Professional Documents
Culture Documents
Security in Wireless Metropolitan Area Networks
Security in Wireless Metropolitan Area Networks
Introduction
WiMAX and IEEE 802.16 Standards
Fundamental onepts
WiMAX Seurit Mehanisms - riva Ke Management
rotool and KMv2
WiMAX seurit risks and vulnerabilities
Overview and Q&A
Introduction
W IM AX
AN D
STAN D ARD S
IEEE
802.16
Fundam entalonepts
Fundam entalonepts
Prior to its release, W iM AX w as lim ited to fixed operations b the IEEE 802.162004 standard.
Additionall, IEEE 802.16e-2005 provided signifiant seurit enhanem ents to
its predeessor b inorporating m ore robust m utualauthentiation
m ehanism s, as w ellas support for Advaned Enrption Standard (AES).
Although the IEEE 802.16-2004 and 802.16e-2005 standards w ere released
w ithin a ear of eah other, IEEE 802.16e-2005 produt ertifiation did not
start until2008.
Thus, IEEE 802.16-2004 produts are stillused in todas inform ation
tehnolog (IT) environm ents.
Fundam entalonepts
Fundam entalonepts
Fundam entalonepts
Mobile Station (MS). MSs are tpiall self-powered, small devies suh as ellular
phones, laptops, tablets and other portable devies that work at vehiular speeds.
Fundam entalonepts
Fundam entalonepts
D epending on the tpe of onnetion betw een these om ponents, IEEE 802.16
Standards propose different seurit requirem ents.
There are tw o fundam entaltpes of onnetions in W iM AX:
management onnetions
basi
primar
seondar
Fundam entalonepts
W iM AX Seurit M ehanism s
W iM AX Seurit M ehanism s
The third sub-laer is the ommon Part Sublaer. In this the MPDUs (MA
Protool Data Units) sub-laer are onstruted. The PS sub-laer defines
rules and mehanisms for ARQ (Automati Repeat Request), for
onnetion ontrol and for sstem aess bandwidth alloation. It also
provides entralization, hannel aess and duplexing.
W iM AX Seurit M ehanism s
data SA
authorization SA
W iM AX Seurit M ehanism s
The authorization SA is onsisted of:
An X.509 ertifiate whih identifies the SS
A 160-bit AK both SS and BS maintain AK a seret
AK lifetime from one to 70 days
A key enryption key, KEK, used in distributing the TEKs
A downlink and uplink HMA key providing data authentiity of key distribution from BS to SS, and from SS to BS
A list of authorized data SAs
The data SA has the follow ing fi
elds:
SA identifier (SAID),
The ryptographi algorithms supported b the BS to protet data exhange over the onnetion.
Two traffi enryption keys (TEKs),
TEK lifetime 12h is set as default, with min of 30 mins, and max of seven das,
An initialization vetor for eah TEK
W iM AX Seurit M ehanism s
The IEEE 802.16 standard uses X.509 ertifiates to identify om m uniating parties.
Tw o ertifiate types are defined: m anufature ertifiates and SS ertifiates.
The m anufature ertifiate identifies the m anufaturer of a 802.16 devie (netw ork ard, base station et.).
X.509vX
Serial number
Issuer name
Issuers signature algorithm RSA with SHA1
Validit period
Holders identit in the ase of SS its MA address
Holders publi ke restrited to RSA
Subjet signature algorithm idential to the issuer algorithm
Issuers signature
W iM AX Seurit M ehanism s
An SS ertifiate identifies the SS and inludes its M A address in the subjet field.
M anufaturers reate and sign SS ertifiates.
Seurit oliies are enfored b the BS to the SS, so it an onl aess authorized
SA that resets the harateristi of that te of servie.
O ne SS m a have one to three different SAs:
one for the seondar management hannel and
one/two for ulink/downlink hannels.
The downstream is being roteted b the rimar SA, in multiast ommuniation
the rimar SA is not able to do so. Stati and/or dnami SAs are used for this
urose. Two tyes of SAs are suorted in the IEEE 802.16, data and authorization
SAs.
W iM AX Seurit M ehanism s
D ata SAs rotet data transort onnetions betw een BSs and SSs.
Authorization SAs establish the data SA and authorize the SSs to aess the BS.
A X.509 ertifiate is used for identifiation of SS.
The standard doesnt define ertifiates for BS. A X.509 ertifiate defines an
authentiation algorithm based on ubli-key tehniques.
Every SS has its ow n X.509 digitalertifiate w hih ontains the SSs M A
address and the ubli key.
The base station authentiates the subsriber stations w hen initialauthorization
exhange and in requesting tim e of an AK (Authentiation Ke), SSs resent to
the BS the ow n digitalertifiate.
W iM AX Seurit M ehanism s
After, the BS heks them and used the ubli ke for AK enrtions.
Requesting SSs reeive bak the AK and the BS assoiates for eah SS an
authentiation identit, on w hih SSs are authorized to aess, w ith the AK
exhange, servies like data, video or voie.
So, the BS an avoid the loned SSs attaks (m asquerades attaks).
SSs have RSA (a ubli ke iher ver w idel used in m an seure
authentiation and om m uniation rotools) ubli/rivate ke airs
installed at the fator or have an algorithm w hih dnam iall generates
RSA ke airs.
W iM AX Seurit M ehanism s
In the seond ase, if the SS m ust generate its RSA ke air, this ke air w illbe
generated before the AK exhanges.
For this reason SSs need to suort a m ehanism w hih installs the X.509
ertifiates issued b the m anufaturer.
Attakers m ust rak the enrtion of the X.509 ertifiate used and m ust
have an SS from the sam e m anufaturer for sueeding their attaks on the BS,
airing betw een SSs an onl be ahieved if the have a fator reinstalled
RSA rivate/ubli ke.
KM
In W iM AX,the seurit of onnetion aess is aom lished b om ling w ith the
riva Ke M anagem ent rotool(KM ).The utilit of this rotoolis rovision of
eriodialauthorization of SSs,distribution of keing m aterial,and refreshing and
reauthorizing kes.
KM
KM
KM
This roess of authentiation and ke exhange betw een the SS and BS, the
first oerationalhase of KM , can be seen on the figure below :
KM
KM
The KReM ess m essage is om osed of an AK sequene num ber, the SAID , the
aram eters linked to the old TEK, and the new TEK and an H M A digest - in order to
ensure the SS that the m essage is being sent b the BS w ithout being tam ered w ith.
The validit durations of the tw o TEKs overla.
The new TEK is being ativated before the old TEK exires, and the old TEK is
destroed after ensuring that the new TEK is ativated.
In order to estim ate w hen the BS w illinvalidate a revious, or request a new TEK, the
SS uses TEK lifetim e.
The BS w illrel w ith a Ke Rejet M essage w hih ontains the AK sequene num ber,
the SAID and an error ode indiating the reason of rejetion and a H M A digest.
The SS an resend a different KReqM ess m essage to obtain a new TEK if the SAID in
the KReqM ess m essage is invalid.
KM
The third hase of riva Ke M anagem ent
rotoolis the D ata Enrtion hase.
The transm itted data betw een the SS and BS
begins to be enrted using the TEK onl after
ahieving the SA authorization and the TEK
trade.
Eah SA has 2 TEKs reated b the BS.
If one exires it m akes a new one.
The dow nlink traffi is enrted w ith the old
ke.
The other ke an be used to dert the ulink
traffi.
The figure illustrates a SS request to the BS for
TEK0 and TEK1 enrtion kes.
KM v2
KM v2
In the IEEE 802.16 rotoolStak, the hsiallaer resides just below the
riva sub-laer.
Therefore, W iM AX is vulnerable to H laer attaks suh as jam m ing and
sram bling.
Jam m ing is done by resenting a strong RF noise soure to signifiantly
redue the hannelbandw idth w hih results in D oS to SSs.
It is ossible to loate and rem ove the RF jam m ing soure, but it is not often
easy onsidering the large overage range of W iM AX.
Rerogram m ing a devie w ith the hardw are address of another devie an be
a m eans used for identity theft.
The address m ay be stolen by intereting m anagem ent m essages.
M anagem ent m essages are unenrted, sine none of the W iM AX standards
or am endm ents has addressed or required their enrtion.
A rogue BS w hih transm its w hile the realBS is transm itting, but w ith m ore
ow er, an onfuse a set of SSs/M Ss w hen attem ting to get servie from
w hat the believe is a legitim ate BS.
onfidentialinform ation involved in the roesses of node registration,
bandw idth alloation and netw ork entr are also in danger inluding ossible
eavesdroing, rela and sram bling attaks.
O verview
TH AN K YO U !