A Secure and Service OrientedNetwork Control Frameworkfor WiMAX Networks      Khumanthem Jayanta Singh (110948008)
TABLE OF CONTENT1) ABSTRACT2) INTRODUCTION3) LITERATURE SURVEY4) PROBLEM STATEMENT5) APPLICATION SCENARIOS7) A SECURE AND ...
Abstract      WiMAX, Worldwide Interoperability for Microwave Access, is anemerging wireless communication system that can...
Recently, IEEE 802.16e has also been approved as the official standardfor mobile applications. In the physical (PHY) layer...
mesh mode an ad hoc network can be formed with all nodes acting asrelaying routers in addition to their sender and receive...
Moreover, in such a communication scenario, the client (i.e., thecustomer) can communicate with a subset of all the server...
be enabled. In other words, a customer can access the service from anyof the servers in the net-work in which these server...
two schemes is that in multi-homing, one station has two or more IPaddresses and generally has the same number of interfac...
ENABLING TECHNOLOGIES     To deploy the proposed framework, a number of key technologiesmust be addressed. In the rest of ...
the confidentiality and integrity of the information transmission, orblock the traffic flow and affect the availability of...
SECURE ROUTING      In our scheme the routing algorithm takes into account thefollowing issues. Multiple-radio and multipl...
secure routing. We believe that our study can provide a guideline for thedesign of a more secure and practical WiMAX netwo...
Upcoming SlideShare
Loading in …5
×

A secure and service oriented

250 views

Published on

Secure and Service-Oriented Network Control Framework for WiMAX Networks

IEEE 802.16 supports both TDD ( time-division duplex) and FDD (frequency-division duplex)
Multihop communication is needed for deployment of wimax network. Because of multihop
Security is issues associated with wimax network
Issue is how to support different services and applications in WiMAX networks

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
250
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

A secure and service oriented

  1. 1. A Secure and Service OrientedNetwork Control Frameworkfor WiMAX Networks Khumanthem Jayanta Singh (110948008)
  2. 2. TABLE OF CONTENT1) ABSTRACT2) INTRODUCTION3) LITERATURE SURVEY4) PROBLEM STATEMENT5) APPLICATION SCENARIOS7) A SECURE AND SERVICE-ORIENTEDNETWORK CONTROL FRAMEWORK8) FUTURE WORKS9) CONCLUSION
  3. 3. Abstract WiMAX, Worldwide Interoperability for Microwave Access, is anemerging wireless communication system that can provide broadbandaccess with large-scale coverage. In this article we propose a secure andservice-oriented network control framework for WiMAX net-works. Inthe design of this framework we consider both the security requirementsof the communications and the requirements of potential WiMAXapplications that have not been fully addressed previously in the networklayer design.The proposed framework consists of two basic components: a service-aware control frame-work and a unified routing scheme. Besides thedesign of the framework, we further study a number of key enablingtechnologies that are important to a practical WiMAX network. Ourstudy can provide a guideline for the design of a more secure andpractical WiMAX network.INTRODUCTION WiMAX (Worldwide Interoperability for Microwave Access) is anemerging wireless communication system that is expected to providehigh data rate communications in metropolitan area networks (MANs)[1]. In the past few years, the IEEE 802.16 working group has developeda number of standards for WiMAX. The first standard was published in2001, which aims to support the communications in the 1066 GHzfrequency band. In 2003 IEEE 802.16a was introduced to provideadditional physical layer specifications for the 211 GHz frequency band.These two standards were further revised in 2004 (IEEE 802.16-2004).
  4. 4. Recently, IEEE 802.16e has also been approved as the official standardfor mobile applications. In the physical (PHY) layer, IEEE 802.16supports four PHY specifications for the licensed bands. These fourspecifications are Wireless-MAN-SC (single carrier), -SCa, -OFDM(orthogonal frequency-division multiplexing), and -OFDMA (orthogonalfrequency- division multiple access).To support multiple subscribers,IEEE 802.16 supports both time-division duplex (TDD) and frequency-division duplex (FDD) operations. OFDM uses multiple sub-carriers butthe subcarriers are closely spaced to each other without causinginterference, removing guard bands between adjacent subcarriers. This ispossible because the frequencies (sub-carriers) are orthogonal; meaningthe peak of one sub-carrier coincides with the null of an adjacentsubcarrier. In an OFDM system, a very high rate data stream is dividedinto multiple parallel low rate data streams. Each smaller data stream isthen mapped to individual data sub-carrier and modulated using someSorts of PSK (Phase Shift Keying) or QAM (Quadrature AmplitudeModulation) OFDMA employs multiple closely spaced subcarriers, butthe sub-carriers are divided into groups of sub-carriers. Each group isnamed a sub channel. The sub-carriers that form a sub-channel need notbe adjacent. In the downlink, a sub-channel may be intended fordifferent receivers. In the uplink, a transmitter may be assigned one ormore sub channels. Sub channelization defines sub-channels that can beallocated to subscriber stations (SSs) depending on their channelconditions and data requirements. Using sub channelization, within thesame time slot aMobile WiMAX Base Station (BS) can allocate more transmit power touser devices (SSs) with lower SNR (Signal-to-Noise Ratio), and lesspower to user devices with higher SNR. In the medium access control(MAC) layer, IEEE 802.16 supports two modes: point-to-multipoint(PMP) and mesh. The former organizes nodes into a cellular-likestructure consisting of a base station (BS) and subscriber stations (SSs).The channels are divided into uplink (from SS to BS) and downlink(from BS to SS), and both uplink and downlink channels are sharedamong the SSs. PMP mode requires all SSs to be within the transmissionrange and clear line of sight (LOS) of the BS. On the other hand, in
  5. 5. mesh mode an ad hoc network can be formed with all nodes acting asrelaying routers in addition to their sender and receiver roles, althoughthere may still be nodes that serve as BSs and provide backhaulconnectivity.Literature Survey According to the IEEE 802.16 standard [1], WiMAX technologysupports two operation modes: PMP and mesh. A WiMAX PMP net-work aims at providing last-mile access to a broadband Internet serviceProvider (ISP). An example of the network topology is illustrated in Fig.1a, where the WiMAX network includes one BS and a number of SSs.On the other hand, mesh mode implies the requirement of supportingmultihop ad hoc net-working by SSs. An example of a WiMAX meshnetwork is illustrated in Fig. 1b. Notice that in this figure, we assumethat BS can provide access to the Internet; a relay station (RS) is aspecial type of SS that can forward traffic flows to BSs or other RSs;and a mobile station (MS)is an SS that can move in the network. TheVarious Security schema discussed in [2] are WiMAX security supportstwo quality encryptions standards, that of the DES3 and AES, which isconsidered leading edge. The standard defines a dedicated securityprocessor on board the base station for starters. There are also minimumencryption requirements for the traffic and for end to end authenticationthe latter of which is adapted from the data-over-cable service interfacespecification (DOCSIS) BPI+ security protocol. Basically, all traffic ona WiMAX network must be encrypted using Counter Mode with CipherBlock Chaining Message Authentication Code Protocol (CCMP) whichuses AES for transmission security and data integrity authentication. Theend-to-end authentication the PKM-EAP (Extensible AuthenticationProtocol) methodology is used which relies on the TLS standard ofpublic key encryption. The author in [4] propose a novel routingframework in the network layer, manycast routing. In this scheme thecustomer does not need to specify the exact address of a server in thenetwork. Instead, it only needs to indicate the service it wants to access.
  6. 6. Moreover, in such a communication scenario, the client (i.e., thecustomer) can communicate with a subset of all the servers in order toachieve better reliability and/or security. In multicasting, if at least oneof the members in the group cannot satisfy the service requirement ofthe application, the multicast request is said to be blocked. On thecontrary in many casting, destinations can join or leave the group,depending on whether it satisfies the service requirement or not.Problem statement The main motivation for creating this article i is that we need totake into account both the security concerns and the requirements ofpotential WiMAX applications. Any other previous Wimax frameworkdoes not provide such security concerns and availability of wide range ofapplication for Wimax with heterogeneity of end user devices.APPLICATION SCENARIOS Wimax can be used in the following application area. InternetAccess: Evidently, Internet access will still be the major demand inWiMAX net-works, especially when they are newly deployed. Tosupport Internet access, a straightforward method is to provide a unicastconnection between SSs (including RSs and MSs) and the BS, which hasthe link toward the Internet. Group Communications: Since WiMAXnet-works can cover a relatively large area, it is natural to imagine thatmany group communications, such as videoconferences, will beimportant applications in WiMAX networks. To support suchcommunication scenarios, multicast is the key technology. In a WiMAXnetwork, however, since all nodes are located inside, implementing suchgroup communication becomes possible. Metropolitan Area DistributedService: With the deployment of WiMAX networks, more and morevalue-added services can be provided in a metropolitan area. Toefficiently support a large number of customers, distributed services can
  7. 7. be enabled. In other words, a customer can access the service from anyof the servers in the net-work in which these servers are distributedto serve the entire metropolitan area. Content-Based Distribution: Thecontent-based routing scheme is a service-oriented communicationmodel [5]. In this scheme the sender of a message does not need toexplicitly specify its destination(s). The network layer will automaticallydeliver the message to receivers that are interested in the content of themessage. In [5] the authors proposed to design an overlay network basedon broadcast service of the existing network. Quality GuaranteedApplications: For many applications, it is desirable that the networklayer can provide a sufficient quality of service (QoS) guarantee, usuallyin terms of bandwidth, data rate, delay, and delay jitter. However, wire-less communications are naturally error-prone; thus, it is difficult toprovide such a guarantee in a wireless network. To address this issue, inthe literature multipath routing has been studied in many previousworks. Multihoming Applications: Multihoming [3] is a technology thatcan provide services similar to those of multipath routing. The maindifference between theseFigure 1: WiMAX network architectures: a) PMP mode; b) mesh mode.
  8. 8. two schemes is that in multi-homing, one station has two or more IPaddresses and generally has the same number of interfaces. In thismanner, the station can have multiple paths to access the same resources.A SECURE AND SERVICE-ORIENTEDNETWORK CONTROL FRAMEWORK In this section we elaborate on a novel control framework toaddress the security requirements in WiMAX networks, and full thedemands of existing and future application scenarios dis-cussed above.Components In this framework there are two major components. Service-AwareControl Scheme To efficientlysupport different applications, the net-work layer control scheme shallbe aware of the availability of different services. In general, the servicecan be either located in a single node in the network or distributed inmultiple locations in the network. To provide these services, the serversmust register the type and availability of service to the control frame-work. Moreover, the availability information shall be updatedperiodically or based on predefined events. Upon receiving thesemessages, the control framework will also be responsible for distributingsuch message to nodes in the network. Unified Routing Scheme Withthe availability information of the service, a unified routing scheme shallbe designed such that all the application scenarios discussed in the lastsection shall be supported. The packets of a certain flow will beforwarded based on the service and security requirements.
  9. 9. ENABLING TECHNOLOGIES To deploy the proposed framework, a number of key technologiesmust be addressed. In the rest of this section we address these issues.Figure 2: The importance of the placement of BSs and RSs: a) a singlepath; b) multiple paths.PLACEMENT OF BSS AND RSS In our framework, the placement of BSs and RSs is very importantfor a broadband wireless service provider to offer a securecommunication platform. For example, in Fig. 2a, if there is only onepath between one MS and a server, it is not possible to guarantee thesecurity of the communication since a single RS in the path can damage
  10. 10. the confidentiality and integrity of the information transmission, orblock the traffic flow and affect the availability of the service. On theother hand, if there are two or more paths available, securecommunication channels are more likely to exist between the MS andthe server, as shown in Fig. 2b.One important issue related to theplacement of BSs and RSs is the cost. Apparently, with increasingnumbers of BSs and RSs of a service provider, security and availabilitywill increase while cost will also soar. In such a case, it becomes a trade-o_ between security and cost. On the other hand, given the constraint ofcost, the placement of BSs and RSs can be formulated as an optimizationproblem, which shall be further investigated.SECURITY MANAGEMENT In the proposed framework the security management scheme isvery important to the system. Similar to [3], we consider the securitymanagement scheme responsible for monitoring the operation of thenetwork and quickly identifying possible security attacks and threats.KEY MANAGEMENT In addition to the MAC layer, key management is also important tothe network layer. To provide a secure communication channel betweenthe end user and the server, it is important to develop a key managementscheme to establish a unique key for each session. In such a scenario theproposed framework can be directly utilized to improve the reliabilityand security of the key distribution. For instance, an MS can send keymaterial through multiple paths to the server. Since each path maycontain only a portion of all the information, the probability of the keymaterial being intercepted by an adversary can be significantly reduced.
  11. 11. SECURE ROUTING In our scheme the routing algorithm takes into account thefollowing issues. Multiple-radio and multiple-channel: In the nearfuture, each node may be equipped with multiple radio interfaces.Therefore, the routing scheme shall take this into account. Multipledestinations. In our framework, an application can require multipledestinations in the network. For example, there is no requirement forselecting node disjoint paths in these schemes, which may not besufficient to defend against compromised RS nodes. Multipath routing:As shown in the previous section, the multipath scheme is different fromexisting methods. First, multipath routing may need to forward messagesto different destinations. Second, more paths may need to be set up.Heterogeneity of user devices: In practice, the capabilities of userdevices (e.g., data rate) are highly heterogeneous. Several applicationlayer schemes and middleware schemes have been proposed recently.However, it is appropriate for the network layer to consider suchdifferences because the capability information offend users can beutilized to help choose the routing method used.CONCLUSION WiMAX is a promising wireless communication technology forwireless MANs. In this article we address the design issue in multihopWiMAX networks. Specifically, we propose a secure and service-oriented network control framework in which both security concerns andthe requirements of potential WiMAX applications are taken intoaccount. In the framework there are two major components: a service-aware control framework and a unified routing scheme. We thendemonstrate how these schemes can pro-vide the required service fromthe network layer perspective. In addition to the design of theframework, we also study several enabling technologies for theframework, including the deployment of BSs and key management, and
  12. 12. secure routing. We believe that our study can provide a guideline for thedesign of a more secure and practical WiMAX network.

×