IEEE WiMax Security

Size: px

Start display at page:

Download "IEEE WiMax Security"

Joella Gaines
5 years ago
Views:

1 IEEE 80.6 WiMax Security Dr. Kitti Wongthavarawat Thai Computer Emergency Response Team (ThaiCERT) National Electronics and Computer Technology Center Thailand Presented at 7 th Annual FIRST Conference, Singapore July, 005 Agenda Introduction to IEEE 80.6 WiMax IEEE 80.6 Security Architecture based on IEEE Standard IEEE 80.6 Security Process and Analysis Authentication Date Exchange Conclusions

2 IEEE 80.6 WiMAX Wireless Metropolitan Area Network (WMAN) Standard, Broadband Wireless Access (BWA) Last mile connectivity Range up to 50 km. Provide high speed connectivity that supports data, voice and video Fast deployment, cost saving IEEE 80.6 Applications Residential Fixed BWA (IEEE ) Point-to-multipoint last mile Point-to-point backhaul Base Station Internet Industrial Base Station Mobile User Mobile BWA (IEEE 80.6e) SOHO, Enterprise

3 IEEE Air Interface 0-66 GHz Below GHz WirelessMAN-SC WirelessMAN-SCa WirelessMAN-OFDM WirelessMAN-OFDMA WirelessHUMAN IEEE Air Interface Contentionless protocol Multiple access controlled by Connection oriented Security sublayer

4 IEEE 80.6 Security Architecture plane plane connection Transport connection IEEE 80.6 Security Architecture plane plane Encryption (some) Header Encrypted payload 4

5 IEEE 80.6 Security Architecture plane plane Security Association (SA) IEEE 80.6 Security Association plane Security Association (SA) Cryptographic suite (i.e., encryption algorithm) Security Info (i.e., key, IV) Identified by 5

6 IEEE 80.6 Security Process plane Authentication Exchange IEEE 80.6 Authentication authentication using X.509 certificate No authentication Negotiate security capabilities between and Establish security association () Authentication (AK) exchange AK serves as authorization token AK is encrypted using public key cryptography Authentication is done when both and possess AK 6

7 IEEE 80.6 Authentication Authorization Request [ Certificate, Security Capabilities, ] Authorization Reply Verify Certificate AK (8 bits) Generation [AK (encrypted with RSA-04 s public key), lifetime, Selected Security Suite, AK sequence number] AK (8bits) AK (8bits) lifetime = day to 70 days IEEE 80.6 Authentication Analysis plane No mutual authentication Rogue Man-in-the-middle attack Limited authentication method certification New authentication method requires adding new type of authentication message 7

8 IEEE 80.6 Authentication Analysis plane Method EAP Solution EAP-based Authentication Authentication methods (i.e., EAP-TLS, EAP-TTLS, PEAP, EAP-SIM) Extend the authentication to AAA Server Proposed in draft IEEE 80.6e IEEE 80.6 Security Process plane Authentication Exchange 8

9 IEEE 80.6 Exchange encryption requires data key called Transport Encryption key (TEK). Use AK from authentication process to derive key encryption key (KEK) and Message Authentication key (H key) TEK is generated by randomly IEEE 80.6 Exchange TEK is encrypted with DES (use bits KEK) RSA (use s public key) AES (use 8 bits KEK) Exchange message is authenticated by H-SHA (provides Message Integrity and AK confirmation) 9

10 IEEE 80.6 Exchange AK (8bits) KEK (8bits) H- (60bits) KEK = Truncate( SHA(AK 5 64 ), 8) H-up = SHA((AK 5C 64 ) H-down = SHA((AK A 64 ) TEK Request AK (8bits) KEK (8bits) H- (60bits) [AK Sequence Number,, H-SHA] TEK Reply TEK (8bits) Generation [AK Sequence Number,, Encrypted TEK, TEK key lifetime, IV, H-SHA ] TEK (8bits) TEK (8bits) lifetime = 0 mins to 7 days IEEE 80.6 Security Process plane Authentication Exchange 0

11 IEEE 80.6 DES in CBC mode 56 bit DES key (TEK) CBC-IV = [IV Parameter from TEK exchange] XOR [ Synchronization field] CBC-IV Plain block Plain block Plain block DES-CBC (56 bit key) DES-CBC (56 bit key) DES-CBC (56 bit key) Cipher block Cipher block Cipher block IEEE 80.6 Analysis 56 bit key is not secure based on today s computer Bruce force attack CBC-IV is predictable CBC-IV = [IV Parameter from TEK exchange] XOR [ Synchronization field] Chosen Plaintext Attack to recover the original plaintext No Message Integrity Detection, No replay protection Active attack

12 IEEE 80.6 AES in CCM Mode 8 bit key (TEK) Message Integrity Check Replay Protection using Packet Number IEEE 80.6 Security Architecture plane plane

13 Conclusions Require mutual authentication Require more flexible authentication method EAP Authentication Improve derivation Include the system identity (i.e., ID) freshness include random number from both and Prefer AES to DES for data encryption

WiMAX Security: Problems & Solutions

(JCSCR) - ISSN 2227-328X WiMAX Security: Problems & Solutions Paul Semaan LACSC Lebanese Association for Computational Sciences Registered under No. 957, 2011, Beirut, Lebanon Abstract This paper is a