- an overview of the essential elements for WiMAX security including encryption and authentication and the ways they are implemented.
Like any system security is a key element within the overall WiMAX system. WiMAX security has to implemented in a way that provides sufficient protection against intrusion and other forms of unauthorised access without hindering the overall operation.
Accordingly WiMAX security has been incorporated into the heart of the system to ensure that seamlessly integrated and provides an effective solution.
WiMAX security utilises a number of advanced techniques including PKMv2 based authentication and over the air encryption. These considerable improve the level of security that is can be attained, but overall end-to-end security is still challenging and requires each network to adopt security within the overall network design and roll out as well as in the ways of working.
WiMAX security basics
WiMAX uses Internet Protocol, IP as the core transport mechanism, and as a result, WiMAX security measures need to incorporate not only the traditional security requirements for a wireless telecommunications system, but also those relating to the use of IP systems.
In view of the need for a high level of WiMAX security, the IEEE 802.16 working groups incorporated security measures into the standard during the concept stages to counteract WiMAX security threats. WiMAX security has been embedded into the standard from the beginning rather than being added as an extra at a later stage. By adopting this approach, WiMAX security has been made more effective while being less intrusive to the user.
WiMAX security elements are included in the standard and fall under four main headings:
- Authentication of the user device
- Higher level user authentication
- Advanced over-the-air encryption
- Methods for securing the control and signalling within an IP scenario
Each of these WiMAX security areas has been addressed within standards, but even so, it is still necessary for the network operators to use good practice to ensure that security is not compromised. It is quite possible to circumvent the best security technology if the correct operating procedures are not in place.
WiMAX security threats
When developing any security system it is necessary to understand the means by which security could be compromised and in this way build in the relevant security measures.
Some of the main threats to WiMAX security are summarised in the table below:
|Type of security attack||Description / details of the security attack|
|Man-in-the-middle||This form of WiMAX security issue occurs when a base station is set up to impersonate a base station in the network, either just to a subscriber, or a two way impersonation between the subscriber and the base station.|
|Privacy compromise||This type of security attack takes the form of the attacker capturing user and / or signalling traffic being conveyed over the wireless or the wired elements of the network. These packets can be analysed and information extracted at a later time.|
|Theft of service||This occurs if users without authorised access are able to access the network and utilise it without payment.|
|Denial of service (physical)||This is achieved by degrading the network performance by physically disrupting the physical elements of the network, e.g. by jamming the radio channels used.|
|Denial of service (protocol)||This form of denial of service involves overloading the network or system resources by introducing new traffic or modifying existing traffic. This happens when Internet websites are maliciously targeted by millions of requests to overload their resources.|
|Replay||This form of WiMAX security issue occurs if previously valid messages are injected into the system to exhaust resources or lock out valid users.|
Although these are broad descriptions for the major forms of WiMAX security issue, they all need to be addressed so that malicious attempts cannot succeed in disrupting he network, obtaining user information or data, or gaining unauthorised access to the network.
WiMAX security measures
The WiMAX standard includes several security protection measures to address and overcome the various WiMAX security threats that are posed to the system. These include mutual device / user authentication techniques, a flexible key management tool, traffic encryption, and control and management message protection.
There are several key protocols and standards that are used as part of the overall WiMAX security strategy:
- PKMv2: This is the Privacy Key Management Protocol version 2. This is used as a key management protocol for the encrypted and authorised exchange of crypto keys for multicast and broadcast traffic.
- EAP: This is the Internet Engineering Task Force, Extensible Authentication Protocol. This protocol is used for device and user authentication.
- EAS: This is the Advanced Encryption Standard. This is used for encrypting the over the air traffic.
During the operation of the system, the various WiMAX security measures are brought in to play at the various required stages.
- WiMAX security authentication: Authentication is the ability of the network to ensure that the subscriber and subscriber devices are legitimate users and devices to be connected to the network.
Network entry authorisation uses EAP because it provides a flexible and scalable framework for authentication of the user and devices.
- WiMAX security encryption: The EAS encryption is used for encrypting over the air traffic. The WiMAX security approach utilises uses Counter Mode with Cipher Block Chaining Message, CCM, authentication code. With AES CCM, the sender generates a unique value per packet and sends this value to the receiver. This prevents man-in-the-middle attacks because they would have difficulty in substituting the traffic. An additional measure introduces the use of Traffic Encryption State machine which uses a periodic key refresh mechanism to provide for the continued transition of keys.
WiMAX security is able to bring into play a number of security mechanisms to ensure a high level of security. Although no security measures can be deemed to be one hundred percent safe, the WiMAX security measures provide a very high level of security. Provided that the operator processes and procedures are also secure, the overall level of WiMAX security should be sufficiently high for most applications.
By Ian Poole
Share this page
Want more like this? Register for our newsletter