Abstract
The IEEE 802.16 Working Group on Broadband Wireless Access Standards released IEEE 802.16-2004 which is a standardized technology for supporting broadband and wireless communication with fixed and nomadic Access. The standard has a security sublayer in the MAC layer called, Privacy Key Management, which aims to provide authentication and confidentiality. However, several researches have been published to address the security vulnerabilities of 802.16-2004. After the IEEE 802.16-2004 standard, a new advanced and revised standard was released as the IEEE 802.16e-2005 amendment which is foundation of Mobile WiMAX network supporting handoffs and roaming capabilities. In the area of security aspects, Mobile WiMAX adopts improved security architecture, PKMv2, including Extensible Authentication Protocol (EAP) authentication, AES-CCM-based authenticated encryption, and CMAC or HMAC based message protection. However, there is no guarantee that PKMv2-based Mobile WiMAX network will not have security flaws. In this paper, we first describe an overview of security architecture of IEEE 802.16e-based Mobile WiMAX and its vulnerabilities. Based on the related background research, we focus on finding new security vulnerabilities such as a disclosure of security context in initial entry and a lack of secure communication in network domain. We propose possible solutions to prevent these security vulnerabilities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The Institute of Electrical and Electronics Engineers. IEEE Standard for Local and Metropolitan Area Networks Part 16: Air Interface for Fixed Broadband Wireless Access Systems, IEEE Std 802.16-2004. IEEE (2004)
The Institute of Electrical and Electronics Engineers. IEEE Standard for Local and Metropolitan Area Networks Part 16: Air Interface for Fixed Broadband Wireless Access Systems, Amendment 2: Physical and Medium Access Control Layers for Combined Fixed and Mobile Operation in Licensed Bands and Corrigendum, IEEE Std 802.16e-2005. IEEE (2005)
WiMAX Forum: Mobile WiMAX: The Best Personal Broadband Experience! (2006), Available at http://www.wimaxforum.org
WiMAX Forum: Mobile WiMAX – Part I: A Technical Overview and Performance Evaluation (2006), Available at http://www.wimaxforum.org
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22, 644–654 (1976)
WiMAX Forum: WiMAX End-to-End Network Systems Architecture (Stage 3: Detailed Protocols and Procedures) (2006), Available at http://www.wimaxforum.org
Bellardo, J., Savage, S.: 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions. In: Presented at 11th USENIX Security Symposium (2003)
Boshonek, R.: Advanced Denial of Service Techniques in IEEE 802.11b Wireless Local Area Networks. Naval Postgraduate School Master’s Thesis (June 2002)
Meyers, W.: Exploitation of an IEEE 802.11 Standard Wireless Local Area Network through the Medium Access Control (MAC) Layer. Naval Postgraduate School, Master’s Thesis (June 2001)
Boom, D.D.: Denial Of Service Vulnerabilitie In IEEE 802.16 Wireless Networks, Thesis at Naval Postgraduate School Monterey, California
Johnston, D., Walker, J.: Overview of the 802.16 Security. IEEE computer society, Los Alamitos (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shon, T., Choi, W. (2007). An Analysis of Mobile WiMAX Security: Vulnerabilities and Solutions. In: Enokido, T., Barolli, L., Takizawa, M. (eds) Network-Based Information Systems. NBiS 2007. Lecture Notes in Computer Science, vol 4658. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74573-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-74573-0_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74572-3
Online ISBN: 978-3-540-74573-0
eBook Packages: Computer ScienceComputer Science (R0)