Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
110-115
ISSN: 2222-2510
2011 WAP journal. www.waprogramming.com
Yashi Amola
N. K. Singh
P. G. Department of Physics
V. K. S. University
Ara 802301, India
shadvksu@gmail.com
Department of Information
& Communication Technology
MIT, Manipal
yashi.amola@gmail.com
P. G. Department of Physics
V. K. S. University
Ara 802301, India
singh_nk_phy27@yahoo.com
Abstract: Wireless communication continues to make in-roads into many facets of our society and gradually
becomes more and more ubiquitous. While, in the past, wireless communication (as well as mobility) was largely
limited to first and last transmission hops, todays wireless networks are starting to offer purely wireless, often
mobile, and even opportunistically connected operation. The purpose of this paper is to examine threats to the
security of the WiMax and WiFi Network technology. And this paper provides proper guidelines for using secure
WiFi and WiMAX communication.
Keywords: WiMAX; WiFi; WLAN; Wireless Network; Security.
I.
INTRODUCTION
Wireless access techniques are continuously expanding their transmission bandwidth, coverage, and Quality of
Service (QoS) support in recent years. With the huge market success of Wireless Local Area Networks (WLANs) (IEEE
802.11), the new-generation wireless technique, WiMAX (IEEE 802.16) has now been standardized and deployed.
WiMAX stands for Worldwide Interoperability for Microwave Access. WiMAX technology enables ever-present
communication ofwireless broadband service for fixed and/or mobile users, and became a truth in 2006 when Korea
Telecom started the use of a 2.3 GHz version of mobile WiMAX service called WiBRO in the Seoul metropolitan area
to offer high performance communication for data and video over wireless communication. The WiMAX Forum is an
industry-led non-profit organization which has more than 570 member companies including service providers,
equipment vendors, chip vendors and content providers. Its primary mission is to ensure interoperability among IEEE
802.16 based .The air interface of WiMAX technology is based on the IEEE 802.16 standards. In particular, the current
Mobile WiMAX technology is mainly based on the IEEE 802.16e which specifies the Orthogonal Frequency Division
Multiple Access (OFDMA) air interface and provides support for mobility [1].
The network specifications of mobile WiMAX devices are include the end-to-end networking specifications and
network interoperability specifications. The Network Working Group (NWG) within the WiMAX Forum is responsible
for these network specifications, some of which involve Access Service Network (ASN) control and data plane
protocols, Connectivity Services Network (CSN), ASN profiles, mobility support, Authentication, Authorization and
Accounting (AAA) interworking with other technologies, and various services such as Location-Based Service (LBS),
Multicast and Broadcast Service (MCBCS) etc.
IEEE 802.11 WLAN, or WiFi, is possibly the most widely accepted broadband wireless networking technology,
providing the highest transmission rate among standard wireless networking technologies. Todays WiFi devices, based
on IEEE 802.11a and 802.11g, provide transmission rates up to 54 Mbps and new standard of IEEE 802.11n which
supports up to 600Mbps transmission rates. The transmission range of a typical WiFi device is up to 100m but its exact
transmission range varies. It depend upon the transmission power, surrounding environments, and others parameters.
The 802.11 devices operate in unlicensed bands at 2.4 and 5 GHz, where the exact available operate bands is varies
according to county.
II.
1. Threats in WiFi
If the Access Points (APs) are left unsecured, either to support free wireless access or because of lack of
technical expertise, then security can be compromised [2].
A guest should not be able to misuse the bandwidth to an extent that the host is unable to sufficiently access
the Internet. This could infect the network and the router itself.
110
Md. Alimul Haque, Yashi Amola, N. K. Singh, World Applied Programming, Vol (2), No (2), February 2012.
Wi-Fi waves may propagate outside the walls of the building thereby causing intrusion by someone who is
not authorized; the corporate network may also become susceptible to attacks.
2. Threats in WiMAX
Some of the attacks conducted at the various layers of WiMax are
2.1. Physical Layer Threats
2.1.1. Jamming
Jamming is the process of introducing a strong source of noise powerful enough to significantly
reduce the signal to noise ratio [3].
2.1.2. Scrambling
Scrambling is another form of jamming, but for short intervals and is used to disorder targeted
frames (mostly management messages) [4].
2.2. Mac Layer Threats
2.2.1. Eavesdropping
During basic and primary connection, MAC management messages are sent in plaintext and are not
properly authenticated which can be used by an attacker to launch an attack [5].
2.2.2. Masquerading threat
Identity theft occurs in which a fake device can use the hardware address of another registered
device by intercepting the management messages and launch an attack [5].
2.2.3. Denial of Service (DoS)
An attacker can force a BS to digest a large amount of handoffs and then launch a denial of service
attack [5].
In an 802.16 mesh network deployment routers or gateways that reside between base station and client are
susceptible to attacks in the application layer [5].
2.3. Network Layer Threats
2.3.1. Blackhole Attack
An attacker creates fake packets to target a valid node. A low cost route is advertized by the attacker.
Subsequently the packets forwarded to it are dropped [5] as shown in Fig.5.
S - Source
N1-Node1
N2 - Node2
BH - Blackhole
D Destination
111
Md. Alimul Haque, Yashi Amola, N. K. Singh, World Applied Programming, Vol (2), No (2), February 2012.
The attacks may be present as there is a adhoc feature in the current WiMax technology ( eventhough this is
not the case during its initial plan - a direct transmission from sender to base station).
2.4
Application Layer Threats
When routers or gateways act as intermediaries between client and base station, there is an increased potential
of security vulnerabilities, as the intermediary routers that reside between base station and client are presentable and
susceptible to attacks [5].
III.
We concluded from the WiFi and WiMAX threat analysis, that WiMAX implements stronger security
mechanisms and succeeds to block most of the threats in a wireless network. Nevertheless some weaknesses still exist
in WiMAX as well; in the following, we will try to identify the recommendations for WiFi and WiMAX, on how
specific mechanisms should be used, how specific security options shall be set and if new security mechanisms,
additional to the ones available with WiFi and WiMAX, are needed in order for the network will operate more
securely and robustly.
1. GUIDELINES FOR WIFI NETWORKS
1.1. WEP Security
Threat analysis showed how insufficient is WEP security. The possibilities to enhance security are limited,
and if WEP is the only available solution the only thing that can be done to enhance security is the constant key
renewal is short periods of time (i.e., each day).
1.2. WPA Security
In case where WPA can implement the AES-CCMP encryption-integrity security scheme, it is important to
be the selected choice in order to provide secure confidentiality and integrity of the transmitted information. With MIC
(Michael) and the TSC operation, WPA succeeds to protect the integrity of MSDUs and the replay attack threat. User
authentication is well secured if the 802.1X authentication is to be used.
1.3. WPA2
As we know that, the implementation of the 802.11i protocol in WPA2 defines the Robust Security Network
Association era where WiFi networks can be considered very safe. The confidentiality is totally guaranteed with AES
encryption, while integrity is likewise secured with the CCMP implementation of the AES-CCMP scheme, where
besides the MPDU, some additional authentication data (AAD) are protected as well. As mentioned with WPA, the
802.1X authentication ensures secured authentication procedure.
Nevertheless, as described in threat analysis, 802.1X can face a serious threat that could lead to a userauthentication breaching, and to a DoS attack with the transmission of a De_Auth message (Deauthentication attack).
This attack appears in each WiFi security scheme and the reason is the lack of authentication in the De_Auth
message[6].
Therefore in order to prevent this threat, a modification in the WPA and the WPA security operation can be
implemented when the 802.1X authentication is used. With 801.X and the EAPOL operation, both parties-Station and
AP, possess the 128 bit EAPOL Key Confirmation Key (KCK). This key is used for data origin authenticity and it can
be used in the De_Auth message authentication in order to determine that the message not only left from the AP with
the specific MAC address that could be changed as shown before, but it must have a legitimate digest produced with
the KCK key from the authentic AP, and only the Station can confirm it.
2. GUIDELINES FOR WIMAX NETWORKS
2.1. General Guidelines
WiMAX has already shown some cryptographic vulnerabilities; some of them can be fixed if the following
issues and specific cipher suites are followed.
Random Number Generation
A random AK and TEK generation with the usage of a uniform probability distribution without any
bias is needed. Such a generator must be explicitly defined by the implementation [7]. Additionally, the
112
Md. Alimul Haque, Yashi Amola, N. K. Singh, World Applied Programming, Vol (2), No (2), February 2012.
random number could be a concatenation of two random numbers created from the BS and the SS
respectively. This would prevent any possible bias if the random generation is done only by the BS.
113
Md. Alimul Haque, Yashi Amola, N. K. Singh, World Applied Programming, Vol (2), No (2), February 2012.
The second system profile, the 802.16e includes all the security schemes that are implemented in the
802.16-2004 standard profile. Therefore, all the security enhancements discussed in the previous section
should also be considered with the 802.16e profile in the case where PKM v.1 is to be used[8].
The 802.16e has stronger and more efficient security mechanisms and thereby the PKM v.2 protocol
should be used wherever possible. In this case the security planning guidelines are the following.
RSA along with EAP
Authentication provides strong security with mutual authentication. The EAP scheme is not defined
within the standard but the EAP-TLS or EAP-SIM should be implemented. It is recommended that even if the
authentication procedure demands extra computational cost and time, it must be used because it ensures safe
authentication[8].
Data Traffic Confidentiality
The AES-CCM or the AES-CBC mode with 128-bit TEK provides strong encryption. Additionally,
CCM or CBC provides secure data integrity[9].
TEK Confidentiality
The AES Key Wrap is preferable because it is specifically designed to encrypt key data, and the
algorithm accepts both the cipher text and the ICV. If it cannot be implemented, either 3DES or preferably
AES-ECB mode will provide secured TEKs[10,11].
Message Authentication
The hash AES-CMAC value is the strongest integrity mechanism because except the management
message, it is calculated over additional fields like the 64-bit AKID, the 32-bit CMAC PN counter, and the
16-bit connection ID. Thereby it is the preferable solution for secure message authentication. Of course
HMAC can be selected if AES-CMAC cannot be implemented[12].
Additional modifications in PKM v.2 are suggested in the following areas.
(i)Although RSA in PKM v.2 implements nonce for the second and the third message, as described in the section on
WiMAX threat analysis, the second message remains exposed to replay attacks. Time-stamping must be used instead
of nonce in order to ensure replay attack protection. In additionally, RSA signatures in authentication messages should
be added to prevent message modifications[13,14].
(ii)All management messages should be authenticated.
Also, it is clear that the standard misses to define as secure seamless hand-off mechanism. In the following
we describe such a mechanism which if implemented will enhance the security of mobility processes.
IV.
CONCLUSION
The main target of this work is to analyze and compare the WiFi and WiMAX wireless network security. In this
paper our main focus on the threat analysis and guidelines for secure WiFi and WiMAX network communication. In WiFi an
important number of threats can create serious problems, where in WiMAX most of these threats are prevented. The reason
is the enhanced security mechanisms of WiMAX, along with the operational characteristics of MAC layer. Of course, some
threats are still exist, especially in 802.16-2004 standard. In addition to the already defined possible threats, in this work we
indicated a weak point in the 802.16 authentication procedure with the message modification attack in the third message sent
from the BS and we propose the implementation of the 802.16e authentication mechanism in the guidelines to fix it. The
highest level of security is met in the 802.16e standard, where most of the 802.16-2004 standard security issues are fixed,
and simultaneously, supports the mobility feature which is very important in the contemporary way of life. The guidelines in
this paper will certainly help to avoid threats during the use of WiMAX and WiFi technologies.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
Yan Zhang, Wimax network planning and optimization, CRC press, Taylor & Francis Group, NY,2009.
A. Yarali, B. Mbula, and A. Tumula, WiMAX: A key to bridging the digital divide, Proceedings of IEEE Southeast Conf. , Richmond,
VA,2007.
V.Abel, R.Rambally, An Analysis of WiMax Security Vulnerabilities, International conference on wireless networks and embedded
systems WECON, 2009.
N.Sastry, J. Crowcroft, K. Sollins, Architecting Citywide Ubiquitous Wi-Fi Access.
Panagiotis Trimintzios1 and George Georgiou2, Journal of Computer Systems, Networks, and Communications Volume 2010 (2010),
Article ID 423281, 28 pages, doi:10.1155/2010/423281
L.M.S.C. of the IEEE Computer Society, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications:
Higher-Speed Physical Layer Extension in the 2.4 GHz Band, ANSI/IEEE Standard 802.11-1999TM.
114
Md. Alimul Haque, Yashi Amola, N. K. Singh, World Applied Programming, Vol (2), No (2), February 2012.
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
D.Johnston and J.Walker, Overview of IEEE 802.16 Security, IEEE Security and Privacy, vol.2, no.3,
pp.40-48,2004.
Panagiotis Trimintios and George Georgiou, WiFi and WiMAX Secure Deployments, Journal of Computer
Networks and
Communications, vol. 2010(2010).
Md. Alimul Haque, Yashi Amola and N.K.Singh, Performance of WiMAX over WiFi with reliable QoS over wireless communication
network, World Applied Programming, Vol(1), No(5), pp322-329,December 2011.
L.M.S.C. of the IEEE Computer Society, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications,
Amendment 6: Medium Access Control (MAC) Security Enhancements. IEEE Standard 802.11gTM-2003.
L.M.S.C. of the IEEE Computer Society, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications,
Amendment 6: Medium Access Control (MAC) Security Enhancements. IEEE Standard 802.11iTM-2004.
L.M.S.C. of the IEEE Computer Society, Air Interface for Fixed Broadband Access Systems, IEEE Standard 802.16TM-2004.
L.M.S.C. of the IEEE Computer Society, Air Interface for Fixed Broadband Access Systems. Amendment 2: Physical and Medium Access
Control Layers for Combined Fixed and Mobile Operation in Licensed Bands and Corrigendum 1, IEEE Standard 802.16eTM-2005 and
IEEE Standard 802.16TM-2004/Cor1-2005.
WiMAX Forum, Fixed, nomadic, portable and mobile applications for 802.16-2004 and 802.16e WiMAX networks, 2005.
AUTHORS
Md. Alimul Haque obtained the MCA degree from I. A. S. E. University , Rajasthan, India in 2009. He just started
his research carrier as a Research Scholar at V.K.S. University, Ara on Wireless Communication Networks. His recent
research interest include Wireless Network, Nanosensor, Security in Data Communication, WiMAX, WiFi, Bluetooth
and Broadband Networks
Yashi Amola is doing (B.E.) Bachelor of Engineering from MIT, Manipal, India. Her interest includes Information
Technology and Wireless Communication.
Dr.N.K.Singh obtained the Ph.D. degree in 1984 from Patna University. He is Professor and Head University
Department of Physics, V.K.S.University, Ara. In span of 27 years of his research career, he has remained engaged in
the preparation of fine ceramics, ferroelectric piezoelectric and non Lead based materials. Presently, he is Principal
Investigator of Major Research Project sponsored by DRDO, New Delhi and is engaged in synthesis and
characterization of Lead free ferroelectric-piezoelectric systems for sensor applications.
115