OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL Zachariah Pabi GARIBA MPhil Telecommunication Engineering 1 Graduate Student Member IEEE Email: zpgariba.coe @st.knust.edu KNUST
May 18, 2015
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
Zachariah Pabi GARIBA
MPhil Telecommunication Engineering 1
Graduate Student Member IEEE
Email: zpgariba.coe @st.knust.edu
KNUST
KNUST
PRESENTATION OUTLINE
IntroductionResearch ObjectivesWiMAX authentication protocolConclusionsReferences
KNUST
Mobile computingDefined as having access to computing resources from anywhere; one's ability to use computing technology whilst moving.
Since this system is design provides open access across vast networked environments, security issue becomes a difficult task as the mobile devices cannot be tracked down to a single location.
The vital goal of security solutions for mobile networks is to provide services such as authentication, confidentiality, integrity, anonymity and availability to mobile users.
security can be implemented in any of the OSI seven layers.
KNUST
Components of good security
Confidentiality: The non-occurrence of the unauthorized disclosure of information. No one except the sender and the receiver should have access to the information being exchanged.
Integrity: The non-occurrence of the unauthorized manipulation of information. No one except the sender and the receiver should be able to modify the information being exchanged.Authentication: The receiver’s ability to ascertain the origin of a message. An intruder should not be able to masquerade as someone else.Nonrepudiation: The receiver’s ability to prove that the sender did in fact send a given message. The sender should not be able to falsely deny later that he sent a message.
Service Reliability: The ability to protect the communication session against denial of service attacks.
KNUST
Component methods
Confidentiality: encryptionIntegrity: Message hash calculation
Authentication: Digital signature or challenge response schemesNonrepudiation: Time stamping
TUESDAY: 9TH FEBRUARY, 2010
KNUST
INTRODUCTION
TUESDAY: 9TH FEBRUARY, 2010
Table 1: Security system requirement
KNUST
INTRODUCTION
Mobile computing devices
Laptop computers Personal Digital Assistants (PDAs) and handheld PCs PagersSmart phones and mobile phonesTask devices; bar code scan
TUESDAY: 9TH FEBRUARY, 2010
KNUST
INTRODUCTION
Security componentsSecurity within networksSecurity for the devices
Supporting mobile computing networksTraditional wireless systemsWireless LANWireless Ad Hoc systems
TUESDAY: 9TH FEBRUARY, 2010
KNUST
INTRODUCTION
TUESDAY: 9TH FEBRUARY, 2010
Table 1: Security system requirement
KNUST
INTRODUCTION
WiMAX
The IEEE 802.16 protocol is also called WiMAX, which stands for worldwide interoperability of microwave access. It was first planned to offer the last mile for Wireless Metropolitan Area Network (WMAN) with the line of sight (LOS) of 30 – 50 km.
The original IEEE 802.16 standard covers line-of-sight connections in the 10–66GHz range, supporting speeds up to 280 Mbps over distances up to 50km (30 mi.). IEEE 802.16a covers non-line-of-sight connections in the 2–11GHz range, supporting speeds up to 75 Mbps over distances of 5–8km (3–5 mi.). IEEE 802.16a also adds features for mesh networks, while the 802.16e standard adds support for mobility.
TUESDAY: 9TH FEBRUARY, 2010
KNUST TUESDAY: 9TH FEBRUARY, 2010
Table 2 IEEE 802.16 standard evolution
KNUST
RESEARCH OBJECTIVES
To thoroughly review the authentication aspects of IEEE 802.16 standardTo underscore the security vulnerabilities and threats associated with WiMAX authentication.
KNUST
RESEARCH METHODS
The research approaches will include qualitative and quantitative research methods, and computer simulation.
Present published security issues of IEEE 802.16 protocol in journals and conferences shall be review and the further readings for proposed security improvement.
KNUST
IEEE 802.16 SECURITY PROTOCOL
Transmission convergence sublayer
QPSK 16QAM 64QAM 256QAM
Security sublayer (PS)
Common part sublayer (CPS)
Convergence sublayer (CS)
Link layer control (LLC)
PHY Layer (L1)
MAC (L2)
Fig. 1: IEEE 802.16 protocol stack
KNUST
IEEE 802.16 SECURITY PROTOCOL
The protocol architecture
The security sublayer has two protocols as follows;An encapsulation protocol for securing packet data across the BWA network.A key management protocol (PKM) providing the secure distribution of keying data from the BS to the SS.
KNUST
Fig. 2: WiMAX security sublayer
KNUST
IEEE 802.16 SECURITY PROTOCOL
Privacy and key management (PKM)
SS uses PKM to obtain authentication and traffic keying from BS
PKM has two categoriesSS authorization and AK exchangeTEK exchange
KNUST
IEEE 802.16 SECURITY PROTOCOL
Key management protocolThe PKM protocol allows for both mutual authentication and unilateral authentication. It also supports periodic reauthentication/reauthorization and key refresh.
The key management protocol uses either EAP or X.509 digital certificates together with RSA public-key encryption algorithm.
There are two Key Management Protocols supported in this standard: PKM version 1 and PKMv2 with more enhanced features such as new key hierarchy, AES-CMAC, AES key wraps, and MBS.
KNUST
IEEE 802.16 SECURITY PROTOCOL
Authentication
Hash Message Authentication Code (HMAC)X.509 certificate
Manufacture certificateSubscriber certificateBase station certificate
Extensible Authentication Protocol (EAP)
IEEE 802.16-2004
KNUST
IEEE 802.16 SECURITY PROTOCOL
Authentication protocols
PKM supports two distinct authentication protocol mechanisms:RSA protocolExtensible Authentication Protocol (optional)
An SS uses the PKM protocol to obtain authorization and traffic keying material from the BS, and to support periodic reauthorization and key refresh.
KNUST
IEEE 802.16 SECURITY PROTOCOL
PKM RSA authentication
The PKM RSA authentication protocol uses X.509 digital certificates the RSA public key encryption algorithm that binds public RSA encryption keys to MAC addresses of SSs.
All RSA authentication have factory-installed RSA private/public key pairs or provide an internal algorithm to generate such key pairs dynamically.
KNUST
IEEE 802.16 SECURITY PROTOCOL
PKM EAP authentication
PKM EAP Authentication uses Extensible Authentication Protocol in conjunction with an operator-selected EAP Method (e.g. EAP-TLS).
The EAP method uses credentials such as an X.509 certificate in the case of EAP-TLS or a Subscriber Identity Module in the case of EAP-SIM.
KNUST
IEEE 802.16 SECURITY PROTOCOL
KNUST
IEEE 802.16 SECURITY
PKM v1
SS authorization and AK exchange overview: SS authorization, controlled by the Authorization state machine, is the process of the BS authenticating a client SS’s identityAuthorization via RSA authentication protocol: SS begins authorization by sending an Authentication Information message to its BS. The Authentication Information message contains the SS manufacturer’s X.509 certificate.
KNUST
IEEE 802.16 SECURITY PROTOCOL
PKMv2
I.The PKMv2 key hierarchy defines what keys are present in the system and how the keys are generated. Since there are two authentication schemes, RSA and EAP, there are two primary sources of keying material.II.The RSA-based authorization process yields the pre-Primary AK (pre-PAK) and the EAP based authentication process yields the MSK.III.All PKMv2 key derivations are based on the Dot16KDF algorithm: The Dot16KDF algorithm is a counter mode encryption (CTR) construction that may be used to derive an arbitrary amount of secret key from source keying material.
KNUST
IEEE 802.16 SECURITY PROTOCOL
Digital signatures
Manufacture certificatesSS certificateBS certificate
KNUST
IEEE 802.16 SECURITY PROTOCOL
Cryptographic methods In PKMv2, SAs using a cipher suite employing DES-CBC, the TEK in the Key Reply is triple DES (3-DES) encrypted, using a two-key, 3-DES KEK derived from the AK.
The lifetimes of the two generations overlap such that each generation becomes active halfway through the life of it predecessor and expires halfway through the life of its successor.
KNUST
Fig. 4: WiMAX security procedure
KNUST
IEEE 802.16 SECURITY PROTOCOL
Fig. 6: WiMAX overview
KNUST
IEEE 802.16 SECURITY PROTOCOL
Threats and vulnerabilities
Threats in the IEEE 802.16 standards have been grouped into two;
Physical layer threats and vulnerabilitiesMAC layer threats and vulnerabilities
KNUST
IEEE 802.16 SECURITY PROTOCOL
Physical layer threats
Jamming and scrambling attacksWater torture attackReplay attacks in IEEE 802.16e mesh modes
KNUST
IEEE 802.16 SECURITY PROTOCOL
ThreatsMAC management messages are sent in plain-text and not cipher-text.X.509 digital certificate; it uses RSA encryption with SHA-1 hashing.Downgrade attack is possible on the initial TEK authentication. The security capabilities are sent by SS to BS over an insecure connection, before negotiating the encryption keys, these include the kind of crypto functions to be used to cipher the data packets.In IEEE 802.16e SS can authenticate with BS with the new PKMv2 RSA authentication with its public key. Public key encryption and signature is a computationally heavy operation, so if flooded with false requests, the BS may be victim of a denial of service attack, using all its resources to evaluate digital signatures.
KNUST
CONCLUSIONS
In mesh mode, an insider attacker can fool other nodes of the mesh to create man in the middle attacks, invade their privacy.There has been PKMv2 in the amended 2004 version which uses more enhanced features such as new key hierarchy, AES-CMAC, AES-key-wraps, and MBS.There is of BS X.509 digital certificate in IEEE 802.16eThe standard security mechanism does not handle layer 1 security.Potential security flaws also exist in IEEE 802.16e, especially the flaw existing in subscriber handover procedure.IEEE 802.16 supports mesh modeThere has been little research on layer 1 security issues for IEEE 802.16/WiMAX.
KNUST
REFERENCES[1] Ahson, S. and Ilyas, M. (2008), WiMAX Standards and Security, CRC Press, Boca Raton, pp. 19-55, 197-243.[2] IEEE (2009), IEEE Standard for Local and metropolitan area networks: Air Interface for Broadband Wireless Access Systems (IEEE Std 802.16™-2009), IEEE, New York, pp. 558-565.[3] Menezes, A. Oorschot, P. V. and Vanstone, S. (1997), Handbook of Applied Cryptography, CRC Press, Boca Raton, pp. 1-42.[4] Di, P. et al. (2007), 'Overview and Analysis of IEEE 802.16e Security'.[5] Xu, S. and Huang, C.-T. (2008), 'Attacks on PKM Protocols of IEEE 802.16 and Its Later Versions'.[6] Deininger, A. et al. (2007), 'Security Vulnerabilities and Solutions in Mobile WiMAX', IJCSNS International Journal of Computer Science and Network Security, vol. 7, no. 11, pp. 7-17.[7] Xu, S. Matthews, M. and Huang, C. (2006), 'Security Issues in Privacy and Key Management Protocols of IEEE 802.16', http://www.cse.sc.edu/~huangct/acmse06cr.pdf, [30th August 2009 at 00: 57].[8] Barbeau, M. (2008), 'WiMAX/802.16 Security in Mesh Mode', pp. 1-11.[9] Maccari, L. Paoli, M. and Fantacci, R. (2007), 'Security analysis of IEEE 802.16', ICC 2007.
KNUST
THE END