Friday, June 8, 2007

Authentication Authorization and Accounting (AAA) in WiMAX compared with WiFi..

After talking about the interaction between different systems, the security aspect in WiMAX shows its importance to ensure the reliability of cooperation.
Security mechanisms have already been developed maturely in WiFi system. WiMAX has some similarities with WiFi, but its security aspects are stronger than that of WiFi. The current standard for WiFi security is specified in IEEE 802.11i, while it has not been widely implemented and it is expected that 802.16 will take control of the market due to the high bandwidth and long range in addition to the security strengths. This further incorporates the possibilities for higher integrated QoS, minimum bandwidth guarantees and other performance improvements.

The main issues with WiMAX security scheme is the authentication and confidentiality. It mainly focuses on the authentication and authorization of WiMAX, since they are key components of any security solution. 802.16 security features are more promising as they are better designed as compared to those of 802.11 and the standard bodies of WiMAX have been proritizing security options from the beginning. In fact, the WiMAX standard itself incorporates more flexible and better security support than the ones in WiFi standard.

  • Problems in authentication and authorization - EAP

The purpose of authentication and authorization techniques used in WiFi systems are to prevent snooping of the user ID, denial of service (DoS), offline dictionary attack, man-in-the-middle attack, authentication method down-grading attacks and breaking a weak key. The authentication protocol has to ensure information gathering about the user before choosing the protocol and to authenticate both sides equally (mutual authentication).

EAP was introduced which can offer an authentication scheme to prevent the above mentioned problems. It integrates different authentication methods to match the nature of the communication channel. These methods are advised by IEEE including EAP-PKM, EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS, EAP-SIM and EAP-AKA.

WiMAX uses two of these methods, i.e. EAP-PDM and EAP-TLS. EAP-TLS is an IETF open standard and is well-supported among wireless vendors. It offers a good deal of security, since TLS is considered the successor of the SSL (Secure Socket Layer) standard. It uses PKI to secure communication to the RADIUS authentication server, and this fact may make it seem like a daunting task to set up. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its achilles heel.

EAP-TLS is the original standard wireless LAN EAP authentication protocol. The requirement for a client-side certificate is what gives EAP-TLS its authentication strength and illustrates the classic convenience versus security trade-off. A password tha thas been compromised is not enough to break into EAP-TLS enabled systems because the hacker still needs to have the client-side certificate. When the client-side certificates are housed in smartcards, this offers the most secure authentication solution available because there is no way to recover user's private key from a smartcard without stealing the smartcard itself. Any physical theft of a smartcard would be immediately noticed and revoked and a new smartcard would be issued.

EAP-PKM on the other hand involves both one-way and mutual authentication schemes.

  • Authentication mechanisims for WiMAX

1. Security Analysis

The PKM-EAP of WiMAX has been introduced in a more robust and secure way. The following enhancements have been addressed:

- Mutual authentication is provided in PKMv2, which could avoid "Man in the Middle" attacks.

- The X.509 digitally signed certificate that is issued is unique to each SS and cannot be easily forged.

- Each service has a different SAID, if one service is compromised, the other services are not compromised.

- The limited lifetime of AK provides periodic reauthorization and key refresh, which prevents attackers from having large amount of data to perform cryptanalysis on.

- Adding a random value from the BS and SS to authorization SA is a way to prevent replay attacks.

- WiMAX security supports two quality encryptions standards- DES3 and AES, which are considered secure for the foreseeable future.

- SS can attempt to use a cached or handover-transferred Master Key and avoid a full re-authentication.

- PKM-EAP relies on the TLS (Transport Layer Security) standard which uses public key cryptography and is very costly for some wireless devices. Thus, each base station in WiMAX has a dedicated high performance security processor, which gives us a chance to implement a mutual authentication system in WiMAX. In other words, an authentication protocol can be designed in a way where most of computational procedures are done inside of the base station.

However, there are also some known issues existing in the security architecture of WiMAX. It only defines ways to protect wireless communication at the MAC layer now, but hasn't considered the threats from any attacks targeting the physical layer, for example, radio jamming, or continuously sending packets. This could result in an overwhelmed receiver, and eventually cause Denial of Service (DoS) or fast battery consumption. Despit the above shortcomings, the authentication and authorization mechanism used in WiMAX is still very promising.

  • Accounting

Accounting is dealt with the management section where service is procured and delivered to the business owners and individual users. The issue is that the broadband wireless service provider needs to establish a facility-based metropolitan-area scalable, secure wireless broadband offering to be wholesaled through ISP channel partner. This is usually done by the deployment of low-cost WiMAX wireless technologies to provide broadband data services that are customized to support the access requirements of residential, small/home office, and business-class subscribers. The solution includes:

- The implementation of AAA functions using specialized wireless gateways and routers that interfaced to different back-end RADIUS servers and accounting systems.

- The configuration of 802.16-based wireless equipments are required to provide customers with broadband data services using CPE-based wireless access for end-users. WiMAX itself benefits form an urban-scale 802.16 wireless coverage without using specialized wireless access equipment.

- The configuration of 802.16 equipments provide wireless backhauls to extend telecommunication access to and from 802.16 wireless network hubs and customers.

- Enabled support for multiple security mechanism for securing and encryption wireless communication using PPTP/MPPE, L2TP/IPSec, and 802.1x security protocols.

- Installation and configuration of routers, gateways, network switches, and other equipment required to ensure scalable and reliable network infrastructures.

- Construction of internet and web services providing portal-based subscriber-management functions.

- Configuration of Windows and Linux servers to manage security policies and provide for network operating functions - DHCP, DNS, VPN and WVPN termination, routing, certificate management, web servers, and etc.

- Verification of range, functionality, and volume testing of wireless network deployments in order to validate performance and capacity models.

- Performance testing of Windows client software configurations and network-interfaces cards to ensure the supportability of multiple client configurations and equipment; Intel, Netgear, Linksys, Proxim/Orinoco, DLink, Cisco, IBM/ActionTec, etc.

- Development of specialized wireless-access-point management software using http and automated CLI-based interfaces as required enabling remote configuration and management of wireless equipment.

- Development of specialized SNMP-based network tools to optimize the pointing direction of 802.16 antennas during the installation of wireless customer premise equipment and wireles point-to-point backhauls.

- Development of web-accessible reporting tools used to provide analytical information for network performance monitoring and providing summarized usage information, or on a per-subscriber basis.

- Construction of training materials and providing training to network support staff using real-life environments that simulated various network failure and response scenarios.

In conclusion, it is obvious that WiMAX has far greater security authentication than WiFI, which indicates WiMAX has the potential to achieve greater market success than WiFi. However the perception of their safety will have to be high before they win the trust of enterprise and carrier users. The challenge is that the greater range and available bandwidth in WiMAX also increase the potential for attackers and the impovement in security schemes can also come at a price; increased processing power and the need to support public key certificates.

WiMAX Services and Interworking with 3GPP Based on IMS..

WiMAX Forum members are working with other industry groups, including the Wi-Fi Alliance, to enable seamless handoffs between multiple wireless standards, furthering the development of a cohesive wireless ecosystem. WiMAX Forum is also collaborating with groups like 3GPP on implementing IMS with WiMAX networks.
The 3GPP specifies the IP multimedia subsystem (IMS) to provide several kinds of multimedia services in UMTS Release 5 and later releases. Interworking at the service layer between 3GPP and WiMAX networks requires interworking between IMS functionality. By studying several interconnection scenarios and the main functionality of IMS, WiMAX can support different levels of services. Special attention is paid at the session negotiation level, using SIP, COPS/Go and Diameter protocols/interface to provide session negotiation with QoS and AAA (authentication authorization accounting) support.

Future mobile communication networks are evolving from traditional circuit-switched architecctures to an all-IP based structure. It is suggested that the mobile networks should be integrated by a high-bandwidth IP-based core network and a variety of wireless access technologies such as UMTS or WiMAX. Mobile terminals will be able to access different multimedia applications and advanced services while roaming across zones covered by different access technologies. Currently, 3GPP is developing a feasibility study on providing seamless service continuity between UMTS and WLAN.

Interworking between diffeernt networks can be viewed from different aspects. The most important aspect is the session negotiation level, which provides service continuity from the user perspective. At this level, the protocol used by 3GPP is Session Initiation Protocol (SIP), which is the foundation of the IMS architecture defined to support real-time multimedia services in future mobile networks.

The levels of convergence may be classified into convergence of service, network and technique. The goal is to share a service system based on interworking. Providing a uniform service experience for users, through a uniform service system, would enable customers to use different terminal devices to access heterogeneous networks, to access the same service, and to achieve common billing and session management. Service convergence is the first step of the convergence. Seamless roaming and handoff between different networks is the main problem. There are significant differences between the PHY technique of 3GPP and WiMAX.

  • IMS Architecture

Within the UMTS core network, IMS is defined by the 3GPP as the component that provides support for multimedia services (e.g. voice and video) based on packet switching with QoS and the provision of AAA. The above figure shows a general view of IMS architecture. From this we can appreciate how the core network is organized in two networks: a signaling or control network and a data or transport network. The signaling network is composed of a set of call session control function nodes (CSCFs). They are signaling proxies whose task is to establish, modify and release media sessions with guaranteed QoS and AAA and charging support.

Note that user equipment (UE) gains access to the IMS via UMTS terrestrial radio access network (UTRAN), which is responsible for providing access for mobile stations and managing terminal mobility. SIP, COPS, and Diameter are the major protocols involved in this architecture.

  • Interworking arthitecture and interworking level

1. Two interworking modes



There are two methods for WiMAX networks to interwork with other wireless networks: loose couple and tight couple. There is little difference between loose couple and existing networks; WiMAX utilizes the AAA server of 3GPP network, and data streams are not passed through the core network of 3GPP. This methods guarantees the independence of WiMAX network, however it results in high handover latency between two networks. Therefore, it is not suitable for real-time services.

In tight couple mode, the data streams of WiMAX must pass through the RNC and the core network of 3GPP, so each of the existing networks must modify their protocols, interfaces and services to meet the requirements of interworking. The BS of WiMAX connects with RNC of WCDMA or SGSN directly. The advantage of this mode is that it reduces the handoff latency and guarantees seamless handoff. If different operators own both 3G and WiMAX networks, the integration would be troublesome for the open of network interface.

2. Interworking levels

WiMAX is commonly used to transport IP packets. Thus 3GPP-WiMAX interworking should be built on the top of the IP protocol and not be limited to a specific WiMAX technology.

Different interconnection levels must be defined to represent different operational capabilities. These levels are suitable for either interworking mode.

Six interconnection levels between WLAN and 3GPP were taken into consideration., as well as the operational capabilities of each of them, based on the interconnection levels. The interworking is not limited to 3GPP and WLAN, but also includes the internetworking between 3GPP and other wireless access technologies based on IP. To maintain consistency, interworking with WiMAX networks must be based on the same model as shown in the following table.

3GPP has included the first three level s in Release 6, and the last two will be developed in future releases. The first level is the simplest and includes common billing (the customer receives just one bill for usage of both 3GPP and WiMAX services) and common customer care. It does not have any impact on either 3GPP or WiMAX architecture. The subscriber is charged on the same bill for usage of both 3GPP and WiMAX services. Customer care will be ensured independently of the connecting platform.

The second level (3GPP system-based access control and charging) includes the usage of the 3GPP access procedures (including authentication and authorization) for WiMAX users within the 3GPP domain. In addition, Wimax nodes use UMTS charging systems for charging data records generation. A subscriber may use the WiMAX Access network to access the Internet, for example, but AAA operations are handled by the 3GPP platform.

The third level extends the IMS services to the WiMAX. However, it is a matter of implementation as to whether all services are provided or just a subset of the services. This scenario lacks service continuity, so the user must re-establish the session in the new access network. Continuity is considered in this context as the ability to maintain an active service session when moving from one access network to another (e.g. between WiMAX and UTRAN) at the signaling level, without considering a transport level-related continuity issue like bandwidth or packet loss. Level 3 allows the operator to extend 3GPP system PS based services to the WiMAX network. In this scenario, an authenticated 3GPP subscriber can access 3GPP PS services through a WiMAX access network by interworking with its 3GPP PLMN (non roaming case) or with a visited 3GPP PLMN (roaming case).

The last three levels are not considered by the 3GPP in Release 6 and may be developed in future releases. The fourth level introduces service continuity, although the handover process may be perceptibel to the user (due to data losses or delays). The fifth scenario provides seamless continuity, with no noticeable service interruption greater than that perceived in intra-3GPP handovers.

3. QoS guarantee

Due to the differences in the network bandwidth, providing users with a constant level of service is not feasible. The goal of QoS guarantee is to offer suitabel quality of service in the given network, in accordance with user's QoS profiles and application require,ents. The QoS guarantee involves the task of mapping the QoS parameters from P-CSCF, GGSN, PDF, QoS negotiation, and the resource reservation methanism.

UMTS defines four classes of QoS services based on different application requirements: conversational, streaming, interactive, and background. WiMAX also defines four classes of QoS: UGS (unsolicited grant service), real-time polling service, non-real-time polling service and BE (best effort). According to the application scenario, QoS class mapping can be implemented according to the mapping relation mentioned according to the mapping relation. The conversational and streaming services of UMTS correspond to the UGS and rt-PS services in WiMAX. The interactive service can be mapped to nrt-PS and BE services in WiMAX in different application scenarios. However, the background service in UMTS has the same requirement and application scenario as the BE service in WiMAX.

QoS negotiation between session peers is performed using the SIP offer/answer model, in which each session peer offers its QoS capabilities using Session Description Protocol (SDP) descriptions in the message body.

The following figure shows the architecture of QoS-enabled interworking based on COPs.


The PCF communicates with the GGSN via the Go interface. It enables two modes of operation. In the push mode, the PCF initiates communication with the PEP and sends the decision to GGSN. In the pull mode, the GGSN initiates communication with the PCF to request a decision for a particular IP flow.

In summary, SIP is the key signaling protocol of IMS. Interworking between SIP elements of the WiMAX and CSCFs of the IMS is a key issue in reaching a high level of interworking between WiMAX and 3GPP networks. Here the overall architecture of the interworking based on IMS is represented, as well as special issues such as QoS guarantees are discussed.

Thursday, June 7, 2007

The Competition between WiMAX & 3G and WiMAX Technology Development Trend..

As the fourth generation network, WiMAX system is expected to provide fixed wireless alternative to conventional DSL and Cable Internet.

The competition between WiMAX and 3G:

Before the December of 2005, WiMAX and 3G played their own roles. WiMAX focused on fixed wireless broadband, while 3G was planned to take place of 2G (GSM) mobile communicaiton. However after that, mobile communication of WiMAX standard: IEEE 802.16e came out which made the positions of WiMAX and 3G overlapping. Mobile WiMAX will firstly be used in laptops. Then the size and power will be further reduced in which way it can be used in PDA and more small size portable devices. Especially Mokia has announced that it will release WiMAX mobile phone in 2008 which shows that it is quite possible that Mobile WiMAX will be a new generation mobile communication, not only 3G in consideration.
At the same time, 3G is also trying to enhance its techniques to consolidate its domain. For example, 3G added HSDPA, HSUPA, etc. This increases the transmission speed in 3G data service and it encourages to use HSDPA in mobile devices other than mobile phones. Now there has already been HSDPA interface card for laptops. There is even built-in HSDPA when the devices are made. From this point of view, the competition between WiMAX and 3G has been quite obvious. Then which one will win the game?
As mentioned above, no matter it is WiMAX or 3G, the purpose and used techniques are identical. There is not much difference between them. In order to accelerate transmission, OFDM modulation must be used and MIMO technique must be used for sure. And the HARQ error control mechanism must be used to increase the spectrum efficience.
Except for the same improvement techniques, the implementation tempo between WiMAX and 3G is different. In all IP type and OFDM techniques, WiMAX is in front. Till now 3G still cannot realize all IP and it still has not implemented OFDM technique. As for MIMO and HARQ, 3G is in leading place. While for these two techniques, WiMAX has already included them at the end of 2005. So currently for pure ideal technology standard, WiMAX is superior to 3G.
However, the above is all the comparison of existing facts. The competition on technique has extended to the future promise. 3G field has already had many development plans, including HSDPA, HSPA+, HSOPA, 3GPP LTE, etc. In these future plans, OFDM technique is also introduced and the all IP architecture will also be used. While for WiMAX, after the completion of IEEE 802.16e, there is not very clear further technology plan.
But in 2007, WiMAX will have new behaviors which are mainly the proposals of .16j and .16m. IEEE 802.16j is the standard of Relay Station for Mobile WiMAX. The other one is a proposal for ITU-R. ITU-R is making standards taking the place of IMT-2000 and IMT-Advanced which belongs to the 4th generation mobile communication standard. WiMAX Forum expects that WiMAX techniques can appear in the new standard and at the same time make sure the copatibility of Mobile WiMAX and 4G new standard.
For IEEE 802.16j, the companies of Nortel, Fujitsu and Taiwan give a lot of contributions in the working group.

Wednesday, June 6, 2007

WiMAX (IEEE 802.16e) Advantages and Disadvantages!

What are the disadvantages or shortfalls of WiMAX network for a corporate network, requiring high capacity and total control over the network? Should Point to point be a better option?

Here we will talk something about disadvantages of WiMAX technology. Common misconception is that WiMAX can offer 70 Mbps in range of 70 miles (113 kilometers) with moving stations. But in practice situation is very different. It is true only in ideal circumstances with only one recipient. You could have with line-of-sight (optical visibility) speed of 10 Mbps at 10 kilometers. In urban enviroment (without optical visibility) users can have 10 Mbps at 2 kilometers. If users are moving, the speed can drop significantly. Bandwidth is shared between users in given radio sector, so if there are many users in one sector, they will have reduced speed. Users could have 2, 4, 6, 8, or 10 Mbps of shared bandwidth. The biggest disadvantage of WiMAX is still much bigger installation cost and also operational cost.So let's put on paper WiMAX advantages and disadvantages.
Advantages:
1) Single station can serve hundreds of users.
2) Much faster deployment of new users comparing to wired networks.
3) Speed of 10Mbps at 10 kilometers with line-of-sight.
4) It is standardized, and the same frequency equipment should work together.
Disadvantages:
1) Line of sight is needed for longer connections.
2) Weather conditions like rain could interrupt the signal.
3) Other wireless equipment could cause interference.
4) Multiplied frequncies are used.
5) WiMAX is very power intensive technology and requires strong electrical support.
6) Big installation and operational cost.
WiMAX also has other disadvantages. Firstly it is very expensive. Normally it is used for corporate solution which is hard and expensive to find frequency license! So its disadvantage is the spectral limitation, in other words limitation of wireless bandwidth. For use in high density areas, it is possible that the bandwidth may not be sufficient to cater to the needs of a large number of clients, driving the costs high. It has less QoS and the speed is up to 70Mbps.

So what will be the solution for higher bandwidth (BW) requirements to the corporate sector for their intra-net? No operator wants to give all his available BW at a sector to a customer. It will not be cost effective to them. Also this is about unlicensed band. Licensed frequencies are definitely hard and expensive to buy.

If we talk about one corporate network, we'd better use 5.8Ghz or other frequency and fixed network, but not WiMAX! It has much higher throughput than WiMAX, because you can use 10Mhz for channel bandwith. It is available!

May we can go for lisence free band 2.4Ghz, 5.8Ghz. For backhaul links it is better to use WiFi, which can reach high throughput (37Mbps) in Point-to-Point links. And it has low cost and ther is no paid cannon radioelectric (use ISM band).

Regardless of what the WiMAX forum is telling us, the 2.5Ghz spectrum is only functional in urban area where it can leverage reflective surfaces and where it can have good line of site in rural markets.The basic unspoken issue here is how ineffective the 2.5Ghz systems are when addressing any type foliage, those horrible little things called leaves have a tendancy to absorb all RF in that frequency, such as trees and bushes, which means that most of the East Coast. If you talk to the vendor engineers out of the reach of the marketing/sales types they will agree with the above. Wait until the FCC releases the 700Mhz spectrum and then WiAMAX makes a great deal of sense, unless the Cell Carriers win the spectrum and control it.

The last, but not lease, disadvantage of WiMAX technology is that true standards-based large mobile network deployments will probably not occur very soon. In the meantime, solutions based on EV-DO, HSDPA, and various proprietary technologies have already become available.