1 / 31

MOBILE WiMAX SECURITY

MOBILE WiMAX SECURITY. Student Name: Claudia Cardenas Student ID: 41416538 Supervisor Number: Rajan Shankaran. Contents. 1. Introduction. 2. Mobile WiMAX. 3. Security Threats. 4. Security in Mobile WiMAX. 5. Vulnerabilities Assessment. 6. Conclusion. Introduction. Customers’ Demands

omar
Download Presentation

MOBILE WiMAX SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MOBILE WiMAX SECURITY Student Name: Claudia Cardenas Student ID: 41416538 Supervisor Number: Rajan Shankaran

  2. Contents 1. Introduction 2. Mobile WiMAX 3. Security Threats 4. Security in Mobile WiMAX 5. Vulnerabilities Assessment 6. Conclusion ITEC 810

  3. Introduction • Customers’ Demands Greater e-commerce usage High speed. Mobility Lower costs Mobile Internet ITEC 810

  4. Eavesdropping Unauthorised modification of messages A C Vulnerabilities Masquerading: Unauthorised access D E Key Problems ITEC 810

  5. Goals ITEC 810

  6. Contents 1. Introduction 2. Mobile WiMAX 3. Security Threats 4. Security in Mobile WiMAX 5. Vulnerabilities Assessment 6. Conclusion ITEC 810

  7. Mobile WiMAX • Flexibility ITEC 810

  8. Mobille WiMAX Architecture ITEC 810

  9. Access Service Network • Base Station • Connection with the mobile subscriber • Maintain the connection. • Maintain the Status. • Traffic Scheduling • The Access Service Network Gateway (ASN-GW) • Collecting and forwarding the traffic. • AAA functionality • QoS Management ITEC 810

  10. Mobile WiMAX Network Architecture • Different kind of users. • Different deployments. • Ability to grow. • Internetworking. • QoS for each service and connection. • IP and non-IP network are integrated ITEC 810

  11. Protocol Layers ITEC 810

  12. Contents 1. Introduction 3. Security Threats 4. Security in Mobile WiMAX 5. Vulnerabilities Assessment 6. Conclusion ITEC 810

  13. Threats Threats to PHY Layer Threats to MAC Layer Security Threats ITEC 810

  14. Threats to PHY Layer • Jamming Attack • Scrambling Attack • Water Torture Attack ITEC 810

  15. Threats to MAC Layer • Threats to Mac Management message in Initial Network Entry • Threats to Access Network Security • Threats to Authentication ITEC 810

  16. Contents 1. Introduction 3. Security Threats 4. Security in Mobile WiMAX 5. Vulnerabilities Assessment 6. Conclusion ITEC 810

  17. Security in Mobile WiMAX ITEC 810

  18. Encryption Overview • It is only applied to the payload. • It is not applied to the MAC management messages. • SS’s encryption capabilities are negotiated during registration process. • BS determines the encryption method to be used. ITEC 810

  19. Authentication Overview ITEC 810

  20. Authorization ITEC 810

  21. Contents 1. Introduction 3. Security Threats 5. Vulnerabilities Assessment 6. Conclusion ITEC 810

  22. Vulnerabilities Assessment • Lack of mutual authentication. • It could be the cause of impersonation. • This vulnerability is mitigated IEEE 802.16e by including the mutual authentication ITEC 810

  23. Weak encryption algorithms. • It could lead an integrity and confidentiality problem. • IEEE 802.16e not only supports DES-CBC, but also, several modes of AES that make the encrypting communications more secure ITEC 810

  24. Interjection of reused TEKs. • This characteristic makes easier perform a replay attack. • Valuable information and the traffic encryption key could be disclosed to unauthorized parties • IEEE802.16e introduces AES-CCM. • It offers per packet randomization. • Each data packed include its own unique packet number ITEC 810

  25. Unencrypted management messages • These messages are not encrypted, so they are susceptible to eavesdropping attacks. • IEEE 802.16e-2005 offers integrity protection for specific unicast management messages • However this digest is not appended to initial network entry management messages ITEC 810

  26. Other Results • Three way TEK exchange and the authorization process. • No one vulnerability was found [Datta,2005]. • The key management protocol was analysed by Yaksel and once again this software could not find any security hole. • The Multi-Broadcast Service (MBS) • The protocol is secure on its own. (Kao,2006) ITEC 810

  27. Initial Network Entry ITEC 810

  28. Proposed Solution • SS → KMC: [SS, nonce1]Kss • KMC → SS: [Ks]Kss, [Ks]Kbs, nonce1, H([Ks]Kss, [Ks]Kbs, nonce1) • SS → BS: [Ks]Kbs, nonce2,H([Ks]Kbs, nonce2) • BS → SS : [rand2]Ks • SS → BS : [rand2-1]Ks ITEC 810

  29. Contents 1. Introduction 3. Security Threats 6. Conclusion ITEC 810

  30. Conclusion • The best aspirant technologies to serve the broadband demands on wireless access. • In terms of the PHY layer most of these attacks can be counteracted by using different signals and proper configuration of the protocol. • Some of MAC flaws have been fixed by the enhanced security of IEEE 802.16e but not all of them. • The lack of encryption of MAC management messages that can affect the initial network entry process. • A solution based on the key session and the key management centre was proposed. • Further studies and simulations should be done in order to assess the different solutions offered. ITEC 810

  31. Thank You ! ITEC 810

More Related