4.A Survey of WiBro Security in Heterogeneous Wireless Networks_presentation_ by xiaopangnv


									  A Survey of WiBro Security in
Heterogeneous Wireless Networks

               July 10, 2008

               JooSeok Song
      Department of Computer Science
       Yonsei University, Seoul, Korea
1. Introduction
2. Background
   WiBro’s security mechanism
   Integrated network of WiBro and other RATs
3. WiBro Security Concerns and Countermeasures
   Security problems
   Countermeasures
4. Enhanced Authentication Mechanisms in
   Integrated Networks
   Fast authentication
   Context transfer
5. Conclusions
              1. INTRODUCTION
• WiBro (Wireless Broadband)
   a.k.a., “Mobile WiMAX (Worldwide Interoperability for
    Microwave Access)” in the global market

• Standardization
   IEEE 802.16e working group
   WiMAX forum
   ITU  WiBro as one of six international standard
    platform for 3G mobile technology

• Successful commercialization by Korea Telecom
   200,000 subscribers with $17.9 million of revenue in
    Q1 2008
                      WiBro Service
  • Characteristics of WiBro
        Easy connectivity
        High-speed data transmission
        Medium mobility

Tx      High-Speed
Rate     Internet
                                  4G Mobile Communication

                                       3G Mobile Communication

       Fixed                Medium Mobility      Mobile          Mobility
               WiBro Basic Features
Features           Description
Bandwidth          10 MHz over 2.4 GHz frequency band
Data rate          ~24.8 Mbps (downlink) / ~5.2 Mbps (uplink)
Mobility           ~120 km/h
Voice call         VoIP support

                   High quality multimedia data support
Data service        - Internet access, MMS, and M-commerce
                    - VOD/AOD and online game play

                   Cellular phone/Smart phone, PDA, PMP (embedded)
Device type
                   Handheld PC, Laptop (external USB or embedded)
WiBro Standardization Strategy
                                     with Unlicensed Band
 Multiple Antenna

                                   WiBro Evolution
High Speed Mobility
                                                                                IPv6 Adaptation
                                         Integration                              Security/
 Power Saving                                                                   Authentication

                                         WiBro                                   Air Interface/
                                                                               Packet Scheduling

                Control Protocol                              Channel Coding

   WiBro Security Architecture
• IEEE 802.16e Privacy Layer
  Based on Privacy Key Management (PKM)
   • Secure communication
   • Authentication between MS and BS

  However, it is still vulnerable to security attacks
   •   Denial of Service
   •   Spoofing
   •   Replay attacks
   •   Jamming and scrambling
Convergence of Wireless Networks
 • Network integration between WiBro and other
   Radio Access Technologies (RATs)
    Roaming capability between different networks with
     multi-mode mobile devices
    Between WiFi (IEEE 802.11), cellular (2G, 3G),
     Bluetooth, etc

 • Lack of suitable security mechanism for the
   integrated network
    Vertical handover requires full authentication because
     each network uses different security architecture
    WiBro security mechanism should be optimized
      • Fast authentication with respect to the vertical handover
  Main issues in WiBro security
• Threats of security attacks in WiBro and their

• Enhanced authentication mechanisms in the
  integrated WiBro and other RATs
   Reducing handover delay and authentication
    signaling overhead: fast authentication and
    context transfer
   WiBro security mechanism
   Integrated network of WiBro and other RATs
WiBro System Architecture
                  PSS: Personal Subscriber Station
                  RAS: Radio Access Station
                  ACR: Access Control Router
                  NMS: Network Management System

                  Interface Reference Point
                  Uh : PSS-RAS (Defined in WiBro Spec.)
                  Ah : RAS-ACR
                  Ph : ACR-ACR
                  Ih : ACR-Internet

                  Seamless handover
                            Inter RAS handover
                            Inter ACR handover
                             Vertical handover

                  PSS = MSS/MS in 802.16e
                  RAS + ACR = BS in 802.16e
        Protocol Layer Structure
                               • Service Specific Convergence Sublayer (CS)
             CS SAP               Classifying external network SDUs (e.g., TCP/IP,
                                   UDP/IP) and associating them to the proper MAC
        Service Specific CS        service flow and Connection ID
      (Convergence Sublayer)      Payload header suppression
            MAC SAP
                               • The MAC Common Part Sublayer (CPS)
MAC        MAC CPS                  Bandwidth allocation
      (Common Part Sublayer)        Connection establishment and maintenance
                                    Classified to particular MAC connections
                                    Quality of Service
        Privacy Sublayer            Scheduling of data over the PHY
            PHY SAP
                               • Privacy Sublayer
          Physical Layer          Providing authentication   To provide
              (PHY)               Security key exchange      secure communication
                                  Encryption
    WiBro Security Mechanism
• IEEE 802.16e Privacy layer provides
   Integrity, confidentiality, and authentication
   These are guaranteed by key exchange, encryption
    and hashing

• WiBro’s PKM (Privacy Key Management)
   Authentication and encryption key derivation
   A set of control messages includes
     • Initial connection, authentication, registration, and handover
   Transport the security messages with RSA or EAP
   Two versions of PKM exist (version 1 and version 2)
    PKMv1 (version 1)
                 • PKMv1
                     Supports RSA protocol only
                     3 Phases
                       • Authentication
                       • Key derivation
                       • Traffic Encryption Key
                         (TEK) exchange

                 • Vulnerable to
                     Masquerade attack
                     Replay attack

PKMv1 protocol
    PKMv1 Authentication
    MS                                                     BS
         PKM Authentication Request :
         [X.509 cert, Cryptographic capacity, Basic CID]

                                                     AK generation

                   PKM Authentication Response:
                   [AK encrypted with MS’s public key]

• Authentication
    Every MS has its own X.509 certificate
    BS sends Authentication Key (AK) to MS
    PKMv1 Key Derivation

        KEK                     HMAC           mode?         CMAC

                                 HMAC key               CMAC key
                                  for uplink             for uplink
                                 HMAC key               CMAC key
                                for downlink           for downlink
• Key derivation
    Both MS and BS derive a shared KEK (Key Encryption
     Key) and HMAC/CMAC keys

      c.f. HMAC (Hash Message Authentication Code)
           CMAC (Cipher-based Message Authentication Code)
 PKMv1 TEK Exchange
   MS                                                BS

        PKM Key Request

                          PKM Key Reply:
                          [TEK encrypted with KEK]

                Data encrypted with TEK

• TEK exchange
    BS sends TEK encrypted with KEK to MS
• Data encryption with TEK
     PKMv2 (version 2)
                     • New features
                         Support RSA and EAP
                         Mutual authentication
                           • Prevents the masquerade
                         Nonce
                           • Prevents the replay attack

                     • EAP based authentication
                         MS-BS : PKMv2 protocol
                         BS-AAA : Diameter protocol

PKMv2 EAP protocol
PKMv2 EAP-AKA Authentication
MS                                                  BS                             AAA
     PKMv2 EAP Start

     PKMv2 EAP Transfer [EAP-Request / Identity]
     PKMv2 EAP Transfer [EAP-Response / Identity]        EAP-Response / Identity
                       PKMv2 EAP Transfer
                       [EAP-Request / AKA-Challenge] EAP-Request / AKA-Challenge

     PKMv2 EAP Transfer
     [EAP-Response / AKA-Challenge]                  EAP-Response/AKA-Challenge

                                                                           AAA key
                 PKMv2 EAP Transfer [EAP-Success]          EAP-Success, AAA key

Derive AK from                               Derive AK from
   AAA key                                      AAA key
PKMv2 3-Way Handshake
  MS                                         BS

       PKMv2 SA-TEK-Challenge

                      PKMv2 SA-TEK-Request

       PKMv2 SA-TEK-Response

• 3-way handshake
   MS and BS negotiate security parameters
   And verify they have the valid AK
PKMv2 TEK Exchange

MS                                               BS

     PKMv2 Key Request

                      PKMv2 Key Reply:
                      [TEK encrypted with KEK]

             Data encrypted with TEK
  Integrated network of WiBro and
             other RATs
• Wireless networking envisages the convergence of various
  types of radio access technologies
   With unified handover architecture in heterogeneous networks

• IEEE 802.21
   Media independent handover (MIH) standard
     • Enable handover and interoperability between heterogeneous network
       types including both 802 (Ethernet, WLAN, and WiMAX) and non-802
       networks (cellular)
     • New study group for security aspect: provides intra-technology and inter-
       technology handover solutions
     • Within the same AAA domain or different AAA domains

• 3GPP (Third Generation Partnership Project)
   Interworking between WiMAX and LTE
   Pre-authentication with tunneling authentication messages (EAP
   Security problems
   Countermeasures
             Security Problems
• DoS attacks in PKMv1
   PKMv1 is vulnerable to replay and masquerade attacks
   An attacker sends false Auth Invalid and Auth Reject
    messages to a victim MS (masquerading as a BS)
     • The MS loses its connection

• Unwilling sleep mode
   An attacker falsely reports to BS that a victim MS enters
    sleep mode
     • The MS cannot receive data any more

• DoS attacks against MS
   An attacker repeatedly duplicates packets of a victim MS
     • BS treats the MS as a misbehaving MS and sends the RES-CMD
     • The MS loses its connection by the RES-CMD message from BS.
• Using PKMv2
  PKMv2
    • The mutual authentication prevents masquerade
    • The nonce prevents replay attacks

• Detecting malicious nodes
  The reason of the misbehavior should be
  Well defined filtering rules for detecting attacks
   are required.
      Fast authentication
      Context transfer
          Fast Authentication
• Intra-technology handover solutions
  Pre-authentication (IEEE 802.11i)
  Fast BSS Transition (IEEE 802.11r)
  Handover Process Optimization (IEEE 802.16e)

• Inter-technology handover solutions
  Key Hierarchy-based Transition
    • Intra-AAA domain
  Authentication-based Transition
    • Inter-AAA domain
     Pre-authentication (IEEE 802.11i)
• MS is associated with APcurrent
  (it requires full authentication)
• MS selects APtarget as target, and
  initiates pre-authentication for APtarget
• EAP authentication is sent via
• APtarget receives MSK from AAA
  server (EAP server)
• MS derives PTK from the MSK for
• MS performs 802.11i 4-way
  handshake with APtarget using
  MSK(MS, APtarget)
• Transition complete

   c.f. MSK (Master Session Key)
   c.f. PTK (Pairwise Temporal Key)
    Fast BSS Transition (IEEE 802.11r)
•   MS is associated with APcurrent
•   MS selects APtarget as target
•   MS sends Auth Request to APcurrent
•   APcurrent requests PMK-R1APtarget from
•   R0KH derives PMK-R1APtarget for
•   R0KH sends PMK-R1APtarget to APtarget
•   APcurrent sends Auth Response to
•   APtarget and MS derive PTK
•   MS requests re-association to
•   Transition complete

    c.f. R0KH (level 0 key holder)
    c.f. PMK (Pairwise Master Key)
     Handover Process Optimization
           (IEEE 802.16e)
• MS is connected with BScurrent
• MS sends HO request to BScurrent
• BScurrent forwards HO request to
• BStarget sends HO response back to
• BScurrent sends HO response back to
• MS sends HO indication to BScurrent
  with BStarget as target
• BScurrent forwards MS info. and
  connection context to BStarget
• MS moves and attaches with BStarget

   c.f. connection context: TEKs, associated
       counters, negotiated capabilities, CID
       update, etc
      Key Hierarchy-based Transition
    (for intra-AAA domain in WiBro and WLAN interworking)

• When MS newly enters into an
  AAA domain, the AAA server                      Root key holder

  builds a hierarchical key
    MS should perform full
• Proactive re-authentication with
  ERP (Similar to IEEE 802.11r)
    MS derives session key for a new
     BS from the information received
     via current PoA
    The BS receives session key from
     AAA server

   c.f. ERP (EAP RE-authentication Protocol)
     Authentication-based Transition
   (for inter-AAA domain in WiBro and WLAN interworking)

• Full authentication required for
  inter-AAA domain handover

• Proactive authentication based
  on pre-authentication
    Requires EAP transport (RFC-
    Full authentication is performed
     before handover
    Similar to 802.11i’s approach
    Works independent of link-layer
   Context Transfer Approaches
• Context transfer
   Old network deliver necessary information for a MS’s connection to a
    new network
   Security context components
      • Authentication Context: IDs, Authentication result
      • Authorization Context: Access privileges
      • Communication Security Context: Encryption, Session keys

• Advantages
   Reducing latency and packet losses in handovers
   Avoiding the re-initiation signaling between MSs and AAA server
   Reusing the context information in the previous BS

• MPA (Media Independent Pre-authentication) framework
   Using 802.21 media independent information service
   Performing the pre-authentication and pre-configuration before handover
   Buffering in Access Router prevents packet losses
             5. CONCLUSIONS
• WiBro is an emerging technology for a wireless
  broadband Internet

• For security aspects in WiBro
   PKM is not enough to provide secure communications
   Next version of WiBro should apply the
    countermeasures against various security attacks

• In the integrated network of WiBro and other RATs
   Fast authentication and context transfer should be
    considered to reduce heavy overheads and long delay
    of EAP based authentication

To top