We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

The aim of this survey was to develop an hallmark algorithm, which facilitates common hallmark on the entree web between base Stationss and the endorser Stationss within the 802.16d model.

The survey reviewed literature on the radio hallmark algorithms, security theories and besides observed the enforced webs, which revealed hallmark jobs in the fixed WiMAX model. The one manner hallmark of the endorser Stationss by the base station as a failing was centered on in this survey. The proposed 802.16d algorithm re-design incorporates pre-entered equipment individuality and cardinal individuality, against which all devices reciprocally authenticate and traffic Sessionss encrypted.

Authentication Algorithm Which Facilitates Mutual Authentication... TOPICS SPECIFICALLY FOR YOU

Network emulations were used in proving and implementing the re-designed model.

The survey is based on bing security hallmark modes used in the fixed WiMAX Infrastructures and the consequences of the survey are used in developing the new model that facilitates common hallmark.

Activities conducted during this undertaking include ;

Analyzing facets of the bing system, placing inefficiencies related to entree security direction – device individuality and hallmark.

Redesigning the 802.16d model.

Validating the new model.

This undertaking presents an attempt to develop a common hallmark algorithm over the fixed WiMAX model, which will relieve the defects of the current 802.16d security executions in topographic point.

List of Acronyms

CPE Client premises equipment

SS Subscriber Station

BS Base Station

BST Base Station

802.16d IEEE model for WiMAX criterions, release D

802.16e IEEE model for WiMAX criterions, release E

WiMAX Worldwide Interoperability for Microwave Access

GSM Global System for Mobile Communications, besides Groupe Special Mobile

LAN Local Area Network

WAN Wide Area Network

WLAN Wireless Local Area Network

RF Radio Frequency

EAP Extensible hallmark protocol

EAP-TLS EAP Transport Layer Security

EAP-PSK EAP Pre-shared key

EAP-TTLS EAP Tunneled Transport Layer Security

EAP-IKEv2 EAP Internet cardinal exchange version two

EAP-FAST EAP Flexible Authentication via Secure Tunneling

EAP-SIM EAP Subscriber individuality faculty

QoS Quality of Service

SLA Service Level Agreement

RADIUS Remote Authentication Dial In User Service

AAA Authentication, Authorization and Accounting Server

ASN Access Service Network

CSN Connectivity Service Network

GW Gateway

EIR Equipment Identity Register



List of Figures

Chapter 1


1.0 Background

Information confidence ( IA ) is about protecting information assets from devastation, debasement, use and development by an opposition. The trouble with accomplishing this is that one twenty-four hours a party may be join forcesing on a undertaking and hence needs entree to confidential information, and the following twenty-four hours that party may be an opposing [ 3 ] .

In 1996, the US Department of Defense defined IA as ; Activities undertaken to protect and support information systems and their contents by vouching their handiness, unity, hallmark, confidentiality and non renunciation. This besides provides for Restoration of information systems through integrating protection, sensing and reaction capablenesss. Information security can besides be defined as ; protecting information from unauthorised revelation, transportation, alteration or devastation, whether inadvertent or knowing. International Standards organisation in BS7799/ISO17799 defines information security as: “ The saving of confidentiality, unity and handiness of information. ” [ 3 ] .

An substructure system is defined as a web of independent, largely in private owned, automated systems and processes that map collaboratively and synergistically to bring forth and administer a uninterrupted flow of indispensable goods and services [ 6 ] . Procuring ICT substructures and systems calls for a holistic attack, including worlds and their operational environment among others. Technology entirely can ne’er protect sensitive planetary information, hence security menaces can ne’er be countered with merely a keyboard. [ 2 ] . It is hence of import to observe from the above, that worlds are continuously critical in procuring the hardware and package systems.

Security architecture as a design artefact, describes how the security controls and countermeasures are positioned, and how they relate to the overall information engineering architecture. These controls are used to keep the system ‘s quality attributes viz. ; confidentiality, unity, handiness, answerability and confidence. As a program it shows where security steps need to be placed, depicting specific solutions. The program is based on a menace analysis when it describes a generic high degree design besides called the mention architecture [ 11 ] .

The tremendous growing and passages in the industry have seen the debut of many new engineerings to go on presenting robust and better services. The high cost for these executions, has forced service suppliers to happen ways of bundling and presenting these services on more incorporate substructure – in order to maintain it cost effectual [ 1 ] . In their pursuit for Industry laterality, many service suppliers have built converged radio substructures with the primary focal point on accelerated broad coverage and improved capacities ; there has been small or sometimes no attending to the now critical web security [ 1, 4 ] .

As a term, “ convergence ” has been coined by both the telecoms and informations communicating industries. From a telecoms position, it is the enlargement of the public switched telephone web ( PSTN ) to offer many services on the one web substructure [ 1 ] . For Internet advocators, it is the decease of the PSTN as its function is mostly replaced by engineerings such as voice over IP ( VOIP ) . In world, the truth lies someplace in the center, and it is here that the cellular industry takes the best of both universes to make an evolved web, where the end is the bringing of effectual services and applications to the terminal user, instead than concentrating on a peculiar engineering to drive them. Besides, the economic systems of graduated table and widespread credence of IP as a agency of service bringing sees it playing a cardinal function in this procedure ” [ 1 ] , [ 4 ] .

Security is a really critical facet in telecommunications, particularly when wireless systems are used, because it is by and large perceived that they are easier and more prone to onslaughts than wire-line webs. [ 4 ] , [ 16 ] .

Equally tardily as 1993 In the United provinces of America, unauthorised use and or breaching of the Telecommunication and cellular substructures was considered a misdemeanour, a little non-chargeable offense [ 2 ] . However with the growing and popularity of the nomadic phone, market success has been informally paged on how procure the system is. User concerns in the confidence of radio web services have been straight influenced by the continued security consciousness [ 5 ] .

The growing in cellular webs has inspired the developments in radio informations substructures. Many of the characteristics, particularly failings are as such shared across the engineerings [ 4 ] . These exposures and ensuing hazards have continued to act upon user ‘s assurance in the substructures. The converged services in Data, Video, VoIP and eTV, have a strong security demand for their assured use across the webs. Without which, it is traveling to be really hard to popularly develop and usage [ 1, 4 ] . The GSM forum has been able to centrally co-ordinate and enshrine security concerns for the cellular industry utilizing the A5/1 and A5/2 series encoding among others. The radio Data Technologies have yet to explicate such an umbrella model that would further infrastructure security among the different sellers [ 4, 17 ] .

In information and communicating engineering, a web is defined as a series of points or nodes ( computing machines, routers, switches, entree points, pressmans etc ) interconnected by communicating waies. Networks can complect with other webs and contain bomber webs. In this survey text, this is used in mention to fixed or overseas telegram webs every bit good as radio webs [ 5 ] . Some of the common fixed web constellations include the coach or additive, star, nominal ring, and mesh topologies. Networks can besides be characterized in footings of spacial distance as local country webs ( LANs ) , metropolitan country webs ( MAN ) , and broad country webs ( WANs ) . A given web can be farther characterized by the type of informations transmittal engineering or protocol it uses – conveyance control protocol ( TCP/IP ) or Systems Network Architecture ( SNA ) , consecutive package exchange /internet exchange ( SPX/IPX ) etc ; whether it carries voice, informations, picture or all of these sorts of signals ; by who can utilize the web ( public or private ) ; by the nature of its connectivity – switched or non-switched, or practical connexions ) ; and by the types of physical links – optical fibre, coaxal, unshielded distorted brace or radio based media [ 10 ] .

Wireless webs use radio frequence beacons transmitted over the air from an entree point or a basal station to the client terminal devices or subscriber Stationss. The connectivity media is over the air, every bit long as it is within the coverage and frequence of the familial signal [ 10 ] .

1.1 Industry Background

The Telecom Industry in Uganda is comprised of merchandise portfolios like Internet, electronic mail, other convergence and informations networking related services, from single-user residential and corporate leased lines to wireless broadband Internet connectivity. It includes client VPN ( practical private web ) execution to office networking, campus LAN / WAN design and installing including assorted web care strategies.

The Industry rolled out the first commercial radio web in 2000, which was based on the 2.4 GHz unaccredited free public frequence in the ISM set. In 2005, 3.5 GHz based WiMAX and Canopy web engineerings were rolled out, running in analogue to the earlier 2.4 GHz platforms. Around the same clip, EVO, 3G and CDMA2000 were introduced in the market. While this has enabled the Industry to present concern solutions in nucleus informations, voice over IP and picture services, cost efficaciously, meeting these services on the same radio substructures has introduced changing security hazards [ 4 ] .

WiMAX ( Worldwide Interoperability for Microwave Access ) was designed to present next-generation, high-velocity voice and information services and wireless last-mile connexions that could potentially function future growing [ 15 ] .

Figure.1 Fixed WiMAX web architecture.

Degree centigrades: UsersNkangi1Pictures802.16d Architecture1.jpg

Typically WiMAX can be deployed in two discrepancies as illustrated above ; as a point to multipoint entree proviso every bit good as a point to indicate backhaul proviso. In this survey, focal point is placed on the point to multipoint constellation that involves base Stationss and subscriber Stationss.

1.2 Problem Statement

Common hallmark between the base station ( BST ) and client premises equipment ( CPE ) is non possible under the 802.16d model [ 4 ] , [ 15 ] . There are no agencies of pre-determining echt base Stationss by the endorser Stationss [ 19 ] . This creates security exposure over the entree web air interface, where knave BST can be connected to by the echt CPE ‘s [ 15 ] .

The research undertaking is look intoing avenues of achieving common hallmark across the fixed WiMAX web air interface.

1.3 Aims

1.3.1 Main Aims

To procure the air interface in fixed radio webs through common hallmark between client devices and base Stationss, and session encoding at the entree web degree.

1.3.2 Specific Aims

To look into the current province of the art in usage.

To place failings within the 802.16d algorithm.

To re-design the algorithm to turn to the identified failings in the 802.16d.

To formalize the re-designed algorithm through emulation.

1.3.3 Research Questions

How are devices authenticated on the current WiMAX substructure?

What variables are involved during the device hallmark procedure on the web?

How is the traffic session ( s ) secured over the web air interface?

1.3.4 Scope of the Study

The survey focuses on common hallmark for both subscriber Stationss and the base Stationss within the ( IEEE 802.16d ) model.

1.5 Justification of the Study

The survey will enable modifying the 802.16d fixed radio algorithm, to heighten air interface security through common hallmark of base Stationss and subscriber Stationss.

There is besides a big installed base of 802.16d substructures within the telecom industry worldwide.

This is expected to give the undermentioned secondary benefits to the industry ;

Common hallmark will heighten over the air interface security within the fixed radio webs.

Inculcate better client assurance in the service supplier ‘s web security.

A secure web will ensue into more robust public presentation for the converged services.

Menaces and chances of legal actions to the industry will be well mitigated.

1.6 Proposed Knowledge Contribution of the Study

Common hallmark as another agency of procuring the air interface in fixed radio webs will be explored.

Chapter 2


2.0 Introduction

Assurance is a individual construct that embodies a three of Information and Communication Technology ( ICT ) security demands: confidentiality, unity and handiness. Confidentiality represents protection from revelation to unauthorised parties or the revelation to nominally authorised parties at the incorrect clip. Integrity means that informations are free from corruptness, alterations, or omissions both knowing and inadvertent. Handiness refers to informations or systems being up and running every bit required /anticipated, and besides the belongings of presenting information at necessary velocities and in the right sequence. Together, these belongingss represent the sensitiveness demands of a given system, application, procedure, or informations set. Assurance is the grade of assurance an entity has, that the belongingss of confidentiality ; unity and handiness are being supported [ 4 ] .

Without confidence over the air interface, convergence of telecommunications onto a individual IP bearer is a proficient possibility but a concern phantasy [ 1 ] . Convergence will non be achieved without a comprehensive ability to use and keep confidence in the constituents, applications and informations occupant and connected to the converged web [ 4 ] , [ 1 ] .

This survey focuses on confidentiality and privateness elements by manner of guaranting common hallmark and session encoding between 802.16d WiMAX substructure entities. Harmonizing to the Oxford English dictionary [ 20 ] , reliable refers to something that is non bogus 1 that is of unchallenged beginning.

In the medieval yearss, emperors and male monarchs sent messages which were authenticated by the imperial seal. Once authenticated, the message carrier did n’t count, instead the contents [ 21 ] . Today ‘s digital universe necessitates genuineness of the beginning and content as a critical security demand for the instant transmittals to finishs [ 19 ] .

2.1 Fixed WiMAX Networks

WiMAX like all radio webs uses radio frequence beacons to convey and have traffic over the air. The broadcast nature of the signal means that it can make and be received by any node within that frequence and scope [ 10, 15 ] . Unlike fixed or overseas telegram webs that require physical connectivity to entree the resources, radio webs by nature of their signal extension, can be accessed by anyone within scope regardless of genuineness [ 11 ] .

It is hence imperative that a comprehensive security mechanism is used to authenticate web devices and or users [ 2 ] , [ 15 ] , [ 19 ] .

Figure 2 Fixed WiMAX 802.16d Conceptual model [ 16 ] .


Authenticator Agent

Abdominal aortic aneurysm



Authenticator Relay





Access Service Network

Connectivity Service Network

IP Cloud

Air Interface



From the above illustration, the 802.16d model is configured into two major webs ; the connectivity service web ( CSN ) and the entree service web ( ASN ) .

The CSN is concerned with nucleus substructure connectivity of the web anchor. It includes backend maps such as routing, shift, and charge and hallmark. The CSN besides controls the ASN portion of the web, pull offing the constitutional base Stationss and the resident endorser devices. The ASN includes base Stationss ( BST ) , gateways, routers and switches among others. Core map here is to supply connectivity to subscriber Stationss ( SS ) besides called client premises equipment ( CPE ) . The ASN and CSN are interconnected via the IP cloud [ 15 ] [ 16 ] .

2.1.1 Fixed WiMAX – 802.16d Architecture: ( Features and Application )

Can be configured for Wireless Metropolitan Area Network ( WMAN )

Easily used for standard Broadband Wireless Access ( BWA )

Last mile connectivity on the entree web.

Range up to 50 kilometers.

Provides high velocity connectivity that supports multi watercourses of informations, voice and picture

Fast deployment and cost economy

Variably can be configured either:

As a point to indicate nexus or

Point to multi-point as a last mile solution, Ref. Figure 1.

Both Point to Indicate connexions every bit good as point to multipoint constellations are used for entree service provisioning.

2.1.2 Fixed WiMAX – 802.16d Security Architecture

Figure 3 Fixed WiMAX 802.16d Architecture: ( Air Interface )

Degree centigrades: UsersNkangi1PicturesAir Interface.jpg

2.1.2a The 802.16d Authentication Procedure

Security Association ( SA ) is composed of an encoding algorithm, Security Information ( keys, certifications and versions, etc ) Identified by SA I.D

The security procedure involves three facets ;

1 Authentication

2 Data Key Exchange

3 Data Privacy

2.1.2b Analyzing the 802.16d Authentication Procedure

The endorser station is authenticated utilizing its X.509 certification.

There is No Base station hallmark to the endorser Stationss.

There are Negotiated security capablenesss between BST and CPE, which establishes the security association individuality ( SAID ) .

The hallmark Key ( AK ) is exchanged

The AK serves as an mandate item for farther substructure entree

The AK is encrypted utilizing public key cryptanalysis

Authentication is completed when both CPE and BST possess AK

2.1.2c Failings of the 802.16d Authentication Procedure

There is No common hallmark between the BST and the CPE – possibility of Rogue BST ( Man-in-the-middle onslaught ) .

Client premises equipment X-509 enfranchisement offers a limited hallmark method in the procedure.

A new hallmark method requires adding a new type of hallmark message

Figure 4 Fixed WiMAX 802.16d Conceptual Security Architecture

Degree centigrades: UsersNkangi1PicturesFixed WiMAX 802.16d Security Architecture.jpg

2.1.3 Other 802.16d Authentication Methods and Algorithms

2.1.3a PPP Authentication Protocol

The Point-to-Point Protocol ( PPP ) is defined with two hallmark systems ; password hallmark protocol ( PAP ) and the challenge handshaking hallmark protocol ( CHAP ) [ 4 ] , [ 1 ] . Harmonizing to Macaulay et..al, PPP as a suite involves a figure of other protocols. The PPP Encapsulation Method is used for the package construction ; the Link Control Protocol ( LCP ) and the Internet Protocol Control Protocol ( IPCP ) that negotiates session parametric quantities. The Challenge-Handshake Authentication Protocol ( CHAP ) , the Password Authentication Protocol ( PAP ) and the Extensile Authentication Protocol ( EAP ) are used for hallmark [ 4 ] .

Password Authentication:

Under PAP, the client premises equipment ( CPE ) sends an hallmark petition that includes a username and watchword. The waiter validates them and either sends back an hallmark “ ACK ” to continue or “ NAK ” if hallmark failed [ 4 ] .

Challenge Handshake:

CHAP hallmark is initiated by the appraiser agent that sends a challenge text to the client. The client so encrypts this text with an algorithm based on the watchword. The consequence of the encoding is sent to the waiter as a response. The waiter besides encrypts the challenge text with the watchword it is keeping for the client. The consequence of this encoding is compared to the response sent by the client, before a success message is sent. Else a failure message is sent [ 4 ] .


A major failing of the PAP attack is that both the user name and watchword are sent unencrypted to the waiter. This bears a hazard of stoping and reading the message easy [ 4 ] , [ 1 ] . The CHAP system does non convey the user watchword, harmonizing to Bannister et..al.

2.1.3b Extensile Authentication Protocol ( EAP )

Cole et..al concurs that extensile hallmark protocol ( EAP ) defined in RFC 3748, is an hallmark model used in wireless webs and point to indicate connexions [ 2 ] . It provides for conveyance and safe use of identifying informations and parametric quantities that are generated by the EAP methods. EAP is non a protocol, instead defines ways of encapsulating messages within the EAP protocols.

EAP as a criterion is used to conform and procure web entree between a remarkable connexion and the remainder of the web. An EAP substructure has multiple parts and tallies based on pre-defined security scenes [ 2 ] , [ 4 ] .

EAP was developed by the Internet Engineering Task Force ( IETF ) . Its intent is to formalize and find users or plans that are seeking to entree the web that is using it. This is done by a series of petitions and responses between the two entities for hallmark. The EAP substructure includes a individual node or device seeking to entree the web, known as an EAP equal ; a BST that requires EAP hallmark to let the client node to entree the web, called an EAP appraiser ; and an hallmark waiter that negotiates based on the EAP scenes and grants or denies web entree [ 2 ] .

Macaulay et..al, argues that there are assorted protocol types under the EAP spectrum that facilitate different scenes and methods. Based on peculiar scenes customized for the demands of the web, the EAP will find if the node seeking to entree the web is able to make so. The web is secured trough the exchange of these parametric quantities. [ 4 ] .

Each of these EAP fluctuations addresses a peculiar concern within the 802.16x model.

The tabular array below summarizes the EAP protocol methods and their functions ;



Detailss /Features



EAP Transport Layer Security



EAP Pre-shared key



EAP Tunneled Transport Layer Security



EAP Internet cardinal exchange



EAP Flexible Authentication via Secure Tunneling



EAP Subscriber individuality faculty

Some of the advantages EAP has ; are related to flexibleness and extensibility which adopts it to assorted Infrastructure designs.

However, EAP has besides been identified with failings ; the usage of “ lock measure ” flow control straight impacts on the public presentation of the protocol model, particularly when the substructure keeps spread outing. This becomes a constriction to progressively voluminous traffic flow [ 4 ] .

2.1.3c Mac Address based Authentication

Media Access control Address is a alone identifier assigned to web interfaces to pass on on the physical web section. Mac Addresses are used in the media entree control protocol sub bed of the OSI mention theoretical account. Device makers assign their allocated MAC addresses to NIC and are stored in the hardware ROM [ 18 ] .

The standard format for publishing MAC 48 references in a human friendly signifier is six groups of two Hexadecimal figures. These are separated by dashs ( – ) or colons ( : ) . E.g – 00-06-5A-01-0A-AD or 00:06:5A:01:0A: Ad or in three groups of four Hexadecimal figures separated by points 0006.5A01.0AAD, all in transmittal order. An single reference block – IAB is a 24bit OUI managed by the IEEE enrollment authorization. This is followed by 12 Spots provided by the IEEE, placing the organisation and another 12 Spots placing the proprietor ‘s devices [ 18 ] .

Under this hallmark method devices or nodes are authenticated against their Mac references, which are verified against the stored Mac references in the Infrastructure database [ 5 ] . This hallmark attack provides strong security as devices provide alone Mac references for genuineness, harmonizing to Stallings.

However one of the failings underlined here is that Mac references are transmitted in clear text, raising the hazard of whiffing these references. Besides, the valid universally administered references can be over written and spoofed with the locally administered references. This looses the uniqueness component of Mac reference based hallmark [ 5 ] , [ 2 ] .

Figure 5 Illustration of a MAC reference format [ 18 ] .

MAC-48 Address.svg

2.2 Security by Design

Computer security engineerings are based on logic. Security is immaterial to the map of a computing machine application, instead than accessory to it, hence security needfully imposes limitations on the application ‘s behavior [ 12 ] .

There are several attacks to security in computer science, sometimes used in combination for cogency:

Trust all the system to stay by a security policy but the system is non trusty.

Trust all the system to stay by a security policy and the system is validated as trustworthy.

Trust no system but enforce a security policy with mechanisms that are non trusty.

Trust no system but enforce a security policy with trusty mechanisms.

Many systems have accidentally resulted in the first possibility. Since attack two is expensive and non-deterministic, its usage is really limited. Approaches one and three, lead to failure. Because attack figure four is frequently based on hardware mechanisms and avoids abstractions and a multiplicity of grades of freedom, it is more practical. Combinations of attacks two and four are frequently used in a superimposed architecture with thin beds of two and thick beds of four [ 12 ] .

There are assorted schemes and techniques used in planing security systems. There are few, if any, effectual schemes to heighten security after design.

One technique enforces the “ rule of least privilege ” to a great extent, where an entity has merely the privileges that are needed for its map. That manner even if an aggressor additions entree to one portion of the system, powdered security ensures that it is merely as hard for them to entree the remainder [ 8 ] , [ 10 ] .

Furthermore, by interrupting the system up into smaller constituents, the complexness of single constituents is reduced, opening up the possibility of utilizing techniques such as machine-controlled theorem to turn out the rightness of important subsystems. This enables a “ closed signifier solution ” to security that works good when merely a individual well-characterized belongings can be isolated as critical, and that belongings is besides assessable to math. It is impractical for generalised rightness, which likely can ne’er be defined or proven. Where formal rightness cogent evidences are non possible, strict usage of codification reappraisal and unit testing, stand for a best-effort attack to do faculties procure [ 7 ] .

The design should utilize “ defence in deepness ” , where more than one subsystem needs to be violated to compromise the unity of the system and the information it holds. Defense in deepness plants good when the breaching of one security step does non supply a platform to overthrow another, argues Tudor [ 7 ] . Besides, the cascading rule acknowledges that several low hurdlings do non do a high hurdle. So cascading several weak mechanisms does non supply the safety of a individual stronger mechanism [ 8 ] .

Subsystems should default to procure scenes, and wherever possible should be designed to “ neglect secure ” instead than “ fail insecure ” . Ideally, a secure system should necessitate a deliberate, witting, knowing and free determination on the portion of legitimate governments in order to do it insecure [ 7 ] .

The interior decorators and operators of systems should presume that security breaches are inevitable. Full audit trails should be kept for system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can merely be appended to, may maintain interlopers from covering their paths. Finally, full revelation helps to guarantee that when bugs are found the “ window of exposure ” is kept every bit short as possible [ 11 ] .

Unfortunately, the majority of installed fixed WiMAX substructure base has one manner CPE hallmark for the entree web security [ 15 ] and besides the air interface traffic is unencrypted. Therefore this security model can non be well applied here.

2.3 Security Architecture

Security provided by IT Systems refers to the system ‘s ability to protect confidentiality and unity of processed informations, every bit good as being able to supply handiness of the system and informations, as discussed by Willet in Information Assurance architecture 2008.

IT Architecture is defined as a set of design artefacts, relevant for depicting objects such that it can be produced to demands every bit good as maintained over the period of its utile life. The design artefact describes the construction of constituents, their inter-relationships, and the rules and guidelines regulating their design and development over clip [ 11 ] .

IT Security Architecture is hence defined as ; the design artifacts that depict how the security controls or countermeasures are positioned and how they relate to the overall IT Architecture. These controls serve the intent to keep the system ‘s quality attributes, among them confidentiality, unity and handiness.

Security qualities are frequently considered as “ non-functional ” demands when systems are designed. In other words they are non required for the system to run into its functional ends such as treating fiscal minutess, but are needed for a given degree of confidence that the system will execute to run into the functional demands that have been defined [ 12 ] .

The architecture of 802.16d is good modularized. The physical bed, Mac bed, plus Data, security and convergence sub-layers are all separately integrated together for their functional functions. However, the security window glass still bears a major failing, where there is no common hallmark between subscriber Stationss and the base Stationss and besides, the air interface conveyance is vulnerable to adult male in the in-between onslaughts.

2.4 Information Security Managed Services

This involves outsourcing parts or all of the system security maps of the organisation to a 3rd party service supplier, to pull off it. Information security managed services ( ISMS ) is an illustration of using the direction system conceptual theoretical account to the subject of Information Security. Unique attributes to this case of a direction system include:

Risk direction applied to information and based upon prosodies of confidentiality, unity, and handiness

Entire quality direction ( TQM ) applied to information security processes and based upon prosodies of efficiency and effectivity.

A monitoring and describing theoretical account based upon abstraction beds that filter and aggregate operational inside informations for direction presentation.

A structured attack towards incorporating people, procedure, and engineering to supply endeavor information security services.

An extensile model from which to pull off information security conformity.

An ISMS brings construction to the information security plan. With clear way and mandate, functions are understood. Defined maps or services allow derivation of undertakings that can be delegated. Prosodies can be collected and analyzed, bring forthing feedback for “ uninterrupted procedure betterment ” [ 11 ] .

In many state of affairss, creative activity of an information security direction system inspires and spawns complementary direction systems in other subjects such as human resources, physical security, concern continuity, and more. The model and direction system rules transcend subjects, and tend to heighten multi-disciplinary interoperation [ 7 ] .

Benefits of Managed Security Services:

Enables using of the extremely skilled labor from the service supplier, for effectual solutions.

Cost effectual service proviso, ab initio negotiated fixed cost, minus operational over caputs.

Problems of Managed Security Services:

Uncertainty of confidentiality, particularly when intrusting ICT assets with 3rd parties.

It has been argued by many I.S security bookmans that the strongest component in information security model lies within the users. This is really debatable to pull off and implement under the managed attack, with 3rd party users.

Besides, managed services can merely be utile within fixed WiMAX models where the in-built security characteristics of the 802.16d algorithm can be utilized to turn to the identified concerns. These would hence hold to be in order to be activated by the managed service supplier.

Other Related Mutual Authentication Security Works

2.4.1 Biometric Entity based Mutual Authentication in 3G GSM Networks

Authentication of both the endorser units and base Stationss is a uninterrupted concern in the telecommunication industry. Security menaces are increasing in figure and complicity, particularly with the turning wireless coverage and figure of users.

Harmonizing to Bhattacharjee etaˆ¦al, based on the TIA TR45.5 commission, the 3G substructure uses two exchanging techniques. Circuit shift is used in voice and low velocity informations transmittals while package shift is utilized for high velocity informations – which besides facilitates VoIP [ 19 ] .

However, with package shift, one manner hallmark is still the lone mechanism employed to procure the substructure between subscriber Stationss and the base Stationss [ 19 ] .

Bhattacharjee et… Al, proposed common hallmark utilizing sim-card, watchword and two biometric belongingss of the endorser station. One of the biometric parametric quantities is stored in the sim-card and the other, based on the endorser entity is kept on the server side.

An algorithm was proposed that aggregates biometric entities of the component nodes involved on the substructure. The algorithm works with what the entity has ( Sim card ) , what the entity knows ( Password ) , what the entity is ( Biometric entity ) and besides what the entity posses ( Certified Document ) .

Common genuineness is verified by utilizing the endorser identifier, watchword and biometric entities stored on the sim-card every bit good as on the server side. They are called the certified papers.

The proposed algorithm works within four different stages ; Subscriber registration – where CPE inside informations are captured, subscriber hallmark – this is executed whenever a endorser tries to link to the web, Network hallmark – the server side is verified to the endorser, but merely after the endorser has been verified. The last stage is subscriber password alteration stage.

2.5 Existing System Security Authentication Operations

The immensely deployed 802.16d model has a one manner hallmark mechanism for its entree substructure security [ 18 ] . While the client premises equipment ( CPE ) besides called endorser Stationss ( SS ) are authenticated by the base Stationss ( BST ) on accessing the web, the BST ‘s are non authenticated by the linking CPE ‘s [ 15 ] , [ 18 ] . This opens up possibility of assorted onslaughts ; Man in the in-between onslaughts, where Rogue BST ‘s could be sniffed into place and connected to by unsuspecting CPE ‘s, exposing the security algorithms used within the substructure.

Therefore the bing 802.16d hallmark algorithm as used in the fixed radio ( WiMAX ) webs can non run into common genuineness security demand.

Chapter 3


3.0 Introduction

This chapter describes the research methods and tools employed in carry oning this survey. The research explored the underlying entree web air interface security hallmark methods used within the fixed WiMAX substructures, to depict what has been go oning and what should be go oning. It accords the research worker relevant tools to thoroughly understand and research the prevailing state of affairs, and ease explicating an appropriate solution to the earlier identified research job.

3.1 Targeted Population

Population refers to the entirety of an facet in whole, as intended for usage in carry oning this survey. This survey was conducted within the Telecom Industry, with focal point on the fixed WiMAX substructure systems, implemented within the 802.16d model.

3.2 Methods used

3.2.1 Observation

First manus informations was collected during the survey. Everyday maps and their operational processs, system policies were examined. This method is chosen because of below factors ;

Easily ascertained whether any security model existed within the entree web air interface.

To determine how effectual the bing security characteristics and patterns are.

Helped addition first manus apprehension of how the security model was handled within the entree web substructure.

Using this method enabled the research worker attain the needed information, first manus, truthfully and rapidly.

3.2.2 Document Review and Evaluation

The written down processs, patterns and Network design diagrams, including makers ‘ merchandise literature were reviewed.

Using this method facilitated the followers ;

Gained better apprehension of the bing fixed WiMAX substructure designs and precise maps of nucleus constituents.

How the client service provisioning processes flow.

Ascertained the intended aims from the bing substructure designs.

3.2.3 Network Simulators

These were suggested for usage as they present a cost effectual manner to prove the proposed common hallmark security mechanisms without put on the lining the unrecorded production webs.

Besides, the cost demands for the appropriate equipment to show acceptable trial environment are prohibitively high.

3.3 Tools Used

Network Simulators – OmNet++

3.4 Algorithm Re-Design – 802.16d Fixed WiMAX.

During this phase, the bing 802.16d system model elements that need to be changed ( Authentication procedure ) is suitably modified.

3.5 Execution

3.5.1 Technology Considerations

In recognizing the survey aims, below engineerings are used ;

i. Perimeter – Entree web.

aˆ? Mutual device hallmark – CPE ‘s and Base Stations.

aˆ? Session encoding

two. Network – Core Connectivity.

aˆ? Equipment individuality registry

aˆ? Network entree control model

aˆ? Mandatory entree control /device hallmark – Abdominal aortic aneurysm /Radius

Chapter 4

Presentation OF RESULTS

4.1 Failings of 802.16d Authentication Methods and Algorithms

4.1.1 PPP Authentication Protocol

As earlier discussed under subdivision 2.1.3a, within the PPP protocol, a major failing of the PAP attack is that both the user name and watchword are sent unencrypted to the waiter. This bears a hazard of stoping and reading the message easy [ 4 ] , [ 1 ] . Furthermore, the CHAP system besides does non convey the user watchword instead a challenge item which does non concretely set up true individuality on either party, harmonizing to Bannister et… Al.

4.1.2 The Extensile Authentication Protocol ( EAP )

The EAP has besides been identified with failings ; the usage of “ lock measure ” flow control straight impacts on the public presentation of the protocol model, particularly when the substructure keeps spread outing. This becomes a constriction to the progressively bosomy traffic flow [ 4 ] .

4.1.3 Mac Address based Authentication

One of the failings underlined here is that Mac references are transmitted in clear text, raising the hazard of whiffing these references. Besides, the valid and universally administered references can be over written and spoofed with the locally modified and administered references. This looses the uniqueness component of Mac reference based hallmark [ 5 ] , [ 2 ] .

4.2 Alteration of the 802.16d Authentication Algorithm

4.2.1 Identified variables presently used in the 802.16d Algorithm




Device consecutive figure

Permanent wave

One manner

Device Mac reference

Permanent wave

Two manner

IP reference attached


Two manner

X-509 Certificate


One manner

4.2.2 The modified 802.16d algorithm – Authentication flow:

Measure.1 The Client premises equipment ( CPE ) investigation scans for SSID signal /RF beacon, petitions to set up a nexus.

Measure.2 The available Base station ( BST ) utilizing an hallmark agent forwards the petition to the AAA waiter, which in bend requests the CPE for designation.

Measure.3a The CPE responds to the designation petition with an encrypted predefined cardinal from the CPE based smartcard.

Measure.3b The CPE in the same encrypted session, requests the AAA waiter for the entree BST designation /key.

Measure.4 The AAA waiter compares the standard CPE predefined cardinal with the stored key in the equipment individuality registry database.

Measure.5 The AAA waiter responds with the entree BST key from the equipment individuality registry ( EIR )

Measure.6 The AAA waiter relays /responds with an encrypted mandate item to the CPE. This nominal embodies a session designation which includes:

BST key, Mac Address and IP reference

CPE key, Mac Address and IP reference

Figure 6 Illustration of the modified 802.16d algorithm – Authentication flow.

RF Beacon Scan, Request Link – 1

Designation petition – 2

Encrypted I.D response – 3 Yes /No and request BST I.D

Authenticated SS I.D and – 4 Encrypted BS I.D Response – 5.a

Authorization Token – 6

Encrypted acknowledgement 5.b



4.2.3 The modified 802.16 algorithm – Imposter codification


CPE scans for SSID beacon to set up RF Link.

If SSID is got, request RF Linkaˆ¦. , Else continue scanning

BST in locality forwards the session to AAA waiter for designation.

CPE responds to identification challenge from AAA waiter, with an encrypted and predefined key.

CPE requests the AAA waiter for the BST individuality key.

AAA compares the standard CPE key with the stored key in the EIR.

If CPE key is similar to identify stored in EIR, proceedaˆ¦. , Else terminate RF connexion.

AAA waiter responds with the BST key from the EIR.

AAA relays via the BST, the encrypted Access item to the CPE and the BST:

BST key, Mac reference and Network IP Address

CPE key, Mac reference and Network IP Address

4.3 Restrictions of the Study

There is no human interaction in the full CPE-BST common hallmark procedure. The users will hold no manner of finding where jobs lie – if any, particularly when the hallmark procedure fails.

The added security degree may present some latency, as devices are authenticated and counter authenticated. Though, during this survey, precise latency continuance has non been adduced to reflect on the overall public presentation holds. This forms another land to farther research in this country.

Security cardinal direction facet is another country for farther research work in the 802.16d model.

Chapter 5


5.1 The Decision

Since radio web signals overflow the physical boundary security, it is imperative that true individuality of client premises equipment ( CPE ) , base Stationss ( BST ) and any other devices, is established at the clip of entree. In this survey, the 802.16d algorithm model was modified to let common hallmark and encoding. This security algorithm as used in fixed radio substructures, assures security through usage of two manner individuality cogent evidence of both the CPE and BST. This helps extinguish spoofing and imposing of echt web devices.

The algorithm was implemented utilizing OmNet++ as it was the most cost effectual simulation method available to the research worker.

5.2 Recommendations

It is of import to observe that security hallmark mechanisms sometimes impact on the public presentation of the web Infrastructures. This is fertile evidences for farther research, to analyze the impact of hallmark mechanisms on the web public presentation or the contrary.

This survey focused on the common hallmark facets of security within fixed radio infrastructures merely. Other security facets of the 802.16d model were non examined, and as such more work still lies therein in order to achieve comprehensive security.

Share this Post!

Send a Comment

Your email address will not be published.