Professional Documents
Culture Documents
W H I T E PA P E R
W H I T E PA P E R
Glossary 3
Abstract 5
Security Association 9
Authorization 10
Traffic Encryption 10
Summary 11
Summary 19
2
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
Glossary
W H I T E PA P E R
AK Authorization Key
BS Base Station
IP Internet Protocol
IPsec IP security
MIP Mobile IP
MS Mobile Station
3
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
W H I T E PA P E R
PK Public Key
RSA Rivest-Shamir-Adleman
SA Security Associations
4
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
Abstract
W H I T E PA P E R
In this white paper we start by introducing the requirements and general principles
of security in wireless networks. We then present the data link security sublayer
functions as defined by the IEEE 802.16e-2005 standard for the WiMAX air interface.
Finally, the Network Aspects of Security (page 12) and Mobile WiMAX Network
Architecture (page 13) sections deal with the network aspects of security in
accordance with the WiMAX Forum Network Reference Model (NRM).
5
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
Security is an important concern for the network operator and the network user. The
network operator wants to know that the users and the devices connected to their
network are who they say they are (to prevent malicious attacks, user spoofing), that
they are accessing services that they are authorised to access and that the network
users pay for the services they have used. The network users want to ensure that their
privacy is protected, that the integrity of the data they send and receive is not
compromised, that they can access the services they have subscribed to and that they
are not over charged for those services.
In fact, the expectations of the network operator and the network user are not
contradictory but complimentary. Any well designed network needs to deliver these
perfectly reasonable expectations which can only be achieved by the equipment
vendors, system integrators and network operators working together and making the
right design choices. In table 1 below, we have summarised these security
expectations
6
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
W H I T E PA P E R
The security sublayer specified by the IEEE 802.16e-2005 only deals with the Data
Link Layer security. Link Layer authentication and authorization ensures that the
network is only accessed by permitted users. Link Layer encryption ensures privacy
and protects traffic data from eavesdropping by unauthorised third parties.
Network Layer security measures protect the network from malicious attacks achieved
through the use of firewalls and AAA servers. RADIUS is the most widely used
protocol for AAA interactions. Mobile WiMAX network architecture addresses the use
of these techniques by providing an AAA based secure roaming model.
The Transport and Application layers provide additional security measures as deemed
appropriate by the network operator, application service providers (ASPs) or the end
users themselves. The security measures employed at the higher layers are outside the
scope of this white paper.
7
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
Authentication
The Data Link Layer security functions encompass the essential functions of
authentication, authorization and encryption which take place between the end user
station [note that we will talk about mobile station (MS) but the same principles also
apply to subscriber stations (SS)] and the base station (BS) over the IEEE 802.16e-
2005 air interface.
Please note that in this section, for simplicity, we will attribute various security
functions to the BS. In reality all these functions may not reside in the BS and may be
performed in conjunction with other nodes in the network as will be explained in
detail in the Mobile WiMAX Network Architecture section on page 13.
Authentication is achieved using a public key interchange protocol which ensures not
only authentication but also the establishment of encryption keys. In public key
interchange schemes each participant must have a private key and a public key. The
Public key is known widely whereas the private key is kept secret.
a RSA based authentication - X.509 digital certificates together with RSA encryption
PKM authentication protocol establishes a shared secret key called Authorization Key
(AK) between the MS and the BS. Once a shared AK is established between the BS
and the MS, Key Encryption Key (KEK) is derived from it. KEK is then used to encrypt
subsequent PKM exchanges of Traffic Encryption Key (TEK).
8
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
W H I T E PA P E R
The BS associates the MS’s authenticated identity to a paying subscriber and hence to
the services the subscriber is authorized to access. Thus, through the exchange of AK,
the BS determines the authenticated identity of the MS and the services it is
authorized to access.
Security Association
Three types of SA have been defined, primary, static and dynamic. Each MS
establishes a primary SA during the MS initialization phase. Static SAs are provided
within the BS. Dynamic SAs are created and destroyed in real time in response to the
creation and termination of service flows. Each MS can have several service flows on
the go and can therefore have several dynamic SAs. The BS makes sure that the
assigned SAs are compatible with the service types the MS is authorised to access.
9
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
W H I T E PA P E R
Authorization
Following authentication, MS requests authorization from the BS. This is a request for
an AK as well as for an SA identity (SAID). The Authorization Request includes MS’s
X.509 certificate, encryption algorithms and cryptographic ID.
In response, the BS carries out the necessary validation (by interacting with an AAA
server in the network) and sends back an Authorization reply which contains the AK
encrypted with the MS’s public key, a lifetime key and an SAID. These processes are
further discussed in the Mobile WiMAX Network Architecture section on page 13.
After the initial authorization, the AAA via the BS periodically reauthorizes the MS.
Traffic Encryption
As we have seen above, the authentication and authorization process results in the
assignment of and Authorization Key, which is 160 bits long. The Key Encryption Key
is derived directly from the AK and is 128 bits long. The KEK is not used for
encrypting traffic data; for this we require the Traffic Encryption Key which is
generated as a random number in the BS using the TEK encryption algorithm where
KEK is used as the encryption key. TEK is then used for encrypting the data traffic.
10
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
W H I T E PA P E R
Summary
Table 2 below summarises how the mobile WiMAX standard addresses the security
requirements summarised in Table 1 on page 6 above.
11
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
Up until now we have considered the security related interactions and protocols
between the SS and the BS. Now let’s consider what happens at the network level
and where the intelligence may reside.
EAP EAP
In WiMAX, between the MS and the BS EAP runs over the WiMAX PHY and MAC
utilising the PKMv2 protocol as defined in 802.16e-2005. If the authenticator
function is not in the BS, the BS relays the authentication protocol to the
authenticator (in the Access Services Network).
RADIUS is a widely used standard. It has a client/server architecture and utilises UDP
messages. The authentication server is also the RADIUS server, whereas the
authenticator acts as a RADIUS client. In addition to authentication, RADIUS also
supports authorization and accounting functions.
12
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
We will now consider this Mobile WiMAX network architecture as defined by the IEEE
802.16e-2005 standard from a security point of view and map the concepts from
earlier sections onto this network architecture.
R2
NAP HOME NSP
Network Access Provider Network Service Provider
Internet
BS
AAA HA
R6 ASPs
R1 IP R3
R8 ASN IMS
Mobile Station Cloud GW
(MS) (FA) IP Legacy Core
R6 Cloud CRM Billing
Networks
BS
ASN CSN
Access Service Network Connectivity Service Network
2G/3G Mobile
Networks
R4 R5
Other
Another ASN Operator’s
CSN
13
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
W H I T E PA P E R
Network Reference Model reference points are summarised in the table below:
The IEEE 802.16e-2005 standard calls for the ability to manage subscriber mobility
at a number of layers as well as to authenticate, account and apply policy on a
per subscriber basis. This is achieved by dividing the WiMAX network into two
main parts:
The ASN consists of the WiMAX base stations and the ASN Gateway, whereas, the
CSN is at the core of the network providing control and management functions such
as AAA, DHCP, FTP and IMS.
A key element of the ASN is the ASN Gateway, which controls and aggregates the
traffic from one or more WiMAX base stations, and managing handover between
them, which includes maintaining authentication, service flows and key distribution
between base stations.
14
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
W H I T E PA P E R
The NWG has defined three ASN profiles, referred as profile A, B and C from which
vendors and service providers can select their preferred solution. Profile A and C both
use centralized ASN Gateways, however, in Profile C the base stations are responsible
for implementing the Radio Resource Management (RRM) and Handover
management functions. Profile B embeds the key ASN functionality inside the base
station, which removes the need for a centralised ASN gateway. Recently Profile A has
been withdrawn leaving just Profiles B and C. Airspan currently offers profile C
compliant solutions in collaboration with the specialist ASN Gateway vendor Starent.
Airspan’s ASN Gateway portfolio is called ControlMAX.
Table 4 below maps the functionality split (including the security functionality) of ASN
between the BS and the ASN Gateway for an ASN profile C implementation.
BS ASN GW
Security Authenticator ¸
Authentication relay ¸
Key distributor ¸
Key receiver ¸
Handoff Data path function ¸ ¸
Management
Handover control ¸
Context server and client ¸ ¸
MIP foreign agent ¸
Radio Resource Radio resource controller ¸
Management (RRM) Radio resource agent ¸
Paging Paging controller ¸
Paging agent ¸
Quality of service SF authorisation ¸
SF manager ¸
15
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
W H I T E PA P E R
For an ASN Profile C implementation, the interactions between the BS and ASN
Gateway over R6 for discharging the security functions are shown in Figure 5 below.
ASN (Profile C)
Authentication
key transfer
protocol
Key receiver Key distributor
R6
Connectivity Service Network (CSN) is the core of the network. It controls and
manages the ASNs and the subscribers with a variety of services such as AAA, Home
Agent functions, DHCP server, etc. CSN is also responsible for connecting to other
operator’s networks and enables inter-operator and inter-technology roaming.
Figure 6 below shows the protocol stack for AAA in mobile WiMAX network
implementation. It is worth noting that EAP ‘layer’ operates over the R1/R3/R5
reference points and the EAP methods (AKA, TSL/TTLS) operate over R2.
16
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
W H I T E PA P E R
EAP
Authentication
802.16 relay encapsulation UDP/IP
protocol
When authentications of both the end user and the device need to be performed and
these authentications terminate in different AAA servers, the favoured approach in
PKMv2 is to use EAP-TTLS instead of double authentication.
17
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
W H I T E PA P E R
Service Flow Management (SFM) and Service Flow Authorization (SFA) are the logical
functional entities, closely associated with QoS, located in the ASN that act as policy
enforcement and policy decision points. For ASN Profile C, the SFM function is
located in the BS and the SFA function is located at the ASN GW.
The Service Flow Manager (SFM) located in the BS is responsible for the creation,
admission, activation, modification, and deletion of IEEE 802.16e-2005 service flows.
It consists of an Admission Control (AC) function, data path function and the
associated local resource information. AC decides whether a new service flow can be
admitted to the system.
Service Flow Authorization (SFA) is located at the ASN GW and is responsible for
evaluating any service request against the subscriber's QoS profile. If the SFA already
has the user QoS profile then it evaluates the incoming service requests against the
user’s profile. If the SFA does not have the user profile then it sends the service
request to the Policy Function (PF) for decision making. The Policy Functions (PFs) and
its associated database reside in the CSN of both the home and the visited network.
18
Copyright Airspan Networks Inc. 2007
Mobile WiMAX Security
Summary
W H I T E PA P E R
In this white paper we set out to de-mystify the whole topic of wireless security and
to put it into some kind context that makes it easier to understand the key concepts.
In the past there have been well publicised security loopholes in security
implementations. IEEE 802.16e-2005 standard has embraced the lessons learnt and
has specified a comprehensive set of solutions. It is up to the equipment vendors,
systems integrators and network operators to work together to implement a
network-wide security policy appropriate for the network.
19
Copyright Airspan Networks Inc. 2007
W H I T E PA P E R
For more information about Airspan, its Airspan has sales offices in
the following countries:
products and solutions, please visit our
Europe
website:
Finland
www.aispan.com Poland
Russia
United Kingdom
Or write to us at one of the addresses below.
Middle East
United Arab Emirates
www.airspan.com