Mobile WiMAX Security

W H I T E PA P E R

W H I T E PA P E R

Makes Mobile WiMAX Simple

 Mobile WiMAX Security

Mobile WiMAX Security

W H I T E PA P E R

Glossary 3

Abstract 5

Introduction to Security in Wireless Networks 6

Data Link Layer Security 8

Authentication 8

Security Association 9

Authorization 10

Traffic Encryption 10

Summary 11

Network Aspects of Security 12

Mobile WiMAX Network Architecture 13

Network Reference Model 13

ASN Profile C and Security 15

ASN and CSN Interaction for Security 16

Connectivity Service Network (CSN) 18

Summary 19

2
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

Glossary
W H I T E PA P E R

AAA Authentication, Authorization and Accounting

AES Advanced Encryption Standard

AK Authorization Key

AKA Authentication and Key Agreement

ASN Access Service Network

ASN GW ASN gateway

BS Base Station

CHAP Challenge Handshake Authentication Protocol

CSN Connectivity Service Network

EAP Extensible Authentication Protocol

EAP-AKA EAP-Authentication and Key Agreement

EAP-PSK EAP PreShared Key

EAP-SIM EAP-Subscriber Identity Module

EAP-TLS EAP-Transport Layer Security

EAP-TTLS EAP-Tunnelled Transport Layer Security

EMSK Enhanced Master Session Key

IP Internet Protocol

IPsec IP security

KEK Key Encryption Key

MAC Media Access Control

MIP Mobile IP

MS Mobile Station

MSK Master Session Key

3
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

W H I T E PA P E R

NAP Network Access Provider

NAS Network Access Server

NSP Network Service Provider

PAP Password Authentication Protocol

PEAP Protected EAP

PK Public Key

PKI Public Key Infrastructure

PKM Private Key Management

PMK Pairwise Master Key

PPP Point-to-Point Protocol

RADIUS Remote Authentication Dial In User Service

RSA Rivest-Shamir-Adleman

SA Security Associations

SIM Subscriber Identity Module

TEK Traffic Encryption Key

TLS Transport Layer Security

TTLS Tunnelled TLS

USIM Universal SIM

X.509 ITU-T standard for PKI digital certificates

4
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

Abstract
W H I T E PA P E R

Security is an important topic in telecommunications. It is even more important

when wireless systems are used because it is generally perceived that wireless
systems easier to attack than wireline systems.

For a ground-breaking broadband wireless standard such as WiMAX, addressing the

security concerns head-on and specifying credible solutions has been an important
objective. Lessons learnt from weaknesses in Wi-Fi security have been incorporated
into the IEEE 802.16 standard.

In this white paper we start by introducing the requirements and general principles
of security in wireless networks. We then present the data link security sublayer
functions as defined by the IEEE 802.16e-2005 standard for the WiMAX air interface.
Finally, the Network Aspects of Security (page 12) and Mobile WiMAX Network
Architecture (page 13) sections deal with the network aspects of security in
accordance with the WiMAX Forum Network Reference Model (NRM).

5
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

Introduction to Security in Wireless Networks

W H I T E PA P E R

Security is an important concern for the network operator and the network user. The
network operator wants to know that the users and the devices connected to their
network are who they say they are (to prevent malicious attacks, user spoofing), that
they are accessing services that they are authorised to access and that the network
users pay for the services they have used. The network users want to ensure that their
privacy is protected, that the integrity of the data they send and receive is not
compromised, that they can access the services they have subscribed to and that they
are not over charged for those services.

In fact, the expectations of the network operator and the network user are not
contradictory but complimentary. Any well designed network needs to deliver these
perfectly reasonable expectations which can only be achieved by the equipment
vendors, system integrators and network operators working together and making the
right design choices. In table 1 below, we have summarised these security
expectations

Stakeholder Security Concern Comment

Privacy Protect from

eavesdropping

Data integrity Protect user data from

being tampered in
Network transit
User
Access to services User has the correct
credentials

Correct accounting Accuracy and efficiency

of accounting

User authentication Is the user who he says

he is?

Device authentication Is the device the

correct device?
Network
Operator Authorization Is the user authorized
to receive a particular
service?

Access control Only authorized users

have access to services

Table 1 – Security Expectations

6
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

W H I T E PA P E R

Security is handled at multiple layers of the network, each layer handling a

complimentary aspect of security. Security functions can be mapped to different
layers of the OSI 7-layer model as shown in Figure 1 below.

Digital signatures, certificates, end-

7 Application Layer
to-end security

4 Transport Layer Transport layer security (TLS)

3 Network Layer IPsec, AAA infrastructure, RADIUS

2 Data Link Layer AES, PKI, X.509

1 Physical Layer WiMAX PHY

Figure 1 – Security functions at various network layers

The security sublayer specified by the IEEE 802.16e-2005 only deals with the Data
Link Layer security. Link Layer authentication and authorization ensures that the
network is only accessed by permitted users. Link Layer encryption ensures privacy
and protects traffic data from eavesdropping by unauthorised third parties.

Network Layer security measures protect the network from malicious attacks achieved
through the use of firewalls and AAA servers. RADIUS is the most widely used
protocol for AAA interactions. Mobile WiMAX network architecture addresses the use
of these techniques by providing an AAA based secure roaming model.

The Transport and Application layers provide additional security measures as deemed
appropriate by the network operator, application service providers (ASPs) or the end
users themselves. The security measures employed at the higher layers are outside the
scope of this white paper.

7
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

Data Link Layer Security

W H I T E PA P E R

Authentication

The Data Link Layer security functions encompass the essential functions of
authentication, authorization and encryption which take place between the end user
station [note that we will talk about mobile station (MS) but the same principles also
apply to subscriber stations (SS)] and the base station (BS) over the IEEE 802.16e-
2005 air interface.

Please note that in this section, for simplicity, we will attribute various security
functions to the BS. In reality all these functions may not reside in the BS and may be
performed in conjunction with other nodes in the network as will be explained in
detail in the Mobile WiMAX Network Architecture section on page 13.

We will now consider how these functions are performed.

Authentication comes in two forms:

• unilateral authentication where the BS authenticates the MS and

• mutual authentication where the BS authenticates the MS and the MS

authenticates the BS

Every WiMAX implementation must have unilateral authentication. Experience has

shown that mutual authentication is also extremely useful to have.

Authentication is achieved using a public key interchange protocol which ensures not
only authentication but also the establishment of encryption keys. In public key
interchange schemes each participant must have a private key and a public key. The
Public key is known widely whereas the private key is kept secret.

WiMAX 802.16e-2005 standard defines a Privacy Key Management (PKM) protocol

which allows for three types of authentication:

a RSA based authentication - X.509 digital certificates together with RSA encryption

b EAP based authentication (optional)

c RSA based authentication followed by EAP authentication

PKM authentication protocol establishes a shared secret key called Authorization Key
(AK) between the MS and the BS. Once a shared AK is established between the BS
and the MS, Key Encryption Key (KEK) is derived from it. KEK is then used to encrypt
subsequent PKM exchanges of Traffic Encryption Key (TEK).

8
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

W H I T E PA P E R

In the RSA based authentication, a BS authenticates the MS by virtue of its unique

X.509 digital certificate which has been issued by the MS manufacturer. The X.509
certificate contains the MS’s Public Key (PK) and its MAC address. When requesting
an AK, the MS sends its digital certificate to the BS which validates the certificate and
then uses the verified PK to encrypt an AK which is then sent back to the MS. All MSs
that use RSA authentication have factory installed private/public key pairs (or an
algorithm to generate the keys dynamically) together with factory installed X.509
certificates.

In the case of EAP based authentication the MS is authenticated either through a

unique operator issued credential, such as a SIM or though an X.509 certificate as
described above. The choice of authentication method depends on the operator’s
choice of type of EAP as follows:

• EAP-AKA (Authentication and Key Agreement) for SIM based authentication,

• EAP-TLS for X.509 based authentication

• EAP-TTLS for MS-CHAPv2 (Microsoft-Challenge Handshake Authentication Protocol)

The BS associates the MS’s authenticated identity to a paying subscriber and hence to
the services the subscriber is authorized to access. Thus, through the exchange of AK,
the BS determines the authenticated identity of the MS and the services it is
authorized to access.

Security Association

A Security Association (SA) is defined as the set of security information shared

between a BS and one or more of the MSs connected to that BS in order to support
secure communications across the WiMAX access network.

Three types of SA have been defined, primary, static and dynamic. Each MS
establishes a primary SA during the MS initialization phase. Static SAs are provided
within the BS. Dynamic SAs are created and destroyed in real time in response to the
creation and termination of service flows. Each MS can have several service flows on
the go and can therefore have several dynamic SAs. The BS makes sure that the
assigned SAs are compatible with the service types the MS is authorised to access.

9
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

W H I T E PA P E R

Authorization

Following authentication, MS requests authorization from the BS. This is a request for
an AK as well as for an SA identity (SAID). The Authorization Request includes MS’s
X.509 certificate, encryption algorithms and cryptographic ID.

In response, the BS carries out the necessary validation (by interacting with an AAA
server in the network) and sends back an Authorization reply which contains the AK
encrypted with the MS’s public key, a lifetime key and an SAID. These processes are
further discussed in the Mobile WiMAX Network Architecture section on page 13.

After the initial authorization, the AAA via the BS periodically reauthorizes the MS.

Traffic Encryption

As we have seen above, the authentication and authorization process results in the
assignment of and Authorization Key, which is 160 bits long. The Key Encryption Key
is derived directly from the AK and is 128 bits long. The KEK is not used for
encrypting traffic data; for this we require the Traffic Encryption Key which is
generated as a random number in the BS using the TEK encryption algorithm where
KEK is used as the encryption key. TEK is then used for encrypting the data traffic.

10
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

W H I T E PA P E R

Summary

Table 2 below summarises how the mobile WiMAX standard addresses the security
requirements summarised in Table 1 on page 6 above.

Stakeholder Security Concern Comment How does WiMAX

address it?

Privacy Protect from RSA encryption,

eavesdropping EAP-TLS, PKM protocol

Data integrity Protect user data from RSA encryption,

being tampered in EAP-TLS, PKM protocol
Network transit
User
Access to services User has the correct X.509, EAP
credentials

Correct accounting Accuracy and efficiency AAA architecture

of accounting

User authentication Is the user who he says X.509, EAP-TTLS

he is?

Device authentication Is the device the X.509, EAP-TTLS

correct device?
Network
Operator Authorization Is the user authorized RSA, EAP, PKMv2
to receive a particular protocol
service?

Access control Only authorized users RSA, EAP, PKMv2

have access to services protocol

Table 2 – How WiMAX standard addresses security expectations

11
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

Network Aspects of Security

W H I T E PA P E R

Up until now we have considered the security related interactions and protocols
between the SS and the BS. Now let’s consider what happens at the network level
and where the intelligence may reside.

Figure 2 below shows a typical access control architecture.

EAP EAP

WiMAX Link Layer AAA - RADIUS

Mobile Station Authenticator Authentication

(MS) Server
IP
Cloud

Figure 2 – Typical access control architecture

Extensible Authentication Protocol (EAP) defined by IETF (RFC 3748) is a flexible

framework which allows complex authentication protocols to be exchanged between
the end user and the authenticator.

In WiMAX, between the MS and the BS EAP runs over the WiMAX PHY and MAC
utilising the PKMv2 protocol as defined in 802.16e-2005. If the authenticator
function is not in the BS, the BS relays the authentication protocol to the
authenticator (in the Access Services Network).

From the authenticator to the authentication server (typically in the Home

Connectivity Service Network) EAP is carried over RADIUS.

RADIUS is a widely used standard. It has a client/server architecture and utilises UDP
messages. The authentication server is also the RADIUS server, whereas the
authenticator acts as a RADIUS client. In addition to authentication, RADIUS also
supports authorization and accounting functions.

12
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

Mobile WiMAX Network Architecture

W H I T E PA P E R

We will now consider this Mobile WiMAX network architecture as defined by the IEEE
802.16e-2005 standard from a security point of view and map the concepts from
earlier sections onto this network architecture.

Network Reference Model

Mobile WiMAX end-to-end network architecture model follows the Network

Reference Model (NRM), the first release of which is shown below. The NRM was
developed by WiMAX Forum’s Network Working Group (NWG).

R2
NAP HOME NSP
Network Access Provider Network Service Provider
Internet

BS
AAA HA
R6 ASPs
R1 IP R3
R8 ASN IMS
Mobile Station Cloud GW
(MS) (FA) IP Legacy Core
R6 Cloud CRM Billing
Networks
BS
ASN CSN
Access Service Network Connectivity Service Network
2G/3G Mobile
Networks
R4 R5

Other
Another ASN Operator’s
CSN

Figure 3 – Mobile WiMAX Network Reference Model

13
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

W H I T E PA P E R

Network Reference Model reference points are summarised in the table below:

R1 Interface between the MS and the ASN

Functionality: air interface
R2 Interface between the MS and the CSN
Functionality: AAA, IP host configuration, mobility management
R3 Interface between the ASN and CSN
Functionality: AAA, policy enforcement, mobility management
R4 Interface between ASNs
Functionality: mobility management
R5 Interface between CSNs
Functionality: internetworking, roaming
R6 Interface between BTS and ASN gateway
Functionality: IP tunnel management to establish and release MS connection
R8 Interface between Base stations
Functionality: handoffs

Table 3 – NRM Reference Point Summary

The IEEE 802.16e-2005 standard calls for the ability to manage subscriber mobility
at a number of layers as well as to authenticate, account and apply policy on a
per subscriber basis. This is achieved by dividing the WiMAX network into two
main parts:

• Access Service Network (ASN) and

• Connectivity Service Network (CSN).

The ASN consists of the WiMAX base stations and the ASN Gateway, whereas, the
CSN is at the core of the network providing control and management functions such
as AAA, DHCP, FTP and IMS.

A key element of the ASN is the ASN Gateway, which controls and aggregates the
traffic from one or more WiMAX base stations, and managing handover between
them, which includes maintaining authentication, service flows and key distribution
between base stations.

14
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

W H I T E PA P E R

ASN Profile C and Security

The NWG has defined three ASN profiles, referred as profile A, B and C from which
vendors and service providers can select their preferred solution. Profile A and C both
use centralized ASN Gateways, however, in Profile C the base stations are responsible
for implementing the Radio Resource Management (RRM) and Handover
management functions. Profile B embeds the key ASN functionality inside the base
station, which removes the need for a centralised ASN gateway. Recently Profile A has
been withdrawn leaving just Profiles B and C. Airspan currently offers profile C
compliant solutions in collaboration with the specialist ASN Gateway vendor Starent.
Airspan’s ASN Gateway portfolio is called ControlMAX.

Table 4 below maps the functionality split (including the security functionality) of ASN
between the BS and the ASN Gateway for an ASN profile C implementation.

Category Function ASN Profile C

BS ASN GW
Security Authenticator ¸
Authentication relay ¸
Key distributor ¸
Key receiver ¸
Handoff Data path function ¸ ¸
Management
Handover control ¸
Context server and client ¸ ¸
MIP foreign agent ¸
Radio Resource Radio resource controller ¸
Management (RRM) Radio resource agent ¸
Paging Paging controller ¸
Paging agent ¸
Quality of service SF authorisation ¸
SF manager ¸

Table 4 – ASN Profile C functionality split for

15
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

W H I T E PA P E R

For an ASN Profile C implementation, the interactions between the BS and ASN
Gateway over R6 for discharging the security functions are shown in Figure 5 below.

ASN (Profile C)

Base Station ASN Gateway

Authentication
relay protocol AAA Server
Authentication
Authenticator
Relay

Authentication
key transfer
protocol
Key receiver Key distributor

R6

Figure 5 – ASN Profile C security architecture

ASN and CSN Interaction for Security

Connectivity Service Network (CSN) is the core of the network. It controls and
manages the ASNs and the subscribers with a variety of services such as AAA, Home
Agent functions, DHCP server, etc. CSN is also responsible for connecting to other
operator’s networks and enables inter-operator and inter-technology roaming.

Figure 6 below shows the protocol stack for AAA in mobile WiMAX network
implementation. It is worth noting that EAP ‘layer’ operates over the R1/R3/R5
reference points and the EAP methods (AKA, TSL/TTLS) operate over R2.

16
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

W H I T E PA P E R

MS BS ASN GW AAA Proxy AAA Server

ASN Visited CSN Home CSN

EAP-TLS, EAP-TTLS, PEAP

EAP

PKM v2 EAP AAA Protocol

Authentication
802.16 relay encapsulation UDP/IP
protocol

Figure 6 – Protocols for Mobile WiMAX AAA

When authentications of both the end user and the device need to be performed and
these authentications terminate in different AAA servers, the favoured approach in
PKMv2 is to use EAP-TTLS instead of double authentication.

In double authentication, first device authentication then user EAP authentication

takes place before the MS is allowed access to IP services. In EAP-TTLS authentication
however, double authentication is dispensed with and by virtue of tunnelling to the
appropriate AAA server, the same AAA server is used for both, thus shortening the
authentication process.

17
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

W H I T E PA P E R

Service Flow Management and Authorization

Service Flow Management (SFM) and Service Flow Authorization (SFA) are the logical
functional entities, closely associated with QoS, located in the ASN that act as policy
enforcement and policy decision points. For ASN Profile C, the SFM function is
located in the BS and the SFA function is located at the ASN GW.

The Service Flow Manager (SFM) located in the BS is responsible for the creation,
admission, activation, modification, and deletion of IEEE 802.16e-2005 service flows.
It consists of an Admission Control (AC) function, data path function and the
associated local resource information. AC decides whether a new service flow can be
admitted to the system.

Service Flow Authorization (SFA) is located at the ASN GW and is responsible for
evaluating any service request against the subscriber's QoS profile. If the SFA already
has the user QoS profile then it evaluates the incoming service requests against the
user’s profile. If the SFA does not have the user profile then it sends the service
request to the Policy Function (PF) for decision making. The Policy Functions (PFs) and
its associated database reside in the CSN of both the home and the visited network.

18
Copyright Airspan Networks Inc. 2007
 Mobile WiMAX Security

Summary
W H I T E PA P E R

In this white paper we set out to de-mystify the whole topic of wireless security and
to put it into some kind context that makes it easier to understand the key concepts.

Security is of crucial importance in deploying a successful mobile WiMAX network. It

is an important issue both for the end users and the network operators and must be
addressed and resolved from Day 1.

In the past there have been well publicised security loopholes in security
implementations. IEEE 802.16e-2005 standard has embraced the lessons learnt and
has specified a comprehensive set of solutions. It is up to the equipment vendors,
systems integrators and network operators to work together to implement a
network-wide security policy appropriate for the network.

19
Copyright Airspan Networks Inc. 2007
W H I T E PA P E R

For more information about Airspan, its Airspan has sales offices in
the following countries:
products and solutions, please visit our
Europe
website:
Finland
www.aispan.com Poland
Russia
United Kingdom
Or write to us at one of the addresses below.
Middle East
United Arab Emirates

We will be delighted to send you additiopnal Africa

South Africa
information on any of our products and their
Asia Pacific
applications around the world.
Australia
China
Indonesia
Japan
Philippines
Sri Lanka

Worldwide Headquarters: Main Operations:

Airspan Networks Inc. Airspan Communications Limited
777 Yamato Road, Suite 105, Cambridge House, Oxford Road
Boca Raton, FL 33431-4408, USA Uxbridge, Middlesex, UB8 1UN, UK
Tel: +1 561 893 8670 Fax: +1 561 893 8671 Tel: +44 (0) 1895 467 100 Fax: +44 (0) 1895 467 101

www.airspan.com