1. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” M. Tsagkaropoulos Dept. Of Electrical and Computer Engineering Wireless Telecommunications Laboratory University of Patras Patras 26500 Greece Tel: +30-2610-997301 Fax: +30-2610-997302 Email: mtsagaro@ece.upatras.gr

2. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Agenda:  WiMAX implementation  Security Architecture of 802.16 (WiMAX)  Vulnerabilities and possible solutions  Open Issues  Conclusions

3. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” 199019952000200520102015 Fixed Mobile Portable modem PSTN 14.4 kbps ISDN 64 kbps modem PSTN 56.6 kbps ADSL 256 kbps 516 kbps xDSL 2 Mbps GSM 9.6 kbps HSCSD 28.8 kbps GPRS 40 kbps EGDE 384 kbps W-CDMA 384 kbps W-CDMA 2 Mbps HSDPA 10 Mbps OFDMA 50 Mbps 802.11b 10 Mbps 802.11g 56 Mbps 802.16 70 Mbps Broadband technology starts about here Change of Telecoms Trends

4. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Converged Network Concept IP Network Management Control Signalling AP WiMAX GGSNSGSN UMTS/ WCDMA AP WLAN AAA Application Policing Server Farm Internet

5. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” What is WiMAX ? WiMAX - Worldwide Interoperability for Microwave Access WiMAX: broadband wireless network based on IEEE 802.16 standard, which ensures compatibility and interoperability between broadband wireless access (BWA) equipment. –Efficient range of up to 48km. –Provides wireless last-mile broadband access in the Metropolitan Area Network (MAN). –Performance comparable to traditional cable, DSL, or T1 offerings –Enables non line-of-sight performance - broadband network access widely available without the expense of stringing wires. WiMAX Key points:  High speed of broadband service  Wireless rather than wired access  Broad Coverage

6. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Security Architecture of WiMAX (1) IEEE 802.16 specifies the PHY Layer and MAC Layer for BWA MAC Layer sublayers: –Service Specific Convergence Sublayer : maps higher level data services to MAC layer service flows and connections. –MAC Common Part Sublayer : rules and mechanisms for system access, bandwidth allocation, connection management and QoS decisions for transmission scheduling. –Security Sublayer : provides: privacy, authentication, and confidentiality protects against unauthorized access to data transport services

7. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr Security Sublayer

8. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Security Architecture of WiMAX (2) The security architecture of WiMAX is based on two component protocols : – an encapsulation protocol: defines a set of supported cryptographic suites and the rules for applying those algorithms. –a key management protocol (PKM) : synchronize keying data between Subscriber Station (SS) and Base Station (BS); the BS enforces conditional access to network services.

9. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Security Layer basic components Security Associations (SA) X.509 certificates Privacy Key Management (PKM) authorization protocol Privacy Key Management protocol Encryption

10. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Security Analysis Improvements: –Robust protection in the form of certificate-based encryption –X.509-based PKI (public key infrastructure) certificate authorization Base station validates the client’s digital certificate before permitting access to the physical layer. –Protection of integrity of data traffic

11. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Vulnerabilities(1) Physical threats –Jamming –Jamming : insert noise strong enough to decrease the capacity of the channel dramatically. –Scrambling –Scrambling: similar to jamming but it targets to specific frames or part of frames for short intervals of time. –Insert malicious data –Insert malicious data: properly tuned transmitter can write on to the channel. Possible solutions –Increase the power of signals or their bandwidth (spreading techniques, powerful transmitter or high gain transmission antennas and high gain receiving antennas) –Mechanism to authenticate the data received

12. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Vulnerabilities (2) MAC threats –Lack of mutual authentication between the SS and the BS Eavesdropping of management traffic or user traffic Replay Attack: repeat messages –Denial of service (DoS) attacks Possible solutions –Transient information in the message ( timestamp or a serial number) –Forward Error Correction mechanisms –Enhanced authentication mechanisms

13. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Open Issues Mutual authentication of communicating entities (issue of appropriate certificates) Secure encryption scheme of 802.16 Data encryption that adopts: confidentiality, data origin authentication, (connectionless) data integrity, anti-replay service.

14. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Conclusions WiMAX has a potential market: Basic component of last mile connections in upcoming NGN Networks Successful only if: Ensured security of end-to-end communications Advanced security implementation NEXT STEP  Review of current security infrastructure  Mobility schemes that guarantee security and QoS

15. UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos mtsagaro@ece.upatras.gr “Securing WiMAX converged networks: threats and solutions” Thank you for your attention UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunication Laboratory Michail Tsagkaropoulos mailto: mtsagaro@ece.upatras.gr http://www.wltl.ee.upatras.gr/multimedia_security