Cardenas_Claudia_WorkShopSlides
Download
Report
Transcript Cardenas_Claudia_WorkShopSlides
MOBILE WiMAX SECURITY
Student Name: Claudia Cardenas
Student ID: 41416538
Supervisor Number: Rajan Shankaran
Contents
1. Introduction
2. Mobile WiMAX
3. Security Threats
4. Security in Mobile WiMAX
5. Vulnerabilities Assessment
6. Conclusion
2
ITEC 810
Introduction
Customers’ Demands
Greater e-commerce usage
High speed.
Mobility
Lower costs
Mobile Internet
3
ITEC 810
Key Problems
Eavesdropping
C
A
Vulnerabilities
Masquerading:
D
E
4
Unauthorised
modification of
messages
Unauthorised
access
ITEC 810
Goals
Understanding of Mobile WiMAX architecture
Highlighting vulnerabilities in Mobile WiMAX
Proposing some recommendations
5
ITEC 810
Contents
1. Introduction
2. Mobile WiMAX
3. Security Threats
4. Security in Mobile WiMAX
5. Vulnerabilities Assessment
6. Conclusion
6
ITEC 810
Mobile WiMAX
Flexibility
Interoperability
• High Throughput
High Bandwidth
• Flexibility
Wide Area Mobility
• Quality of Service (QoS)
7
ITEC 810
Mobille WiMAX Architecture
User Terminal
Devices.
Access Service
Network (ASN)
8
Core Service
Network (CSN)
ITEC 810
Access Service Network
Base Station
Connection with the mobile subscriber
Maintain the connection.
Maintain the Status.
Traffic Scheduling
The Access Service Network
Gateway (ASN-GW)
Collecting and forwarding the traffic.
AAA functionality
QoS Management
9
ITEC 810
Mobile WiMAX Network Architecture
Different kind of users.
Different deployments.
Ability to grow.
Internetworking.
10
QoS for each service
and connection.
IP and non-IP network
are integrated
ITEC 810
Protocol Layers
11
ITEC 810
Contents
1. Introduction
3. Security Threats
4. Security in Mobile WiMAX
5. Vulnerabilities Assessment
6. Conclusion
12
ITEC 810
Security Threats
Threats
Threats to PHY
Layer
Threats to
MAC Layer
13
ITEC 810
Threats to PHY Layer
Jamming Attack
Scrambling Attack
Water Torture Attack
14
ITEC 810
Threats to MAC Layer
Threats to Mac Management message in Initial
Network Entry
Threats to Access Network Security
Threats to Authentication
15
ITEC 810
Contents
1. Introduction
3. Security Threats
4. Security in Mobile WiMAX
5. Vulnerabilities Assessment
6. Conclusion
16
ITEC 810
Security in Mobile WiMAX
17
ITEC 810
Encryption Overview
It is only applied to the payload.
It is not applied to the MAC management messages.
SS’s encryption capabilities are negotiated during
registration process.
BS determines the encryption method to be used.
Encryption Mode
Reference
DES in CBC mode
DES algorithm [FIPS 46-3, FIPS 74, FIPS81]
AES in CCM mode
AES algorithm [NIST Special Publication 800-38C, FIPS-197]
AES in CTR mode
AES algorithm [NIST Special Publication 800-38A, FIPS 197, RFC 3686]
AES in CBC mode
AES algorithm [NIST Special Publication 800-38A, FIPS 197, RFC 3686]
18
ITEC 810
Authentication Overview
19
ITEC 810
Authorization
20
ITEC 810
Contents
1. Introduction
3. Security Threats
5. Vulnerabilities Assessment
6. Conclusion
21
ITEC 810
Vulnerabilities Assessment
Lack of mutual authentication.
It could be the cause of impersonation.
This vulnerability is mitigated IEEE 802.16e by
including the mutual authentication
22
ITEC 810
Weak encryption algorithms.
It could lead an integrity and confidentiality
problem.
IEEE 802.16e not only supports DES-CBC, but
also, several modes of AES that make the
encrypting communications more secure
23
ITEC 810
Interjection of reused TEKs.
This characteristic makes easier perform a
replay attack.
Valuable information and the traffic encryption
key could be disclosed to unauthorized parties
IEEE802.16e introduces AES-CCM.
It offers per packet randomization.
Each data packed include its own unique
packet number
24
ITEC 810
Unencrypted management
messages
These messages are not encrypted, so they
are susceptible to eavesdropping attacks.
IEEE 802.16e-2005 offers integrity protection
for specific unicast management messages
However this digest is not appended to initial
network entry management messages
25
ITEC 810
Other Results
Three way TEK exchange and the authorization
process.
No one vulnerability was found [Datta,2005].
The key management protocol was analysed
by Yaksel and once again this software could
not find any security hole.
The Multi-Broadcast Service (MBS)
The protocol is secure on its own. (Kao,2006)
26
ITEC 810
Initial Network Entry
27
ITEC 810
Proposed Solution
SS → KMC: [SS, nonce1]Kss
KMC → SS: [Ks]Kss, [Ks]Kbs, nonce1, H([Ks]Kss,
[Ks]Kbs, nonce1)
SS → BS: [Ks]Kbs, nonce2,H([Ks]Kbs, nonce2)
BS → SS : [rand2]Ks
SS → BS : [rand2-1]Ks
28
ITEC 810
Contents
1. Introduction
3. Security Threats
6. Conclusion
29
ITEC 810
Conclusion
The best aspirant technologies to serve the broadband
demands on wireless access.
In terms of the PHY layer most of these attacks can be
counteracted by using different signals and proper
configuration of the protocol.
Some of MAC flaws have been fixed by the enhanced
security of IEEE 802.16e but not all of them.
The lack of encryption of MAC management messages
that can affect the initial network entry process.
A solution based on the key session and the key
management centre was proposed.
Further studies and simulations should be done in order
to assess the different solutions offered.
30
ITEC 810
Thank You !
31
ITEC 810