Downloaded 107 times
More Related Content
Wimax security
- 1. Wimax Security 1 Presented By: Esmaeil Zarrinfar zarrinfar@gmail.com
- 2. What isWimax? Wireless Network Standard Wimax History Wimax Architecture Wimax Security Architecture Security Sub Layer Security Mechanisms Wimax Security Issue Reference Topic 2
- 3. Wireless PAN IEEE 802.15 Bluetooth & ZigBee Wireless Lan IEEE 802.11 Wi-Fi (WirelessFidelity) Wireless MAN IEEE 802.16 Wimax ( WorldWide Interoperability For Microwave Access ) Wireless Network Standard بيسيماتزتجهيدهايراستاندا 3
- 4. Also knownLow Rate Wireless PAN Properties: • Data Rate Maximum 250 Kbps • Range 10 to 100 Meters • Low Cost • Low power consumption • Frequency 2.4 GHz • ZigBee Next Generation Of Bluetooth 4 Wireless PAN
- 5. Also knownWLAN or WiFi Properties: • 802.11 Protocol kind : a,b,g,n,ac,ad,af,ah • Data Rate Maximum 6.75 Gbps in 802.11ad • Range indoor from 20 to 60 meters • Range outdoor from 100 to 1000 meters • High Cost • Frequency 2.4 , 3.6 , 5 ,60 GHz 5 Wireless LAN
- 6. Wimax Standard History IEEE 802.16 (2001) Frequency 10 – 66 GHZ (Line-of-Sight) Base Wimax IEEE 802.16d (July 2004) Fixed Wimax Data Rate 70 Mbps IEEE 802.16e (2005) Mobile Wimax Data Rate 15 Mbps IEEE 802.16m (2011 ) Also known as Wimax Release 2 or WirelessMAN-Advanced Mobile & Fix Wimax Data Rate 100 Mbps for Mobile and 1 Gbps for Fix 6
- 7. Providing portablemobile broadband connectivity across cities and countries through a variety of devices. Providing a wireless alternative to cable and Digital Subscriber Line (DSL) for far broadband access. Providing data, telecommunications (VoIP) and IPTV services Providing a source of Internet connectivity as part of a business continuity plan. 7 Wimax Uses وايمکس بردهايرکا
- 8. Wimax Architecture WiMaxcan provide two forms of wireless service: none-line-of-sight and line-of-sight. WiMax system includes two main parts WiMax receiver and WiMax tower. Wimax Receiver : Subscriber Station (SS) // مشترکايستگاه Wimax Tower : Base Station (BS) // پايه ايستگاه8
- 9. Two mainlayers: Medium Access Control (MAC) layer and Physical layer (PHY). SAPs (Service Access Point) are interfacing points. Mac layer have three Sub Layer : Convergence , Common Part , Security ( Privacy ) Wimax Architecture پروتکل يمعمار در موجوداليه دوبهابطهر درتوضيحاتWiMAX 9
- 10. Convergence Sub-layer(CS) maps higher level data services to MAC layer service flows and connections. There are two type of CS : ATM CS which is designed for ATM network and service. Packet CS which supports Ethernet, point-to-point protocol (PPP), both IPv4 and IPv6 internet protocols, and virtual local area network (VLAN). Common Part Sub-layer (CPS) defines the rules and mechanisms for system access, bandwidth allocation and connection management, uplink scheduling, bandwidth request and grant, connection control and automatic repeat request (ARQ) Security Sub-layer lies between MAC CPS and PHY layer. This sub-layer is responsible for encryption and decryption of data traveling to and from the PHY layer, and it is also used for authentication and secure key exchange. Wimax Architecture اليه در موجوديراليهز سهبهابطهر درتوضيحاتMACپروتکل يمعمارWiMAX 10
- 11. BS :Base Station SS : Sub Scriber Station X.509 : Digital certificate serving AK : Authorization Key SAID : Security Association ID TEK : Transport Encryption Key KEK : Key Encryption Keys HMAC : Hashed Message Authentication Code AAA : Authentication , Authorization , Accounting Terms X.509 Certificate 11
- 12. Three mainfeatures of security are: Authentication Authorization Traffic Encryption Authentication Technique: Privacy & Key Management Protocols (PKM) Rivest-Shamir-Adleman (RSA) Extensible Authentication Protocol (EAP) Authorization Technique: Security Associations (SA’s) are used to authorize user. Authorization include request for Authentication Key and SA- Identity in exchange for subscriber’s certificate, encryption algorithm and cryptographic ID. Traffic Encryption Technique: All the traffic between Subscriber Station (SS) and Base Station (BS) is encrypted with Traffic Encryption Key. Wimax Security Architecture 12
- 13. Wimax Security Steps Step1: Authentication And Authorization Base Station (BS) SubScriber Station (SS) Message1: ( X.509 Manufacturer Certificate) Message2: ( X.509 Certificate , Security Capabilities , SAID) Message3: (Authorization SA ,AK ) تباطرا لاو گام:پايهايستگاهبهمشترکايستگاهاز تباطرا خواسترد 13
- 14. Wimax Security Steps Step2: Key Exchange Base Station (BS) SubScriber Station (SS) Message1: (SAID, HMAC (1)) Message2: (SAID, HMAC (2)) Message3: (SAID, OldTEK, NewTEK, HMAC (3)) تباطرا دوم گام:پايهايستگاه ومشترکايستگاهمابينکليد تبادل AAA Server 14
- 15. Wimax Security Steps Step3: Traffic Encryption Base Station (BS) SubScriber Station (SS) Data Encrypted With TEK Data Encrypted With TEK Data stream is encrypted with the TEK when travelling to or from BS. The data stream can be encrypted using: DES AES TEK is shared during Key Exchange process and is encrypted using KEK. It can be encrypted using: 3 DES RSA AES تباطرا سوم گام:يمزگذارراز استفادهباايستگاه دو بين داده تبادلTEK 15
- 16. WiMax/802.16 isvulnerable to physical layer attacks such as jamming and scrambling. Jamming is reducing the channel capacity. Scrambling is a sort of jamming, but for short intervals of time and targeted to specific frames or parts of frames. Intercept the radio signals in air. Wimax Security Issue In PHY Layer وايمکس امنيتي مشکالت:فيزيکي اليه در (1دائمييتزارپا سالرا (2موقتيتزارپا سالرا (3سيگنال قطع 16
- 17. The attackerwill be attack the link during authentication or key exchange process. Wimax Security Issue In MAC Layer Base Station (BS) SubScriber Station (SS) MAN-IN-Middle Original Connection New Connection 17
- 18. Authentication ofthe SS (Man-in-the-Middle and Forgery) SS authenticates itself through its certificate, however, the BS does not . Rogue BS could place himself between SS and real BS and try to force SS to authenticate itself and initiate a session by transferring an AK (forgery attack). The attacker can generate his own Authorization Reply Message containing a self-generated AK and thus gain control over the communication of the attacked SS. Wimax Security Issue In MAC Layer هويتازراح هنگام دروايمکس درامنيتيمشکالت 18
- 19. Key ExchangePhase-Attacks Attacker can act as a false BS for subscriber and issue self generated keys to take over communication Attacker can act as false subscriber to request to renew the keys again. Wimax Security Issue In MAC Layer کليد تبادل هنگام دروايمکس درامنيتيمشکالت 19
- 20. Replay andDoS Attack against SS The SS send Authentication Information Messages to transmit all relevant information to the BS. The BS responds to the last message with an Authorization Reply Message. The BS can fall victim to a replay attack by which the attacker intercepts an Authorization Request Message from an authorized SS and stores it. He will not be able to derive the AK from the Authorization Response Message (since he does not possess the associated private key), he can repeatedly send the message to the BS, burdening the BS with the effect that this declines the real/authentic SS. This is a Denial-of- Service-Attack against the SS. Wimax Security Issue سرويسانکار حمالت نوع دروايمکس درامنيتيمشکالت20
- 21. Tao Han,Ning Zhang, Kaiming Liu, Bihua Tang, and Yuan'an Liu. Analysis of mobile wimax security: Vulnerabilities and solutions. 5th IEEE International Conference on Mobile Adhoc and Sensor Systems, Sep 2008. Evren Eren, "WiMAX Security Architecture - Analysis and Assessment" IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications Dortmund, Germany 6-8 September 2007. Mahmoud Nasreldin, Heba Aslan, Magdy El-Hennawy, Adel El-Hennaey, "WiMAX Security", Proceedings of the 22nd International Conference on Advanced Information Networking and Applications, pp. 1335-1340, 2008. Reference 21