ? SS KsKss, KsKbs, nonce1, H(KsKss,
  KsKbs, nonce1)
• SS ? BS KsKbs, nonce2,H(KsKbs, nonce2)
• BS ? SS rand2Ks
• SS ? BS rand2-1Ks

29
Contents
1. Introduction
3. Security Threats
30
Conclusion

• The best aspirant technologies to serve the
  broadband demands on wireless access.
• In terms of the PHY layer most of these attacks
  can be counteracted by using different signals
  and proper configuration of the protocol.
• Some of MAC flaws have been fixed by the enhanced
  security of IEEE 802.16e but not all of them.
• The lack of encryption of MAC management messages
  that can affect the initial network entry
  process.
• A solution based on the key session and the key
  management centre was proposed.
• Further studies and simulations should be done in
  order to assess the different solutions offered.

31
Thank You !