Study Of Security Issues In WiMAX Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The paper objective is to shown critical analysis of WiMAX security threat, weakness and vulnerability point that can be hijack and possible solution to remove this weakness to take maturity level. By the facility of mobile WiMAX become the need of single user today, according to currently trend security play the basic role to get the user trust and market goodwill in any technology. Wireless internet has no physical media its use open air waves for transmission therefore its vulnerability ratio is high, its should be secure by any expect. A lot of security concern needed to secure. [4]

KEYWORD: SUBCRIBER STATION SS, Base Station BS, Authentication Key AK, Non-Line of Sight NLOS, Line of Sight NLS, Diffie-hellman DH, Hash Message Authentication code HMAC, Cipher message authentication code CMAC, Elliptic Curve cryptography ECC, Key Management Protocol KMP


IEEE 802.16 Standard publish in 2001 the purpose was to provide broadband network access from fixed point to multi point at wide area using radio microwave therefore its called worldwide interoperability for microwave access(WiMAX)[1].its technology develop at the base of 802.11 wireless LAN network by removing their security problem. Timely its different evolutionary version are came, major was 802.16e that released on February 28, 2006, its introduce reliability and secure mechanism of transmission with non line of sight (NLOS) "means its signal have power to face different obstacle like buildings, trees, hills, mountains, and, in some cases, high voltage electric power lines" and "LOS mean where transmitter and receiver antenna visualize each other till up to 25-30km" [4]

In 802.16e two main body knows as BS (base station) and SS (subscriber station) perform main role, all engineer, researcher, institution doing effort to find secure mechanism of communication between these two device and even for removing vulnerability threat.

SS use 509 certificates to gent authentication and authorization for connection with BS. 509 certificate having info parameter like "version, serial number, signature algorithm, signature value, issuer, validity, subject, public key info and extension"[4] BS verify using these parameter from third party to determine whether the SS is a legitimate one or not when BS recommend SS for connection and assign AK to create security association. The whole process contain at following three stages. [2]


Data keys Exchanges

Data Encryption


Authorization request

TEK reply

TEK Request

Authorization reply

Data Exchange

AK session

Data Key Exchange

Data exchange


802.16d was provide only one way authentication where SS has no info connected BS, SS easily masquerading by Main-in-the-middle attack,802.16e introduce mutual authentication to control this problem and include new encryption standard.

In this paper endeavor to shown security flaw and security threat, openness of Physical and MAC layer problem, encryption weakness, security sub layer issue, format of basic authentication and mainly common attack, man-in-the-middle, replay attacks, denial of service in current WiMAX technology.


In WiMAX mainly vulnerable point are Physical layer and MAC Layer that can be sufferer by attacks such as jamming (e.g.) interruption attack which is acting to deny of service that achieved by increasing noise at media, strong noise sufficiently reduce the capability of the channel.[1] The countermeasure of the DOS-Attacks is the permission request message to join network with a time stamp including with signature of the SS. [1] and for the protection of information signature should use the private key of the SS. An effected solution can be implemented by increasing the sequence number length for generating the maximum TEK during the validity of AK [1]

WiMAX have very secure algorithm Encryption standard and security association in mechanism to protect the data end to end transmission [1]

In any technology before or after the actual data transmitting some management data packet are transmitted that are helpful for transmitting, accurateness and protecting the actual data during the transmission that management are very important should be secure but in WiMAX these type of massage are less protected and less authenticated and unencrypted [2] even its have important information related the connection, if any management message theft then can be use to disorder the service. These determine the weakness of security in WiMAX and threat for system reliability [2] to remove these weakness need to protect the management messaging by any securing exchanging information method that algorithm should be efficient in processing time, no traffic overhead increase in existing system according to requirement Diffie-hellman (DH) keys exchange protocol is ideal for sharing encrypted keys and recommended by researcher [2]. Because existing system is complex and have susceptibility point for man-in-middle attack.

Initiating connection hand sharing process in WiMAX (Who want to communicate? How they will communicate and their capability?). The hand sharing process should be very secure and encrypted because all initial parameter are deciding for connection, unfortunately in WiMAX (802.16) these hand sharing process still unreliable and un-secure there is no integrity of message by any device its can catch and retransmit [3] to prevent the system need to modify the existing mechanism and add timestamp header in message with signature of BS and SS using encryption algorithm to get reliability of message. By apply this may be some performance decrease from existing level but provide integrity. [3]

In 802.16 use radio open channel for transmission which hijack possibility is higher and create a very serious problem for traffic confidentiality and integrity[4] therefore to avoid this problem require change encryption algorithm RSA by ECC in 509 certificate, ECC encryption method have better protection technique to protect the MAC and Physical Layer from malicious threat [4]. The probability of attack by illegal access is reduced by using ECC algorithm. ECC algorithm has a significant advantage over the RSA [4].ECC does not change existing operation mechanism.

In Unauthenticated Messaging are include MOB_TRF-IND, MOB_NBR-ADV, FPC MSC-REQ, DBPC-REQ and Management Message carrying the information like configuration settings, mobility parameters, power settings, vendor information and MS capabilities in unencrypted form in transmission that is very extensively harmful for security any opponent get this info by any means they can easily entered in network[5]. The management message should be encrypted to made secure communication between SS and BS.

WiMAX Security threat can be divided into five classes that are interception attack, fabrication attack, modification, replay attack, reaction attack, interruption attack and repudiation attack [6]. To make secure system from this threat security mechanism also contains at three steps, securing infrastructure, securing transmission and third is service authorization and their maintainability . By deploying secure devices in WiMAX we can secure the communication at application layer. Layer level security lead to cost because robust security providence leads to higher cost. [6]

As per author message replay attack is one of the most common attacks on authentication [7] and suggests implementing revise protocol having timestamp add in MS message to the BS in data packet for mutual authenticity [7]. Modify authentication protocol is probable to provide better security platform for WiMAX. New method has some extra overhead for the cost of security it gives. [7].

As we examine in this paper point out many security threat in WiMAX among of them DOS attack is the major. The reason is in 802.16e there are much weakness is present in mechanism e.g. Network joining session is unprotected and unencrypted management messaging, weak encryption technique, broadcasting are become the reason of DOS attack in WiMAX [8]. To eliminate these problem can be use the technique of frequency spread spectrum (FHSS) and direct sequence spread spectrum(DSS) for increasing the power and bandwidth of signal even any noise can't effect at signal, but performance and cost factor can be effected [8].

WiMAX 802.16e technology have different security association at different level to made transmission much more secure but these AS placement are not corrected currently implemented version the basic and primary don't have any AS even all AS exist at security sub layer that are exist at top of the physical layer there for boom says " privacy layer only guards data at the OSI Layer Data Link Layer whereas it does not ensure end-to-end encryption of user data and its not protect physical layer from being intercepted (Boom 2004)"[9] therefore attack rate is high at physical layer. Instead TEK Association uses just a 2 sequence number for separation the message. Every fourth num is message ID by sniffing ID reply attack can be lunch easily, its consider the problem of KMP protocol need to change in AS placement and in PKM [9]. WiMAX is still under development and need more academic research and time to achieve a maturity level. [9]

The hole from where possibly WiMAX can be defenseless and count un-mature technology that are unencrypted messaging and weak authentication method, AS placement that enabler for the BS or MS masquerading threat. [10]. these point should be close to take maturity level and for removing threat, its can be done using AES algorithm and intrusion detection system both technique give better result from existing system.

Mutual authentication with efficient encryption technique has become a important improvement because in existing RSA algorithm practically analyzed serious security problem, RSA anti attack capability is less [11] some shortcomings existed in the practical application are analyzed in [11] mutual authentication should be improved using ECC rather then RSA, up version should be come of 509 certificate using ECC to protect the authentication and end-to-end transmission. It's affected positively and improves performance of 802.16e. Even can't change is mechanism. [11]

Mostly criticize topic of WiMAX are Physical, MAC Layer threat, initial connection method, plain messaging are under observation because these are all have deficiencies in their procedure and attacker can hijack easily. [12] Secondly SS and BS keys are defined by device maker that can be stolen and possibility is their off miss using, there should be a third party for surety of certificate.






Michel Barbeau 2005

Physical layer openness, DOS attack, Jamming, deficiencies of 509certificate,Basic authentication method have weakness

Increasing power/bandwidth of signal using technique SSS, EAP or AES encryption method required

DOS attack still can be vulnerable the network, bandwidth lead to cost higher where still in doubt

M.Sakibur Rahman, & Md. Saki Kowsar


Unauthenticated and unencrypted management messaging, Sec sub layer need to protect service provider network rather then user and its place at top of physical layer, then physical layer is open for attack

Suggest management messaging encrypted by DH protocol and vemam Cipher Rather then AES and DES and physical layer should be protected

Propose solution take less time from existing system, management message also encrypted, increase performance the whole system

Frank, A Ibikunle


Multicasting and Broadcasting key sharing process is vulnerable and in clear text by this weakness forge messages can be attack

Using HMAC or CMAC digit, broadcasting change into unicast

BS calculation & response time increase, performance low, much more new problem will be face

Sreejesh Sidharth & M P Sebastian 2010

Authentication and authorization protocol have flaw that way reply attack, different attack accrue

Proposed revised protocol by time step to eliminate authentication problem

Improve performance but increase some over head.

Jamshed Hasan


Basic and primary connection don't any SA, Privacy sub layer exists at top of physical layer therefore network vulnerable, TEK Sequence problem, keys life time are discuss

Advise PKM use AES-ECB Mode, for data privacy DES in CBC mode

Give critical analysis and suggest changing encryption mode to develop more authentication. Need more proper solution.

Syed Shabih Hasan, M.Abdul Qadeer


WiMAX use radio open channel that are very dangerous for data confidentiality and integrity, anyone position FR, sniff message and retransmit. Main-in-the middle attack occurs and 509 certificates have weakness algo.

509 base at RSA change with ECC technique, CMAC use algo for message authentication.

Propose solution improve the authentication and performance the system, Sniffing of messaging will control and many attack are eliminate

Masood Habib

Masood Ahmad


Eavesdropping of management message which enable the attacker to capture the data, weak key sequence number invite Replay- and DoS-Attack. Man-in-the-Middle-Attack, Forgery-attack

Emphasis for security at application layer and intrusion detection advise to handle some type of threat, Firewalls and NAT traversal can be used

Security mechanism are so secure but so costly therefore cost is high then security


WiMAX successful in to take confidence and maturity in market by business point view on the behalf of their secure mechanism, confidentiality, integrity, encryption algorithm but still some threat are their that can be break and attacker continually try to fined new technique to penetrate in network using these weakness like weak algorithm are using in authentication process that should be change and still physical layer is open because security sub layer that are totally responsible for security and encryption of data are lay above of the physical layer, physical layer can face many attack. Secondly last revolutionary version came in 2005-2006 on that time encryption technique can been compromise according to new technique therefore its became requirement to made change in some step to made more secure WiMAX e.g. RSA should be change by ECC and AES etc. secure WiMAX device should be made using new technique.

Researcher and institution propose much solution, by combing all propose solution universally a complete comprehensive mechanism can be develop where all possible of threat doesn't present.

Some suggested solution are so nice but costly. But it could possible to remove all present threat and vulnerability point. WiMAX has great potential to complete future requirement of the public.


Literature reviewing we get result WiMAX have very secure mechanism and potential to achieve the future requirement but still need to change and updating in some aspect to make a comprehensive secure technology and observe that according to time some algorithm encryption technique not enough to face future upcoming technique. Their present some very serious issue therefore need to made new solution as suggest by different researcher.