WiMAX Network Security


Published on

Academic Research Presentation: Security measures in WiMAX Networks

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

WiMAX Network Security

  1. 1. Final PresentationSECURITY CONCERNS IN ELET 6313 – NETWORK SECURITY DR. DRISS BENHADDOU Presented By: Syed Ashar Zia
  2. 2.  What is WiMAX? Architecture of WiMAX MAC & PHY layers of WiMAX protocol Security Sub-Layer Security features of WiMAX Protocols used for authentication, encapsulation and authorization. Vulnerabilities and solutions What challenges were faced due to mobility in 802.16e security structure.3/30/2012 BY: SYED ASHAR ZIA 2
  3. 3. Wireless WANWireless LAN Wireless PAN Wireless MAN – Research phase IEEE IEEE IEEE IEEE 802.11 802.15 802.16 802.20 Wireless WiMAX LTE Fidelity Bluetooth (Worldwide Interoperability (Long Term (Wi-Fi) for Microwave Evolution) Access)3/30/2012 BY: SYED ASHAR ZIA 3
  4. 4. 3/30/2012 BY: SYED ASHAR ZIA 4
  5. 5.  IEEE 802.16 (2001)  Air Interface for Fixed Broadband Wireless Access System MAC and PHY Specifications for 10 – 66 GHZ (Line-of-Sight)  One PHY: Single Carrier  Connection-oriented, TDM/TDMA MAC, QoS, Privacy IEEE 802.16a (January 2003)  Amendment to 802.16, MAC Modifications and Additional PHY Specifications for 2 – 11 GHz (Non-Line-of-Sight)  One PHY: Single Carrier IEEE 802.16d (July 2004)  Combines both IEEE 802.16 and 802.16a  Three PHYs: OFDM, OFDMA, Single Carrier  Additional MAC functions: OFDM and OFDMA PHY support, Mesh topology support, ARQ IEEE 802.16e (2005?)  Amendment to 802.16-2004  MAC Modifications for limited mobility3/30/2012 BY: SYED ASHAR ZIA 5
  6. 6. Fig: WiMAX Accessibility (Adapted from www.mirentech.co.uk)3/30/2012 BY: SYED ASHAR ZIA 6
  7. 7. Fig: WiMAX Network Architecture (Adapted from www.tutorialspoint.com)3/30/2012 BY: SYED ASHAR ZIA 7
  8. 8.  The security requirements of any network is about providing the following services for data:  Confidentiality  Integrity  Availability  Non-Repudiation  Access control3/30/2012 BY: SYED ASHAR ZIA 8
  9. 9. 3/30/2012 BY: SYED ASHAR ZIA 9
  10. 10.  Also known as Privacy sub-layer. Three main features of security are:  Authentication  Authorization  Traffic Encryption Different techniques used for the above mentioned Authentication security feature are:  Privacy & Key Management Protocols (PKM)  Rivest-Shamir-Adleman (RSA) based authentication3/30/2012 BY: SYED ASHAR ZIA 10
  11. 11.  The techniques used for Authorization are:  Security Associations (SA’s) are used to authorize user.  Authorization include request for Authentication Key and SA-Identity in exchange for subscriber’s certificate, encryption algorithm and cryptographic ID. Traffic Encryption:  All the traffic between subscriber-station (SS) and base- station (BS) is encrypted with Traffic Encryption Key.3/30/2012 BY: SYED ASHAR ZIA 11
  12. 12.  WiMAX security architecture is based on three components which provide authentication, authorization and data encryption.  Security Associations (SAs)  Encapsulation Protocol  Privacy & Key Management Protocols (PKM)3/30/2012 BY: SYED ASHAR ZIA 12
  13. 13.  Provides a set of security information in order to make the link between SS and BS secure. SA is formed to provide the authorization for the services to SS. There are two types of SA categorized on the basis of the information they carry.  One is used for authorization called Authorization SA.  Another for data exchange called Data SA.3/30/2012 BY: SYED ASHAR ZIA 13
  14. 14.  Components of Authorization SA are:  SA-Descriptor: Defines the SA-type, SAID, and cryptographic suite.  X.509 Certificate: SS’s Digital certificate serving its identity.  Authorization Key (AK): Provided by BS and is used to generate Key Encryption Keys (KEKs), calculation of HMAC-Digests at transmitting side, and HMAC-Digest verification at receiver’s end.  AK Sequence Number: Served for differentiating in successive AKs.  AK-Lifetime: Validity period of AK.  Key Encryption Key (KEK): These are 128 bits long and are used to encrypt Traffic Encryption Key (TEK) which is used to encrypt/decrypt the data traffic at both ends.  HMAC Digest: These are used for checking the integrity of data.3/30/2012 BY: SYED ASHAR ZIA 14
  15. 15.  Components of Data SA  SA-Identification (SAID)  AK-Sequence Number  TEK Parameters including: ▪ TEK ▪ TEK lifetime ▪ 2-bit sequence number ▪ Initialization Vector (IV) ▪ encryption algorithms ▪ HMAC-Digest.3/30/2012 BY: SYED ASHAR ZIA 15
  16. 16.  Encapsulation protocol is used for the encryption of traffic between BS and SS. There are cryptographic suites which are shared by the SS to inform BS about its capabilities to encrypt and decrypt. Encryption and authentication algorithms used for ciphering the data traffic use the Traffic Encryption Key (TEK). TEK is encrypted with Key-Encryption-Key (KEK). KEK is derived from the Authorization Key (AK)3/30/2012 BY: SYED ASHAR ZIA 16
  17. 17.  PKM Protocol is responsible for:  Normal authorization process of the requesting Subscriber Station (SS)  Re-authorization  Issuing the key materials  Renewal of the keying materials It follows two different protocols to complete the process of authentication & Authorization  Authentication Protocol  Key Exchange Protocol3/30/2012 BY: SYED ASHAR ZIA 17
  18. 18.  Security Mechanism is categorized in three phases:  Phase I – SS Authorization  Phase II – Exchange of Key Materials  Phase III – Encryption of Data Stream3/30/2012 BY: SYED ASHAR ZIA 18
  19. 19. BACK Message 1: Cert (SS.Manufacturer) Message 2: Cert (SS), Capabilities, BCID, SAID Message 3: (AK)SS, Seq. No., Lifetime, SA-Descriptor LEGEND: Cert: Certificate. (AK)SS: Authorization Key encrypted BCID: Basic CID. with SS public key SAID: Suites of SA. Seq. No.: AK’s sequence number. SA-Descriptor: Selected Suite Lifetime: Lifetime of AK 3/30/2012 BY: SYED ASHAR ZIA 19
  20. 20. BACK Message 1: Seq. No., SAID, HMAC (1) Message 2: Seq. No., SAID, HMAC (2) Message 3: Seq. No., SAID, OldTEK, NewTEK, HMAC (3) LEGEND: SAID : Suites of Security Lifetime: Lifetime of AK Associations. OldTEK: Current set of Key Materials (AK)SS: Authorization Key encrypted NewTEK: Key Material to be used after with SS public key expiration of Current Keys. Seq. No.: AK’s sequence number. HMAC(x): MD for the ‘x’ message 3/30/2012 BY: SYED ASHAR ZIA 20
  21. 21.  Data stream is encrypted with the TEK when travelling to or from BS. The data stream can be encrypted using:  DES (DES in CBC-Mode with 56 Bits) or  AES (AES in CCM-Mode with 128 Bits). TEK is shared during Key Exchange process and is encrypted using KEK. It can be encrypted using:  3 DES  RSA  AES3/30/2012 BY: SYED ASHAR ZIA 21
  22. 22. Figure: Communication Workflow (Adapted from ‘WiMAX Security Architecture’ by Evren Eren – 20083/30/2012 BY: SYED ASHAR ZIA IEEE CNF) 22
  23. 23.  In the first standard IEEE 802.16-2001, attacker had the following challenges:  Physically present between the BS and SS LoS Link.  Operate at higher frequencies of 10 to 66 GHz. After first revision:  Increased options for physical presence.  Frequency ranges were reduced to 2 to 11GHz. Adding Mobility in IEEE 802.16e:  Physical presence doesn’t matter3/30/2012 BY: SYED ASHAR ZIA 23
  24. 24.  Wireless network uses radio, anyone with the proper receiving end equipment can intercept the signals in air. Jamming and scrambling are two most common attacks at PHY layer. Jamming is about reducing the channel capacity. Scrambling is very identical to jamming, but it is about targeting particular timeslots or frames.3/30/2012 BY: SYED ASHAR ZIA 24
  25. 25.  The data traffic is secured using strong encryption algorithms like DES and AES. The attacker will be keen to attack the link during authentication or key exchange process.3/30/2012 BY: SYED ASHAR ZIA 25
  26. 26.  Message 1 is just informative and doesn’t involve processing or acknowledgement. Message 2:  plaintext message, all the information is public.  Replay attack possible at BS to exhaust its capabilities.  Lacks message authentication. Message 3:  Replay and Man-in-the-middle attack possible  Lacks message authentication. Go to Authentication Protocol3/30/2012 BY: SYED ASHAR ZIA 26
  27. 27. Fig: Revised Authentication protocol (Suggested by Sen Xu in ‘Security Protocols in WMAN’ – 2008)3/30/2012 BY: SYED ASHAR ZIA 27
  28. 28.  Message 1 is optional, but insists replay attack. Message 2 and 3 lacks mutual authentication which gives margin for man-in-the-middle attack and replay attack. Attacker can act as a false BS for subscriber and issue self generated keys to take over communication Attacker can act as false subscriber to request to renew the keys again n again. Go to Key Exchange Protocol3/30/2012 BY: SYED ASHAR ZIA 28
  29. 29. Fig: Revised Key Exchange protocol (Suggested by Sen Xu in ‘Security Protocols in WMAN’ – 2008)3/30/2012 BY: SYED ASHAR ZIA 29
  30. 30.  The final revision of 802.16 standard is adding up the mobility feature. SS is capable of travelling at 150 miles/hr and enjoy BWA without losing connectivity. Mechanism added:  Extensible Authentication Protocol (EAP) used for authentication.  Handover capabilities.  Multicast & Broadcast services (MBS)3/30/2012 BY: SYED ASHAR ZIA 30
  31. 31.  EAP is the secure most method for sharing keys. It follows 3-way handshake. The 3-Way Handshake should provide the following security guarantees:  Full mutual authentication.  Message 2 indicates to the BS that the MS is alive and that the MS possesses the AK.  Message 3 indicates to the MS that the BS is alive.  MS is guaranteed that SA is sent by the BS and is fresh (has been sent by the BS after MS generated and sent Message2).  Any TEKs distributed in this stage are secret.3/30/2012 BY: SYED ASHAR ZIA 31
  32. 32.  Some Management messages are not encrypted or even unauthenticated to keep it easy and simple. Some of them are:  Traffic Indication Message – to wake up MS.  Neighbor Advertisement Message – to tell MS about neighboring BS for handover purpose.  Power control message  Ranging Request Message – when MS is trying to find connection to BS. The information in these messages are not very critical but they may be used in analysis while attacking.3/30/2012 BY: SYED ASHAR ZIA 32
  33. 33.  "Analysis of WiMAX Security: Vulnerabilities and Solutions“ IEEE CNF - 2008 "WiMAX Security Architecture - Analysis and Assessment“ IEEE CNF - Sept 2007 "Security Research on WiMAX with Neural Cryptography“ IEEE CNF - 2008 "Security Issues in Mobile WiMAX (802.16e)“ IEEE CNF - 2009 "Security Protocols in Wireless MAN“ Ph.D. Thesis work - University of South Carolina, 20083/30/2012 BY: SYED ASHAR ZIA 33
  34. 34. THE END Questions?3/30/2012 BY: SYED ASHAR ZIA 34
  35. 35. 3/30/2012 BY: SYED ASHAR ZIA 35