Sie sind auf Seite 1von 11

Edith Cowan University

Research Online
Australian Information Security Management Conference 2006 Security Research Centre Conferences

Security Issues of IEEE 802.16 (WiMAX)


Jamshed Hasan
Edith Cowan University

Originally published in the Proceedings of 4th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 5th December, 2006 This Conference Proceeding is posted at Research Online. http://ro.ecu.edu.au/ism/71

Security Issues of IEEE 802.16 (WiMAX)


Jamshed Hasan School of Computer and Information Science, Edith Cowan University, Australia jhasan@student.ecu.edu.au

Abstract
WorldwideInteroperabilityforMicrowaveAccess(WiMAX)isgoingtobeanemergingwirelesstechnologyfor the future. With the increasing popularity of Broadband internet, wireless networking market is thriving. Wirelessnetworkisnotfullysecureduetorapidreleaseofnewtechnologies,marketcompetitionandlackof physicalinfrastructure.IntheIEEE802.11technology,securitywasaddedlater.IinIEEE802.16,securityhas beenconsideredasthemainissueduringthedesignoftheprotocol.However,securitymechanismoftheIEEE 802.16(WiMAX)stillremainsaquestion.WiMAXisrelativelyanewtechnology;notdeployedwidelytojustify theevidenceofthreats,riskandvulnerabilityinrealsituations.Thispaperwilladdressthesecurityaspectsof theIEEE802.16Standardandpoint out the security vulnerabilities, threats andrisks associated withthis standard. Keywords: authentication, authorization, base station, connections, encryption, IEEE 802.16, methods, mobile station, subscriber station, security, standards, WiMAX.

INTRODUCTION
IEEE802.16istheStandardtostatetheradiofrequencyoffixedBroadbandWirelessAccess(BWA).WiMAXis thetradenameofIEEE802.16Standard.IEEE802.16wasfirstplannedtoofferthelastmileforWireless MetropolitanAreaNetwork(WMAN)withthelineofsight(LOS)of3050km.Itwasdesignedtofacilitate WISPsBackhaul,BroadbandinternetconnectivitytoproprietaryandstandardsbasedWiFimeshnetworks, hotspots,residencesandbusinesses.ItisfeaturedwithQoSforVoiceandVideo,realtimevideoconferencing andotherserviceswithupto280Mbpsperbasestations.RevisedStandard802.162004provideextended supportfornonlineofsight(NLOS)in211GHzspectrumwithmeshconnectionsforbothfixedandnomadic users.LastestIEEE802.16eStandard,releasedonFebruary28,2006intendstofacilitatemobilityin26GHz spectrumwithinarangeof25km.Itisexpectedtoprovidetruebroadbandforroamingusers,whichenables thecreationofaCPElessbroadbandinternet,andfacilitateaccesstobroadbandinternetconnectionforlaptops andPDAswithintegratedWiMAXtechnology. IndustryexpertsareforecastingthatWiMAXwillstrengthen businesscompetitionbetweenTelecommindustries(GMS,CDMA)andcablebroadbandcompanies.Moreover, WiMAXhotspots(IEEE802.16e)aremorelikelytoreplaceWiFihotspots(Pattonetal,2004).

METHODS
TheIEEE802.16standardisstillonpaperandsomemethodsareunderdevelopment.Timeandscopearethe constraintsforthispaper.Therefore,researchhasbeendonebasedonpublishedmaterials,literature&journal study, and IEEE publications and mostly from website; however references has been provided wherever necessary.TounderstandthesecurityaspectsofIEEE802.16technology,itisrequiredtoprovideanoverviewof thisstandardasarelevantwork.Inthispaper,onlyMACandPhysicallayerofthestandardhasbeendiscussed shortly.WiMAXandIEEE802.16standardwillbeusedassynonyms.

IEEE 802.16 PROTOCOL LAYER


Physical Layer WiMAXusesOFDMtechnology.Orthogonalfrequencydivisionmultiplexing(OFDM)allowsassigningsub carrierstodifferentusers.Itisresilienttomultipaththathelpstoovercomemultiplesignalshittingthereceiver.

InIEEE802.162004standard,theOFDMsignalisdividedinto256carriersandIEEE802.16ewilluseScalable OFDMA.TheIEEE802.16standardsupportswiderangeoffrequenciesandthephysicallayercontainsseveral formsofmodulationandmultiplexing(Boom,2004).Themodulationmethodsinthedownlink(DL)anduplink (UL) are binary phase shift keying (BPSK), quaternary PSK (QPSK), 16quadrature amplitude modulation (QAM),and64QAM.

Figure1:IEEE802.16ProtocolLayer(IEEE,2004) TheIEEE802.16supportstwotypesoftransmissionduplexing:TimeDivisionDuplexing(TDD)andFrequency DivisionDuplexing(FDD)andsupportbothfullandhalfduplexstations. TDDframingisadaptive,ithasa fixed duration, which consists of one Uplink and one Downlink frame. BS sends the complete downlink subframe(DLMAP,ULMAP).BothUpandDownlinktransmissionsharesamefrequencybutareseparated ontime. InFDD, whiletransmissions are still scheduled byDLMAPandULMAP,uplink anddownlink communications take place at the same time, but on different frequencies (Boom, 2004). Some device manufacturersproduce,devicesoperatinginunlicensedfrequencybandswhichwillusetimedivisionduplexing (TDD)anddevicesusinglicensedfrequencybandswhichuseseitherTDDorfrequencydivisionduplexing (FDD)(INTEL,2006). Framedurationcanbesetto0.5,1or2milliseconds.InTDD,theportionallocatedforthedownlinkandportion allocatedtotheuplinkmayvary.TheUplinkistimedivisionmultipleaccess(TDMA)wherebandwidthissplit intotimeslots.EachtimeslotisallocatedtoanindividualMSbeingservedbytheBS.Adownlinksubframe containstwoparts.Onepartisforcontrolinformation,whichholdspreambleforframesynchronization&maps andtheothercontainsdata.ADownlinkmapstatesthestartingpositionandtransmissionattributesofthedata bursts.AnUplinkmapstatestheallocationofthebandwidthtomobilestation(MS)fortheircommunication (Barbeau,2005).

IEEE 802.16 MAC


802.16MACisconnectionoriented. TheMACLayerofIEEE802.16wasdesignedfor pointtomultipoint (PMP)broadbandwirelessaccessapplications(IEEE,2004). IEEE802.16standardismadeupofaprotocol stackwithproperlydefinedinterfaces.ThereisaBaseStation(BS)astheAccessPointsin802.11andseveral SubscribersStations(SS).BSisbasicallywired,anditbroadcaststotheSubsciberStations(SS).Incontrastto 802.11CSMA/CAmethod,802.16usesUplinkandDownlinkmapstoconfirmcollisionfreeaccess.SSuses TimeDivisionMultipleAccess(TDMA)tosharetheuplink,whileBSusesTDM(TimeDivisionMultiplexing). AllthesefunctionsaredonethroughULMAPandDLMAPmessages(Aikaterini,2004). MAClayerconsistsofthreesublayers.ServiceSpecificConvergenceSublayer(MACCS),theMACCommon PartSublayer(MACCPS)andtheprivacysublayer.TheMACCSsublayeristoconversewithhigherlayersand transformsupperleveldataservicestoMAClayerflowsandassociations.MACCShastwotypesofsublayers: oneis ATMconvergencesublayerfor ATMnetworks& servicesandtheotheroneisPacketConvergence sublayer for packet data services for example, Ethernet, PPP, IP and VLAN (Aikaterini, 2004). The basic

functionof CSLayeristhatitreceivesdatafromhigherlayers,classifiesdataasATMcellorpacketand forwardsframestoCPSlayer(Liu,2004).

Figure2:IEEE802.16MACandPhysicalLayer(Liu,2005) ThecorepartoftheIEEE802.16MACistheMACCPS,whichdefinesallmethodsforconnectionmanagement, bandwidthdistribution,request&grant,systemaccessprocedure,uplinkscheduling,connectioncontrol,and automaticrepeatrequest(ARQ).CommunicationbetweentheCS(ConvergenceSublayer)andtheMACCPSare maintainedbyMACServiceAccess Point(MACSAP). Creation,modification, deletion ofconnectionand transportationofdataoverthechannelarefourthebasicfunctionsoccuringinthiscommunicationprocess (Aikaterini,2004). ThePrivacySublayerisaccountablefortheencryptionanddecryptionofdatathatiscomingandleavingthe Physicallayer.Itisalsousedforauthenticationandsecurekeyexchange.Itcarries56bitDESencryptionfor trafficand3DESencryptionforkeyexchanges(Aikaterini,2004).InIEEE802.16network,the BaseStation (BS)has48bitbasestationID,whichisnotaMACaddressandServiceStation(SS)has48bit802.3MAC address(Liu,2005). Fromasecuritypointofview,MACCPS(CommonPartSublayer)andMACPS(PrivacySublayer)havewide responsibility.NotethatinthispaperMACwillrefertotheMACCPSSublayer. MAC Layer The16bitconnectionidentifier(CID)usedinMACPDU(ProtocolDataUnits),functionsasareferenceforall connectionsandisconstantlygrantedbandwidthondemand(Eklundetal,2002).TherearetwotypesofMAC connection:oneisManagementconnectionandtheotherisTransportconnection.MAClayerconnectionsare likeTCPconnections.ForexampletheSScanhaveseveralconnectionstoaBSfordifferentservices,likefor network management or for data transport. In MAC, all associations use different parameters for priority, bandwidthandsecurity.BSalwaysassignsCIDforSS.AssoonasaSSjoinsanetwork,threedifferentCIDs areallocatedtoit.Moreover,eachCIDhasseparateQoSrequirements,whichareusedbydifferentmanagement connectionlevels: Primary(authenticationandconnectionsetup),Basic(usedtotransferbrief,timecritical MAC and Radio Link control messages) and Secondary Management connections (transferstandardsbased managementmessagesi.e.DHCP,TFTP,andSNMP).Bothbasicandprimarymanagementconnectionsare createdwhenaMS(Mobilestation)/SSisjoinedtoaBSnetwork.Transportconnectionscanbeestablishedon demand.Theyareusedforusertrafficflows,unicastormulticasttransmission.Additionalchannelsarealso reservedbytheMACtosendoutuplinkanddownlinkschedule. AsingleCIDcancarrytrafficformany

differenthigherlayersessions.TheIEEE802.16MACLayerisastatefulmachine.Ithasseriesofstatemachines todeterminetheoperationofindividualprocesswithintheMACstructure(Boom,2004). Format of MAC Messages MACProtocolDataUnits(MPDUs)containsexchangemessagesofBSMACandSSMAC.Ithasthreeparts:a fixedlengthMACheader,whichcontainsframecontrolinformation;avariablelengthPayload(framebody)and aframechecksequence(FCS),whichholdsIEEE32bitCRC(Liu,2005).Again,MACheadertypesare:MAC Service Data Unit (MSPU), wherepayloads are MAC SDUs/segments, i.e., data fromthe upper layer (CS PDUs).Secondoneis,GenericMACheader(GMH)wherethepayloadsareMACManagementmessagesorIP packetsencapsulatedinMACCSPDUs.Botharetransmittedonmanagementconnections(Liu,2005). The thirdoneisBandwidthRequestHeader(BRH)whichissentoutwithoutpayload. ExcepttheBandwidthRequestPDUs,MACPDUsmayholdeitherMACmanagementmessagesorconvergence Sublayer data MSDU. For both GMH and MSDU, Header Type (HT bit) is always set to 0 (zero) while BandwidthRequestHeaderissetto1(one). TheMACheadercontainsaflag,whichindicateswhetherthe payloadofthePDUisencryptedornot(Barbeau,2005).

Figure3:MACPDUFielddescription(Liu,2005) AccordingtoIEEEStandard802.162001,MACheaderandallMACmanagementmessagesarenotencrypted. Thisdecisionwasmadetofacilitateregistration,rangingandnormaloperationoftheMACsublayerasit allows generation of false management messages. Consequently, this leads to vulnerabilities, otherwise if encrypted,spoofingwasdifficultduringBSandSShadexchangedencryptionkeys(Boom,2004).Incaseof vulnerabilitiesinmanagementmessages,authenticationwillbeexposedtoeavesdropping,maninthemiddle attacks,activeattacksandreplayattacks.InthelatestIEEE802.16estandard, thepayloadofMACPDUsis encrypted with DES in the CBC mode or AES in the CCM mode (IEEE, 2006). The amended 802.16e introducesanintegrityprotectionmechanismfordatatraffic. TheEKS(EncryptionKeySequence)fieldisusedtomakesurethattheBSandSSaresynchronizedintheiruse ofTrafficEncryptionKeys(TEK)andInitializationVectors(IV).WhenaSSjoinsaBSnetwork,itfollowsa multistepprocess.AndwhentheSSdetectsanactiveconnectionittransmitsitspresencetoBSthroughaRange Request (RNGREQ) message. The SS and BS continue their conversation via RNGREQ and RNGRSP messagesusingnewlyassignedbasicCIDbyBS.BSreplieswithREGRSPmessagedescribingthesupported capabilities.SSacknowledgestheREGRSPwithREGACKmessage(Boom,2004). Privacy Sublayer: Twomainprotocolsworkinthissecuritysublayer,oneisanencapsulationprotocolforencryptingpacketdata across the fixed BWA, and the other is a Privacy and Key Management Protocol (PKM) providing secure distributionofkeyingdatafromBStoSS.ItalsoenablesBStoimposeconditionalaccesstonetworkservices.

ThePKMprotocoluses,RSApublickeyalgorithm,X.509digitalcertificates,andstrongencryptionalgorithm tocarryoutkeyexchangesbetweenSSandBS (Xuetal,2006).This PrivacyprotocolisbasedonthePKM protocol of the DOCSIS BPI+ specification; it has been enhanced to accommodate stronger cryptographic methodssuchasAEStofitintotheIEEE802.16MAC.(Eklundetal,2002). TheentiresecurityofIEEE802.16isintheprivacysublayer.Thefunctionofthissublayeristoprovideaccess controlandconfidentialityofthedatalink.SecurityAssociations(SA)isidentifiedbySAID,whichcontains, Cryptographic suite (i.e., encryption algorithm) and Security Info (i.e., key, IV). The basic and primary managementconnectionsdonothaveSAs.ThesecondarymanagementconnectioncanhaveanoptionalSA. TransportconnectionsalwayshaveSAs.

Figure4:IEEE802.16SecurityAssociations(SA),(Aikaterini,2004)

Data SA (Security Associations) DataSAhasa16bitSAidentifier,aCipher(DESinCBCmode)toprotectthedataduringtransmissionoverthe channelandtwoTrafficencryptionkeys(TEKs)toencryptdata:oneisthecurrentoperationalkeyandtheother isTEK.Whenthecurrentkeyexpires,TEKa2bitkeyidentifiersisused.A64bitinitializationvector(IV)is usedforeachTEK.ThelifetimeofTEKisbetween30minutesto7days. TherearethreetypesofdataSA: PrimarySAisusedduringlinkinitialization,staticSAsareconfiguredontheBSanddynamicSAsareusedfor transport connections whenneeded. TheprimarySAissharedbetweenanMSandits BS.StaticSAsand dynamicSAs can besharedamong severalMSs (Mobilestations)during multicast. During the connection process,SAfirststartsadataSAusingaconnectionrequestfunction.ASSgenerallyhastwoorthreeSAs,one isthesecondarymanagementconnectionandoneisforbothuplinkanddownlink connections;itmayuse separateSAsforuplinkanddownlinkchannels(Johnston&Walker2004).BSensurethateachSShasaccess onlytoSAitsauthorized. Authorization SA (Authentication) TheauthorizationSAhasa60bitauthorizationkey(AK)anda4bitquantitytoidentifytheAK.ToidentifySS, itusesanX.509certificate.ThelifetimeofAKrangesfrom1to70days,defaultis7days.Keyencryptionkey (KEK)hasa112bit3DESkeyfordistributingTEKs(Temporalencryptionkey)andalistofauthorizeddata SAs.Itusesadownlink&uplinkHMAC(Hashfunctionbasedmessageauthenticationcode)keyprovidingdata authenticityofkeydistributionmessagesfromtheBStoSSandSStoBSrespectively.AnauthorizationSAstate issharedbetweenaparticularBS&SS.BasestationsuseauthorizationSAstoconfiguredataSAsontheSS (Johnston&Walker2004).

Figure5:IEEE802.16Authentications,(Wongthavarawat,2005) SS authentication uses X.509 certificate (Privacy Key Management (PKM) authorization protocol and encryption) negotiatesecurity capabilities betweenBS andSS,whichestablish security association (SAID) throughAuthenticationKey(AK)exchange.AKservesasauthorizationtoken,whichisencryptedusingpublic key(RSA)cryptography.AuthenticationisdonewhenbothSSandBSpossessAK(Wongthavarawat,2005). Data Key Exchange DataencryptionrequiresdatakeycalledTransportEncryptionkey(TEK),whichusesAKfromauthentication processtoderiveKeyEncryptionKey(KEK)andMessageAuthenticationKey(HMACkey).TEKisgenerated byBSrandomly.TEKisencryptedwith3DES(use112bitsKEK),RSA(useSSspublickey)andAES(use128 bitsKEK).KeyExchangemessageisauthenticatedbyHMACSHA1,whichprovidesMessageIntegrityandAK confirmation(Wongthavarawat,2005).

Figure6:IEEE802.16IEEE802.16DataKeyExchange,(Wongthavarawat,2005)

SECURITY RISKS & VULNERABILITIES


Inwirelessnetworks,confidentialityisaprimaryconcernforsecuretransmission.Resistancetointerceptionand eavesdroppingareothercommonthreats.Messageauthenticationisforintegrityofthemessageandsender authentication.AvailabilityguaranteesthattheservicesarenotpreventedfromaccessbyDoSattack.Antireplay identifiesanddisreputeanymessagethatisarepeatofapastmessage(Xuetal,2006). AccordingtoXu,MatthewsandHuang(2006),therearesometypicalattacksonauthenticationprotocols.One commonattackisMessagereplayattackonauthenticationandauthenticatedkeyformation protocols.They added, If the messages are exchanged in an authentication protocol that do not carry proper freshness identifiers,thenanopponentcaneasilygethimselfauthenticatedbyreplayingmessagescopiedfromalegitimate authentication session. Maninthemiddle attack usually associated in a communication protocol where commonwhenmutualauthenticationismissing.Otherknownattacksthatarelikelytooccurincludeparallel sessionattack,reflectionattacks,interleavingattacks,attacksduetotypeflaw,attacksduetonameomission, andattacksduetomisuseofcryptographicservices. Physical Layer & Privacy Sublayer InIEEE802.16standard,PrivacySublayerresidesonthetopofPhysicallayer.Therefore,802.16networksare vulnerabletophysicallayerattacksforexample,jammingandscrambling.Jammingisdonebyinstigatinga sourceofstrongnoisetosignificantlylessenthecapacityofthechannel,thusdenyingservices(DoS)toall parties.However,jammingisdetectablewithradioanalyzerdevices.Scramblingisanotherkindofjamming, butittakesplaceforashortintervaloftimeaimedatspecificframes.Controlormanagementmessagescouldbe scrambled,butitisnotpossiblewithdelaysensitivemessagei.e.,scramblingUplinkslotsarerelativelydifficult, becauseattackerhastointerpretcontrolinformationandtosendnoiseduringaparticularinterval (Barbeau, 2005). ThemainobjectiveofthePrivacySublayerwastoprotectserviceprovidersagainsttheftofservice,ratherthan guardingnetworkusers.ItisnoticeablethattheprivacylayeronlyguardsdataattheOSIlayertwo(datalink), whereasitdoesnotensureendtoendencryptionofuserdata.Moreover,itdoesnotprotectphysicallayerfrom beingintercepted(Boom,2004).Itisnecessarytoincludetechnologiestosecurephysicallayerandhigherlayer securityforaconvergedroutablenetwork. Identitytheftisanotherthreat,whichisreprogrammingadevicewiththehardwareaddressofanotherdevice. Theaddresscanbestolenovertheairbyinterceptingmanagementmessages.ArogueBSisanattackerstation whichactasalegitimateBS.ItconfusesasetofSSs/MSswhenattemptingtogetservicethroughwhatthey believebeingalegitimateBS.Itisdifficultin802.16networkbecauseoftimedivisionmultipleaccess(TDMA) model.Inthiscase,theattackermusttransmitwhiletherealBSistransmitting,withmoresignalstrengthand placetherealBSssignalinthebackground,moreoverattackerhastocapturetheidentityandwaituntilatime slotoflegitimateBSstarts(Barbeau,2005). Inwirelessworldsomethreatsaregeneric;IEEE802.16isnotanexception.Aclassicthreatarisesfromthe watertorture attack,inwhichanattackersendsaseriesofframestodrainthereceiversbattery.Inaddition, attacker with a properly positioned RF receiver can intercept messages sent through wireless, and thus a confidentialitymechanisminthedesignisrequired.PresentsecuritymechanismsdonotaddresswellinIEEE 802.16aMeshmodesnetwork,whichleadintonewsecuritythreats,suchasthetrustworthinessofthenexthop meshnode.IntroducingmobilityinIEEE802.16estandardwillmaketheattackerslifecomfortable.Asthe physicallocationoftheattackerisnotanissue,managementmessagesaremorevulnerablethaninIEEE802.11. Therefore,itisnecessarytomaintainasecureconnectivitywhileamobileSSshiftsbetweenBSs(Johnston& Walker,2004). WithaproperlyconfiguredRFtransmitter,anattackercanwritetoaRFchannel,forgenewframeandcapture, mutate,andretransmitframesfromauthorizededge.Thedesignmustensureadataauthenticitytechnology.It isalsopossibletoresendavalid,alreadysentframeunmodified.Incaseoflongdistancetransmission,radio interferenceanddistancecouldpermitanattackertoreorderandselectivelyforwardframes,inasituationwhere

twoauthorizededgesarenotabletocontactdirectlywitheachother.Therefore,thedesignmustdetectreplayed frames(Johnston&Walker,2004). Mutual Authentication TwotypesofcertificateareclassifiedbyIEEE802.16standard:oneisformanufacturercertificatesandtheother is for SS certificates. There is no provision for BS certificates. A manufacturer certificate identifies the manufacturerofanIEEE802.16device.Itcanbeaselfsignedcertificateorissuedbyathirdparty.ASS certificateidentifiesaparticularSSandincludesitsMACaddressinthesubjectfield.Manufacturerstypically createandsignSScertificates.IngeneraltheBSusesthemanufacturercertificatespublickeytoverifytheSS certificate,andhenceidentifythedeviceasgenuine.ThisdesignassumesthattheSSmaintainstheprivatekey correspondingtoitspublickeyinasealedstorage,preventingattackersfromeasilycompromisingit.Thebig flawoftheIEEE802.16securitydesignisthelackofaBScertificate.Theonlywaytodefendtheclientagainst forgery or replay attack is to provide a scheme for mutual authentication (Johnston & Walker 2004). Its supportedbyWongthavarawat(2005),Nomutualauthenticationisprovided,whichisvulnerabletorogueBS maninthemiddleattackandSScertificationis alimitedauthentication method.In802.16e,EAP canbe actualizedwithspecificauthenticationmethodssuchasEAPTLS(X.509certificatebased)(Barbeau,2005). Unclear Definitions IEEE 802.16 design failed to explicitly define the authorization SA, for instance, state of the SA never differentiates one authorization SA instance from another, which is vulnerable to replay attacks. This will becomeasignificantissuewhenIEEE802.16ewillfacilitatemobilityandroaming.Also,SScannot identify reuseddataSAs.Thustheencryptionschemeisvulnerabletoattackviaencryptionkeyreuse.Inaddition,the authorization SA does not contain the BS identity; hence the SS cannot differentiate authorized from unauthorizedBSs.Herewecanassumethat,hidingitfromSSpreventskeymanagementandencryption,from protectingtheSSfromforgeryandreplayattacks.Onesolutionagainstthereplayvulnerabilityistoincludea randomvaluegeneratorfromtheBSandSStotheauthorizationSA.InthelatestIEEE802.16estandard,this modificationcouldhappen.Theprotocolspresumethatnopartieswithdifferentpublicorprivatekeypairsare certifiedtoemploysameMACaddress,conditionmustbeexplicitlydefinedthatallcertifiedMACaddressis uniquetoavoidMACmasqueradingproblem(Johnston&Walker,2004). Data Privacy InIEEE802.16,itusesDESinCBCmodefordataprivacy.DESinCBC(CipherBlockChaining)modeuses 56bitDESkey(TEK)andCBCIV(InitializationVector).CBCmoderequiresarandominitializationvectorto securetheScheme(RSA,2004).ContinuedwithpreviousdiscussionWongthavarawat(2005)said,thatCBCIV ispredictablei.e,CBCIV=[IVParameterfromTEKexchange]XOR[PHYSynchronizationfield]and56bit key is not secure based on todays computing and fails to provide strong data confidentiality, hence it is vulnerabletoBruceforceattacktorecovertheoriginalplaintext.Inaddition,thereisnoprovisionformessage integritydetection,whichincreasesthepossibilityofactiveattack.AnotherstatementfromJohnstonandWalker, (2004) Because the SA initialization vector is constant and public for its TEK, and because the PHY synchronizationfieldishighlyrepetitiveandpredictable,theMPDUinitializationvectorisalsopredictable. IEEE802.16providesnodataauthenticity. IEEE802.16eadoptedAESCCMusing128bitkey(TEK)asanewdatacipher,whichensuresmessageintegrity checkandreplayprotectionusingPacketNumber(PN).Transmitterconstructauniquenonceasaperpacket encryptionrandomizer,guaranteeuniquenessandaddsdataauthenticitymechanism(Wongthavarawat,2005). Key Management InIEEE802.16standardithaskeymanagementprotocolproblem,whichisitsuseofTEKsequencespace;it uses sequence number to differentiate messages. The protocol recognizes each TEK with a 2 bit sequence number,enfoldingthesequencenumberfrom3to0oneveryfourthrekeyasanissueofreplayattack;ifreplay

works,SScouldnotbeabletodetectthis.JohnstonandWalker(2004)said,EncryptionreusestheTEKand initializationvectorintheencryption,exposingboththeTEKandthesubscriberdata Other Vulnerabilities InthedataSAdefinition,anAKcanlastforupto70days,whereasaTEKlifetimecanbeasshortas30 minutes,allowinganattackertointerjectreusedTEKs.AdataSAcanconsumeupto3,360TEKsovertheAKs lifetimerequiringtheSAIDspacetogrowfrom2toatleast12bits.IEEE802.16designmeanstheSSmusttrust thattheBSalwaysgeneratesanewAK,whichisanotherweaknessastheBScontributesallofthebitsinanAK sothatBSsrandomnumbergeneratormustbeperfect,ifbiasedtheAKandTEKscouldbeexposed. InIEEE802.16,itdoesnotmentionthatauthenticatingtheBStotheSSallowsthePKMprotocolvulnerableto forgeryattack.ForexampleSScannotverifythatanyauthorizationmessagesitreceiveswerecomingfrom authorizedBS.TheBSrespondtoSSusingpublicinformation,soanyrogueBScancreatearesponse.Aswe discussed earlier, the protocols failure allows participants to distinguish one instance of the protocol from another,therefore,theauthorizationprotocolsubjectstheSStoreplayattacks.

CONCLUSION
ThenewIEEE802.16estandardhaschangedseveralsecuritymechanismslike,generatingeachperframeIV (InitializationVector)randomly,replayingprotectionusingPacketNumber(PN).ItwilluseAES(Advanced EncryptionStandard)asamainencryptionmethodandintroduceaflexibleauthenticationmethodbasedonthe Extensible Authentication Protocol i.e., EAPTLS, EAPTTLS, PEAP, EAPSIM, which extends the authenticationtoAAAserver.AESCCMmodeisanewdatalinkcipherfordataauthenticitymechanism,which isspecifiedbyNIST(NationalInstituteofStandardsandTechnology).Thestandardalso,replacesTripleDES keywrappinginthePKMprotocolwiththeAESECBmodeandfacilitateslowcostreauthenticationduring roaming. Further research is required to find out security threats and vulnerabilities in the IEEE 802.16e standard. Securitymechanismisanexpensiveprocess;itrequiresextensivelevelofresearch,performanceevaluationand implementationoutcomes.TheIEEE802.16ewillopenthedoorforwirelessmobility,vulnerabilityaswell, because there are be no constraints for an attacker. In such a situation, more issues like, BS to BS key management, roaming user authentication & voice migration will arise. IEEE 802.16 (WiMAX) has the capabilitytoattainsuccessinwirelesscommunicationarena.Though,wirelessvendorshavealreadymarketed theirWiMAXproduct,thistechnologyisstillunderdevelopment;andneedmoreacademicresearchandtimeto achieveamaturitylevel.Therefore,businessorganization,serviceproviderandITprofessionalsshouldtake greatcarebeforedeploymentofthisnewtechnology.

REFERENCES
Aikaterini,A.V.(2004).SECURITYOFIEEE802.16,retrievedon1stMay,2006from http://www.dsv.su.se/research/seclab/pages/pdf-files/2006-x-332.pdf Barbeau,M.(2005).WiMax/802.16ThreatAnalysis,retrievedon1stMay,2006from http://www.scs.carleton.ca/~barbeau/Publications/2005/iq2-barbeau.pdf Boom,D.D.(2004).DenialofServiceVulnerabilitiesinIEEE802.16Wireless Networks,retrievedon1stMay,2006http://www.ieee802.org/16/tge/contrib/C80216e-04_406.pdf Barry,A.,Healy,G.,Daly,C.,Johnson,J.&Skehill,R.J.(2006).OverviewofWiMaxIEEE802.16,retrievedon 1stMay,2006from http://www.mais-project.it/documenti_pubblico/IIIsemester/r4.1.2.pdf Chou,H.(2004).802.16&802.11SecurityOverview,retrievedon1stMay,2006from http://lee-1.com/hlchou/802.16e%20Security_1.2.pdf

Eklund,C.,Marks,R.B.,Stanwood,K.L.,&Wang,S.(2002)IEEEStandard802.16:ATechnicalOverviewofthe WirelessMANAirInterfaceforBroadbandWirelessAccess,retrievedon1stMay,2006from Guice,R.J.&Munoz,R.J.(2004).IEEE802.16Commercialofftheshelf(cots)Technologiesasacomplimentto shiptoobjectiveManeuverCommunications,retrievedon1stMay,2006from http://web1.nps.navy.mil/~budden/lecture.notes/r-wan/Guice_Munoz_thesis.pdf IEEE,(2006).Part16:AirInterfaceforFixedBroadbandWirelessSystems,retrievedon1stMay,2006 http://standards.ieee.org/getieee802/download/802.16-2004.pdf IEEE,(2001),IEEEStandard802.162001,retrievedon1stMay,2006from, http://standards.ieee.org/getieee802/download/802.16-2001.pdf Intel,(2005).retrievedon1stMay,2006from http://download.intel.com/technology/itj/2004/volume08issue03/vol8_iss03.pdf Johnston,D.,Walker,J.(2004).OverviewofIEEE802.16Security,retrievedon1stMay,2006from http://mia.ece.uic.edu/~papers/WWW/Bubbles/segment/WiMax_Security.pdf Liu,F.(2004).IEEE802.16WiMAX,retrievedon1stMay,2006from http://www.seas.gwu.edu/~cheng/388/LecNotes2006/80216WiMAXSecurity.ppt Parekh,S.(2006)IEEE802.16/WiMAX,retrievedon1stMay,2006from http://walrandpc.eecs.berkeley.edu/228S06/L6.pdf Patton,K.B.,Aukerman,R.,&ShorterJ.D.(2004)Wirelesstechnologies,WirelessFidelity(wifi)&Worldwide InteroperabilityforMicrowaveAccess(WiMAX),retrievedon1stMay,2006from http://www.iacis.org/iis/2005_IIS/PDFs/Patton_Aukerman_Shorter.pdf RSA,(2004).RSACryptographyStandard,RSAPublicKeyCryptography Standard#1v.2.0,retrievedon1stMay,2006fromwww.rsasecurity.com/rsalabs/pkcs/pkcs-1/ Wongthavarawat,K.(2005).IEEE802.16WiMaxSecurity,retrievedon1stMay,2006from http://www.nectec.or.th/nac2005/documents/20050328_SecurityTechnology-05_Presentation.pdf WiMAXForum,(2006).Fixed,nomadic,portableandmobileapplicationsfor802.162004and802.16e WiMAXnetworks,retrievedon1stMay,2006from http://www.wimaxforum.org/news/downloads/Applications_for_802.162004_and_802.16e_WiMAX_networks_final.pdf Xu,S.,Matthews,M.&Huang,C.(2006).SecurityIssuesinPrivacyandKeyManagementProtocolsofIEEE 802.16,retrievedon1stMay,2006fromhttp://www.cse.sc.edu/~huangct/acmse06cr.pdf Yaghoobi,H.(2003).802.16Broadbandwirelessaccess:thenextbigthingin Wireless,retrievedon1stMay,2006http://cnscenter.future.co.kr/resource/rsccenter/presentation/intel/fall2003/F03USWNTS111_OS.pdf

COPYRIGHT
Jamshed Hasan 2006. The author/s assigns the We-B Centre & Edith Cowan University a non-exclusive license to use this document for personal use provided that the article is used in full and this copyright statement is reproduced. Such documents may be published on the World Wide Web, CD-ROM, in printed form, and on mirror sites on the World Wide Web. Any other usage is prohibited without the express permission of the authors.