The main issues with WiMAX security scheme is the authentication and confidentiality. It mainly focuses on the authentication and authorization of WiMAX, since they are key components of any security solution. 802.16 security features are more promising as they are better designed as compared to those of 802.11 and the standard bodies of WiMAX have been proritizing security options from the beginning. In fact, the WiMAX standard itself incorporates more flexible and better security support than the ones in WiFi standard.
- Problems in authentication and authorization - EAP
The purpose of authentication and authorization techniques used in WiFi systems are to prevent snooping of the user ID, denial of service (DoS), offline dictionary attack, man-in-the-middle attack, authentication method down-grading attacks and breaking a weak key. The authentication protocol has to ensure information gathering about the user before choosing the protocol and to authenticate both sides equally (mutual authentication).
EAP was introduced which can offer an authentication scheme to prevent the above mentioned problems. It integrates different authentication methods to match the nature of the communication channel. These methods are advised by IEEE including EAP-PKM, EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS, EAP-SIM and EAP-AKA.
WiMAX uses two of these methods, i.e. EAP-PDM and EAP-TLS. EAP-TLS is an IETF open standard and is well-supported among wireless vendors. It offers a good deal of security, since TLS is considered the successor of the SSL (Secure Socket Layer) standard. It uses PKI to secure communication to the RADIUS authentication server, and this fact may make it seem like a daunting task to set up. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its achilles heel.
EAP-TLS is the original standard wireless LAN EAP authentication protocol. The requirement for a client-side certificate is what gives EAP-TLS its authentication strength and illustrates the classic convenience versus security trade-off. A password tha thas been compromised is not enough to break into EAP-TLS enabled systems because the hacker still needs to have the client-side certificate. When the client-side certificates are housed in smartcards, this offers the most secure authentication solution available because there is no way to recover user's private key from a smartcard without stealing the smartcard itself. Any physical theft of a smartcard would be immediately noticed and revoked and a new smartcard would be issued.
EAP-PKM on the other hand involves both one-way and mutual authentication schemes.
- Authentication mechanisims for WiMAX
1. Security Analysis
The PKM-EAP of WiMAX has been introduced in a more robust and secure way. The following enhancements have been addressed:
- Mutual authentication is provided in PKMv2, which could avoid "Man in the Middle" attacks.
- The X.509 digitally signed certificate that is issued is unique to each SS and cannot be easily forged.
- Each service has a different SAID, if one service is compromised, the other services are not compromised.
- The limited lifetime of AK provides periodic reauthorization and key refresh, which prevents attackers from having large amount of data to perform cryptanalysis on.
- Adding a random value from the BS and SS to authorization SA is a way to prevent replay attacks.
- WiMAX security supports two quality encryptions standards- DES3 and AES, which are considered secure for the foreseeable future.
- SS can attempt to use a cached or handover-transferred Master Key and avoid a full re-authentication.
- PKM-EAP relies on the TLS (Transport Layer Security) standard which uses public key cryptography and is very costly for some wireless devices. Thus, each base station in WiMAX has a dedicated high performance security processor, which gives us a chance to implement a mutual authentication system in WiMAX. In other words, an authentication protocol can be designed in a way where most of computational procedures are done inside of the base station.
However, there are also some known issues existing in the security architecture of WiMAX. It only defines ways to protect wireless communication at the MAC layer now, but hasn't considered the threats from any attacks targeting the physical layer, for example, radio jamming, or continuously sending packets. This could result in an overwhelmed receiver, and eventually cause Denial of Service (DoS) or fast battery consumption. Despit the above shortcomings, the authentication and authorization mechanism used in WiMAX is still very promising.
- Accounting
Accounting is dealt with the management section where service is procured and delivered to the business owners and individual users. The issue is that the broadband wireless service provider needs to establish a facility-based metropolitan-area scalable, secure wireless broadband offering to be wholesaled through ISP channel partner. This is usually done by the deployment of low-cost WiMAX wireless technologies to provide broadband data services that are customized to support the access requirements of residential, small/home office, and business-class subscribers. The solution includes:
- The implementation of AAA functions using specialized wireless gateways and routers that interfaced to different back-end RADIUS servers and accounting systems.
- The configuration of 802.16-based wireless equipments are required to provide customers with broadband data services using CPE-based wireless access for end-users. WiMAX itself benefits form an urban-scale 802.16 wireless coverage without using specialized wireless access equipment.
- The configuration of 802.16 equipments provide wireless backhauls to extend telecommunication access to and from 802.16 wireless network hubs and customers.
- Enabled support for multiple security mechanism for securing and encryption wireless communication using PPTP/MPPE, L2TP/IPSec, and 802.1x security protocols.
- Installation and configuration of routers, gateways, network switches, and other equipment required to ensure scalable and reliable network infrastructures.
- Construction of internet and web services providing portal-based subscriber-management functions.
- Configuration of Windows and Linux servers to manage security policies and provide for network operating functions - DHCP, DNS, VPN and WVPN termination, routing, certificate management, web servers, and etc.
- Verification of range, functionality, and volume testing of wireless network deployments in order to validate performance and capacity models.
- Performance testing of Windows client software configurations and network-interfaces cards to ensure the supportability of multiple client configurations and equipment; Intel, Netgear, Linksys, Proxim/Orinoco, DLink, Cisco, IBM/ActionTec, etc.
- Development of specialized wireless-access-point management software using http and automated CLI-based interfaces as required enabling remote configuration and management of wireless equipment.
- Development of specialized SNMP-based network tools to optimize the pointing direction of 802.16 antennas during the installation of wireless customer premise equipment and wireles point-to-point backhauls.
- Development of web-accessible reporting tools used to provide analytical information for network performance monitoring and providing summarized usage information, or on a per-subscriber basis.
- Construction of training materials and providing training to network support staff using real-life environments that simulated various network failure and response scenarios.
In conclusion, it is obvious that WiMAX has far greater security authentication than WiFI, which indicates WiMAX has the potential to achieve greater market success than WiFi. However the perception of their safety will have to be high before they win the trust of enterprise and carrier users. The challenge is that the greater range and available bandwidth in WiMAX also increase the potential for attackers and the impovement in security schemes can also come at a price; increased processing power and the need to support public key certificates.