A Survey of WiMAX and Mobile BroadbandSecurityEmily Yang, [email protected] (A project report written under theguidance of Prof. Raj Jain)DownloadAbstractThis paper covers the security mechanisms and issues in WiMAX, as well as universal threats to wirelessnetworks. It also examines similar wireless and mobile broadband technologies, WLAN, MBWA, and 3G andthe security measures that are taken. Awareness is raised of the current as well as future security implicationsof an increasingly wireless world.Table of Contents1.0 Introduction2.0 Background on Wireless Security2.1 Mobile Security Concerns3.0 IEEE 802.16 Metropolitan Area Network (WMAN and WiMAX)3.1 Security Mechanisms3.2 Security Issues3.3 Security Patches in Later Versions4.0 Overview of and Security in Other Closely Related Technologies4.1 IEEE 802.11 Wireless Local Area Network (WLAN)4.2 IEEE 802.20 Mobile Broadband Wireless Access (MBWA or MobileFi)4.3 Third Generation (3G) Networks (WLAN)5.0 Summary and ConclusionReferencesList of Acronyms1.0 IntroductionConsider a scenario in which a person wakes up and walks around with her laptop connected to a local areanetwork in her house as she gets ready, checking email, and using it to read the news as she eats breakfast. Onthe bus on her way to work, she pulls out her iPhone to browse the internet, check the scores of her favoritesports teams, watch some funny YouTube videos, and call a friend. She then stops at Starbucks, connects tothe Wi-Fi, and answers some email while sipping some coffee. Once at work, she pulls out her laptop toconnect to the WLAN at the office and starts work.The fact that this scenario sounds fairly normal and typical is interesting, not only because of how technologyand internet-centered our lives have become, but because every network connection that this person used waswireless. Most people use multiple types of wireless internet every day without even realizing it. It's fast andconvenient, but how do we know that the data we send and receive is secure? As it turns out, there are manyA Survey of WiMAX and Mobile Broadband Securityhttp://www.cse.wustl.edu/~jain/cse571-09/ftp/wimax1/index.html 1 of 12mechanisms in place to provide security, but there are also many weaknesses and threats, especially sincewireless and mobile broadband service is a fairly new and still developing technology. The IEEE 802.16standard and its implementation, WiMAX, provide an interesting case of the evolving nature of mobilebroadband use and security as well as problems that are continuously being found.In this paper we discuss the inherent and fairly universal weaknesses and security threats of wirelessnetworks, take a thorough look at WiMAX's security mechanisms and issues, and then examine some similarwireless and mobile broadband technologies and their security. Through discussion of common securityproblems as well as in-depth study of real world examples, like WiMAX, we can come to a betterunderstanding of the threats we face now and the implications for the future of mobile broadband security.2.0 Background on Wireless SecurityThere are several security concerns and development implications that arise from the varying nature ofmobile communication and the fast-paced increase in usage of mobile devices for m-commerce, email, andother functionality that require secure connections. Mobile security poses an interesting problem, largelybecause it requires an enormous amount of compatibility over different access media, as well as a wide rangeof end user devices, with different capacities and capabilities. Users expect to be able to use their mobiledevices spontaneously in many different environments, and sometimes continuously while going throughmultiple types of access points, for example, in a moving car. Despite the frequent need for even moresecurity than is provided to their counterparts that are within a fixed network, mobile devices have much lessprocessing ability and also need to comply with reasonable cost, size and weight restrictions as well asusability requirements. To make matters even more complicated, mobile devices are also often lost or stolen,which calls for even higher protection of sensitive information. Through more detailed discussion of thesecurity challenges it becomes clear that there are many hurdles that engineers must consider when designingmobile communication architectures. [Raghunathan03]A Survey of WiMAX and Mobile Broadband Securityhttp://www.cse.wustl.edu/~jain/cse571-09/ftp/wimax1/index.html 2 of 12Figure 1: Major Mobile Security Concerns2.1 Mobile Security ConcernsSeveral issues have been identified that must be taken into account when evaluating the security of mobilecommunication. Some of the most important and universal ones are discussed below (also seen above inFigure 1).2.1.1 Authorization TechniquesEspecially because the devices are mobile, there is a large risk that they might fall into the wrong hands. Here,a usability issue arises where people expect to be able to conveniently and frequently use their devices, whichoften rules out the idea of a login procedure. Also, there are a variety of data types flowing to and from thedevices, both public and private, that need different types of authentication, such as encryption, MessageAuthentication Codes (MAC), or digital signatures. It may even be the case that different network levelsrequire different authentication. [Jurjens08]2.1.2 Storage of Sensitive InformationThere is an increasing amount of sensitive information that can be stored on mobile devices, from passwords,to credit card information, to certificates that must be secure. The performance and physical capabilities ofthe device can make it hard or impossible to sufficiently encrypt data. [Jurjens08]2.1.3 Application EnvironmentLike any computer, mobile devices must be able to defend against software attacks such as viruses, but unlikeA Survey of WiMAX and Mobile Broadband Securityhttp://www.cse.wustl.edu/~jain/cse571-09/ftp/wimax1/index.html 3 of 12a machine in an unchanging network, they do have constant access to software patches or updates.Sometimes even established security mechanisms are not possible on handhelds due to their limitedperformance capabilities. [Jurjens08]2.1.4 Network AvailabilityA network or service should only allow certain authorized devices to connect to it, which requires strictlyobserved and verified user privileges and defense against denial-of-service attacks and other misuse of thenetwork