* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Cardenas_Claudia_WorkShopSlides
Survey
Document related concepts
Authentication wikipedia , lookup
Deep packet inspection wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Mobile device forensics wikipedia , lookup
Information security wikipedia , lookup
Unix security wikipedia , lookup
Airport security wikipedia , lookup
Cryptography wikipedia , lookup
Secure multi-party computation wikipedia , lookup
Link Motion Inc wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Distributed firewall wikipedia , lookup
Security-focused operating system wikipedia , lookup
Computer security wikipedia , lookup
Wireless security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
MOBILE WiMAX SECURITY Student Name: Claudia Cardenas Student ID: 41416538 Supervisor Number: Rajan Shankaran Contents 1. Introduction 2. Mobile WiMAX 3. Security Threats 4. Security in Mobile WiMAX 5. Vulnerabilities Assessment 6. Conclusion 2 ITEC 810 Introduction Customers’ Demands Greater e-commerce usage High speed. Mobility Lower costs Mobile Internet 3 ITEC 810 Key Problems Eavesdropping C A Vulnerabilities Masquerading: D E 4 Unauthorised modification of messages Unauthorised access ITEC 810 Goals Understanding of Mobile WiMAX architecture Highlighting vulnerabilities in Mobile WiMAX Proposing some recommendations 5 ITEC 810 Contents 1. Introduction 2. Mobile WiMAX 3. Security Threats 4. Security in Mobile WiMAX 5. Vulnerabilities Assessment 6. Conclusion 6 ITEC 810 Mobile WiMAX Flexibility Interoperability • High Throughput High Bandwidth • Flexibility Wide Area Mobility • Quality of Service (QoS) 7 ITEC 810 Mobille WiMAX Architecture User Terminal Devices. Access Service Network (ASN) 8 Core Service Network (CSN) ITEC 810 Access Service Network Base Station Connection with the mobile subscriber Maintain the connection. Maintain the Status. Traffic Scheduling The Access Service Network Gateway (ASN-GW) Collecting and forwarding the traffic. AAA functionality QoS Management 9 ITEC 810 Mobile WiMAX Network Architecture Different kind of users. Different deployments. Ability to grow. Internetworking. 10 QoS for each service and connection. IP and non-IP network are integrated ITEC 810 Protocol Layers 11 ITEC 810 Contents 1. Introduction 3. Security Threats 4. Security in Mobile WiMAX 5. Vulnerabilities Assessment 6. Conclusion 12 ITEC 810 Security Threats Threats Threats to PHY Layer Threats to MAC Layer 13 ITEC 810 Threats to PHY Layer Jamming Attack Scrambling Attack Water Torture Attack 14 ITEC 810 Threats to MAC Layer Threats to Mac Management message in Initial Network Entry Threats to Access Network Security Threats to Authentication 15 ITEC 810 Contents 1. Introduction 3. Security Threats 4. Security in Mobile WiMAX 5. Vulnerabilities Assessment 6. Conclusion 16 ITEC 810 Security in Mobile WiMAX 17 ITEC 810 Encryption Overview It is only applied to the payload. It is not applied to the MAC management messages. SS’s encryption capabilities are negotiated during registration process. BS determines the encryption method to be used. Encryption Mode Reference DES in CBC mode DES algorithm [FIPS 46-3, FIPS 74, FIPS81] AES in CCM mode AES algorithm [NIST Special Publication 800-38C, FIPS-197] AES in CTR mode AES algorithm [NIST Special Publication 800-38A, FIPS 197, RFC 3686] AES in CBC mode AES algorithm [NIST Special Publication 800-38A, FIPS 197, RFC 3686] 18 ITEC 810 Authentication Overview 19 ITEC 810 Authorization 20 ITEC 810 Contents 1. Introduction 3. Security Threats 5. Vulnerabilities Assessment 6. Conclusion 21 ITEC 810 Vulnerabilities Assessment Lack of mutual authentication. It could be the cause of impersonation. This vulnerability is mitigated IEEE 802.16e by including the mutual authentication 22 ITEC 810 Weak encryption algorithms. It could lead an integrity and confidentiality problem. IEEE 802.16e not only supports DES-CBC, but also, several modes of AES that make the encrypting communications more secure 23 ITEC 810 Interjection of reused TEKs. This characteristic makes easier perform a replay attack. Valuable information and the traffic encryption key could be disclosed to unauthorized parties IEEE802.16e introduces AES-CCM. It offers per packet randomization. Each data packed include its own unique packet number 24 ITEC 810 Unencrypted management messages These messages are not encrypted, so they are susceptible to eavesdropping attacks. IEEE 802.16e-2005 offers integrity protection for specific unicast management messages However this digest is not appended to initial network entry management messages 25 ITEC 810 Other Results Three way TEK exchange and the authorization process. No one vulnerability was found [Datta,2005]. The key management protocol was analysed by Yaksel and once again this software could not find any security hole. The Multi-Broadcast Service (MBS) The protocol is secure on its own. (Kao,2006) 26 ITEC 810 Initial Network Entry 27 ITEC 810 Proposed Solution SS → KMC: [SS, nonce1]Kss KMC → SS: [Ks]Kss, [Ks]Kbs, nonce1, H([Ks]Kss, [Ks]Kbs, nonce1) SS → BS: [Ks]Kbs, nonce2,H([Ks]Kbs, nonce2) BS → SS : [rand2]Ks SS → BS : [rand2-1]Ks 28 ITEC 810 Contents 1. Introduction 3. Security Threats 6. Conclusion 29 ITEC 810 Conclusion The best aspirant technologies to serve the broadband demands on wireless access. In terms of the PHY layer most of these attacks can be counteracted by using different signals and proper configuration of the protocol. Some of MAC flaws have been fixed by the enhanced security of IEEE 802.16e but not all of them. The lack of encryption of MAC management messages that can affect the initial network entry process. A solution based on the key session and the key management centre was proposed. Further studies and simulations should be done in order to assess the different solutions offered. 30 ITEC 810 Thank You ! 31 ITEC 810