A Survey on WiMAX - PDF

Report as inappropriate Your report has been received

Shared by: ijcsis

Tags

IJCSIS, volume 8, No. 2, May 2010, Journal, Computer, Science, Information, Security, Research, issues, google scholar, ArXiV, Cornell University, library, Scirus, call for paper

Stats

views:: 377
posted:: 6/11/2010
language:: English
pages:: 6

Public Domain

Document Sample

(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, 2010

A Survey on WiMAX

Mohsen Gerami
The Faculty of Applied Science of Post and Communications
Danesh Blv, Jenah Ave, Azadi Sqr, Tehran, Iran.
Postal code: 1391637111
e-mail: artimes0@hotmail.com

Abstract—This paper describes an overview of WiMAX. The the WiMAX waves, you need a receiver for WiMAX for
paper outlines fundamental architectural components for connecting your computer or device.
WiMAX and explains WiMAX Security Issues. Furthermore
various 802.16 standards, IEEE 802.16 protocol architecture and WiMAX has a range of around 50 km in a circle. Terrain,
WiMAX Market will be discussed. weather and buildings affect this range and this often results in
many people not receiving signals good enough for a proper
Keywords: WiMAX; IEEE 802.16; Security; Protocol; Market; connection. Orientation is also an issue, and some people have
to choose to place their WiMAX modems near windows and
I. INTRODUCTION turned in certain specific directions for good reception.
WiMAX, meaning Worldwide Interoperability for A WiMAX connection is normally non-line-of-sight, which
Microwave Access, is a telecommunications technology that means that the transmitter and the receiver need not have a
provides wireless transmission of data using a variety of clear line between them. But a line-of-sight version exists,
transmission modes, from point-to-multipoint links to portable where performance and stability is much better, since this does
and fully mobile internet access. The technology provides up to away with problems associated with terrain and buildings [3].
10 Mbps broadband speed without the need for cables. The
technology is based on the IEEE 802.16 standard (also called II. WIMAX FUNDAMENTAL ARCHITECTURAL COMPONENTS
Broadband Wireless Access). The name "WiMAX" was
WiMAX has four fundamental architectural components:
created by the WiMAX Forum, which was formed in June
2001 to promote conformity and interoperability of the Base Station (BS). The BS is the node that logically
standard. The forum describes WiMAX as "a standards-based connects wireless subscriber devices to operator networks. The
technology enabling the delivery of last mile wireless BS maintains communications with subscriber devices and
broadband access as an alternative to cable and DSL" [1]. governs access to the operator networks. A BS consists of the
infrastructure elements necessary to enable wireless
As compared to a wireless technology like Wi-Fi, WiMAX
communications, i.e., antennas, transceivers, and other
is more immune to interference, allows more efficient use of
electromagnetic wave transmitting equipment. BSs are
bandwidth and is intended to allow higher data rates over
typically fixed nodes, but they may also be used as part of
longer distances. Because it operates on licensed spectrum, in
mobile solutions—for example, a BS may be affixed to a
addition to unlicensed frequencies, WiMAX provides a
vehicle to provide communications for nearby WiMAX
regulated environment and viable economic model for wireless
devices. A BS also serves as a Master Relay-Base Station in the
carriers. These benefits, coupled with the technology's global
multi-hop relay topology.
support (e.g., ongoing worldwide deployments, spectrum
allocation and standardization), make it the popular choice for Subscriber Station (SS). The SS is a fixed wireless node.
quick and cost-effective delivery of super-fast broadband An SS typically communicates only with BSs, except for multi-
wireless access to underserved areas around the world [2]. hop relay network operations. SSs are available in both outdoor
and indoor models.
WiMAX is cheaper than wired DSL because it does not
require placing wires around the area to be covered, which Mobile Subscriber (MS). Defined in IEEE 802.16e-2005,
represents an enormous investment for the provider. Not MSs are wireless nodes that work at vehicular speeds and
requiring this investment opens the door to many service support enhanced power management modes of operation. MS
providers who can start retailing out wireless broadband with devices are typically small and self-powered, e.g., laptops,
low capital, thereby causing prices to drop due to competition . cellular phones, and other portable electronic devices.
As with any wireless technology, the requirements for Relay Station (RS). Defined in IEEE 802.16j-2009, RSs
WiMAX are basically a transmitter and a receiver. The are SSs configured to forward traffic to other RSs, SSs, or MSs
transmitter is a WiMAX tower, much like a GSM tower. it is in a multi-hop Security Zone [4].
the part of the service provider's facilities. One tower, also
called a base station, can provide coverage to an area within a
radius of around 50 km. On the other side, in order to receive

352 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, 2010
also improved quality of service (QOS) and certain
improvements in the media access control (MAC) layer along
with adding support for the HiperMAN European
standard. The number of supported physical (PHY) layers was
increased. Transport mediums such as IP, Ethernet and
asynchronous transfer mode (ATM) were added.

At its core, the technology is intended to take a number of best
of breed proprietary enhancements that had been made by
vendors using the 802.11 standard and combine them together
in a very marketable and standardized WiMAX product.

For example, older broadband wireless technology such as the
Wi-Fi or 802.11b system utilized carrier sense multiple access
with collision detection (CSMA/CD) crosstalk methods for
base stations and customer premise equipment (CPE) to talk to
one another. Basically, this meant that each radio was
Figure 1. WiMAX network architectures: (a) PMP mode; (b) mesh mode [5]. constantly talking and creating inefficient overhead. It also
resulted, especially at times of high traffic, in increased packet
WiMAX devices communicate using two message types: collisions and retransmissions, further exacerbating the
management messages and data messages. Data messages problem. Some of the proprietary MAC systems built later
transport data across the WiMAX network. Management utilized the base station to define when the CPE would be
messages are used to maintain communications between an polled in order to eliminate this problem. In the way of a
SS/MS and BS, i.e., establishing communication parameters, permanent cure the 802.16 protocol supports multiple methods
exchanging security settings, and performing system of polling that a vendor can choose to use. Some of these
registration events (initial network entry, handoffs, etc.) include piggybacking polling requests within overhead traffic,
IEEE 802.16 defines frequency bands for WiMAX group polling or dynamic co-opting of bandwidth from another
operations based on signal propagation type. In one type, unit by the CPE. The key is that the radios will be
WiMAX employs a radio frequency (RF) beam to propagate interchangeable based on the Forum's initial product profile as
signals between nodes. Propagation over this beam is highly well as more efficient [6].
sensitive to RF obstacles, so an unobstructed view between
nodes is needed. This type of signal propagation, called line-of- A. The various 802.16 standards
sight (LOS), is limited to fixed operations and uses the 10–66 802.16a: Licensed Frequency 2 GHz to 11 GHz. The
gigahertz (GHz) frequency range. The other type of signal Working IEEE 802.16a operates at the MAC and PHY
propagation is called non-line-of-sight (NLOS). NLOS employs specification and specifies the transfer of non-visual
advanced RF modulation techniques to compensate for RF connections (NLOS). Frequencies are important for the 3.5
signal changes caused by obstacles that would prevent LOS GHz and 5.8 GHz licensed for royalty-free applications. The
communications. NLOS can be used for both fixed WiMAX data is at a channel width of 20 MHz 75 Mbit / s. 802.16a is
operations (in the 2–11 GHz range) and mobile operations (in replaced by 802.16-2004.
the 2–6 GHz range). NLOS signal propagation is more
commonly employed than LOS because of obstacles that Specifications of 802.16
interfere with LOS communications and because of strict 802.16b: Licensed Exempt Frequencies, with a focus on the
regulations for frequency licensing and antenna deployment in frequency band of between 5 GHz and 6 GHz. This group also
many environments that hinder the feasibility of using LOS [4]. runs under the name Wireless HUMAN (High Speed
Unlicensed MAN).
III. IEEE 802.16 802.16c: Profiles of transmission frequencies in the
The IEEE developed the 802.16 in its first version to frequency range from 10 GHz to 66 GHz. The channel width is
address line of sight (LOS) access at spectrum ranges from 10 in the U.S. 25 MHz, 28 MHz in Europe. 802.16c is replaced by
GHz to 66 GHz. The technology has evolved through several 802.16-2004.
updates to the standard such as 802.16a, 802.16c, the Fixed
WiMAX 802.16d (802.16-2004) specification and lastly the 802.16d: Profiles of transmission frequencies in the
mobile 802.16e set that are currently commercially frequency range of 2 GHz to 66 GHz. Replaced by 802.16-
available. The upcoming 802.16m is still a ways away from 2004. This standard provides visual and non-visual connections
ratification. The first update added support for 2 GHz through in the range of 2 GHz to 66 GHz.
11 GHz spectrum with NLOS capability. Each update added 802.16e-2005: Mobile Wireless MAN (WMAN). This
additional functionality or expanded the reach of the standard. working group defines a mobile access in the context of IEEE
802.16. Here are ranges of more than 10 Mbps in cells in the
For example, the 802.16c revision added support for spectrum range of several kilometers and speeds exceeding 100 kph
ranges both licensed and unlicensed from 2 GHz to 10 GHz. It investigated. In addition, 16e-clients between different radio

353 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, 2010
cells can switch, known as roaming. 802.16e is in conjunction TABLE I. SUMMARY OF THE IEEE 802.16 FAMILY OF STANDARDS
with DSRC an interesting alternative for telematic and safety
services in the automotive technology.
802.16f: MIB management for access networks.
802.16g: Definition of Management Plane.
802.16h: Coexistence of Networks. This Working Group
deals with the problems of coexistence of different radio
technologies in unlicensed bands transmission.
802.16i: Mobile One Plane Information
802.16j: bridging alternative to 802.11k. This involves
Equipment for a mobile relay, which has several
communications partner stations can connect.
802.16k: Bridging
802.16m: 802.16m The group is working on the high-speed
transmission with up to 1 Gbit / s.
802.16-1: Air Interface for 10 GHz to 66 GHz.
802.16.2: Coexistence of Broadband Wireless Access
Systems. This Working Group deals with the coexistence of
existing systems. Replaced by 802.16.2-2004.
802.16.2-2004: Combines standards 802.16, 802.16a, B. IEEE 802.16 protocol architecture
802.16c and 802.16d in a standard and regulate the coexistence The IEEE 802.16 protocol architecture is structured into
of wireless broadband systems in the range of 10 GHz to 66 two main layers: the Medium Access Control (MAC) layer and
GHz. the Physical (PHY) layer, as described in the following table
802.16.2a: Recommended Practice for Coexistence of [9]:
Fixed Broadband Wireless Access Systems. This group is the
coexistence of PMP systems between 2 GHz and 11 GHz
redefine.
802.16.3: Air Interface for Fixed Broadband Wireless
Access Systems operating below 11 GHz. In this group are the
unlicensed bands, such as the ISM band, the Personal
Communications Services (PCS), and MMDS Unii for the use
of a high-speed access MAN investigated [7].
The following table provides a summary of the IEEE Figure 2. The IEEE 802.16 Protocol structure
802.16 family of standards [8].
MAC layer consists of three sub-layers. The first sub-layer
is the Service Specific Convergence Sub-layer (CS), which
maps higher level data services to MAC layer service flow and
connections [10]. The second sub-layer is Common Part Sub-
layer (CPS), which is the core of the standard and is tightly
integrated with the security sub-layer. This layer defines the
rules and mechanisms for system access, bandwidth allocation
and connection management. The MAC protocol data units are
constructed in this sub-layer. The last sub-layer of MAC layer
is the Security Sub-layer which lies between the MAC CPS and
the PHY layer, addressing the authentication, key
establishment and exchange, encryption and decryption of data
exchanged between MAC and PHY layers.
The PHY layer provides a two-way mapping between MAC
protocol data units and the PHY layer frames received and
transmitted through coding and modulation of radio frequency
signals [8].

354 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, 2010
IV. WIMAX SECURITY identifiers is used. A 64bit initialization vector (IV) is used for
Realizing the sticking point that security has been in the each TEK [13].
widespread adoption of broadband wireless service, the IEEE Public key infrastructure (PKI): The WiMAX standard
and the Forum both determined to define a robust security uses the Privacy and Key Management Protocol for securely
environment. WiMAX security supports two quality transferring keying material between the base station and the
encryptions standards, that of the DES3 and AES, which is mobile station. The privacy key management (PKM) protocol
considered leading edge. The standard defines a dedicated is responsible for privacy, key management, and authorizing an
security processor on board the base station for starters. There SS to the BS. The initial draft for WiMAX mandates the use of
are also minimum encryption requirements for the traffic and PKMv1 [14], which is a one-way authentication method.
for end to end authentication---the latter of which is adapted PKMv1 requires only the SS to authenticate itself to the BS,
from the data-over-cable service interface specification which poses a risk for a Man-in-the-middle (MITM) attack. To
(DOCSIS) BPI+ security protocol. overcome this issue, PKMv2 was proposed (later adopted by
Basically, all traffic on a WiMAX network must be 802.16e), which uses a mutual (two-way) authentication
encrypted using Counter Mode with Cipher Block Chaining protocol [15]. Here, both the SS and the BS are required to
Message Authentication Code Protocol (CCMP) which uses authorize and authenticate each other. PKMv2 is preventing
AES for transmission security and data integrity authentication. from the following [16]: BS and SS impersonations, MITM
attack and Key exchange issue.
The end-to-end authentication the PKM-EAP (Extensible
Authentication Protocol) methodology is used which relies on PKMv2 supports the use of the Rivest-Shamir-Adlerman
the TLS standard of public key encryption. At least one chip (RSA) public key cryptography exchange. The RSA public key
company designed processors to support this standard of exchange requires that the mobile station establish identity
onboard security processor [11]. using either a manufacturer-issued X.509 digital certificate or
an operator-issued credential such as a subscriber identity
module (SIM) card. The X.509 digital certificate contains the
A. WiMAX security solutions mobile station's Public-Key (PK) and its MAC address. The
By adopting the best technologies available today, the mobile station transfers the X.509 digital certificate to the
WiMAX, based on the IEEE 802.16e standard, provides strong WiMAX network, which then forwards the certificate to a
support for authentication, key management, encryption and certificate authority. The certificate authority validates the
decryption, control and management of plain text protection certificate, thus validating the user identity.
and security protocol optimization. In WiMAX, most of
security issues are addressed and handled in the MAC security
sub-layer as described in the following figure:

Figure 3. MAC Security sub-layer .

Source: IEEE Std. 802.16e 2006. Figure 4. Public Key Infrastructure [13].

Two main entities in WiMAX, including Base Station (BS) Once the user identity is validated, the WiMAX network
and Subscriber Station (SS), are protected by the following uses the public key to create the authorization key, and sends
WiMAX security features[8]: the authorization key to the mobile station. The mobile station
Security associations: A security association (SA) is a set and the base station use the authorization key to derive an
of security information parameters that a BS and one or more identical encryption key that is used with the advanced
of its client SSs share in order to support secure encryption standard (AES) algorithm [13].
communications. Data SA has a 16bit SA identifier, a Cipher Authentication: Authentication is the process of validating
(DES in CBC mode) to protect the data during transmission a user identity and often includes validating which services a
over the channel and two traffic encryption keys (TEKs) to user may access. The authentication process typically involves
encrypt data: one is the current operational key and the other is a supplicant (that resides in the mobile station), an
TEK [12]. When the current key expires, TEK a 2bit key

355 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, 2010
authenticator (that may reside in the base station or a gateway), The real test of WiMAX security will come when providers
and an authentication server [13]. begin wide-scale network deployments, and researchers and
attackers have access to commodity CPE equipment. Other
attacks including WiMAX protocol fuzzing may enable
attackers to further manipulate BSs or SSs. Until then, the
security of WiMAX is limited to speculation [18].

V. GLOBAL WIMAX MARKET
World Interoperability for Microwave Access or WiMAX,
has been gaining a lot of attention as a wireless broadband
alternative, as it provides reliable, secure and high quality
broadband access for mobile Internet users. The technology
supports bandwidth-heavy applications and User Generated
Content (UGC) services that customers want. WiMAX
promises a better-performing, less-expensive alternative to
many technologies (like DSL, Wi-Fi) that are already available
in the market.
According to new research report ―Global WiMAX Market
Analysis‖, WiMAX has tremendous potential to offer global
standardized broadband wireless platform. Many countries
across the globe will adopt WiMAX to facilitate rapid
economic development. Moreover, the move to WiMAX, a
technology that is ready for deployment now, will be preferable
Figure 5. EAP-based authentication [13].
to waiting for alternative technologies that may not be available
for three or more years. As a result, the number of WiMAX
WiMAX uses the Extensible Authentication Protocol
users is forecast to grow over 87% between 2010 and 2012.
(EAP) to perform user authentication and access control. EAP
is actually an authentication framework that requires the use of The research reveals that, by 2012 the Asia-Pacific region
"EAP methods" to perform the actual work of authentication. will lead the number of global WiMAX users accounting for
The network operator may choose an EAP method such as over 45% of the total user base, followed by North America
EAP-TLS (Transport Layer Security), or EAP-TTLS MS- and Europe. Major growth is expected in Asia-Pacific and
CHAP v2 (Tunneled TLS with Microsoft Challenge- MEA as these countries are deploying the technology more
Handshake Authentication Protocol version 2). The messages rapidly. Moreover, government support and operators'
defined by the EAP method are sent from the mobile station to initiatives to provide the region with faster Internet access in
an authenticator. The authenticator then forwards the messages remote areas is also fostering growth into the WiMAX market
to the authentication server using either the RADIUS or [19].
DIAMETER protocols [17].
The WiMAX market is coming out of the recession period
Data privacy and integrity: WiMAX uses the AES to strongly, posting three consecutive quarters of revenue growth
produce ciphertext. AES takes an encryption key and a counter for 802.16e equipment and devices. With Clearwire in the U.S.
as input to produce a bitstream. The bitstream is then XORed announcing strong quarterly results, Yota in Russia expanding
with the plaintext to produce the cipher text. AES algorithm is rapidly, and others such as UQ in Japan being aggressive, the
the recommendation of 802.16e security sub-layer, since it can WiMAX business model seems to be working. Though we are
perform stronger protection from theft of service and data still in the early days, WiMAX is proving to be a good fit in a
across broadband wireless mobile network. Besides CCM- range of broadband segments in developed as well as
Mode and ECB-Mode AES algorithm supported in 802.16- developing markets [20].
2004, 802.16e supports three more AES algorithms: CBC-
Mode AES, CTR-Mode AES and AES-Key-Wrap[13]. WIMAX MARKET HIGHLIGHTS
• Worldwide vendor revenue from 802.16d and 802.16e
B. WiMAX threats WiMAX network equipment and devices hit $1.08 billion in
Despite good intentions for WiMAX security, there are 2009, down 19% from 2008, as the market suffered the effects
several potential attacks open to adversaries, including: of the recession

Rogue Base Stations • However, 4Q09 was the third consecutive quarter of
WiMAX equipment and device revenue growth, up 3% from
DoS Attacks 3Q09
Man-in-the-Middle Attacks o Quarterly revenue levels remain short of the pre-
Network manipulation with spoofed management recession market highs of over $300 million seen in early 2008
frames

356 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, 2010
• The WiMAX market is showing positive signs of REFERENCES
steady growth from this year onward, with major rollouts [1] WiMax Forum - Technology. http://www.wimaxforum.org/technology/.
underway in USA, Japan, Russia, and India Retrieved 2008-07-22.
[2] http://www.agilent.com/about/newsroom/tmnews/background/wimax/.
• Starting in 2011-2012, 802.16m WiMAX products are Retrieved 2009-11-18.
expected to be tested, certified, and commercially available,
[3] Nadeem Unuth,
offering speeds comparable to LTE http://voip.about.com/od/mobilevoip/a/UsingWiMAXTechnology.htm.
Retrieved 2009-10-12.
• For the combined WiMAX equipment and device
market, Motorola took the #1 spot in 2009, with 17% of [4] Karen Scarfone, Cyrus Tibbs, Matthew Sexton, 2009,Guide to Security
for WiMAX Technologies, US National Institute of Standards and
worldwide revenue, just ahead of Alvarion Technology-Special Publication 800-127(Draft), 46 pages (Sep. 2009)
• Huawei showed the biggest growth in WiMAX [5] David Johnston & Jesse Walker,2009, Overview of IEEE 802.16
security
equipment and device market share in 2009
[6] http://slingbroadband.com/wimax/category/wimax-faq// . Retrieved
• The number of WiMAX subscribers jumped 75% in 2008-11-28.
2009 to 6.8 million worldwide [21]. [7] http://www.wifinotes.com/wimax/IEEE-802.16.html
[8] 8- Trung Nguyen, 2009, A survey of WiMAX security threats,
http://www.cse.wustl.edu/~jain/cse571-09/ftp/wimax2/index.html
[9] http://www.cse.wustl.edu/~jain/cse574-08/
[10] Department University of Bridgeport, Bridgeport, CT.
http://www.asee.org/activities/organizations/zones/proceedings/zone1/20
08/Professional/ASEE12008_0022_paper.pdf
[11] http://slingbroadband.com/wimax/category/wimax-faq// . Retrieved
2008-11-28.
[12] J. Hasan, 2006, Security Issues of IEEE 802.16 (WiMAX), School of
computer and Information Science, Edith Cowan University, Australia,
2006.
[13] Mitko Bogdanoski, Pero Latkoski, Aleksandar Risteski, Borislav
Popovski,,2008,IEEE 802.16Security Issues: A Survey, Faculty of
Electrical Engineering and Information Technologies, Ss. Cyril and
Methodius University, Skopje,
Macedonia.,http://2008.telfor.rs/files/radovi/02_32.pdf
[14] D. Johnston and J. Walker, 2004, Overview of IEEE 802.16 Security,
IEEE Security & Privacy, magazine May/June 2004.
[15] S. Adibi, G. B. Agnew,T. Tofigh, 2008,End-to-End (E2E) Security
Approach in WiMAX: Security Technical Overview for Corporate
Multimedia Applications, 747-758, Handbook of Research on Wireless
Security (2 Volumes) Edited By: Yan Zhang, Jun Zheng, Miao Ma,
2008.
Figure 6. WiMAX Market Forecast.
[16] S.Adibi, G. B. Agnew, 2008, End-to-End Security Comparisons
Between IEEE 802.16e and 3G Technologies, 364 - 378, Handbook of
Research on Wireless Security (2 Volumes) Edited By: Yan Zhang, Jun
VI. CONCLUSION Zheng, Miao Ma, 2008.
WiMAX allows operators to present their subscribers true [17] S. Adibi, G. B. Agnew, 2008, Extensible Authentication (EAP) Protocol
broadband connectivity in fully mobile, all-IP networks. The Integrations in the Next Generation Cellular Networks, 776-789,
IEEE 802.16e standard has changed several security Handbook of Research on Wireless Security (2 Volumes) Edited By:
Yan Zhang, Jun Zheng, Miao Ma, 2008.
mechanisms and need more research on its securities
[18] Joshua Wright,
vulnerabilities. WiMAX is a very promising technology for http://www.computerworld.com.au/article/170510/wimax_security_issu
delivery of fully mobile personal broadband services. WiMAX es/?fp=16&fpid=1, Network World
market presents enormous business opportunities. WiMAX can [19] Global WiMAX Market Analysis, 2009,
be deployed to drive new revenue streams on much shorter http://www.bharatbook.com/Market-Research-Reports/Global-WiMAX-
timelines and at much lower capex than FTTx, xDSL, or cable Market-Analysis.html
modem alternatives. WiMAX is an opportunity. [20] Webb Richard, 2010, London, United Kingdom, March 1, 2010—
Infonetics Research
[21] WiMAX Equipment, Devices, and Subscribers market share and forecast
report,2010, www.infonetics.com

357 http://sites.google.com/site/ijcsis/
ISSN 1947-5500