An Efficient Self-Organized Authentication and Key Management Scheme for Distributed Multihop Relay-Based IEEE 802.16 Networks

Report as inappropriate Your report has been received

Shared by: ijcsis

Stats

views:: 283
posted:: 4/9/2011
language:: English
pages:: 9

Public Domain

Document Sample

(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011

An Efficient Self-Organized Authentication and Key
Management Scheme for Distributed Multihop Relay-
Based IEEE 802.16 Networks
Adnan Shahid Khan, Norsheila Fisal, Sharifah M. Abbas
Kamilah, Sharifah Hafizah, Mazlina Esa, Wireless Communication Cluster
Zurkarmawan Abu Bakar MIMOS Berhad, Technology Park Malaysia
UTM-MIMOS Center of Excellence in 57000 Kuala Lumpur, Malaysia
Telecommunication Technology, Faculty of Electrical mazlan.abbas@mimos.my
Engineering, Universiti Teknologi Malaysia 81310
Skudai, Johor, Malaysia, adnan.ucit@gmail.com,
{sheila,kamilah,sharifah, mazlina,
zurkarmawan}@fke.utm.my,

Abstract— Wireless internet services are rapidly expanding and between an Multihop Relay Base Station (MR-BS) and an
improving, it is important to provide users with not only high Mobile Station (MS), here Relay Station (RS) is just an
speed and high quality wireless service but also secured. amplify and forward, but in the second security mode, referred
Multihop relay-based support was added, which not only help for to as distributed modes, which incorporate authentication and
improving coverage and throughput but also provides features key management between an MR-BS and a non-transparent
such as lower backhaul deployment cost, easy setup, robustness RS we called as NRS and between the NRS and a MS. During
and re-configurability, which make it one of the indispensable the registration process, an RS can be configured to operate in
technologies in next generation wireless network. A WiMAX distributed security mode based on its capability [1]. Since
network usually operates in a highly dynamic and open AUTH-INFO message is optional and informative we begin
environment therefore it is known to be more vulnerable to with the security analysis from the AUTH-REQ message. As
security holes. Security holes most of the time is trade off with
this message is plain text and for such message, eavesdropping
authentication and key management overheads. In order to
operate securely, communication must be scheduled either by a
is not a problem since the information is almost public and is
distributed, centralized or hybrid security control algorithms preferred to be sent in plain text to facilitate authentication. To
with less authentication and key management overheads. In this capture and save the authentication message sent by a
paper, we propose a new fully self-organized efficient legitimate, is not a big deals, thus NRS may face a replay
authentication and key management scheme (SEAKS) for hop- attack from an adversary. Although an adversary
by-hop distributed and localized security control for Multihop eavesdropping the message, cannot derive the AK from the
non-transparent relay based IEEE 802.16 networks which not message, because it does not have the corresponding private
only helps in security counter measures but also reduce the key. However, the adversary still can replay message II
authentication and key maintenance overheads. The proposed multiple times and then either exhaust NRS capabilities or
scheme provides hybrid security controls between distributed force NRS to deny the SS who owns that certificates [1] [2].
authentication and localized re-authentication and key The reason is that if NRS sets a timeout value which makes
maintenance. The proposed scheme uses distributed non- NRS reject Auth REQ from the same MS in a certain period ,
transparent decode and forward relays for distributed the legitimate request from the victim MS will be ignored.
authentication when any non-transparent Relays (NRS) want to Then denial of service attack occurs to victim MS, however
join the networks and uses localized authentication when NRSs the ultimate solution for these types of attacks are the
want to re-authenticate and do key maintenance. We analyze the introduction of digital signatures at the end of the messages
procedures of the proposed scheme in details and examine how it which can be automatically time-stamped, that basically
works significantly to reduce overall authentication overheads
provides the authentication and non-repudation of this
and counter measures for security vulnerabilities such as Denial
of Service, Replay and interleaving attacks.
message. The design of digital signature system may be
flawed or vulnerable to some specific attacks such as collision
attacks against X.509 public-key certificates and
Keywords- Wimax Security, Multihop Relay based IEEE cryptographically weak pseudo random bit generator.
802.16, Key Management, Self-Organized Authentication) Adversaries may attempt for total break, universal forgery,
selective forgery or existential forgery.
I. INTRODUCTION
The strongest security definition requires protection against
In Multihop Relay (MR) network, two different security existential forgery even if an adversary is able to mount an
modes are referred, the first one is referred to as the adaptive chosen message attack. Later, nonce was added to the
centralized security mode which is based on key management

30 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011
digital signature, the idea of nonce values is that they are used literature is very sparse. In this network, all the relays are
only once with a given key, however, the exchange of nonce connected to MR-BS wirelessly and transparently or non-
only assures SS that message III is a replay corresponding to transparently and only MR-BS is connected to IP cloud as a
its request. The NRS still faces the replay attack because NRS backhaul, thus this infrastructure can be used in many real
cannot tell whether message II is sent recently or it is just an time applications [2].
old message [3]. If reply attack cannot be successful, for sure As the matter of fact, security is essential in wireless
‘denial of service’ will occur. The author of [4] also suggested technologies to allow rapid adoption and enhance their
passing the pre-AK to SS instead of AK and let SS and NRS maturity. Due to lack of physical boundaries, the whole relay-
derive AK from pre-AK at both ends. If the generation of AK based infrastructure in exposed to security holes. However,
exhibits significant bias, adding freshness in the AK may IEEE 802.16 standard stipulates some powerful security
prevent the exposure of the AK, however according to [4] this controls, including PKMv2, EAP-based authentication and
cannot provide freshness as they claimed. If we consider the over-the-air AES based encryption. But secure technology
security issues of relay-based IEEE 802.16 networks in does not in itself comprise a secure end-to-end network and
centralized as well as distributed authenticated, every node consequently, WiMAX presents a range of security
need to authenticate itself with MR-BS and ultimately with vulnerabilities. Since the first Amendment was released on
AAA server. Secondly, every node needs to maintain two MR specifications [1], a few papers have been published to
simultaneously keys AK and TEK to remain authenticated. introduce and address the security issues. There are some
Failure to maintained these keys will result in the re- papers that review this standard in details such as [6] and [7],
authenticated from scratch which is no doubt extra and there are some papers they purely works on key
managements specially Sen Xu and Manton Mathews who
authenticated overhead. Let’s suppose, there are five NRS,
published a series of work such as [3] and [4] on security
where every NRS has to keep track of its AK and TEKs and issues on the standard as well as on Privacy key Management
consequently authentication. Thus generation of authentication (PKM) protocols. Karen Scarfore with her team came up with
overhead by five NRS no doubt lessen the overall deployed a special publication on Guide to security for Wimax
network efficiency. To solve this authentication overhead technologies (Draft) which was the recommendations of the
problem, Self organized and efficient authentication and key National Institute of Standards and Technology (NIST).
management scheme (SEAKS) proves to be the best candidate Taeshik Shon and Wook Choi [8] discussed about the
in the relay-based IEEE 802.16 network, which utilized non- Analysis of Mobile WiMAX Security, Vulnerabilities and
transparent and decode and forward relays. SEAKS provides Solutions. Y. Lee and H. K. Lee in their paper [9] gives more
hybrid scheme with distributed authentication and localized focus on hybrid authentication scheme and key distribution for
re-authentication and key maintenance. However, this MMR in IEEE 802.16j.
technique not only helps in minimizing the overall
The authors [10] and [11] review the standard and
authentication overhead on MR-BS and AAA server but also analyzed its security in many aspects, such as vulnerabilities in
provide efficient way to countermeasure the vulnerabilities. authentication and key management protocols and failure in
data encryption. In IEEE 802.16j [12] standard, Multihop
The rest of the paper is organized as follows, after related Relay (MR) is an optional deployment in which a BS in
work, section 3 gives the overview of generals attacks on (802.16e) may be replaced by a Multihop Relay BS (MR-BS)
network, section 4 discusses centralized and distributed and one or more relay stations (RS). The MR mechanism
authentication controls, section 5 deals with the security goals provides several advantages, such as providing additional
of relay-based WiMAX network, section 6 describe the self- coverage for the serving BS, increasing transmission speed in
organize scheme (SEAKS), section 7 gives the analysis of an access network, providing mobility without SS handover,
proposed scheme which is followed by conclusion and future decreasing power consumption when transmitting and
work. receiving packets, and enhancing the quality of services [3].
II. RESEARCH BACKGROUND
There has been a significant amount of work done on security
issues and their protocols as shown above but none of these
In 2006, the IEEE 802.16 working group (WG) approved cover security protocols which works for minimized
a project Authorization Request (PAR) focused on the Relay authentication and key management overheads in non-
Tasks Group (TG). The main task of this Relay TG was to transparent Relay-based WiMAX networks in distributed
develop an amendment to the IEEE Std 802.16 enabling the environment.
operation of Relay Station (RSs) in OFDMA wireless
networks defined by 802.16 [2]. Enhancement of Relays to III. GENERAL ATTACKS ON RELAY-BASED IEEE 802.16
support Multihop not only increases the wireless converge but NETWORK
also provide features such as lower backhaul deployment cost, Before we start to elaborate our self organized algorithm,
easy setup and high throughput. Relay stations concept as we would like to high-light some of the typical MAC layer
discussed in [1][2] and [5] introduced four types of RSs from attacks on authentication and key management protocols. The
the perceptive of physical and Mac layer. After successful first and very common attack is message replay attack [7].
comparison, the main focus of this research is on the non- This attack is not only common in key management and
transparent RS operating in distributed scheduling and security authentication protocols but also in multicast and broadcast (M
mode [2], WiMAX relay-based network in still under draft and & B) services [11]. In a replay attack, an adversary intercepts

31 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011
captures and saves the authentication messages sent by the have this key information. The intermediate RS use particular
legitimate RS/SS. Thus adversary impersonates the legitimate shared keys to authenticate management messages which
RS/SS and resends this message after specific period of time. received from other RSs [12][14].
Denial of service (DoS) is also one of the major attacks in
wireless networks especially in WiMAX networks. Here, B. Distributed Security Control
consider an adversary that eaves-dropping the message cannot In this mode, an access RS, which provides a point of
derive the AK as it does not have the corresponding private access into the network for an MS or RS, can derive the
key. This adversary still can replay AUTH-REQ message authentication key established between MS and MR-BS. An
multiple times and thus exhaust MR-BS capabilities and force RS can be configured to operate in distributed security mode
MR-BS to deny this adversary. This may happen, if the MR- based on its capability during the registration process, and
BS sets a time out value which makes MR-BS reject AUTH- relays initial key management messages between the MR-BS
REQ message from the same RS/SS with an interval of time. and MS/subordinate RS. Upon master session key
Thus, MR-BS denies the legitimate RS/SS AUTH-REQ, establishment, access RS securely acquires relevant
which actually owns the certificate. DoS are common in Authorization Key of the subordinate RS/MS from the MR-
authentication, key management protocols and M & B BS. Using PKM protocol, the access RS can derives all
services. Man-in-the-Middle (MiTM) attack is another critical necessary keys. Different traffic encryption keys (TEKs) are
attack and is generally applicable in communication protocol used for relay link and access link in distributed security
scheme where mutual authentication is absent especially in control mode. They are distributed by MR-BS and RS
PKMv1. This attacks leads to message modification and respectively [4][15]. The SA will be created between an MS,
masquerading problems, specially node spoofing, rogue base an access RS and the MR-BS in distributed security mode.
as well as relay stations, theft of service (ToS). To avoid Each MS shall establish an exclusive primary SA with the RS,
MiTM attack on PKM protocol, mutual authentication was interacting with the RS as if it were a BS from the MS’s view.
proposed i.e. PKMv2. No doubt PKMv2 is soundly safe for Similarly, each RS shall establish an exclusive primary SA
MiTM but it cannot help allowing adversary to play with MR-BS [12][16].
interleaving attack.
Interleaving attack in complex to be explained but easy to
attempt. An adversary attempts this attack with the help of two V. SECURITY GOALS OF RELAY-BASED WIMAX
different instances. In the first instance, adversary NETWORKS
impersonates as SS/RS and sends the interrupted message to Non-transparent Relay-based WiMAX network may
the MR-BS. MR-BS authenticates and replied with require the following security function, which have not widely
corresponding keys. Adversary needs to reply these keys to been studied by others until now.
RS/SS to be successfully authenticated, as it cannot decrypt
the message encrypted by the SS/RS’s public key in order to • Localized and hop-by-hop authentication is required.
get the AK to encrypt the nonce challenge. Thus, it cannot do In Relay-based WiMAX network. NRS in introduced
authentication currently. Now to solve this technicality, for coverage extension and throughput enhancement,
adversary force RS/SS to run another protocol instance to for this purpose, hop-by-hop authentication between
answer the challenge. Once RS/SS send the request, adversary NRS, NRS/MS and NRS/MR-BS should be
replies SS with the same nonce challenge which the MR-BS supported for self organized network operations.
sends him. Thus RS/SS send nonce and AK to adversary • All the participating devices must be validated and
which later sends to MR-BS to finish this authentication authenticated by AAA server through MR-BS,
successfully. This attack normally can occur only on PKMv2 because digital certificates of participating devices
or where mutual authentication is present. In IEEE 802.16 are only registered in AAA server database, however,
Multihop networks, the number of wireless devices engross is NRS should authenticate other NRS/MS on behalf of
increased, thus produce wide space for interleaving attack [3] MR-BS, and basically this concept leads our
[4]. proposed scheme towards self organized way.
• Conventional MS should be used in non-transparent
Relay-based WiMAX network without any functional
IV. CENTRALIZED VS. DISTRIBUTED AUTHENTICATION modification in MS.
• Overall authentication overhead should be
A. Centralized Security Control minimized.
In this mode, the intermediate RS is not involved with the
In this paper we proposed self organized distributed and
establishment of the security association (SA) between MS
localized authentication and key management, where initially
and MR-BS in the multihop relay system. The RS only simply
participating devices validated and authenticated by MR-BS
relays the user data or MAC management message that it
and afterward NRSs are responsible for authenticating and
receives from the MS, but the RS does not process it. RS does
managing freshness of AK/TEK. The proposed scheme
not have any key information relevant to the MS, and all the
alleviates above security problems and examined how it
keys related to MS are maintained at the MS and MR-BS [13].
satisfies the security requirements of non-transparent Relay-
When the SA is established between RS and MR-BS in the
based WiMAX networks.
MR system, key data is shared and maintained at the particular
RS and MR-BS, such as AK, and the intermediate RS does not

32 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011
VI. SEAKS NRS1 will be able to continuously exchange encrypted traffic
A. Authentication Procedures of NRS1 with MR-BS with the MR-BS.

Self organized and efficient authentication and key
management scheme (SEAKS) is based on self organized
model using non-transparent, decode and forward Relays.
SEAKS provides hybrid authentication scheme with
distributed authentication and localized re-authentication and
key maintenance. However, this technique not only helps in
minimizing the overall authentication overhead on MR-BS
and AAA server but also provides efficient way to
countermeasure the vulnerabilities; let’s consider any non-
transparent relay stations such as NRS1 wants to join the
WiMAX networks. NRS1 sends its Auth-REQ message to the
serving MR-BS, Auth-REQ includes manufacturer-issued
Figure 1: Authentication of NRS1 with MR-BS
X.509certificates, a description of cryptography algorithms
and NRS’s basic CID. The CID that assigned during the initial A TEK state machine remains active as long as NRS1 is
ranging, normally primary SAID is equal to the basic CID. In authorized to operate in the MR-BS security domain i.e. with
response to an authorization Request message, a MR-BS valid AK. NRS1 is authorized to participate in that particular
validates the requesting NRS’s identity, determines the security association [1] [2]. The parent authorization state
encryption algorithm and protocol support, activates an AK machine stops its entire child TEK state machines when NRS
for NRS1, encrypt it with the NRS1’s public key and send it receives from the MR-BS authorization reject during the
reauthorization cycle. We can say, this is localized
back to the NRS1 is AUTH-REP message. It also includes 4
authentication between NRS1 and MR-BS and these
bit sequence number, used to distinguish between successive procedures are same as mentioned in [3][4]. All the key state
generations of AKs, a life time, and the securities identities for machines are refreshing the keys. Now NRS1 is eligible to
which NRS1 are authorized to obtain keying materials. Once transmit UL-MAP message and any node listening to this
authenticated and obtain the authorization key (AK), NRS1 message, can sends the AUTH-REQ.
must periodically refresh its AK by reissuing an AUTH-REQ Now, there is another non-transparent relay station NRS2
message to the MR-BS. However, reauthorization is identical that wants to join the network. Due to its non-transparent
nature, it is not in the coverage of MR-BS and only NRS1 can
to authorization with the exception that NRS1 does not send
listen to it. According to SEAKS, NRS2 listened to the UL-
its authentication information messages during reauthorization MAP from NRS1 and sends the AUTH-REQ message to
cycle, to avoid service interruption during reauthorization, NRS1. However, any non-transparent node that wants to join
successive generations NRS1 AKs have overlapping lifetime. the network must have to authenticate itself with MR-BS as
Both NRS and MR-BS support up to two simultaneously MR-BS is directly attached to the AAA server, while NRS1
active AKs during these transition period. Authentication of cannot authenticate NRS2 on behalf of MR-BS.
NRS1 with MR-BS is shown in Figure 1.
Once NRS1 achieve authorization, its starts a separate B. Authentication Procedure of NRS2 with MR-BS
traffic encryption key (TEK) state machines for each of SAID
defined in the AUTH-REP message. Each TEK state machine According to SEAKS, NRS1 received the AUTH-REQ
operating within the NRS1 is responsible for managing the (NRS2) and send it to MR-BS during the refreshing of AK
keying material associated with its respective SAID. TEK message because these authentications are delay tolerance and
secured. NRS1 receive MACPDU of NRS2 and encapsulate it
state machine periodically send the key request messages to
into its own PKM-REQ message of type 9 and code 4 [1] [2].
the MR-BS to refresh the keying material for their respective MR-BS receives MACPDU of NRS1 which is basically sent
SAID. TEK is encrypted by appropriate KEK derived from the for refreshing AK. MR-BS will check MAC header of NRS1,
AK. The operation of the TEK state machine’s key request if RAR (Relay Auth Request) is equal to 1, it means there is
scheduling algorithm, combined with the MR-BS’s regimen one relay request inside MACPDU, RAR is basically the
for updating and using SAID keying materials ensure that reserve bit utilized for RAR indications.

33 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011
Once MR-BS obtains AUTH-REQ of NRS2, it validates
its authenticity and activates AK2 and other parameters,
encrypt it with NRS1 public key and responds to NRS1 in its
AUTH-RSP message. NRS1 receives NRS2’s security info,
save one copy of all info into its knowledge shared table
(KST) generates AK21, encrypt it with NRS2 public key, and
sends its AUTH-RSP message to NRS2.

Figure 3: Authentication of NRSn with NRS1/MR-BS

means its PKM-AUTH–REQ message, once NRS2 receives
this message, it will check RAR values. If the value is one, it
will check inside the Mac payload and save the message to its
KST, then forward it to NRS1. Before sending, it will again
set the RAR==1. Hence, there are two Mac messages present
Figure 2: Authentication of NRS2 with NRS/MR-BS inside the Mac payload, one is AUTH-REQ (code 4) and the
other is KEY-REQ (code 5). NRS1 will receive this message
Once NRS2 get authenticated, it will start its separate and check RAR value; if it is one then it will copy the AUTH-
authorization and traffic encryption key state machine with REQ message to its KST, else it will ignore and forward it to
NRS1. As mentioned in the previous section, all the relays MR-BS. MR-BS will receive the message and validate it. MR-
involved are distributed, non-transparent, and decode and BS will send back the AUTH-RSP message with type 9. Again
forward. Thus, they can generate AUTH-RSP on behalf of here, there are two Mac messages inside the macpayload, one
MR-BS as shown in Figure 2. However, it cannot authenticate is with key reply (code 8) and other is auth-reply (code 5) to
its real validity because it does not have vendor’s digital NRS1. NRS1 check the code values, if it is 5, it will send to
certificate database. If NRS1 fails to re-authenticate before the NRS2. If 8 then it will use for its refreshing of keys. NRS2
expiration of its current AK, the MR-BS will hold no active again receives two Mac messages inside the payload, one is
AKs for NRS1 and will consider not only NRS1 but also all with code 5 and other is with code 8. It will retain code 8 with
others NRS unauthorized. A MR-BS will remove from its itself and send the code 5 message to NRS3. Thus NRS3 is
keying tables all TEKs associated with NRS1 [4] [12]. All authenticated with MR-BS with distributed manner and later it
NRSs maintain KST of recently exchanged AK with its will maintain its keys locally as mentioned in the previous
neighbours. If NRS2 fails to re-authenticate before the sections. The illustrations of authentication procedures of
expiration of its current AK, NRS1 will wait until it sends NRSn with MR-BS are shown in Figure 3.
AUTH-REQ message, NRS1 will check its KST, if it found
then it validates its authenticity locally rather than sending
D. Localized and Distributed Key Management in Relay-
again to MR-BS and wait for the response and compute the
Based IEEE 802.16 Network
keys and send to NRS2. The advantage is the communication
cost in shape of authentication overhead and thus less
complexity. We assume that all the NRS are authenticated and
maintains theirs KST. Inside the KST, we have two portions,
one is updated and other is non-updated stacks. All the active
C. Authentication Procedures of NRSn with NRS1/MR-BS and valid AK, TEK and SAIDLIST are residing inside the
updated one, and all the expired and revoked keys are inside
Now, if NRS3 wants to join the network, it will send the that non-updated stack. If any new NRS wants to join the
AUTH-REQ message to MR-BS, as it is working in non- network, the serving NRS first look at in its KST in updated
transparent mode. Hence, it has to send the request to the non- stack. If it cannot find the required information, it will move to
transparent and authenticated relay which should be inside its non-updated stack. If still it cannot find inside the non-updated
coverage that is NRS2. While sending the message, NRS3 will stack, the serving NRS will send the AUTH-REQ to the MR-
set RAR==1, inside the macheader so that NRS2 can BS through other NRS and all other procedures are the same.
recognize, there is one AUTH-REQ message inside the Mac The localized re-authentication and key maintenance
payload, and set the TYPE value ==8 and code ==4, which procedures is shown in Figure 4. If incase it found the

34 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011
information in either of the stack, it validates its authenticity authentication protocol is illustrated in [3] [4]. We have
and send SAIDLIST and AK in AUTH-REP message and evaluated our scheme in terms of communication costs some
send one copy to the MR-BS for its own KST. key vulnerabilities and their countermeasures.
A. Communication Cost
The communication cost of our proposed scheme is mainly
comprises of re-authentication and key maintenance
overheads. The total communication costs of SEAKS can be
evaluated into two phases, the AUTH-REQ and AUTH-REP
phases. In AUTH-REQ phase, the source NRS sends its
AUTH-REQ as well as others NRS AUTH-REQs directly via
one hop to the MR-BS. This type of authentication occurs
once for specific NRS as after authentication, source NRS is
responsible for authenticating others NRSs who have already
obtained their AK/SAID. Within this first phase, we have
another issue of refreshing AK/TEK and all the NRS/MS have
Figure 4: Localized Re-Authentication and Key Maintenance to periodically and constantly send their refreshing request.
According to the standard, AK/TEK is refreshed by sending to
MR-BS validates its authenticity. If its valid then it will save the MR-BS with Multihop using Multihop Relays, but in our
in its KST else it will send AUTH-REJECT message in scheme, this is done localized as this system became
AUTH-REP. Now the entire network is doing distributed distributed. Hence, the communication cost of sending AUTH-
authentication as shown in Figure 5. REQ with refreshing AK/TEK can be calculated as follow

Figure 5 shows overall flow of our self organized re-
authentication and key management schemes in non- : 1 _
transparent Relay-based WiMAX network.
Where H is the average number of Hops between the source
and the destination, n is the number of NRS participating in
the entire network, certificate size is important parameter to be
counted as NRS also combine other AUTH-REQs with their
digital certificates.
In the AUTH-REP phase, MR-BS sends its AUTH-REP
message to its neighbor NRS with AK/SAID, this message is
unicast altogether with separate other AK/SAID for other
requesting NRS. Once NRS receives AK/SAID from MR-BS
it is encrypted with public key of requesting NRS, save the
copy to its local repository and send it back to requesting
NRS. The requesting NRS maintains it is AK/TEK with single
hop with serving NRS, thus minimize the authentication and
Figure 5: localized distribution of Keys using SEAKS key maintenance overhead, the communication cost of this
phase can be calculated as follows
Instead of re-authentication and refreshing keys with MR-BS
and gave birth to authentication and key maintenance
overhead, they create a very self-organized community to re-
authenticate and refresh keys to avoid delay and overheads. : 1 _
There is a very strong trust worthy and self-organized
environment is generated after the successful authentication of
all NRSs.
Hence, the total communication cost of AUTH-REQ and
AUTH-REP phases can be calculated as follows:
VII. ANALYSIS OF OUR PROPOSED APPROACH
In our proposed scheme, we used NRS’s manufacturer
certificates, capabilities, nonce and lists of SAID as sending 1 1 _
parameters and AK, life time of AK, its capabilities, nonce
and digital signatures as receiving parameters. The

35 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011
B. Evaluation against Denial of Service & Reply Attack interleaving attacks to attempt, we assume that PKMv2
For the denial of service, this attack exists only on pre- protocols in used to authenticate the participating NRS and
authentication procedures. DoS and replay attacks are MS. Let’s say an adversary impersonates any NRSj and send
explained briefly in the previous section. The proposed the AUTH-REQ message to MR-BS, MR-BS will validates
scheme work well with Multihop non-transparent relay based and generate AK for adversary. But adversary cannot decrypt
WiMAX network. As there are numbers of NRS participating the AK because it do not have private key, it need to force
in environment thus it becomes fully self-organized after NRSj to send once again the AUTH-REQ. Previously, once
successful stability time. Let suppose, when an adversary NRSj send the AUTH-REQ, it set the time out value but
impersonate NRS and send AUTH-REQ message to MR-BS, within that value it have not received any authenticated
MR-BS validate its authenticity, generate AK, copy the message from MR-BS, it assume the link is broken or some
certificate in its KST and send the AUTH-RSP to an other technical error. NRSj will try to scan other UL-MAP,
adversary. Hence, adversary don’t have the private key of and will found let’s say NRSi, and will send the AUTH-REQ
NRS thus could not decrypt AK; it can only just reply this to MR-BS. MR-BS will reject legitimate NRSj request
message several time. Whenever, NRS send the AUTH-REQ because, and there is already certificate present in KST of
message to MR-BS, it usually set the time out value, and if the MR-BS. Again NRSj receive AUTH-REJECT message from
time out value reached to the limit, it sends the request again, NRSi, NRSj will set the time out value and again send the
here in this case, the time out value already reached to the AUTH-REQ via NRSi. There are two main reasons to adopt
limit, but there is no response from the MR-BS. NRS will the same path to authenticate itself, firstly, at least NRSj get
again search for UL-MAP, we assume that it will find another the response from this links, and secondly it assume to be due
path say NRSi, NRSi is inside the coverage of MR-BS, NRS to some technical errors. On the other hand, according to
will send the AUTH-REQ second time to NRSi, NRSi will SEAKS, after specific time out value, MR-BS have not get the
send the AUTH-REQ message to MR-BS, again MR-BS response from adversary, thus it will delete certificate of
validate the AUTH-REQ, generate the AK and send the NRSj. NRSj after time out, sends the AUTH-REQ again and
AUTH-RSP to NRSi and consequently NRS, NRS send will be authenticated and MR-BS will save its certificate in its
message III to MR-BS and thus get authenticated from the KST. By applying SEAKS and due to storage of AK/SAID in
MR-BS. Later NRS will start its AK and TEK refreshing with every NRS repositories, and NRS itself encrypt all the
NRSi. On the other hand, an adversary is still replaying the AK/SAID and TEK for others NRS, and due to distributed
message multiple times to exhaust the MR-BS. Now, MR-BS authenticated and localized re-authenticated and key
will again receive the AUTH-REQ message from adversary. maintenance, a very strong self-organized trustworthy
MR-BS knows that NRS is part of authenticated network and environment is created thus its quite impossible to get success
MR-BS is not expecting any message of AUTH-REQ from in interleaving attacks once the SEAKS got its stability.
this certificate. But if MR-BS receives any AUTH-REQ
message from the same certificates it will simply ignore this
VIII. CONCLUSION AND FUTURE WORK
message. After specific stability time, certificate of NRS is
shared with all the participating nodes, thus give maximum In this paper, we addressed a self organized efficient
protection against Do and Reply attacks. For adversary to authentication and key management scheme (SEAKS), hop-
transmit one way message several times without response need by-hop authentication and key management scheme in non-
some extra power, thus after some time adversary will stop transparent Relay-based WiMAX network. This scheme is
sending the message and the denial of service attempt became suitable for both fixed as well as mobile non-transparent
unsuccessful. As we mentioned previously, reply attack comes Relays. We have presented our security goals and stated
first and denial of service is the ultimate result of reply attack security analysis of proposed scheme to evaluate it against
where MR-BS after several reply attacks deny that particular those goals. SEAKS provides hybrid authentication scheme
certificate thus deny legitimate node. Hence, our scheme with distributed authentication and localized re-authentication
works well both denial of service and reply attack in a very and key maintenance. However, this technique not only helps
efficient manner. in minimizing the overall authentication overhead on MR-BS
and AAA server but also provides efficient way to
C. Evaluation against Interleaving Attack countermeasure the vulnerabilities In this scheme, NRS need
to first authenticate itself with MR-BS prior to accept AUTH-
To avoid Man-in-the-Middle attack, mutual authentication REQ from other NRS/MS once authenticated and get the
was provided and adds an additional message to provide NRS required AK/SAID, it continue its AK/TEK authorization state
acknowledgement and achieve X.509 three way machines to refresh above keys. After authenticated, it can
authentications, but this enhanced version is also vulnerable to start broadcasting UL-MAP to accept AUTH-REQ , after
an interleaving attack, which is explained in the previous receiving any AUTH-REQ it send it to MR-BS for validation,
section. The proposed scheme work well with Multihop non- MR-BS authenticate and send AK/SAID for particular request,
transparent relay based WiMAX network. As there are NRS receives and encrypt it with public key of requesting
numbers of NRS participating in environment thus it becomes NRS and send back. Now requesting NRS start authorization
fully self-organized after successful stability time. For state machines to refresh above keys with NRS, at any time,

36 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011
all the NRS and MR-BS will maintain their local repositories. [13] D. Johnston and J. Walker, "Overview of IEEE 802.16 Security,"
IEEE Security and Privacy Magazine, vol. 2, no. 3, pp. 40-48,
If any NRS cannot refresh its key within particular given time May-June 2004..
due to uncertain circumstances, according to standard, it have [14] Adnan Shahid Khan , N.Fisal , N.N.M.I. Ma’arof , F.E.I.
to re-authenticate with MR-BS, but in our scheme, it will send Khalifa ,M. Abbas ,Security Issues and Modified Version of PKM
the request to NRS, NRS will look into its local repositories, if Protocol in Non-transparent Multihop Relay in IEEE 802.16j
found then send AK/SAID by itself it will send the AUTH- Networks, International Review on Computers and Software -
January 2011 (Vol. 6 N. 1 pp. 104-109).
REQ to MR-BS for authentication and validation and consider
[15] Xinmin Dai, Xiaoyao Xie, “Analysis and Research of Security
it as a new NRS/MS. Mechanism in IEEE 802.16j” Guizhou Normal University
In our future work, we will continue to implement a Guiyang, China, 2010
prototype of SEAKS and extend the scale of the experiments [16] Vamsi Krishna Gondi, “Security and Mobility architecture for
and to allow the emergence of other key management isolated wireless networks using Wimax as an Infrastructure”,
Network and Multimedia Systems Group, France, 2009
techniques to come up with highly efficient and secure key
management scheme in terms of throughput, complexicity,
and authentication overhead.
ACKNOWLEDGEMENT
The author would like to thanks to all WiMAX research group
ADNAN SHAHID KHAN received his degree of B.Sc
and especially sincerest gratitude to Ministry of Higher (Hons) in Computer Science from University of the
Education Malaysia under Malaysian Technical Cooperation Punjab, Lahore, Pakistan in 2005. Master of
Programme (MTCP) for their full support and Research Engineering degree in Electrical (Electronics &
Telecommunication) from Universiti Teknologi
Management Center (RMC), Universiti Teknologi Malaysia Malaysia, Skudai, Malaysia in 2008.Currently, he is
(UTM) and MIMOS BERHAD for their partial contribution. pursuing his PhD in Electrical Engineering at the
Faculty of Electrical Engineering, Universiti Teknologi
REFERENCES Malaysia, Skudai, 81310, Johor Bahru, under the supervision of Prof.
Dr. Norsheila Fisal .His current Research interests are in the area of
[1] IEEE Std 802.16-2009: Air Interface for Broadband Wireless Security Issues in IEEE 802.16 Protocol and Cognitive Radio
Access Systems, 2009 Networks. He is also student member of IEEE since 2007.
[2] IEEE Std 802.16j-2009, Amendment to IEEE STD 802.16-2009
[3] S. Xu and Huang. Attack on PKM protocols of IEEE 802.16 and its
later version. In international Symposium on wireless NORSHEILA FISAL received her B.Sc. in Electronic
Communication System (ISWCS), 2006. Communication from the University of Salford,
[4] Sen Xu, Manton Matthews and Chin-Tser Huang. Security Issues Manchester, U.K. in 1984. M.Sc. degree in
Telecommunication Technology, and PhD degree in
in Privacy and Key Management Protocols of IEEE 802.16. In
Data Communication from the University of Aston,
ACM SE'06. Florida USA. March 2006
Birmingham, U.K. in 1986 and 1993, respectively.
[5] Steven W.Peters and Robert W.Heath, Jr,”The Future of Wimax: Currently, she is the Professor with the Faculty of
Multihop Relaying with IEEE 802.16j”, IEEE communication Electrical Engineering, University Technology Malaysia and Director of
Magazine, January 2009. Telematic Research Group (TRG) Laboratory. Her current research interests
[6] Mosato Okuda, Chenxi Zhu and Dorin Viorel, Multihop Relay are in Wireless Sensor Networks, Wireless Mesh Networks, And Cognitive
Extension for Wimax Networks- Overview and Benefits of IEEE Radio Networks
802.16j Standard, FUJITSU Sci.Tech.J., 44,3, p.292-302 (July
2008)
[7] Adnan Shahid Khan et. al. “Efficient Distributed Authentication MAZLAN ABBAS received his B.Eng. in Electrical from
Key Scheme for Multi-hop Relay In IEEE 802.16j Network”, Universiti Teknologi Malaysia in 1984, M.Sc. In
International Journal of Engineering Science and Technology Telematics from Essex University in 1986, and PhD
(IJEST), Vol. 2(6), 2010, 2192-2199 degree in Telecommunications from Universiti Teknologi
[8] Taeshik Shon, Wook Choi: An Analysis of Mobile WiMAX Malaysia in 1992. Currently, he is the Chief Research
Security: Vulnerabilities and Solutions, First Director of Wireless Communications Cluster of MIMOS
InternationalConference, NBiS 2007, LNCS, Vol. 4650, pp. 88-97, Berhad and also the Adjunct Professor with the Faculty of
Electrical Engineering, Universiti Teknologi Malaysia.
2007.
His current research interests are in WiMAX, LTE, IMS and IPv6.
[9] Y.Lee, H.K.Lee, G.Y.Lee, H.J.Kim and C.K.Leong, “Design of
Hybrid Authentication Scheme and Key Distribution for Mobile
Multi-Hop Relay in IEEE 802.16j”, EATIS’09, June 3-5,
MAZLINA ESA received her BEE (Hons.), MSc in
Prague,CZ, 2009.
RF Engg., and PhD in Electrical and Electronics Engg.
[10] Huang C, Chang J. Responding to security issues in Wimax from Universiti Teknologi Malaysia, Univ. of Bradford
networks. IT Professional 2008; 10(5):15-21. (UK), and Univ. of Birmingham (UK), in 1984, 1987,
[11] Adnan Shahid Khan, Norsheila Fisal, Sharifah Kamilah, Rozeha A and 1996, respectively. She is currently a Professor
Rashid and M Abbas. Article: Secure and Efficient Multicast with the Faculty of Electrical Engg., UTM. Her
Rekeying Approach For Non-Transparent Relay-Based IEEE research interests include RF/microwave and antenna
802.16 Networks. International Journal of Computer engineering, THz/PHz technology, wireless power
Applications16(4):1–7, February 2011. Published by Foundation of transmission, cognitive radio, and qualitative research.
Computer Science She was the IEEE Malaysia AP/MTT/EMC Chapter Chair from 2007 to
Jan 2011, and currently the Counselor of IEEE UTM Student Branch.
[12] "Draft Standard for Local and Metropolitan Area Networks, She is an active Senior Member of IEEE.
Part16: Air Interface for Broadband Wireless Access Systems",
IEEE P802.16 Rev2/D9, January 2009

37 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 9, No. 3, March 2011
SHARIFAH KAMILAH BNT SYED YUSOF
received BSc (cum laude) in Electrical Engineering from
Geoge Washington University USA in 1988 and
obtained her MEE and Ph.D in 1994 and 2006
respectively from universiti Tecknologi Malaysia. She is
currently Associate Professor with the department of
Radio Communication, Faculty of Electrical Engineering Universiti
Teknologi Malaysia. Her research interest includes OFDMA based
system, Software define Radio and Cognitive radio.

SHARIFAH HAFIZAH SYED ARIFFIN Received her
B.Eng (Hons) from University North London in 1987, and
obtained her M.E.E and Ph.D in 2001 and 2006 from
Universiti Teknologi Malaysia, and Queen Marry
University. London respectively. She is currently Senior
lecturer with Faculty of Electrical Engineering, Universiti
Teknologi Malaysia. Her current research interest are in
Wireless sensor networks, IPV6, Handoff Management in Wimax,
6loWPAN and Network and Mobile Computing System.

38 http://sites.google.com/site/ijcsis/
ISSN 1947-5500