Wi-MAX (IEEE 802.16) SECURITY CONCERNS IN Presented By: Syed Ashar Zia Final Presentation ELET 6313 – NETWORK SECURITY DR. DRISS BENHADDOU
Wi-MAX (IEEE 802.16)SECURITY CONCERNS IN
Presented By:
Syed Ashar Zia
Final Presentation
ELET 6313 – NETWORK SECURITYDR. DRISS BENHADDOU
04/09/2023 BY: SYED ASHAR ZIA 2
Objective
What is WiMAX? Architecture of WiMAX MAC & PHY layers of WiMAX protocol Security Sub-Layer Security features of WiMAX Protocols used for authentication,
encapsulation and authorization. Vulnerabilities and solutions What challenges were faced due to mobility in
802.16e security structure.
04/09/2023 BY: SYED ASHAR ZIA 3
Wireless Network Standards
Wireless LAN
IEEE 802.11
Wireless Fidelity (Wi-
Fi)
Wireless PAN
IEEE 802.15
Bluetooth
Wireless MAN
IEEE 802.16
WiMAX(Worldwide
Interoperability for Microwave
Access)
Wireless WAN – Research
phase
IEEE 802.20
LTE(Long Term Evolution)
04/09/2023 BY: SYED ASHAR ZIA 4
WiMAX Promises
WiMAX
High Speed
Wide Area
Coverage
High Quality
High Capacity
04/09/2023 BY: SYED ASHAR ZIA 5
Introduction - WiMAX
IEEE 802.16 (2001) Air Interface for Fixed Broadband Wireless Access System MAC and PHY Specifications for
10 – 66 GHZ (Line-of-Sight) One PHY: Single Carrier Connection-oriented, TDM/TDMA MAC, QoS, Privacy
IEEE 802.16a (January 2003) Amendment to 802.16, MAC Modifications and Additional PHY Specifications for 2 – 11
GHz (Non-Line-of-Sight) One PHY: Single Carrier
IEEE 802.16d (July 2004) Combines both IEEE 802.16 and 802.16a Three PHYs: OFDM, OFDMA, Single Carrier Additional MAC functions: OFDM and OFDMA PHY support, Mesh topology support, ARQ
IEEE 802.16e (2005?) Amendment to 802.16-2004 MAC Modifications for limited mobility
04/09/2023 BY: SYED ASHAR ZIA 6
Use of WiMAX
Fig: WiMAX Accessibility (Adapted from www.mirentech.co.uk)
04/09/2023 BY: SYED ASHAR ZIA 7
WiMAX Architecture
Fig: WiMAX Network Architecture (Adapted from www.tutorialspoint.com)
04/09/2023 BY: SYED ASHAR ZIA 8
Security Requirements
The security requirements of any network is about providing the following services for data: Confidentiality Integrity Availability Non-Repudiation Access control
04/09/2023 BY: SYED ASHAR ZIA 9
MAC & PHY Layers
04/09/2023 BY: SYED ASHAR ZIA 10
Security Sub-Layer
Also known as Privacy sub-layer. Three main features of security are:
Authentication Authorization Traffic Encryption
Different techniques used for the above mentioned Authentication security feature are: Privacy & Key Management Protocols (PKM) Rivest-Shamir-Adleman (RSA) based authentication
04/09/2023 BY: SYED ASHAR ZIA 11
Security Sub-Layer (Contd.)
The techniques used for Authorization are: Security Associations (SA’s) are used to authorize user. Authorization include request for Authentication Key
and SA-Identity in exchange for subscriber’s certificate, encryption algorithm and cryptographic ID.
Traffic Encryption: All the traffic between subscriber-station (SS) and base-
station (BS) is encrypted with Traffic Encryption Key.
04/09/2023 BY: SYED ASHAR ZIA 12
WiMAX Security Architecture
WiMAX security architecture is based on three components which provide authentication, authorization and data encryption. Security Associations (SAs) Encapsulation Protocol Privacy & Key Management Protocols (PKM)
04/09/2023 BY: SYED ASHAR ZIA 13
SECURITY ASSOCIATIONS (SAs)
Provides a set of security information in order to make the link between SS and BS secure.
SA is formed to provide the authorization for the services to SS.
There are two types of SA categorized on the basis of the information they carry. One is used for authorization called Authorization SA. Another for data exchange called Data SA.
04/09/2023 BY: SYED ASHAR ZIA 14
SECURITY ASSOCIATIONS (SAs)
Components of Authorization SA are: SA-Descriptor: Defines the SA-type, SAID, and cryptographic suite. X.509 Certificate: SS’s Digital certificate serving its identity. Authorization Key (AK): Provided by BS and is used to generate
Key Encryption Keys (KEKs), calculation of HMAC-Digests at transmitting side, and HMAC-Digest verification at receiver’s end.
AK Sequence Number: Served for differentiating in successive AKs.
AK-Lifetime: Validity period of AK. Key Encryption Key (KEK): These are 128 bits long and are used
to encrypt Traffic Encryption Key (TEK) which is used to encrypt/decrypt the data traffic at both ends.
HMAC Digest: These are used for checking the integrity of data.
04/09/2023 BY: SYED ASHAR ZIA 15
SECURITY ASSOCIATIONS (SAs)
Components of Data SA SA-Identification (SAID) AK-Sequence Number TEK Parameters including:▪ TEK ▪ TEK lifetime ▪ 2-bit sequence number ▪ Initialization Vector (IV)▪ encryption algorithms ▪ HMAC-Digest.
04/09/2023 BY: SYED ASHAR ZIA 16
Encapsulation Protocol
Encapsulation protocol is used for the encryption of traffic between BS and SS.
There are cryptographic suites which are shared by the SS to inform BS about its capabilities to encrypt and decrypt.
Encryption and authentication algorithms used for ciphering the data traffic use the Traffic Encryption Key (TEK).
TEK is encrypted with Key-Encryption-Key (KEK). KEK is derived from the Authorization Key (AK)
04/09/2023 BY: SYED ASHAR ZIA 17
Privacy & Key Management Protocol
PKM Protocol is responsible for: Normal authorization process of the requesting
Subscriber Station (SS) Re-authorization Issuing the key materials Renewal of the keying materials
It follows two different protocols to complete the process of authentication & Authorization Authentication Protocol Key Exchange Protocol
04/09/2023 BY: SYED ASHAR ZIA 18
Security Mechanism
Security Mechanism is categorized in three phases: Phase I – SS Authorization Phase II – Exchange of Key Materials Phase III – Encryption of Data Stream
04/09/2023 BY: SYED ASHAR ZIA 19
Phase I: SS Authorization
Message 1: Cert (SS.Manufacturer)
Message 2: Cert (SS), Capabilities, BCID, SAID
Message 3: (AK)SS, Seq. No., Lifetime, SA-Descriptor
Cert: Certificate.BCID: Basic CID.SAID: Suites of SA.SA-Descriptor: Selected Suite
(AK)SS: Authorization Key encrypted with SS public key
Seq. No.: AK’s sequence number.Lifetime: Lifetime of AK
LEGEND:
BACK
04/09/2023 BY: SYED ASHAR ZIA 20
Phase II: Exchange of Key Material
Message 1: Seq. No., SAID, HMAC (1)
Message 2: Seq. No., SAID, HMAC (2)
Message 3: Seq. No., SAID, OldTEK, NewTEK, HMAC (3)
SAID : Suites of Security Associations.(AK)SS: Authorization Key encrypted
with SS public keySeq. No.: AK’s sequence number.
Lifetime: Lifetime of AKOldTEK: Current set of Key MaterialsNewTEK: Key Material to be used after expiration of Current Keys.HMAC(x): MD for the ‘x’ message
LEGEND:
BACK
04/09/2023 BY: SYED ASHAR ZIA 21
Phase III: Encryption of Data Streams
Data stream is encrypted with the TEK when travelling to or from BS.
The data stream can be encrypted using: DES (DES in CBC-Mode with 56 Bits) or AES (AES in CCM-Mode with 128 Bits).
TEK is shared during Key Exchange process and is encrypted using KEK. It can be encrypted using: 3 DES RSA AES
04/09/2023 BY: SYED ASHAR ZIA 22
Overall Process:
Figure: Communication Workflow (Adapted from ‘WiMAX Security Architecture’ by Evren Eren – 2008 IEEE CNF)
04/09/2023 BY: SYED ASHAR ZIA 23
Security Issues in different versions
In the first standard IEEE 802.16-2001, attacker had the following challenges: Physically present between the BS and SS LoS Link. Operate at higher frequencies of 10 to 66 GHz.
After first revision: Increased options for physical presence. Frequency ranges were reduced to 2 to 11GHz.
Adding Mobility in IEEE 802.16e: Physical presence doesn’t matter
04/09/2023 BY: SYED ASHAR ZIA 24
Threats at PHY layer
Wireless network uses radio, anyone with the proper receiving end equipment can intercept the signals in air.
Jamming and scrambling are two most common attacks at PHY layer.
Jamming is about reducing the channel capacity.
Scrambling is very identical to jamming, but it is about targeting particular timeslots or frames.
04/09/2023 BY: SYED ASHAR ZIA 25
Threats at Security Sub-Layer
The data traffic is secured using strong encryption algorithms like DES and AES.
The attacker will be keen to attack the link during authentication or key exchange process.
04/09/2023 BY: SYED ASHAR ZIA 26
Vulnerabilities at Authentication Protocol
Message 1 is just informative and doesn’t involve processing or acknowledgement.
Message 2: plaintext message, all the information is public. Replay attack possible at BS to exhaust its capabilities. Lacks message authentication.
Message 3: Replay and Man-in-the-middle attack possible Lacks message authentication.
Go to Authentication Protocol
04/09/2023 BY: SYED ASHAR ZIA 27
Proposed Authentication Protocol
Fig: Revised Authentication protocol (Suggested by Sen Xu in ‘Security Protocols in WMAN’ – 2008)
04/09/2023 BY: SYED ASHAR ZIA 28
Vulnerabilities at Key Exchange Protocol
Message 1 is optional, but insists replay attack. Message 2 and 3 lacks mutual authentication
which gives margin for man-in-the-middle attack and replay attack.
Attacker can act as a false BS for subscriber and issue self generated keys to take over communication
Attacker can act as false subscriber to request to renew the keys again n again.
Go to Key Exchange Protocol
04/09/2023 BY: SYED ASHAR ZIA 29
Proposed Key Exchange Protocol
Fig: Revised Key Exchange protocol (Suggested by Sen Xu in ‘Security Protocols in WMAN’ – 2008)
04/09/2023 BY: SYED ASHAR ZIA 30
IEEE 802.16e – Mobile WiMAX
The final revision of 802.16 standard is adding up the mobility feature.
SS is capable of travelling at 150 miles/hr and enjoy BWA without losing connectivity.
Mechanism added: Extensible Authentication Protocol (EAP) used
for authentication. Handover capabilities. Multicast & Broadcast services (MBS)
04/09/2023 BY: SYED ASHAR ZIA 31
EAP – Authentication
EAP is the secure most method for sharing keys. It follows 3-way handshake.
The 3-Way Handshake should provide the following security guarantees: Full mutual authentication. Message 2 indicates to the BS that the MS is alive and that the
MS possesses the AK. Message 3 indicates to the MS that the BS is alive. MS is guaranteed that SA is sent by the BS and is fresh (has
been sent by the BS after MS generated and sent Message2). Any TEKs distributed in this stage are secret.
04/09/2023 BY: SYED ASHAR ZIA 32
Security concerns in Mobile WiMAX
Some Management messages are not encrypted or even unauthenticated to keep it easy and simple. Some of them are: Traffic Indication Message – to wake up MS. Neighbor Advertisement Message – to tell MS about
neighboring BS for handover purpose. Power control message Ranging Request Message – when MS is trying to find
connection to BS. The information in these messages are not very critical
but they may be used in analysis while attacking.
04/09/2023 BY: SYED ASHAR ZIA 33
References
"Analysis of WiMAX Security: Vulnerabilities and Solutions“IEEE CNF - 2008
"WiMAX Security Architecture - Analysis and Assessment“IEEE CNF - Sept 2007
"Security Research on WiMAX with Neural Cryptography“IEEE CNF - 2008
"Security Issues in Mobile WiMAX (802.16e)“IEEE CNF - 2009
"Security Protocols in Wireless MAN“Ph.D. Thesis work - University of South Carolina, 2008
04/09/2023 BY: SYED ASHAR ZIA 34
THE END
Questions?
04/09/2023 BY: SYED ASHAR ZIA 35
THANK YOU