This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The Worldwide Interoperability for Microwave Access is an emerging standard that offers broadband wireless access with high bandwidths and transmission rates. However, like all other wireless networks, WiMAX is vulnerable to network attacks that compromise the radio links between the communicating Subscriber Station (SS) and the serving Base Station (BS)  . With the integration of mobility in the 802.16e-2005 Mobile WiMAX standard , complexities in ensuring secure access to this network are introduced. Mobile
WiMAX employs the Privacy and Key Management protocol version 2 (PKMv2) that supports robust mutual authentication mechanisms, the Advanced Encryption Standard (AES) and message confidentiality by of use Hashbased Message Authentication Code (HMAC) or Cipherbased MAC (CMAC).
Unfortunately, even with its enhanced security measures, Mobile WiMAX is still considered vulnerable to network attacks. One such threat is the MITM attack that targets the unencrypted management messages at the Initial Network Entry point be it in Fixed WiMAX (802.16d-2004) or Mobile WiMAX. Communication, in this case, the Initial Network Entry procedure, creates detailed profiles of the victim Subscriber Station (SS) inclusive of its security settings and associations with the serving Base station (BS), imitates the legitimate station and then modifies the management messages exposing the network to other destructive attacks like replay attacks, masquerade attacks and denial-of-service (DoS) attacks.
The MITM attack fools legitimate stations participating in a communication process into operating as if they are still communicating with each other while disrupting the efficient functioning of the network . Protection keys, like AK (Authorization Key), TEK (Traffic Encryption Key), KEK (Key Encryption Key) or HMAC (Message Authentication Key), which are used in security sub layer, provide a better security for WiMAX technology. But security risks, threats or vulnerabilities are still available for WiMAX technology. DH protocol algorithm is a tool that ensures that mutual authentication takes place. This protocol shall be implemented in a Wimax network to save SS from a rogue BS.
With the deployment of wireless communication in recent years, security issues in wireless networks also become a growing concern. Privacy or confidentiality is fundamental for secure communication, which provides resistance to interception and eavesdropping. Message authentication provides integrity of the message and sender authentication, corresponding to the security attacks of message modification and impersonation. Message replay attack is one of the most common attacks on authentication and authenticated key establishment protocols. If the messages exchanged in an authentication protocol do not carry appropriate freshness identifiers, then an adversary can easily get himself authenticated by replaying messages copied from a legitimate authentication session.
Man-in-the-middle attack is another classic attack and is generally applicable in a communication protocol where mutual authentication is absent. Other familiar attacks include parallel session attack, reflection attack, interleaving attack, attack due to type flaw, attack due to name omission, and attack due to misuse of cryptographic services. . In order to prevent forgery or replay attack mutual authentication is always required for any wireless medium.
WIMAX is new technology which is presently being rolled out. PKM v1 and PKM v2 have been used in Wimax for security purposes. The above versions only secure the data being transferred. It also secures the BS. The MS/SS is however left vulnerable to rogue BS. The rogue BS can tap the management messages before the actual passing of transmitted data. Deffie Hellmann algorithm is proposed to cub effects of the rogue BS. DH works by aid of mutual authentication. Both the BS and the MS must authenticate each other. The mutual authentication does not take place currently. The SS has no ability to authenticate a BS. This is where the problem lies.
This research presents an analysis of the security threats to WiMax security that reflects to most recent work of the IEEE and WiMax Forum and performed based on the following questions -
ï‚§ What are the Vulnerabilities and Security threats of the WiMAX Technology?
ï‚§ What are the security threats at the Physical Layer then at the MAC layer?
ï‚§ What are the possible solutions can be achieved from WiMAX Mesh networks?
ï‚§ How can the solution improve the security?
Security being the major motivation of the research, a more depth knowledge and understanding of how security issues and concerns in wireless networks is needed. The mode through which the wireless networks transmit wireless signals made it more difficult to protect, thereby making the network vulnerable to attacks. For a network to be considered secure, it must achieve three security aspects: confidentiality, integrity and authenticity (CIA). Since confidentiality, integrity and authenticity, beside Denial of Service (DoS) attack, are major aspects of security, there is a need to understand how they are addressed in a converged IEEE 802.x wireless network.
Failure to address the CIA leads to wireless traffic, entity resources and services to be compromised by unauthorized users. The Institute of Electrical and Electronics Engineers (IEEE) and Internet Engineers Task Force (IETF) has proposed security mechanisms and protocols to countermeasure security breaches in a way that minimizes the damage which may be caused by the attacks. Even if WiMAX technology has complex authentication and authorization methods and a very strong encryption technique is still vulnerable on different attacks or threats like jamming, scrambling, MITM or water torture attacks. This proposal is an overview of most threats involved in infrastructure and WiMAX deployment and the security solutions needed to overcome them. Deffie Hellmann protocol algorithm is implemented in this research with an aim of introducing mutual authentication between the BS and SS.
In order to avoid the limitations of traditional wired networks, there have been many efforts to develop wireless technologies. Wireless technology has been developed from 19th century and lots of development done on this prospect. Wireless networks are based on the IEEE 802.11 standard. IEEE 802.11 standard were first created in the 2.4 GHz band using protocols defined by the IEEE 802.11b standard. Two other well-known standards in IEEE 802.11 standard family are IEEE 802.11a and IEEE 802.11g. Though they provide high speed WLAN standard, the coverage area is limited. The IEEE 802.11 standard, commercially known as WiFi, requires a large number of WiFi access points and to connect with the other nodes it needs wired connection. Due to this reason Institute of Electrical and Electronics Engineers (IEEE) innovating a new standard to provide a large wireless networks. IEEE 802.16 is a standard providing broadband access alternative of cable connection. WiMAX is the trade name IEEE 802.16 standard. With the support of Mesh networking, WiMax systems can be easily configured as a wireless metropolitan area networks (WMAN). It has further enhanced the ability of WMANs with mobility support.
Researchers have started to revisit the protocol design for existing wireless network likely IEEE802.11, adhoc and IEEE 802.16. This all actively working on new application for WMANs. In 2004, 802.16 provide extended support for NLOS in 2 - 11 GHz spectrum with Mesh network connections.
The research thesis investigated the security issues on a converged IEEE 802.x wireless network.
The investigation emanated from the problem statement above and included an analysis of the
inherent security protocols and mechanisms thereby making some recommendation to implement
a secure and robust security framework.
A detailed and critical literature research survey on the overview and comparison of the WiFi
and WiMAX wireless was presented as background knowledge and understanding into
converged wireless network. Each of these two networks was then analyzed in terms of both
strength and weakness in their security implementations.
The exposure of the weakness in the implementation methods and security policy formulation
was conducted using risk analysis. Risk analysis process was done to present and outline the
probable risk which might be launched on a network thereby determining the risk damage and
level upon network compromise intentionally and unintentionally.
The resultant risk matrix level table for WiFi and WiMAX from risk analysis then formed the
basis for recommending risk mitigation implementation for a secure and robust network. At the
same time, the risk matrix level table provides information for managing and maintaining the
implemented infrastructure. From the selected security implementation infrastructure,
performance test on the selected application was conducted to evaluate the impact of the security
implemented methods proposed for the converged wireless network.
Finally, a recommendation of the protocols and mechanisms used to secure a converged WiFi
and WiMAX in rural community environment of Dwesa/Cwebe was then made in a separate
Chapter for Results and Evaluation