WiMAX Security

Wireless systems always make some people worried when speaking of security. After all, every wireless system broadcasts, by definition, everything you’re doing on the network to the world or at least the part of the world within range. Security is an important consideration in any communication system design but is particularly so in wireless communication systems. The fact that connection can be established in a loosen fashion makes it easier to intrude in an ordinary and undetectable manner than is the case for wired access. Further, the shared wireless medium is often perceived by the general public to be somewhat less secure than its wired counterpart. Therefore, a robust level of security must be built into the design of wireless systems.

From the point of view of an end user, the primary security concerns are privacy and data integrity. Users need assurance that no one can eavesdrop on their sessions and that the data sent across the communication link is not tampered. This is usually achieved through the use of encryption.

From the service provider’s point of view, an important security consideration is preventing unauthorized use of the network services. This is usually done using strong authentication and access control methods. Authentication and access control can be implemented at various levels of the network such as the physical layer, and the service layer. The service provider’s need to prevent fraud should be balanced against the inconvenience that it may impose on the user.

WiMAX systems were designed at the outset with robust security in mind. The standard includes state-of-the-art methods for ensuring user data privacy and preventing unauthorized access, with additional protocol optimization for mobility.
Security is handled by a privacy sublayer within the WiMAX MAC. The key aspects of WiMAX security are as follow:

Encryption In WiMAX

Encryption is the method used to protect the confidentiality of data flowing between a transmitter and a receiver. Encryption involves taking a stream or block of data to be protected, called plain text, and using another stream or block of data, called the encryption key, to perform a reversible mathematical operation to generate a ciphertext. The ciphertext is unintelligible and hence can be sent across the network without fear of being eavesdropped. The receiver does an operation called decryption to extract the plaintext from the ciphertext, using the same or different key. When the same key is used for encryption and decryption, the process is called symmetric keyencryption. This key is typically derived from a shared secret between the transmitter and the receiver and for strong encryption typically should be at least 64 bytes long. When different keys are used for encryption and decryption, the process is called asymmetrickeyencryption. Both symmetric and asymmetric key encryptions are typically used in broadband wireless communication systems, each serving different needs.

Device/user authentication

WiMAX provides a flexible means for authenticating subscriber stations and users to prevent unauthorized use. The authentication framework is based on the Internet Engineering Task Force (IETF) EAP, which supports a variety of credentials, such as username/password, digital certificates, and smart cards.
WiMAX terminal devices come with built-in X.509 digital certificates that contain their public key and MAC address. WiMAX operators can use the certificates for device authentication and use a username/password or smart card authentication on top of it for user authentication.

Flexible key-management protocol

The Privacy and Key Management Protocol Version 2 (PKMv2) is used for securely transferring keying material from the base station to the mobile station, periodically reauthorizing and refreshing the keys.

Protection of control messages

The integrity of over-the-air control messages is protected by using message digest schemes, such as AES-based CMAC or MD5-based HMAC.

Support for fast handover

To support fast handovers, WiMAX allows the MS to use preauthentication with a particular target BS to facilitate accelerated reentry.
A three-way handshake scheme is supported to optimize the reauthentication mechanisms for supporting fast handovers, while simultaneously preventing any man-in-the-middle attacks.