An Efficient Self-Organized Authentication and Key Management Scheme for Distributed Multihop Relay-Based IEEE 802.16 Networks

Document Sample
An Efficient Self-Organized Authentication and Key Management Scheme for Distributed Multihop Relay-Based IEEE 802.16 Networks Powered By Docstoc
					                                                             (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                         Vol. 9, No. 3, March 2011

An Efficient Self-Organized Authentication and Key
Management Scheme for Distributed Multihop Relay-
           Based IEEE 802.16 Networks
    Adnan Shahid Khan, Norsheila Fisal, Sharifah                                               M. Abbas
      Kamilah, Sharifah Hafizah, Mazlina Esa,                                       Wireless Communication Cluster
              Zurkarmawan Abu Bakar                                              MIMOS Berhad, Technology Park Malaysia
       UTM-MIMOS Center of Excellence in                                             57000 Kuala Lumpur, Malaysia
Telecommunication Technology, Faculty of Electrical                                    mazlan.abbas@mimos.my
 Engineering, Universiti Teknologi Malaysia 81310
  Skudai, Johor, Malaysia, adnan.ucit@gmail.com,
         {sheila,kamilah,sharifah, mazlina,
            zurkarmawan}@fke.utm.my,

Abstract— Wireless internet services are rapidly expanding and           between an Multihop Relay Base Station (MR-BS) and an
improving, it is important to provide users with not only high           Mobile Station (MS), here Relay Station (RS) is just an
speed and high quality wireless service but also secured.                amplify and forward, but in the second security mode, referred
Multihop relay-based support was added, which not only help for          to as distributed modes, which incorporate authentication and
improving coverage and throughput but also provides features             key management between an MR-BS and a non-transparent
such as lower backhaul deployment cost, easy setup, robustness           RS we called as NRS and between the NRS and a MS. During
and re-configurability, which make it one of the indispensable           the registration process, an RS can be configured to operate in
technologies in next generation wireless network. A WiMAX                distributed security mode based on its capability [1]. Since
network usually operates in a highly dynamic and open                    AUTH-INFO message is optional and informative we begin
environment therefore it is known to be more vulnerable to               with the security analysis from the AUTH-REQ message. As
security holes. Security holes most of the time is trade off with
                                                                         this message is plain text and for such message, eavesdropping
authentication and key management overheads. In order to
operate securely, communication must be scheduled either by a
                                                                         is not a problem since the information is almost public and is
distributed, centralized or hybrid security control algorithms           preferred to be sent in plain text to facilitate authentication. To
with less authentication and key management overheads. In this           capture and save the authentication message sent by a
paper, we propose a new fully self-organized efficient                   legitimate, is not a big deals, thus NRS may face a replay
authentication and key management scheme (SEAKS) for hop-                attack from an adversary. Although an adversary
by-hop distributed and localized security control for Multihop           eavesdropping the message, cannot derive the AK from the
non-transparent relay based IEEE 802.16 networks which not               message, because it does not have the corresponding private
only helps in security counter measures but also reduce the              key. However, the adversary still can replay message II
authentication and key maintenance overheads. The proposed               multiple times and then either exhaust NRS capabilities or
scheme provides hybrid security controls between distributed             force NRS to deny the SS who owns that certificates [1] [2].
authentication and localized re-authentication and key                   The reason is that if NRS sets a timeout value which makes
maintenance. The proposed scheme uses distributed non-                   NRS reject Auth REQ from the same MS in a certain period ,
transparent decode and forward relays for distributed                    the legitimate request from the victim MS will be ignored.
authentication when any non-transparent Relays (NRS) want to             Then denial of service attack occurs to victim MS, however
join the networks and uses localized authentication when NRSs            the ultimate solution for these types of attacks are the
want to re-authenticate and do key maintenance. We analyze the           introduction of digital signatures at the end of the messages
procedures of the proposed scheme in details and examine how it          which can be automatically time-stamped, that basically
works significantly to reduce overall authentication overheads
                                                                         provides the authentication and non-repudation of this
and counter measures for security vulnerabilities such as Denial
of Service, Replay and interleaving attacks.
                                                                         message. The design of digital signature system may be
                                                                         flawed or vulnerable to some specific attacks such as collision
                                                                         attacks against X.509 public-key certificates and
   Keywords- Wimax Security, Multihop Relay based IEEE                   cryptographically weak pseudo random bit generator.
802.16, Key Management, Self-Organized Authentication)                   Adversaries may attempt for total break, universal forgery,
                                                                         selective forgery or existential forgery.
                     I.      INTRODUCTION
                                                                            The strongest security definition requires protection against
   In Multihop Relay (MR) network, two different security                existential forgery even if an adversary is able to mount an
modes are referred, the first one is referred to as the                  adaptive chosen message attack. Later, nonce was added to the
centralized security mode which is based on key management



                                                                    30                               http://sites.google.com/site/ijcsis/
                                                                                                     ISSN 1947-5500
                                                             (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                         Vol. 9, No. 3, March 2011
digital signature, the idea of nonce values is that they are used        literature is very sparse. In this network, all the relays are
only once with a given key, however, the exchange of nonce               connected to MR-BS wirelessly and transparently or non-
only assures SS that message III is a replay corresponding to            transparently and only MR-BS is connected to IP cloud as a
its request. The NRS still faces the replay attack because NRS           backhaul, thus this infrastructure can be used in many real
cannot tell whether message II is sent recently or it is just an         time applications [2].
old message [3]. If reply attack cannot be successful, for sure             As the matter of fact, security is essential in wireless
‘denial of service’ will occur. The author of [4] also suggested         technologies to allow rapid adoption and enhance their
passing the pre-AK to SS instead of AK and let SS and NRS                maturity. Due to lack of physical boundaries, the whole relay-
derive AK from pre-AK at both ends. If the generation of AK              based infrastructure in exposed to security holes. However,
exhibits significant bias, adding freshness in the AK may                IEEE 802.16 standard stipulates some powerful security
prevent the exposure of the AK, however according to [4] this            controls, including PKMv2, EAP-based authentication and
cannot provide freshness as they claimed. If we consider the             over-the-air AES based encryption. But secure technology
security issues of relay-based IEEE 802.16 networks in                   does not in itself comprise a secure end-to-end network and
centralized as well as distributed authenticated, every node             consequently, WiMAX presents a range of security
need to authenticate itself with MR-BS and ultimately with               vulnerabilities. Since the first Amendment was released on
AAA server. Secondly, every node needs to maintain two                   MR specifications [1], a few papers have been published to
simultaneously keys AK and TEK to remain authenticated.                  introduce and address the security issues. There are some
Failure to maintained these keys will result in the re-                  papers that review this standard in details such as [6] and [7],
authenticated from scratch which is no doubt extra                       and there are some papers they purely works on key
                                                                         managements specially Sen Xu and Manton Mathews who
authenticated overhead. Let’s suppose, there are five NRS,
                                                                         published a series of work such as [3] and [4] on security
where every NRS has to keep track of its AK and TEKs and                 issues on the standard as well as on Privacy key Management
consequently authentication. Thus generation of authentication           (PKM) protocols. Karen Scarfore with her team came up with
overhead by five NRS no doubt lessen the overall deployed                a special publication on Guide to security for Wimax
network efficiency. To solve this authentication overhead                technologies (Draft) which was the recommendations of the
problem, Self organized and efficient authentication and key             National Institute of Standards and Technology (NIST).
management scheme (SEAKS) proves to be the best candidate                Taeshik Shon and Wook Choi [8] discussed about the
in the relay-based IEEE 802.16 network, which utilized non-              Analysis of Mobile WiMAX Security, Vulnerabilities and
transparent and decode and forward relays. SEAKS provides                Solutions. Y. Lee and H. K. Lee in their paper [9] gives more
hybrid scheme with distributed authentication and localized              focus on hybrid authentication scheme and key distribution for
re-authentication and key maintenance. However, this                     MMR in IEEE 802.16j.
technique not only helps in minimizing the overall
                                                                             The authors [10] and [11] review the standard and
authentication overhead on MR-BS and AAA server but also                 analyzed its security in many aspects, such as vulnerabilities in
provide efficient way to countermeasure the vulnerabilities.             authentication and key management protocols and failure in
                                                                         data encryption. In IEEE 802.16j [12] standard, Multihop
    The rest of the paper is organized as follows, after related         Relay (MR) is an optional deployment in which a BS in
work, section 3 gives the overview of generals attacks on                (802.16e) may be replaced by a Multihop Relay BS (MR-BS)
network, section 4 discusses centralized and distributed                 and one or more relay stations (RS). The MR mechanism
authentication controls, section 5 deals with the security goals         provides several advantages, such as providing additional
of relay-based WiMAX network, section 6 describe the self-               coverage for the serving BS, increasing transmission speed in
organize scheme (SEAKS), section 7 gives the analysis of                 an access network, providing mobility without SS handover,
proposed scheme which is followed by conclusion and future               decreasing power consumption when transmitting and
work.                                                                    receiving packets, and enhancing the quality of services [3].
                 II.   RESEARCH BACKGROUND
                                                                         There has been a significant amount of work done on security
                                                                         issues and their protocols as shown above but none of these
      In 2006, the IEEE 802.16 working group (WG) approved               cover security protocols which works for minimized
a project Authorization Request (PAR) focused on the Relay               authentication and key management overheads in non-
Tasks Group (TG). The main task of this Relay TG was to                  transparent Relay-based WiMAX networks in distributed
develop an amendment to the IEEE Std 802.16 enabling the                 environment.
operation of Relay Station (RSs) in OFDMA wireless
networks defined by 802.16 [2]. Enhancement of Relays to                    III.   GENERAL ATTACKS ON RELAY-BASED IEEE 802.16
support Multihop not only increases the wireless converge but                                   NETWORK
also provide features such as lower backhaul deployment cost,                Before we start to elaborate our self organized algorithm,
easy setup and high throughput. Relay stations concept as                we would like to high-light some of the typical MAC layer
discussed in [1][2] and [5] introduced four types of RSs from            attacks on authentication and key management protocols. The
the perceptive of physical and Mac layer. After successful               first and very common attack is message replay attack [7].
comparison, the main focus of this research is on the non-               This attack is not only common in key management and
transparent RS operating in distributed scheduling and security          authentication protocols but also in multicast and broadcast (M
mode [2], WiMAX relay-based network in still under draft and             & B) services [11]. In a replay attack, an adversary intercepts



                                                                    31                              http://sites.google.com/site/ijcsis/
                                                                                                    ISSN 1947-5500
                                                           (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                       Vol. 9, No. 3, March 2011
captures and saves the authentication messages sent by the             have this key information. The intermediate RS use particular
legitimate RS/SS. Thus adversary impersonates the legitimate           shared keys to authenticate management messages which
RS/SS and resends this message after specific period of time.          received from other RSs [12][14].
Denial of service (DoS) is also one of the major attacks in
wireless networks especially in WiMAX networks. Here,                  B. Distributed Security Control
consider an adversary that eaves-dropping the message cannot                In this mode, an access RS, which provides a point of
derive the AK as it does not have the corresponding private            access into the network for an MS or RS, can derive the
key. This adversary still can replay AUTH-REQ message                  authentication key established between MS and MR-BS. An
multiple times and thus exhaust MR-BS capabilities and force           RS can be configured to operate in distributed security mode
MR-BS to deny this adversary. This may happen, if the MR-              based on its capability during the registration process, and
BS sets a time out value which makes MR-BS reject AUTH-                relays initial key management messages between the MR-BS
REQ message from the same RS/SS with an interval of time.              and MS/subordinate RS. Upon master session key
Thus, MR-BS denies the legitimate RS/SS AUTH-REQ,                      establishment, access RS securely acquires relevant
which actually owns the certificate. DoS are common in                 Authorization Key of the subordinate RS/MS from the MR-
authentication, key management protocols and M & B                     BS. Using PKM protocol, the access RS can derives all
services. Man-in-the-Middle (MiTM) attack is another critical          necessary keys. Different traffic encryption keys (TEKs) are
attack and is generally applicable in communication protocol           used for relay link and access link in distributed security
scheme where mutual authentication is absent especially in             control mode. They are distributed by MR-BS and RS
PKMv1. This attacks leads to message modification and                  respectively [4][15]. The SA will be created between an MS,
masquerading problems, specially node spoofing, rogue base             an access RS and the MR-BS in distributed security mode.
as well as relay stations, theft of service (ToS). To avoid            Each MS shall establish an exclusive primary SA with the RS,
MiTM attack on PKM protocol, mutual authentication was                 interacting with the RS as if it were a BS from the MS’s view.
proposed i.e. PKMv2. No doubt PKMv2 is soundly safe for                Similarly, each RS shall establish an exclusive primary SA
MiTM but it cannot help allowing adversary to play                     with MR-BS [12][16].
interleaving attack.
     Interleaving attack in complex to be explained but easy to
attempt. An adversary attempts this attack with the help of two                V.   SECURITY GOALS OF RELAY-BASED WIMAX
different instances. In the first instance, adversary                                          NETWORKS
impersonates as SS/RS and sends the interrupted message to                Non-transparent Relay-based WiMAX network may
the MR-BS. MR-BS authenticates and replied with                        require the following security function, which have not widely
corresponding keys. Adversary needs to reply these keys to             been studied by others until now.
RS/SS to be successfully authenticated, as it cannot decrypt
the message encrypted by the SS/RS’s public key in order to                •    Localized and hop-by-hop authentication is required.
get the AK to encrypt the nonce challenge. Thus, it cannot do                   In Relay-based WiMAX network. NRS in introduced
authentication currently. Now to solve this technicality,                       for coverage extension and throughput enhancement,
adversary force RS/SS to run another protocol instance to                       for this purpose, hop-by-hop authentication between
answer the challenge. Once RS/SS send the request, adversary                    NRS, NRS/MS and NRS/MR-BS should be
replies SS with the same nonce challenge which the MR-BS                        supported for self organized network operations.
sends him. Thus RS/SS send nonce and AK to adversary                       •    All the participating devices must be validated and
which later sends to MR-BS to finish this authentication                        authenticated by AAA server through MR-BS,
successfully. This attack normally can occur only on PKMv2                      because digital certificates of participating devices
or where mutual authentication is present. In IEEE 802.16                       are only registered in AAA server database, however,
Multihop networks, the number of wireless devices engross is                    NRS should authenticate other NRS/MS on behalf of
increased, thus produce wide space for interleaving attack [3]                  MR-BS, and basically this concept leads our
[4].                                                                            proposed scheme towards self organized way.
                                                                           •    Conventional MS should be used in non-transparent
                                                                                Relay-based WiMAX network without any functional
 IV.   CENTRALIZED VS. DISTRIBUTED AUTHENTICATION                               modification in MS.
                                                                           •    Overall authentication overhead should be
A. Centralized Security Control                                                 minimized.
    In this mode, the intermediate RS is not involved with the
                                                                           In this paper we proposed self organized distributed and
establishment of the security association (SA) between MS
                                                                       localized authentication and key management, where initially
and MR-BS in the multihop relay system. The RS only simply
                                                                       participating devices validated and authenticated by MR-BS
relays the user data or MAC management message that it
                                                                       and afterward NRSs are responsible for authenticating and
receives from the MS, but the RS does not process it. RS does
                                                                       managing freshness of AK/TEK. The proposed scheme
not have any key information relevant to the MS, and all the
                                                                       alleviates above security problems and examined how it
keys related to MS are maintained at the MS and MR-BS [13].
                                                                       satisfies the security requirements of non-transparent Relay-
When the SA is established between RS and MR-BS in the
                                                                       based WiMAX networks.
MR system, key data is shared and maintained at the particular
RS and MR-BS, such as AK, and the intermediate RS does not



                                                                  32                             http://sites.google.com/site/ijcsis/
                                                                                                 ISSN 1947-5500
                                                              (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                          Vol. 9, No. 3, March 2011
                          VI.   SEAKS                                     NRS1 will be able to continuously exchange encrypted traffic
A. Authentication Procedures of NRS1 with MR-BS                           with the MR-BS.


     Self organized and efficient authentication and key
management scheme (SEAKS) is based on self organized
model using non-transparent, decode and forward Relays.
SEAKS provides hybrid authentication scheme with
distributed authentication and localized re-authentication and
key maintenance. However, this technique not only helps in
minimizing the overall authentication overhead on MR-BS
and AAA server but also provides efficient way to
countermeasure the vulnerabilities; let’s consider any non-
transparent relay stations such as NRS1 wants to join the
WiMAX networks. NRS1 sends its Auth-REQ message to the
serving MR-BS, Auth-REQ includes manufacturer-issued
                                                                                   Figure 1: Authentication of NRS1 with MR-BS
X.509certificates, a description of cryptography algorithms
and NRS’s basic CID. The CID that assigned during the initial                 A TEK state machine remains active as long as NRS1 is
ranging, normally primary SAID is equal to the basic CID. In              authorized to operate in the MR-BS security domain i.e. with
response to an authorization Request message, a MR-BS                     valid AK. NRS1 is authorized to participate in that particular
validates the requesting NRS’s identity, determines the                   security association [1] [2]. The parent authorization state
encryption algorithm and protocol support, activates an AK                machine stops its entire child TEK state machines when NRS
for NRS1, encrypt it with the NRS1’s public key and send it               receives from the MR-BS authorization reject during the
                                                                          reauthorization cycle. We can say, this is localized
back to the NRS1 is AUTH-REP message. It also includes 4
                                                                          authentication between NRS1 and MR-BS and these
bit sequence number, used to distinguish between successive               procedures are same as mentioned in [3][4]. All the key state
generations of AKs, a life time, and the securities identities for        machines are refreshing the keys. Now NRS1 is eligible to
which NRS1 are authorized to obtain keying materials. Once                transmit UL-MAP message and any node listening to this
authenticated and obtain the authorization key (AK), NRS1                 message, can sends the AUTH-REQ.
must periodically refresh its AK by reissuing an AUTH-REQ                      Now, there is another non-transparent relay station NRS2
message to the MR-BS. However, reauthorization is identical               that wants to join the network. Due to its non-transparent
                                                                          nature, it is not in the coverage of MR-BS and only NRS1 can
to authorization with the exception that NRS1 does not send
                                                                          listen to it. According to SEAKS, NRS2 listened to the UL-
its authentication information messages during reauthorization            MAP from NRS1 and sends the AUTH-REQ message to
cycle, to avoid service interruption during reauthorization,              NRS1. However, any non-transparent node that wants to join
successive generations NRS1 AKs have overlapping lifetime.                the network must have to authenticate itself with MR-BS as
Both NRS and MR-BS support up to two simultaneously                       MR-BS is directly attached to the AAA server, while NRS1
active AKs during these transition period. Authentication of              cannot authenticate NRS2 on behalf of MR-BS.
NRS1 with MR-BS is shown in Figure 1.
    Once NRS1 achieve authorization, its starts a separate                B. Authentication Procedure of NRS2 with MR-BS
traffic encryption key (TEK) state machines for each of SAID
defined in the AUTH-REP message. Each TEK state machine                       According to SEAKS, NRS1 received the AUTH-REQ
operating within the NRS1 is responsible for managing the                 (NRS2) and send it to MR-BS during the refreshing of AK
keying material associated with its respective SAID. TEK                  message because these authentications are delay tolerance and
                                                                          secured. NRS1 receive MACPDU of NRS2 and encapsulate it
state machine periodically send the key request messages to
                                                                          into its own PKM-REQ message of type 9 and code 4 [1] [2].
the MR-BS to refresh the keying material for their respective             MR-BS receives MACPDU of NRS1 which is basically sent
SAID. TEK is encrypted by appropriate KEK derived from the                for refreshing AK. MR-BS will check MAC header of NRS1,
AK. The operation of the TEK state machine’s key request                  if RAR (Relay Auth Request) is equal to 1, it means there is
scheduling algorithm, combined with the MR-BS’s regimen                   one relay request inside MACPDU, RAR is basically the
for updating and using SAID keying materials ensure that                  reserve bit utilized for RAR indications.




                                                                     33                             http://sites.google.com/site/ijcsis/
                                                                                                    ISSN 1947-5500
                                                             (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                         Vol. 9, No. 3, March 2011
    Once MR-BS obtains AUTH-REQ of NRS2, it validates
its authenticity and activates AK2 and other parameters,
encrypt it with NRS1 public key and responds to NRS1 in its
AUTH-RSP message. NRS1 receives NRS2’s security info,
save one copy of all info into its knowledge shared table
(KST) generates AK21, encrypt it with NRS2 public key, and
sends its AUTH-RSP message to NRS2.




                                                                             Figure 3: Authentication of NRSn with NRS1/MR-BS

                                                                         means its PKM-AUTH–REQ message, once NRS2 receives
                                                                         this message, it will check RAR values. If the value is one, it
                                                                         will check inside the Mac payload and save the message to its
                                                                         KST, then forward it to NRS1. Before sending, it will again
                                                                         set the RAR==1. Hence, there are two Mac messages present
     Figure 2: Authentication of NRS2 with NRS/MR-BS                     inside the Mac payload, one is AUTH-REQ (code 4) and the
                                                                         other is KEY-REQ (code 5). NRS1 will receive this message
Once NRS2 get authenticated, it will start its separate                  and check RAR value; if it is one then it will copy the AUTH-
authorization and traffic encryption key state machine with              REQ message to its KST, else it will ignore and forward it to
NRS1. As mentioned in the previous section, all the relays               MR-BS. MR-BS will receive the message and validate it. MR-
involved are distributed, non-transparent, and decode and                BS will send back the AUTH-RSP message with type 9. Again
forward. Thus, they can generate AUTH-RSP on behalf of                   here, there are two Mac messages inside the macpayload, one
MR-BS as shown in Figure 2. However, it cannot authenticate              is with key reply (code 8) and other is auth-reply (code 5) to
its real validity because it does not have vendor’s digital              NRS1. NRS1 check the code values, if it is 5, it will send to
certificate database. If NRS1 fails to re-authenticate before the        NRS2. If 8 then it will use for its refreshing of keys. NRS2
expiration of its current AK, the MR-BS will hold no active              again receives two Mac messages inside the payload, one is
AKs for NRS1 and will consider not only NRS1 but also all                with code 5 and other is with code 8. It will retain code 8 with
others NRS unauthorized. A MR-BS will remove from its                    itself and send the code 5 message to NRS3. Thus NRS3 is
keying tables all TEKs associated with NRS1 [4] [12]. All                authenticated with MR-BS with distributed manner and later it
NRSs maintain KST of recently exchanged AK with its                      will maintain its keys locally as mentioned in the previous
neighbours. If NRS2 fails to re-authenticate before the                  sections. The illustrations of authentication procedures of
expiration of its current AK, NRS1 will wait until it sends              NRSn with MR-BS are shown in Figure 3.
AUTH-REQ message, NRS1 will check its KST, if it found
then it validates its authenticity locally rather than sending
                                                                         D. Localized and Distributed Key Management in Relay-
again to MR-BS and wait for the response and compute the
                                                                            Based IEEE 802.16 Network
keys and send to NRS2. The advantage is the communication
cost in shape of authentication overhead and thus less
complexity.                                                                  We assume that all the NRS are authenticated and
                                                                         maintains theirs KST. Inside the KST, we have two portions,
                                                                         one is updated and other is non-updated stacks. All the active
C. Authentication Procedures of NRSn with NRS1/MR-BS                     and valid AK, TEK and SAIDLIST are residing inside the
                                                                         updated one, and all the expired and revoked keys are inside
    Now, if NRS3 wants to join the network, it will send the             that non-updated stack. If any new NRS wants to join the
AUTH-REQ message to MR-BS, as it is working in non-                      network, the serving NRS first look at in its KST in updated
transparent mode. Hence, it has to send the request to the non-          stack. If it cannot find the required information, it will move to
transparent and authenticated relay which should be inside its           non-updated stack. If still it cannot find inside the non-updated
coverage that is NRS2. While sending the message, NRS3 will              stack, the serving NRS will send the AUTH-REQ to the MR-
set RAR==1, inside the macheader so that NRS2 can                        BS through other NRS and all other procedures are the same.
recognize, there is one AUTH-REQ message inside the Mac                  The localized re-authentication and key maintenance
payload, and set the TYPE value ==8 and code ==4, which                  procedures is shown in Figure 4. If incase it found the




                                                                    34                               http://sites.google.com/site/ijcsis/
                                                                                                     ISSN 1947-5500
                                                             (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                         Vol. 9, No. 3, March 2011
information in either of the stack, it validates its authenticity        authentication protocol is illustrated in [3] [4]. We have
and send SAIDLIST and AK in AUTH-REP message and                         evaluated our scheme in terms of communication costs some
send one copy to the MR-BS for its own KST.                              key vulnerabilities and their countermeasures.
                                                                         A. Communication Cost
                                                                         The communication cost of our proposed scheme is mainly
                                                                         comprises of re-authentication and key maintenance
                                                                         overheads. The total communication costs of SEAKS can be
                                                                         evaluated into two phases, the AUTH-REQ and AUTH-REP
                                                                         phases. In AUTH-REQ phase, the source NRS sends its
                                                                         AUTH-REQ as well as others NRS AUTH-REQs directly via
                                                                         one hop to the MR-BS. This type of authentication occurs
                                                                         once for specific NRS as after authentication, source NRS is
                                                                         responsible for authenticating others NRSs who have already
                                                                         obtained their AK/SAID. Within this first phase, we have
                                                                         another issue of refreshing AK/TEK and all the NRS/MS have
Figure 4: Localized Re-Authentication and Key Maintenance                to periodically and constantly send their refreshing request.
                                                                         According to the standard, AK/TEK is refreshed by sending to
MR-BS validates its authenticity. If its valid then it will save         the MR-BS with Multihop using Multihop Relays, but in our
in its KST else it will send AUTH-REJECT message in                      scheme, this is done localized as this system became
AUTH-REP. Now the entire network is doing distributed                    distributed. Hence, the communication cost of sending AUTH-
authentication as shown in Figure 5.                                     REQ with refreshing AK/TEK can be calculated as follow

     Figure 5 shows overall flow of our self organized re-
authentication and key management schemes in non-                                                     :                  1            _
transparent Relay-based WiMAX network.
                                                                         Where H is the average number of Hops between the source
                                                                         and the destination, n is the number of NRS participating in
                                                                         the entire network, certificate size is important parameter to be
                                                                         counted as NRS also combine other AUTH-REQs with their
                                                                         digital certificates.
                                                                              In the AUTH-REP phase, MR-BS sends its AUTH-REP
                                                                         message to its neighbor NRS with AK/SAID, this message is
                                                                         unicast altogether with separate other AK/SAID for other
                                                                         requesting NRS. Once NRS receives AK/SAID from MR-BS
                                                                         it is encrypted with public key of requesting NRS, save the
                                                                         copy to its local repository and send it back to requesting
                                                                         NRS. The requesting NRS maintains it is AK/TEK with single
                                                                         hop with serving NRS, thus minimize the authentication and
    Figure 5: localized distribution of Keys using SEAKS                 key maintenance overhead, the communication cost of this
                                                                         phase can be calculated as follows
Instead of re-authentication and refreshing keys with MR-BS
and gave birth to authentication and key maintenance
overhead, they create a very self-organized community to re-
authenticate and refresh keys to avoid delay and overheads.                                           :            1                 _
There is a very strong trust worthy and self-organized
environment is generated after the successful authentication of
all NRSs.
                                                                            Hence, the total communication cost of AUTH-REQ and
                                                                         AUTH-REP phases can be calculated as follows:
        VII. ANALYSIS OF OUR PROPOSED APPROACH
                                                                                                                                           
    In our proposed scheme, we used NRS’s manufacturer
certificates, capabilities, nonce and lists of SAID as sending                                             1                     1            _
parameters and AK, life time of AK, its capabilities, nonce
and digital signatures as receiving parameters. The




                                                                    35                                     http://sites.google.com/site/ijcsis/
                                                                                                           ISSN 1947-5500
                                                              (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                          Vol. 9, No. 3, March 2011
B. Evaluation against Denial of Service & Reply Attack                    interleaving attacks to attempt, we assume that PKMv2
    For the denial of service, this attack exists only on pre-            protocols in used to authenticate the participating NRS and
authentication procedures. DoS and replay attacks are                     MS. Let’s say an adversary impersonates any NRSj and send
explained briefly in the previous section. The proposed                   the AUTH-REQ message to MR-BS, MR-BS will validates
scheme work well with Multihop non-transparent relay based                and generate AK for adversary. But adversary cannot decrypt
WiMAX network. As there are numbers of NRS participating                  the AK because it do not have private key, it need to force
in environment thus it becomes fully self-organized after                 NRSj to send once again the AUTH-REQ. Previously, once
successful stability time. Let suppose, when an adversary                 NRSj send the AUTH-REQ, it set the time out value but
impersonate NRS and send AUTH-REQ message to MR-BS,                       within that value it have not received any authenticated
MR-BS validate its authenticity, generate AK, copy the                    message from MR-BS, it assume the link is broken or some
certificate in its KST and send the AUTH-RSP to an                        other technical error. NRSj will try to scan other UL-MAP,
adversary. Hence, adversary don’t have the private key of                 and will found let’s say NRSi, and will send the AUTH-REQ
NRS thus could not decrypt AK; it can only just reply this                to MR-BS. MR-BS will reject legitimate NRSj request
message several time. Whenever, NRS send the AUTH-REQ                     because, and there is already certificate present in KST of
message to MR-BS, it usually set the time out value, and if the           MR-BS. Again NRSj receive AUTH-REJECT message from
time out value reached to the limit, it sends the request again,          NRSi, NRSj will set the time out value and again send the
here in this case, the time out value already reached to the              AUTH-REQ via NRSi. There are two main reasons to adopt
limit, but there is no response from the MR-BS. NRS will                  the same path to authenticate itself, firstly, at least NRSj get
again search for UL-MAP, we assume that it will find another              the response from this links, and secondly it assume to be due
path say NRSi, NRSi is inside the coverage of MR-BS, NRS                  to some technical errors. On the other hand, according to
will send the AUTH-REQ second time to NRSi, NRSi will                     SEAKS, after specific time out value, MR-BS have not get the
send the AUTH-REQ message to MR-BS, again MR-BS                           response from adversary, thus it will delete certificate of
validate the AUTH-REQ, generate the AK and send the                       NRSj. NRSj after time out, sends the AUTH-REQ again and
AUTH-RSP to NRSi and consequently NRS, NRS send                           will be authenticated and MR-BS will save its certificate in its
message III to MR-BS and thus get authenticated from the                  KST. By applying SEAKS and due to storage of AK/SAID in
MR-BS. Later NRS will start its AK and TEK refreshing with                every NRS repositories, and NRS itself encrypt all the
NRSi. On the other hand, an adversary is still replaying the              AK/SAID and TEK for others NRS, and due to distributed
message multiple times to exhaust the MR-BS. Now, MR-BS                   authenticated and localized re-authenticated and key
will again receive the AUTH-REQ message from adversary.                   maintenance, a very strong self-organized trustworthy
MR-BS knows that NRS is part of authenticated network and                 environment is created thus its quite impossible to get success
MR-BS is not expecting any message of AUTH-REQ from                       in interleaving attacks once the SEAKS got its stability.
this certificate. But if MR-BS receives any AUTH-REQ
message from the same certificates it will simply ignore this
                                                                                     VIII. CONCLUSION AND FUTURE WORK
message. After specific stability time, certificate of NRS is
shared with all the participating nodes, thus give maximum                In this paper, we addressed a self organized efficient
protection against Do and Reply attacks. For adversary to                 authentication and key management scheme (SEAKS), hop-
transmit one way message several times without response need              by-hop authentication and key management scheme in non-
some extra power, thus after some time adversary will stop                transparent Relay-based WiMAX network. This scheme is
sending the message and the denial of service attempt became              suitable for both fixed as well as mobile non-transparent
unsuccessful. As we mentioned previously, reply attack comes              Relays. We have presented our security goals and stated
first and denial of service is the ultimate result of reply attack        security analysis of proposed scheme to evaluate it against
where MR-BS after several reply attacks deny that particular              those goals. SEAKS provides hybrid authentication scheme
certificate thus deny legitimate node. Hence, our scheme                  with distributed authentication and localized re-authentication
works well both denial of service and reply attack in a very              and key maintenance. However, this technique not only helps
efficient manner.                                                         in minimizing the overall authentication overhead on MR-BS
                                                                          and AAA server but also provides efficient way to
C. Evaluation against Interleaving Attack                                 countermeasure the vulnerabilities In this scheme, NRS need
                                                                          to first authenticate itself with MR-BS prior to accept AUTH-
    To avoid Man-in-the-Middle attack, mutual authentication              REQ from other NRS/MS once authenticated and get the
was provided and adds an additional message to provide NRS                required AK/SAID, it continue its AK/TEK authorization state
acknowledgement and achieve X.509 three way                               machines to refresh above keys. After authenticated, it can
authentications, but this enhanced version is also vulnerable to          start broadcasting UL-MAP to accept AUTH-REQ , after
an interleaving attack, which is explained in the previous                receiving any AUTH-REQ it send it to MR-BS for validation,
section. The proposed scheme work well with Multihop non-                 MR-BS authenticate and send AK/SAID for particular request,
transparent relay based WiMAX network. As there are                       NRS receives and encrypt it with public key of requesting
numbers of NRS participating in environment thus it becomes               NRS and send back. Now requesting NRS start authorization
fully self-organized after successful stability time. For                 state machines to refresh above keys with NRS, at any time,




                                                                     36                              http://sites.google.com/site/ijcsis/
                                                                                                     ISSN 1947-5500
                                                                      (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                  Vol. 9, No. 3, March 2011
all the NRS and MR-BS will maintain their local repositories.                     [13]        D. Johnston and J. Walker, "Overview of IEEE 802.16 Security,"
                                                                                              IEEE Security and Privacy Magazine, vol. 2, no. 3, pp. 40-48,
If any NRS cannot refresh its key within particular given time                                May-June 2004..
due to uncertain circumstances, according to standard, it have                    [14]        Adnan Shahid Khan , N.Fisal , N.N.M.I. Ma’arof , F.E.I.
to re-authenticate with MR-BS, but in our scheme, it will send                                Khalifa ,M. Abbas ,Security Issues and Modified Version of PKM
the request to NRS, NRS will look into its local repositories, if                             Protocol in Non-transparent Multihop Relay in IEEE 802.16j
found then send AK/SAID by itself it will send the AUTH-                                      Networks, International Review on Computers and Software -
                                                                                              January 2011 (Vol. 6 N. 1 pp. 104-109).
REQ to MR-BS for authentication and validation and consider
                                                                                  [15]        Xinmin Dai, Xiaoyao Xie, “Analysis and Research of Security
it as a new NRS/MS.                                                                           Mechanism in IEEE 802.16j” Guizhou Normal University
      In our future work, we will continue to implement a                                     Guiyang, China, 2010
prototype of SEAKS and extend the scale of the experiments                        [16]        Vamsi Krishna Gondi, “Security and Mobility architecture for
and to allow the emergence of other key management                                            isolated wireless networks using Wimax as an Infrastructure”,
                                                                                              Network and Multimedia Systems Group, France, 2009
techniques to come up with highly efficient and secure key
management scheme in terms of throughput, complexicity,
and authentication overhead.
                        ACKNOWLEDGEMENT
The author would like to thanks to all WiMAX research group
                                                                                                         ADNAN SHAHID KHAN received his degree of B.Sc
and especially sincerest gratitude to Ministry of Higher                                                 (Hons) in Computer Science from University of the
Education Malaysia under Malaysian Technical Cooperation                                                 Punjab, Lahore, Pakistan in 2005. Master of
Programme (MTCP) for their full support and Research                                                     Engineering degree in Electrical (Electronics &
                                                                                                         Telecommunication) from Universiti Teknologi
Management Center (RMC), Universiti Teknologi Malaysia                                                   Malaysia, Skudai, Malaysia in 2008.Currently, he is
(UTM) and MIMOS BERHAD for their partial contribution.                                                   pursuing his PhD in Electrical Engineering at the
                                                                                                         Faculty of Electrical Engineering, Universiti Teknologi
                            REFERENCES                                                   Malaysia, Skudai, 81310, Johor Bahru, under the supervision of Prof.
                                                                                         Dr. Norsheila Fisal .His current Research interests are in the area of
[1]      IEEE Std 802.16-2009: Air Interface for Broadband Wireless                      Security Issues in IEEE 802.16 Protocol and Cognitive Radio
         Access Systems, 2009                                                            Networks. He is also student member of IEEE since 2007.
[2]      IEEE Std 802.16j-2009, Amendment to IEEE STD 802.16-2009
[3]      S. Xu and Huang. Attack on PKM protocols of IEEE 802.16 and its
         later version. In international         Symposium on wireless                                 NORSHEILA FISAL received her B.Sc. in Electronic
         Communication System (ISWCS), 2006.                                                           Communication from the University of Salford,
[4]      Sen Xu, Manton Matthews and Chin-Tser Huang. Security Issues                                  Manchester, U.K. in 1984. M.Sc. degree in
                                                                                                       Telecommunication Technology, and PhD degree in
         in Privacy and Key Management Protocols of IEEE 802.16. In
                                                                                                       Data Communication from the University of Aston,
         ACM SE'06. Florida USA. March 2006
                                                                                                       Birmingham, U.K. in 1986 and 1993, respectively.
[5]      Steven W.Peters and Robert W.Heath, Jr,”The Future of Wimax:                                  Currently, she is the Professor with the Faculty of
         Multihop Relaying with IEEE 802.16j”, IEEE communication                 Electrical Engineering, University Technology Malaysia and Director of
         Magazine, January 2009.                                                  Telematic Research Group (TRG) Laboratory. Her current research interests
[6]      Mosato Okuda, Chenxi Zhu and Dorin Viorel, Multihop Relay                are in Wireless Sensor Networks, Wireless Mesh Networks, And Cognitive
         Extension for Wimax Networks- Overview and Benefits of IEEE              Radio Networks
         802.16j Standard, FUJITSU Sci.Tech.J., 44,3, p.292-302 (July
         2008)
[7]      Adnan Shahid Khan et. al. “Efficient Distributed Authentication                                MAZLAN ABBAS received his B.Eng. in Electrical from
         Key Scheme for Multi-hop Relay In IEEE 802.16j Network”,                                       Universiti Teknologi Malaysia in 1984, M.Sc. In
         International Journal of Engineering Science and Technology                                    Telematics from Essex University in 1986, and PhD
         (IJEST), Vol. 2(6), 2010, 2192-2199                                                            degree in Telecommunications from Universiti Teknologi
[8]      Taeshik Shon, Wook Choi: An Analysis of Mobile WiMAX                                           Malaysia in 1992. Currently, he is the Chief Research
         Security:      Vulnerabilities      and      Solutions,     First                              Director of Wireless Communications Cluster of MIMOS
         InternationalConference, NBiS 2007, LNCS, Vol. 4650, pp. 88-97,                                Berhad and also the Adjunct Professor with the Faculty of
                                                                                                        Electrical Engineering, Universiti Teknologi Malaysia.
         2007.
                                                                                         His current research interests are in WiMAX, LTE, IMS and IPv6.
[9]      Y.Lee, H.K.Lee, G.Y.Lee, H.J.Kim and C.K.Leong, “Design of
         Hybrid Authentication Scheme and Key Distribution for Mobile
         Multi-Hop Relay in IEEE 802.16j”, EATIS’09, June 3-5,
                                                                                                            MAZLINA ESA received her BEE (Hons.), MSc in
         Prague,CZ, 2009.
                                                                                                           RF Engg., and PhD in Electrical and Electronics Engg.
[10]     Huang C, Chang J. Responding to security issues in Wimax                                          from Universiti Teknologi Malaysia, Univ. of Bradford
         networks. IT Professional 2008; 10(5):15-21.                                                      (UK), and Univ. of Birmingham (UK), in 1984, 1987,
[11]     Adnan Shahid Khan, Norsheila Fisal, Sharifah Kamilah, Rozeha A                                    and 1996, respectively. She is currently a Professor
         Rashid and M Abbas. Article: Secure and Efficient Multicast                                       with the Faculty of Electrical Engg., UTM. Her
         Rekeying Approach For Non-Transparent Relay-Based IEEE                                            research interests include RF/microwave and antenna
         802.16     Networks. International     Journal   of     Computer                                  engineering, THz/PHz technology, wireless power
         Applications16(4):1–7, February 2011. Published by Foundation of                                  transmission, cognitive radio, and qualitative research.
         Computer Science                                                                She was the IEEE Malaysia AP/MTT/EMC Chapter Chair from 2007 to
                                                                                         Jan 2011, and currently the Counselor of IEEE UTM Student Branch.
[12]     "Draft Standard for Local and Metropolitan Area Networks,                       She is an active Senior Member of IEEE.
         Part16: Air Interface for Broadband Wireless Access Systems",
         IEEE P802.16 Rev2/D9, January 2009




                                                                             37                                      http://sites.google.com/site/ijcsis/
                                                                                                                     ISSN 1947-5500
                                                                       (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                   Vol. 9, No. 3, March 2011
                   SHARIFAH KAMILAH BNT SYED YUSOF
                   received BSc (cum laude) in Electrical Engineering from
                   Geoge Washington University USA in 1988             and
                   obtained her MEE and Ph.D in 1994 and 2006
                   respectively from universiti Tecknologi Malaysia. She is
                   currently Associate Professor with the department of
     Radio Communication, Faculty of Electrical Engineering Universiti
     Teknologi Malaysia. Her research interest includes OFDMA based
     system, Software define Radio and Cognitive radio.



               SHARIFAH HAFIZAH SYED ARIFFIN Received her
               B.Eng (Hons) from University North London in 1987, and
               obtained her M.E.E and Ph.D in 2001 and 2006 from
               Universiti Teknologi Malaysia, and Queen Marry
               University. London respectively. She is currently Senior
               lecturer with Faculty of Electrical Engineering, Universiti
               Teknologi Malaysia. Her current research interest are in
Wireless sensor networks, IPV6, Handoff Management in Wimax,
6loWPAN and Network and Mobile Computing System.




                                                                              38                            http://sites.google.com/site/ijcsis/
                                                                                                            ISSN 1947-5500