VIEWS: 12 PAGES: 34 POSTED ON: 12/8/2011
A Survey of WiBro Security in Heterogeneous Wireless Networks July 10, 2008 JooSeok Song Department of Computer Science Yonsei University, Seoul, Korea Contents 1. Introduction 2. Background WiBro’s security mechanism Integrated network of WiBro and other RATs 3. WiBro Security Concerns and Countermeasures Security problems Countermeasures 4. Enhanced Authentication Mechanisms in Integrated Networks Fast authentication Context transfer 5. Conclusions 1. INTRODUCTION • WiBro (Wireless Broadband) a.k.a., “Mobile WiMAX (Worldwide Interoperability for Microwave Access)” in the global market • Standardization IEEE 802.16e working group WiMAX forum ITU WiBro as one of six international standard platform for 3G mobile technology • Successful commercialization by Korea Telecom 200,000 subscribers with $17.9 million of revenue in Q1 2008 WiBro Service • Characteristics of WiBro Easy connectivity High-speed data transmission Medium mobility Tx High-Speed Rate Internet 4G Mobile Communication WLAN WiBro 3G Mobile Communication Fixed Medium Mobility Mobile Mobility WiBro Basic Features Features Description Bandwidth 10 MHz over 2.4 GHz frequency band Data rate ~24.8 Mbps (downlink) / ~5.2 Mbps (uplink) Mobility ~120 km/h Voice call VoIP support High quality multimedia data support Data service - Internet access, MMS, and M-commerce - VOD/AOD and online game play Cellular phone/Smart phone, PDA, PMP (embedded) Device type Handheld PC, Laptop (external USB or embedded) WiBro Standardization Strategy Coexistence/Cooperation with Unlicensed Band Multicast/Broadcast Multiple Antenna Service WiBro Evolution High Speed Mobility IPv6 Adaptation Support Performance Enhancement & Network Integration Security/ Power Saving Authentication WiBro Air Interface/ Handover Packet Scheduling Control Protocol Channel Coding Modem WiBro Security Architecture • IEEE 802.16e Privacy Layer Based on Privacy Key Management (PKM) • Secure communication • Authentication between MS and BS However, it is still vulnerable to security attacks • Denial of Service • Spoofing • Replay attacks • Jamming and scrambling Convergence of Wireless Networks • Network integration between WiBro and other Radio Access Technologies (RATs) Roaming capability between different networks with multi-mode mobile devices Between WiFi (IEEE 802.11), cellular (2G, 3G), Bluetooth, etc • Lack of suitable security mechanism for the integrated network Vertical handover requires full authentication because each network uses different security architecture WiBro security mechanism should be optimized • Fast authentication with respect to the vertical handover Main issues in WiBro security • Threats of security attacks in WiBro and their countermeasures • Enhanced authentication mechanisms in the integrated WiBro and other RATs Reducing handover delay and authentication signaling overhead: fast authentication and context transfer 2. BACKGROUND WiBro security mechanism Integrated network of WiBro and other RATs WiBro System Architecture PSS: Personal Subscriber Station RAS: Radio Access Station ACR: Access Control Router NMS: Network Management System Interface Reference Point Uh : PSS-RAS (Defined in WiBro Spec.) Ah : RAS-ACR Ph : ACR-ACR Ih : ACR-Internet Seamless handover Inter RAS handover Inter ACR handover Vertical handover PSS = MSS/MS in 802.16e RAS + ACR = BS in 802.16e Protocol Layer Structure • Service Specific Convergence Sublayer (CS) CS SAP Classifying external network SDUs (e.g., TCP/IP, UDP/IP) and associating them to the proper MAC Service Specific CS service flow and Connection ID (Convergence Sublayer) Payload header suppression MAC SAP • The MAC Common Part Sublayer (CPS) MAC MAC CPS Bandwidth allocation (Common Part Sublayer) Connection establishment and maintenance Classified to particular MAC connections Quality of Service Privacy Sublayer Scheduling of data over the PHY PHY SAP • Privacy Sublayer Physical Layer Providing authentication To provide PHY (PHY) Security key exchange secure communication Encryption WiBro Security Mechanism • IEEE 802.16e Privacy layer provides Integrity, confidentiality, and authentication These are guaranteed by key exchange, encryption and hashing • WiBro’s PKM (Privacy Key Management) Authentication and encryption key derivation A set of control messages includes • Initial connection, authentication, registration, and handover Transport the security messages with RSA or EAP mechanisms Two versions of PKM exist (version 1 and version 2) PKMv1 (version 1) • PKMv1 Supports RSA protocol only 3 Phases • Authentication • Key derivation • Traffic Encryption Key (TEK) exchange • Vulnerable to Masquerade attack Replay attack PKMv1 protocol PKMv1 Authentication MS BS PKM Authentication Request : [X.509 cert, Cryptographic capacity, Basic CID] AK generation PKM Authentication Response: [AK encrypted with MS’s public key] • Authentication Every MS has its own X.509 certificate BS sends Authentication Key (AK) to MS PKMv1 Key Derivation AK MAC KEK HMAC mode? CMAC HMAC key CMAC key for uplink for uplink HMAC key CMAC key for downlink for downlink • Key derivation Both MS and BS derive a shared KEK (Key Encryption Key) and HMAC/CMAC keys c.f. HMAC (Hash Message Authentication Code) CMAC (Cipher-based Message Authentication Code) PKMv1 TEK Exchange MS BS PKM Key Request TEK generation PKM Key Reply: [TEK encrypted with KEK] Data encrypted with TEK • TEK exchange BS sends TEK encrypted with KEK to MS • Data encryption with TEK PKMv2 (version 2) • New features Support RSA and EAP Mutual authentication • Prevents the masquerade attack Nonce • Prevents the replay attack • EAP based authentication MS-BS : PKMv2 protocol BS-AAA : Diameter protocol PKMv2 EAP protocol PKMv2 EAP-AKA Authentication MS BS AAA PKMv2 EAP Start PKMv2 EAP Transfer [EAP-Request / Identity] PKMv2 EAP Transfer [EAP-Response / Identity] EAP-Response / Identity PKMv2 EAP Transfer [EAP-Request / AKA-Challenge] EAP-Request / AKA-Challenge PKMv2 EAP Transfer [EAP-Response / AKA-Challenge] EAP-Response/AKA-Challenge AAA key generation PKMv2 EAP Transfer [EAP-Success] EAP-Success, AAA key Derive AK from Derive AK from AAA key AAA key PKMv2 3-Way Handshake MS BS PKMv2 SA-TEK-Challenge PKMv2 SA-TEK-Request PKMv2 SA-TEK-Response • 3-way handshake MS and BS negotiate security parameters And verify they have the valid AK PKMv2 TEK Exchange MS BS PKMv2 Key Request TEK generation PKMv2 Key Reply: [TEK encrypted with KEK] Data encrypted with TEK Integrated network of WiBro and other RATs • Wireless networking envisages the convergence of various types of radio access technologies With unified handover architecture in heterogeneous networks • IEEE 802.21 Media independent handover (MIH) standard • Enable handover and interoperability between heterogeneous network types including both 802 (Ethernet, WLAN, and WiMAX) and non-802 networks (cellular) • New study group for security aspect: provides intra-technology and inter- technology handover solutions • Within the same AAA domain or different AAA domains • 3GPP (Third Generation Partnership Project) Interworking between WiMAX and LTE Pre-authentication with tunneling authentication messages (EAP messages) 3. WiBro SECURITY CONCERNS AND COUNTERMEASURES Security problems Countermeasures Security Problems • DoS attacks in PKMv1 PKMv1 is vulnerable to replay and masquerade attacks An attacker sends false Auth Invalid and Auth Reject messages to a victim MS (masquerading as a BS) • The MS loses its connection • Unwilling sleep mode An attacker falsely reports to BS that a victim MS enters sleep mode • The MS cannot receive data any more • DoS attacks against MS An attacker repeatedly duplicates packets of a victim MS • BS treats the MS as a misbehaving MS and sends the RES-CMD message • The MS loses its connection by the RES-CMD message from BS. Countermeasures • Using PKMv2 PKMv2 • The mutual authentication prevents masquerade attacks • The nonce prevents replay attacks • Detecting malicious nodes The reason of the misbehavior should be identified. Well defined filtering rules for detecting attacks are required. 4. ENHANCED AUTHENTICATION MECHANISMS IN THE INTEGRATED NETWORKS Fast authentication Context transfer Fast Authentication • Intra-technology handover solutions Pre-authentication (IEEE 802.11i) Fast BSS Transition (IEEE 802.11r) Handover Process Optimization (IEEE 802.16e) • Inter-technology handover solutions Key Hierarchy-based Transition • Intra-AAA domain Authentication-based Transition • Inter-AAA domain Pre-authentication (IEEE 802.11i) • MS is associated with APcurrent (it requires full authentication) • MS selects APtarget as target, and initiates pre-authentication for APtarget • EAP authentication is sent via APcurrent • APtarget receives MSK from AAA server (EAP server) • MS derives PTK from the MSK for APtarget • MS performs 802.11i 4-way handshake with APtarget using MSK(MS, APtarget) • Transition complete c.f. MSK (Master Session Key) c.f. PTK (Pairwise Temporal Key) Fast BSS Transition (IEEE 802.11r) • MS is associated with APcurrent • MS selects APtarget as target • MS sends Auth Request to APcurrent • APcurrent requests PMK-R1APtarget from R0KH • R0KH derives PMK-R1APtarget for APtarget • R0KH sends PMK-R1APtarget to APtarget • APcurrent sends Auth Response to MS • APtarget and MS derive PTK • MS requests re-association to APtarget • Transition complete c.f. R0KH (level 0 key holder) c.f. PMK (Pairwise Master Key) Handover Process Optimization (IEEE 802.16e) • MS is connected with BScurrent • MS sends HO request to BScurrent • BScurrent forwards HO request to BStarget • BStarget sends HO response back to BScurrent • BScurrent sends HO response back to MS • MS sends HO indication to BScurrent with BStarget as target • BScurrent forwards MS info. and connection context to BStarget • MS moves and attaches with BStarget c.f. connection context: TEKs, associated counters, negotiated capabilities, CID update, etc Key Hierarchy-based Transition (for intra-AAA domain in WiBro and WLAN interworking) • When MS newly enters into an AAA domain, the AAA server Root key holder builds a hierarchical key MS should perform full authentication • Proactive re-authentication with ERP (Similar to IEEE 802.11r) MS derives session key for a new BS from the information received via current PoA The BS receives session key from AAA server c.f. ERP (EAP RE-authentication Protocol) Authentication-based Transition (for inter-AAA domain in WiBro and WLAN interworking) • Full authentication required for inter-AAA domain handover • Proactive authentication based on pre-authentication Requires EAP transport (RFC- 3748) Full authentication is performed before handover Similar to 802.11i’s approach Works independent of link-layer technologies Context Transfer Approaches • Context transfer Old network deliver necessary information for a MS’s connection to a new network Security context components • Authentication Context: IDs, Authentication result • Authorization Context: Access privileges • Communication Security Context: Encryption, Session keys • Advantages Reducing latency and packet losses in handovers Avoiding the re-initiation signaling between MSs and AAA server Reusing the context information in the previous BS • MPA (Media Independent Pre-authentication) framework Using 802.21 media independent information service Performing the pre-authentication and pre-configuration before handover Buffering in Access Router prevents packet losses 5. CONCLUSIONS • WiBro is an emerging technology for a wireless broadband Internet • For security aspects in WiBro PKM is not enough to provide secure communications Next version of WiBro should apply the countermeasures against various security attacks • In the integrated network of WiBro and other RATs Fast authentication and context transfer should be considered to reduce heavy overheads and long delay of EAP based authentication
"4.A Survey of WiBro Security in Heterogeneous Wireless Networks_presentation_"