Upload
sharon-parrish
View
220
Download
5
Embed Size (px)
Citation preview
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
““Securing WiMAX converged Securing WiMAX converged networks: threats and solutionsnetworks: threats and solutions ””
““Securing WiMAX converged Securing WiMAX converged networks: threats and solutionsnetworks: threats and solutions ””
M. TsagkaropoulosM. Tsagkaropoulos
Dept. Of Electrical and Computer EngineeringWireless Telecommunications Laboratory
University of PatrasPatras 26500
GreeceTel: +30-2610-997301Fax: +30-2610-997302
Email: [email protected]
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Agenda:
WiMAX implementation
Security Architecture of 802.16 (WiMAX)
Vulnerabilities and possible solutions
Open Issues
Conclusions
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
1990 1995 2000 2005 2010 2015
Fix
edM
ob
ile
Po
rtab
le
modemPSTN
14.4 kbps
ISDN64 kbps
modemPSTN
56.6 kbps
ADSL256 kbps516 kbps
xDSL2 Mbps
GSM9.6 kbps
HSCSD28.8 kbps
GPRS40 kbps
EGDE384 kbps
W-CDMA384 kbps
W-CDMA2 Mbps
HSDPA10 Mbps
OFDMA50 Mbps
802.11b10 Mbps
802.11g56 Mbps
802.1670 Mbps
Broadband technology starts about here
Change of Telecoms TrendsChange of Telecoms Trends
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Converged Network ConceptConverged Network Concept
IP Network
ManagementControl Signalling
APWiMAX
GGSNSGSN
UMTS/WCDMA
AP
WLAN
AAA
Application
Policing
ServerFarm
Internet
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
What is WiMAX ?• WiMAX - Worldwide Interoperability for Microwave Access• WiMAX: broadband wireless network based on IEEE 802.16 standard,
which ensures compatibility and interoperability between broadband wireless access (BWA) equipment.– Efficient range of up to 48km.– Provides wireless last-mile broadband access in the Metropolitan Area
Network (MAN).– Performance comparable to traditional cable, DSL, or T1 offerings– Enables non line-of-sight performance - broadband network access widely
available without the expense of stringing wires.
• WiMAX Key points: High speed of broadband service Wireless rather than wired access Broad Coverage
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Security Architecture of WiMAX (1)
• IEEE 802.16 specifies the PHY Layer and MAC Layer for BWA
• MAC Layer sublayers:– Service Specific Convergence Sublayer : maps higher level
data services to MAC layer service flows and connections.– MAC Common Part Sublayer : rules and mechanisms for
system access, bandwidth allocation, connection management and QoS decisions for transmission scheduling.
– Security Sublayer : provides:• privacy, authentication, and confidentiality • protects against unauthorized access to data transport services
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
Security Sublayer
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Security Architecture of WiMAX (2)
• The security architecture of WiMAX is based on two component protocols :– an encapsulation protocol: defines a set of supported
cryptographic suites and the rules for applying those algorithms.
– a key management protocol (PKM) : synchronize
keying data between Subscriber Station (SS) and Base Station (BS); the BS enforces conditional access to network services.
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Security Layer basic components
• Security Associations (SA)
• X.509 certificates
• Privacy Key Management (PKM) authorization protocol
• Privacy Key Management protocol
• Encryption
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Security Analysis• Improvements:
– Robust protection in the form of certificate-based encryption
– X.509-based PKI (public key infrastructure) certificate authorization
• Base station validates the client’s digital certificate before permitting access to the physical layer.
– Protection of integrity of data traffic
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Vulnerabilities(1)• Physical threats
– JammingJamming :insert noise strong enough to decrease the capacity of the channel dramatically.
– ScramblingScrambling: similar to jamming but it targets to specific frames or part of frames for short intervals of time.
– Insert malicious dataInsert malicious data: properly tuned transmitter can write on to the channel.
Possible solutions– Increase the power of signals or their bandwidth (spreading
techniques, powerful transmitter or high gain transmission antennas and high gain receiving antennas)
– Mechanism to authenticate the data received
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Vulnerabilities (2)• MAC threats
– Lack of mutual authentication between the SS and the BS
• Eavesdropping of management traffic or user traffic• Replay Attack: repeat messages
– Denial of service (DoS) attacks
Possible solutions– Transient information in the message ( timestamp or a serial
number)– Forward Error Correction mechanisms– Enhanced authentication mechanisms
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Open Issues• Mutual authentication of communicating entities
(issue of appropriate certificates)
• Secure encryption scheme of 802.16
• Data encryption that adopts: confidentiality, data origin authentication, (connectionless) data integrity, anti-replay service.
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Conclusions• WiMAX has a potential market:
Basic component of last mile connections in upcoming NGN Networks
• Successful only if:Ensured security of end-to-end communicationsAdvanced security implementation
NEXT STEPNEXT STEP Review of current security infrastructure Mobility schemes that guarantee security and QoS
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
Wireless Telecommunications LaboratoryWireless Telecommunications LaboratoryM. Tsagkaropoulos M. Tsagkaropoulos [email protected]@ece.upatras.gr
“Securing WiMAX converged networks: threats and solutions”
Thank you for your attentionThank you for your attention
UNIVERSITY OF PATRASUNIVERSITY OF PATRASDepartment of Electrical & Computer EngineeringDepartment of Electrical & Computer Engineering
WirelessWireless Telecommunication LaboratoryTelecommunication Laboratory
Michail TsagkaropoulosMichail Tsagkaropoulosmailto: [email protected]
http://www.wltl.ee.upatras.gr/multimedia_security