Sponsor:

1. Sponsor: Northwestern Lab for Internet and Security Technology (LIST)Prasad Narayana, Ruiming Chen, Yao Zhao, Coh Yoshizaki, Yan Chen, Judy Fu, Hai Zhou{p-narayana, rui-chen, jingo, c-yoshizaki, ychen, haizhou}@northwestern.edu, judy.fu@motorola.comhttp://list.cs.northwestern.edu/ 802.16 Vulnerability Analysis 1. 2. Motivation Related Work • High-speed Wireless Metropolitan Area Networks (MAN) poised to become the Next Big Thing in data networks • IEEE 802.16 technology, popularly called as Wimax, with enormous backing from the industry is set to lead the broadband wireless network space • Security, as always, is key for it’s functioning and growth • Security Analysis of the IEEE 802.16 protocol largely confined to manual analysis • Fast evolution of the protocol resulted in many incomplete (and, sometimes, even incorrect!) analysis • Logic-based comprehensive analysis missing from all previous work 3. Our Approach Manual Analysis and Verification TLA Modeling Logic-based Analysis and Verification 4. 5. Current Progress Future Work DoS during Initial Ranging: • Analyze the mobility aspect of the new standard 802.16e and classify processes based on vulnerability levels • Formally specify critical parts of the protocol and perform extensive TLC-based analysis of security properties • Focus on internetworking aspects of the new standard and study their security implications DL Subframe UL Subframe Initial Ranging slots Attacker fills all slots, denying all new SS a chance to complete ranging DoS during Authentication: