Design and Improvement in WiMAX 3G
security using Multiple Keys
Yogesh Gedam M-tech Student,
Department of Electronics & Telecom. Engineering, PCE College, RTM University,
Nagpur, India
Dr.S.D.Chede Professor and Head of the Dept.,
Department of Electronics & Telecom. Engineering, PCE College, RTM University,
Nagpur, India
Abstract—The IEEE specified some powerful standards for WiMAX security based on security control including PKM-RSA. Many sophisticated authentication and encryption technique have been added but secure technology does not constitute itself a secure end to end network, consequently WiMAX network unable to protect against criminal and malicious exploitation of network infrastructure. Most of the MAC management messages are never authenticated in privacy and key management protocol. An introdure can steal some valuable information to interrupt or destroy particular services.
This paper presents a multiple key concept in privacy and key management protocol to enhance the security in Wireless communication.
NS-2 is a popular tool for wireless sensor network and mobile ad-hoc network. The platform in which the proposed work and methodology is carried out on NS-2 software.
Keywords-WiMAX; MAC module; Key management; 802.16, Multiple key
1. Introduction
In last decade there has been great evolution in Wireless technology. WiMAX (Worldwide Interoperability for Microwave Access) is an emerging technology used for deploying broadband WMAN (wireless metropolitan area network). WiMAX works in same manners as Wi-Fi but the difference between them is high speed, larger distance, and large number of users. The radio link between WiMAX node support Non Line of sight and line of sight (LOS) signal propagation. For interconnection between different WIMAX tower in LOS link microwave link can be used [2]. Link from WiMAX system are generally harder to
attack than NLOS. In WiMAX NLOS system provides
wireless coverage over large geographic region. It supports both Fixed (2-11 GHz range) as well as mobile (2-6 GHz range) operations. The 802.16 (WiMAX) is one of the standard which promises to provide all these facilities. The original purpose of 802.16 technologies was to provide last-mile broadband wireless access. It was first released in April 2001then after being revised several times. In 2004 standard 802.16d was released which support fixed wireless access. It means that a user device is supposed to be in specific geographical areas. In 2005, IEEE 802.16e was released to address the mobility. It supports the handover between BS while communicating. WiMAX technology has attracted significant attention because of long transmission range and it provides higher speed at longer distances and network access anytime, anywhere [11].
• WiMAX offers high bit rate
• Originally, it was designed for fixed communication
• 802.16e is the mobile Wireless MAN standard
The task of securing 3G wireless networks and system is challenging one. Strong security mechanism is needed for core network, the application server, and to secure the end user. KEY management for 3G mobile wireless devices support network architecture as well as security issues of accessing the Internet from fixed location. It offers flexibility and mobility also [3].
This paper also discussed the class hierarchy of MAC connection and proposed some improved techniques for the performance & security. Section II gives an overview of MAC 802.16; Section III we briefly discussed about existing model for PKM. Section IV New proposed protocol for PKM using multiple keys. Section V presents simulation and analysis for proposed mechanism.
2. Class Hierarchy Of Mac (802.16e)
The WiMAX architecture is based on two layers of OSI model. Physical layer is the first layer in WiMAX structural design and second layer is MAC LAYER. MAC layer consists of convergence sub layer, common part sub layer, security layer. Convergence sub layer is used to transform and record the mapping the connections for requesting packet. MAC Sub layer maintain the MAC operations and management operations such as ranging, fragmentation etc [3][10].
Common part sub layer and privacy sub layer are strongly connected to each other. The entire security 802.16 lies in the privacy sub layer. This layer provides access control and confidentiality to the data link layer. The privacy and key management protocol is designed and developed in security layer for security point of view.
Fig 1. Class hierarchy Mac Connection
The class hierarchy of MAC connection [3] is based on the NS-2 version 2.29 as shown in the figure. It shows the interconnection of NS-2 with WiMAX module. The packet is transmitted through air interface. If the packet is not control packet then it will process for defragmentation and send to Link layer. At application layer the traffic generating agent simply classify the priorities. The entire packet is forwarded to priority queue. If the packet is in control packet then MAC would find the proper CID. If valid CID is found then MAC put the packet in connection queue and process further.[3]
3. Existing Model for PKM
3.1 PKMv2 authorization protocol
Privacy and key management protocol is based authentication and re-authorization. The MS and BS act as PKM client and PKM server respectively. MS request to access the network and BS authorized the connection. After initial network entry PKMv2 check for reauthorization periodically. MS sends authorization information to BS. It consists of X.509 digital certificate that can identify itself to the BS [1].
Immediately the MS sends an authorization request message to BS. It consists of authorization Key and secret security association ID. After having proved the identity of MS, the BS sends authentication reply to mobile station. It activates AK. AK encrypted with RSA based algorithm with SS’s public key. Authentication Key has sequence number which is used to distinguished between successive generation of AK
Fig 2. PKMv2 Authorization protocol
PKMv2 is based on mutual authentication protocol. It is protocol in which each communicating parties mutually convince each other by its identity and exchange the session keys. After validating the message from BS, the SS sends the acknowledgement message with MAC address (MACSS) of the subscriber station.
3.2 PKMv2 Hybrid approach
802.16e proposed PKMv2, in which it shows 3 way authentications. One way authentication, two way authentication, three way authentication [5]. One way authentication provides SS certificate to BS . In two way authentication which provides mutual authentication between communication parties and three way authentication gives confirmation message to BS from SS station. Both timestamp and nonce can be used in X.509 certificate.
If message consists of Timestamp it means it appears as a fresh and is closer enough to knowledge of the current time. Timestamp is used to synchronized the BS and MS.
AK KeyI SAID
Authorization Acknowledgment
CerSS I AK SeqNo I Life time I SAID I Cer BS I Sign BS
Authorization request Authentication information
X.509 certificate
Authorization reply
MACss IEncryptAK I MAC BS
Fig 3. Authorization protocol l of PKMv2 Hybrid approach
This is better option to prevent reply attack. In three way authentication the Nonce N is included in message from SS to BS. Timestamp does not necessary to check as nonce from both parties is sent back to each other. To prevent the reply attack both parties can check the replied nonce. The attack on PKMv2 is interleaving attack and simple reply attack. First without signature by SS the request message is easy to be modified called simple attack. Second signature is provided to SS message is authenticated but still attack exist.
If the clock mechanism of one of the party fail to synchronizes then the attack will arise.
4. NEW APPROCH FOR PKM USING MULTIPLE KEYS
The BS and MS are following certain steps to establish the connection. Security association, authorization, Exchange of Keys and data encryption are followed in sequence. whenever the BS and MS are within the range and want to communicate with each other, it generates a different key each time for authentication [13].
TS I N IAK KeyI SAID
Authorization Acknowledgment
TS IN ICerSSI AK SeqNoI Life
time I SAID I Cer BS I Sign BS
Authorization request Authentication information
X.509 certificate
Authorization reply
TS I NIMACss IEncryptAK I
Fig 4. Authorization protocol of PKMv2 Multiple keys
This Key is encrypted and decrypted with AES-CCM algorithm. Certain steps are as follows:
(1) SS - BS: MS sends a digital certificate X.509 to BS for authentication purpose.
(2) SS - BS: MS sends authorization request message to the BS.
(3) BS - SS: In reply to the message, BS is used to check
the SS is legitimate or not. It generates authorization keys if true MULTIPLE KEY CONCEPT
(4) SS – BS: SS and BS have N number of SEED. SS generate random number of keys. The Keys should be in stream format. It is in the interval of [0 to 1].Length of KEY is 8 byte.
Yes NO MS Cer t Encrypted Data Traffic AuthorizationRESP msg
AK KEYS (AES-CCM),keys lifetime Key rejcted Initiating authorization X.509 certificate MUL TIPL E KEY Authorization request
X.509 certificate security capb
.
AK Genrate
BS
Cert. Veri KEY KEY BS Verify ? Key Encryp ted & decrypt ed with AES-CCM algo Random Key
Random key (stream format)
NO
Yes
(5) BS –SS: BS has N number of seed. BS will verify the key and allow for Communication if key is matched. if key is matched. If key is
allotted to another SS then key will be rejected
Data should be encrypted with AES-CCM algorithm. The MS uses the AK to determine the KEK and HMAC key. The sequence number of the AK implicitly belongs to the HMAC keys as well. Secure communication is established between two parties after exchanging the key successfully. For encryption the data the AES-CCM mode used to avoid the error and starts the exchange of information.
5. Simulation Set up for NS2
NS-2 is a discrete event network simulator for computer network and network protocol. We use ns-2 simulator tool for our simulation and performance analysis.
Fig 5. Snapshot of simulation topology
The graph shows number of node is 20in which it consists of 2 Base station , node 13,6, 8are attacker ,remaining are the mobile station. The BS has covers 20m area and field size is 670by 670. The simulation time is 10 second. The graph shows that each node are trying to communicate with BS.The drop packet is represented by black dot is shown in figure.The packet is drop due to attack or due to congesion of network.
Simulation parameter is as shown in figure.
Table 1. System Time parameter
Parameters RSA AES-CCM
Number of Node n-13 ,bs 2 n-13 ,bs 2
Packet Size 1000 1000
Packet Delay 0.929766 0.020455
Throughput 67.51% 87.56%
Key Size 1024 128
6. Performance criterion for NS2
Following important parameters are evaluated:
(1) Network load: Number of packet sent per second
(2) Packet delivery Ratio: Packet delivery ratio is calculated by dividing the number of packets received by the destination through the number of packet is generated.
(3) Average end to end delay: Average end to end delay of data packet is the average difference between the time a packet is originated and the time packet is received.
7. Simulation result and Discussion
We have simulate the proposed methodology is on NS-2.A large number of trace file is generated and analyzed. We have simulated both RSA and AES-CCM algorithm with multiple keys on NS-2(2.29) and finally some of the scenario is plotted on GNUPLOT. We have taken parameter as throughput of number of sending and receiving packet, end to end delay, key size, data transmission rate.
A. SCENARIO 1:
The figure 6 shows that Delay vs. packet size. The graph shows minimum packet size is generated is 28 byte for AES-CCM algorithm and MAX packet size is 610 byte. The average delay is required for AES-CCM is 0.097sec and for RSA algorithm required 0.9 second. AES-CCM algorithm with multiple keys gives better performance
than RSA algorithm. .
B. SCENARIO 2 & 3:
The figure 7 & 8 show that the No. of Packet is generated and No. of packet is received by both the algorithm. We can observe from both the graph for AES-CCM, there is no more fluctuation as compared to RSA. The total number of packet is sending is 7255 where as total number of packet is receiving is 6845. The minimal packet size is 28 where as maximum packet size is 610
C. SCENARIO 4:
II. GRAPHICAL RESULT ON GNUPLOT
Figure 6. Packet Size Vs Delay
Figure 7. Throughput of number of sending packet VS simulation time
Figure 8. Throughput of number of receiving packet VS simulation time
Figure 9. Throughput of loss packet VS simulation time
III. CONLUSION
WiMAX provides a robust user authentication, access control, data privacy and data integrity using sophisticated authentication and encryption technology. In this paper we have compared the performance of RSA algorithm and AES-CCM algorithm using multiple keys for on NS-2 simulator. Both these algorithm are used for encryption and decryption the packets. In proposed algorithm the security is enhance by using multiple keys. By using AES-CCM with multiple keys gives better performance than RSA algorithm.
IV. REFFERENCES
[1] A. altaf, M.younus Javed, A. ahmed “ Security enhancements for Privacy and Key Management Protocol in IEEE 802.16e-2005,”Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing [2] T. L. Singal “Wireless communication,” chapter 14Emerging wireless network technology.
[3] F.Chee-Da Tsai, J. Cheny, C.W. Chang, W.J. Lien, C. H. Hung, and J.H. Sum “Design and implementation o fwimax Module for ns-2 Simulator,”Departmentof Computer Science and Information Engineering Chang Gung University, Kweishan, Taoyuan, Taiwan, R.O.C.
[4] F. Yang1, H. Zhou, L. Zhang, J. Feng “An improved security scheme in WMAN based on ieee standard 802.16”School of Computer, Wuhan University,Wuhan, China
[5] S.Adibi, B.Lin, P.Han Ho, G.B. Agnew,“Authentication authorization and accounting (AAA) Schemes in WiMAX,” University of Waterloo, Broadband Communication Research Centre (BBCR) 200 University West Ave, Waterloo, Ontario Canada, N2L 3G1 [6] Frank, A Ibikunle “Security issues inmobile wimax(IEEE 802.16)” Covenant university,electrical and information engineering
department ota
[7] P. Rengaraju, C.H. Lung, “Analysis on mobile wimax security,” Information Assurance in Security and Privacy, September 27-29, 2009l. Toronto, Ontario, Canada.
[8] L. W .,W. R.Sheng“A Simple key management scheme base on wimax”2008 International Symposium on Computer Science and Computational Technology
[9] L. Cuilan
”
“A Simple encryption scheme based on wimax,”Department of Electronics Jiangxi University of Finance and Economics Nanchang, China[10] M.Nasreldin, H.Aslan, M. El-Hennawy A. El-Hennawy,“WiMax Security” 22nd International Conference on Advanced Information
Networking and Applications - Workshops
[11] R. Kumar Jha, Dr U. D. Dalal “A Journey on wimax and its security issues,”(IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 1 (4) , 2010, 256-263Electronics and Communication Engineering Department, SVNITSurat, Gujarat, India
[12] C.T.Dogaru “Wimax network security plan,” Telecommunication Department, Electronics, Telecommunications and Information Technology Faculty, University POLITEHNICA of BucharestBucharest, Romania
