Nowadays for wireless networks, security represents a priority in order to assure protected communications. In IEEE 802.16, security has been considered as the main issue during the design of the protocol . The Initial Network Entry procedure in an IEEE 802.16 (WiMAX) network has security defects which can be exploited by the Man-in-the-Middle (MITM) attack . Improving network security in a live enterprise network with a large number of subscribers geographically dispersed should be done with minimum downtime, in order not to affect critical user data/voice services. Also the management channel should be strongly protected in order to prevent intrusion in the network ...view middle of the document...
Table 1. EAP Authentication Methods comparison
EAP-TTLS EAP-TLS PEAP LEAP EAP-MD5
Mutual Authentication Yes Yes Yes Yes Yes
Client Certificate Optional Yes Optional No No
Server Certificate Yes Yes Yes No No
Dynamic Key Exchange Yes Yes Yes Yes No
Credential Integrity Strong Strong Strong Moderate None
Client Identity Protection Yes No Yes No No
EAP-TTLS supports dual authentication and represents a protocol that extends TLS. A secure TLS tunnel is established using the server digital certificate. The server can authenticate a client using a certificate or, if there is no certificate, using PAP/CHAP/MSCHAP v1, MSCHAP v2 or both phases of authentication, representing the strongest method. Phase 2 may still be required by setting a force-phase-2 parameter on the server, even if phase-1 digital certificate authentication has been successful. Over the established encrypted tunnel he client sends its username and password. For EAP-TTLS the second authentication method can be selected by the SS, but in PEAP the second authentication method is selected by the RADIUS server. The digital certificate authentication of network elements is an optional component of the Mobile WiMAX standard, and a security improvement.
2. EXISTING WIMAX NETWORK SECURITY
The WiMAX AAA Framework provides the following services :
• Authentication Services - including device, user or combined device & user authentication;
• Authorization Services - including delivery of information to configure the session for access, mobility, QoS and other applications;
• Accounting Services - including delivery of information for the purpose of billing and information that can be used to audit session activity by both the home NSP and visited NSP.
For the initial network entry, the MS searches for a periodically broadcasted map message from the BS. This frame includes information about the connection identifier (CID) that is associated with a timeslot where the initial ranging process can be carried. Access to this common used timeslot is defined as CSMA (Carrier Sense Multiple Access). The MS increases its transmission power until it receives a response from BS. The response includes ranging adjustments and the basic and primary management CIDs which reserve particular time intervals for the MS to send and receive management messages . After completing initial ranging, basic connection capabilities are negotiated, and after that the authentication procedure follows. Mobile WiMAX supports two types of authentication: EAP-based authentication or simple RSA-authentication. EAP-based authentication (see figure 2) can be considered more secure because it includes higher layer authentication. After the authentication process, the MS and the BS have a common authorization key (AK).
Figure 1: EAP Authentication
Derived from the AK is the key encryption key (KEK) which is used to secure future keys. Also derived from the AK are the keys used in the uplink (HMAC_Key_U) and downlink...