[NORMAL] Security Model in WiMAX Network

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 2, Issue 12, December 2012)

758

Security Model in WiMAX Network

Er. Dharminder Jeet Singhᵃ, Er. Rajneesh Narulaᵇ, Er. Mandeep Kumar

c

ᵃ [email protected], Adesh Institute of Engineering & Technology, Punjab, India ᵇ [email protected], Adesh Institute of Engineering & Technology, Punjab, India

c_{[email protected], Ferozepur College of Engineering & Technology, Ferozepur, India}

Abstract: WiMAX is Wireless system which has large ability to send and receive data over number of networks from one place to another for Microwave Access. With the help of this technology we can send and receive data from one place to another place which include longer distance between different terminals by using without any physical connection between these terminal that is by using wireless technology over different networks. It is a technology which is popularly using for data communication between different networks that is static network and dynamic network. Static network is that which cannot move that is base stations (like network towers or land line networks). on other hand the dynamic network is that which has no stable position at one place that is mobile networks(like cellular network). It is a telecommunication technology . To avoid the data losses in between two stations i.e mobile station and base station we have focused on mobile Wimax. In the high speed networks we are proposing the security technique caleed senority base pretty good privacy We have analysed the proposed technique with an existing scheme for soft handover in wimax with simulation results. Throughput, End to End delay and Packet delivery fraction are main parameters to determine quality of service. These parameters are also analysed and compared with simulation results

I.INTRODUCTION

In communication industry, the mobile use of devices is increasing rapidly. Mobility is in trend. Users want to have access to same services as provided by traditional wired technology (high speed internet: broadband) no matter where they happen to be. So we need a mobile device that provides seamless high speed broadband access to users, which is provided by mobile wimax.

The development of network supporting mobility requires the ability of a device to change the serving base station according to the movement of the user. This procedure called handover has to be performed without any disturbance in the connection that is without any data loss and maintaining the confidentiality between the MS and BS‟s. A very likely usage scenario could be a user traveling in a car which means that the communication and handovers is needed to be supported even when the car is moving with high speed. Another consideration with mobile device is limited power resources. The batteries can carry only certain amount of charge and needs to be recharged on regular basis.

[image:1.612.342.550.433.683.2]

(2)

International Journal of Emerging Technology and Advanced Engineering

759

1.1 NETWORK

ARCHITECHTURE

OF

WIMAX

The key property of Mobile Wimax is the all-IP (both IPv4 and IPv6) platform which leaves out the traditional circuit switched alternatives. This allows financial saving as there is no need to maintain both types of core networks. The Wimax Forum has established a Network Working Group (NWG) that defines a the Network Architecture of Wimax as shown in figure.

Fig 1.2

1. MS is Mobile Station or user equipment. 2. BS is Base Station.

3. ASN is Access Service Network. It is also known as Network Access Provider (NAP).

4. CSN is Connectivity Service Network

5. ASN-GW is Access Service Network Gateway. It is also known as Access Concentrator (AC).

The architecture of mobile WiMAX is consists of mobile stations (MS) that communicate freely via radio link with base stations (BS) which act as relays with the terrestrial

infrastructure of IP network. The

base stations

themselves are connected to the network

element called ASN that manages their

connection with the IP network.

1.2.1 ACCESS SERVICE NETWORK (ASN)

The function of ASN is to manage MAC access functionality such as paging, locating, Radio Resource Management (RRM) and mobility between base stations. The ASN consist of one or several ASN Gateways and base stations that supplies WiMAX radio coverage to a geographical area. ASN manages the WiMAX radio links only, leaving much of the high level management to the CSN. The ASN Gateway serves as the interconnection between ASN and CSN. This logical partition of the access network from the service network enables individual access networks to be deployed, e.g in the case of where several NAP (Network Access Provider) can form cooperation or contractual roaming agreements with each other or one or several NSP (Network Service Provider).

1.2.2 CONNECTIVITY SERVICE

NETWORK (CSN)

It is a set of network functions that provide IP connectivity to WiMAX mobile stations. The CSN contains gateways for Internet access, routers, servers or proxies for AAA, IP-allocation, user databases, and internetworking devices. It manages admission and policy control, mobility between ASN and specific WiMAX services such as Location Based Services or Law Enforcement Services.

The user can then use the service provider‟s network or roam to networks deployed by other companies as long as the home network has a roaming agreement with the visitor network. The foreign ASN uses either its own management functions of the foreign CSN, and proxies them to the home network, or communicate directly with the home network CSN.

1.3 NETWORK REFERNCE MODEL OF

WIMAX

The WiMAX Forum's Network Working Group NWG) develops the end-to-end network requirements, architecture, and protocols for WiMAX, using IEEE 802.16e-2005 as the air interface.

The WiMAX NWG has developed a network reference model to serve as an architecture framework for WiMAX deployments and to ensure interoperability among various WiMAX equipment and operators.

M S

(3)

International Journal of Emerging Technology and Advanced Engineering

760

The network reference model shows a unified network architecture for supporting fixed, nomadic, and mobile deployments and is based on an IP service model. Below shown is simplified IP-based WiMAX network architecture. The overall network may be logically divided into three parts:

1. Mobile Stations (MS) are used by the end user to access

the network.

2. The access service network (ASN), which comprises one

or more base stations and one or more ASN gateways that form the radio access network at the edge.

3. Connectivity service network (CSN), which provides IP connectivity and all the IP core network functions. The network reference model developed by the WiMAX Forum NWG defines a number of functional entities and interfaces between those entities. Fig below shows some of the more important functional entities

1.3.1 Base station (BS):

The BS provides the air interface to the MS. Additional functions that may be part of the BS are micro mobility management functions, such as handoff triggering and tunnel establishment, radio resource management, QoS policy enforcement, traffic classification, DHCP (Dynamic Host Control Protocol) proxy, key management, session management, and

multicast group management

.

1.3.2 Access service network gateway

(ASN-GW):

The ASN gateway typically acts as a layer 2 traffic aggregation points within an ASN. Additional functions that may be part of the ASN gateway include intra-ASN location management and paging, radio resource management and admission control, caching of subscriber profiles and encryption keys, AAA client functionality, establishment and management of mobility tunnel with base stations, QoS and policy enforcement, foreign agent functionality for mobile IP, and routing to the selected CSN.[10]

.

Fig 1.3 [10]

1.3.3 NETWORK REFERENCES

1) R1 is Interface between Mobile station (MS) and the Access Service Network (ASN) as per the Air Interface specification. R1 may include additional protocol related to the management.

2) R2 is Interface between the MS and the (CSN)

Connectivity Service Network associated with authentication, Service Authorization, IP Host Configuration management and Mobility Management. This is a logical interface thus does not reflect a direct protocol interface between MS and CSN.

3) R3 is Interface between the ASN and the CSN to support AAA, Policy enforcement and mobility management capabilities. It also encompasses the bearer plane to transfer IP data between the ASN and the CSN.

4) R4 consists of a set of control plane and bearer

plane protocols originating/terminating in various entities within the ASN that coordinates MS mobility between ASN‟s.

5) R5 consists of a set of Control plane and

tunnelling protocols for internetworking

between CSN‟s operated by either the Home or Visited NSP.

6) R6 consists of a set of control plane and bearer

plane protocols for communication between the BS and the ASN GW. The bearer plane consists of Intra ASN data Path and Inter ASN tunnels between the BS and ASN GW.

7) R8 consists of a set of Control Plane message flows and, in some situations, bearer plane data flows between the BS to ensure fast and seamless handover.

1.3.4 Network Access Provider (NAP)

It provides the infrastructure for radio access to one or more providers of network services. It can control one or more ASN (Access Service Network) which is composed of one or more BS and one or more gateways.

1.3.5 Network Service provider (NSP)

[image:3.612.70.293.588.696.2]

(4)

International Journal of Emerging Technology and Advanced Engineering

761

1.4 MOBILE WIMAX

Mobile WiMAX, built to fulfil requirements for mobile

broadband applications, presents the following

advantages over all other mobile and broadband technologies:

1.4.1 Mobile IP (MIP)

algorithms include elements such as home agents that allow seamless handover when a subscriber moves from one coverage area to another. With complete set of IP functions and interfaces as part of the standard, Mobile WiMAX enables the delivery of IP based services, while maintaining end-to-end quality of service (QoS). Core networks based on IP routers and switches are lower cost and easier to install and operate than other alternatives.

1.4.2. Scalable Transmission Coding

–

by offering several options for each device, mobile WiMAX maximizes the performance, service availability and quality. Each device can communicate with the closest base station using one of various transmission coding schemes depending on signal quality, interference, its internal processing capabilities, and many other parameters. The coding also adapts periodically to match the current status of the device.

1.4.3. Spectral Efficiency

–

combining the latest transmission coding schemes with several channel size options (up to and including 20 MHz) and the ability to group sub-carriers allows operators to use their available spectrum in the most efficient manner.

1.4.4. Advanced over-the-air QoS

–

offering multimedia services, which combine voice, data, and video in a single air link to numerous users means that QoS is critical for the proper operation of the network. As WiMAX is all IP, QoS correlation between the IP network and broadband services, most of which are IP based, is straightforward. QoS over-the-air is part of the mobile WiMAX standard in which a design transmission scheduler is used to ensure proper QoS for each service.

1.4.5. Non line-of-sight (NLOS) and Smart

Antennas

–

enabling communication through walls and other physical obstacles in both urban and rural environments, mobile WiMAX is a true NLOS technology. Employing smart antenna technology, mobile WiMAX maximizes the number of services delivered and their quality regardless of operating environment. [10]

Security Parameter in wimax with SBPGP

PGP-Based Solutions

The „Public Key Infrastructure‟ (PKI) is the most scale able form of key management. Several different PKI techniques exist, such as SPKI, PGP and X.509. Various forms of these PKI techniques have been proposed for use in ad-hoc networks. Ref. [9] on security architecture proposes the use of a group-oriented PKI for large group formation. The leader of the group acts as a

„Certificate Authority‟ (CA), which issues group

membership certificates. These are said to be SPKI-style certificates. They certify that the public key in the certificate belongs to a group member. However, this is not useful for two-party communications or non group-oriented tasks. on self-organized public key certificate management works like PGP [9], which allows users to create, store, distribute, and revoke their public keys without the help of any trusted authority or fixed server. This system does not assign specific missions to a node or subset of nodes (i.e. all the nodes have the same role). In this system, like in, users‟ public and private keys are created by the users themselves. It is assumed that each honest user owns a single mobile node. Hence the same identifier is used for the user and the other node (i.e. both being denoted by u). Unlike in PGP, where certificates are mainly stored in centralized certificate repositories, certificates in proposed system are stored and distributed by the nodes in a fully self-organized manner. Each certificate is issued with a limited validity period and therefore contains its issuing and expiration times. Before a certificate expires, its issuer issues an updated version of the same certificate, which contains an extended expiration time. This updated version is called the certificate update. Each node periodically issues certificate updates, as long as its owner considers that the user-key bindings contained in these certificates are correct. In this system, key authentication is performed via chains of public-key certificates in the following way: When a user u wants to obtain the public key of another user v, he / she acquires a chain of valid public-key certificates such that

1. The first certificate of the chain can be directly verified by u, by using a public key that u holds and trusts (e.g. her own public key).

2. Each remaining certificate can be verified using the public key contained in the previous certificate of the chain.

(5)

International Journal of Emerging Technology and Advanced Engineering

762

In this system, the certificate revocation is an important mechanism. It enables two types of certificate revocation: explicit and implicit. The issuer explicitly revokes a certificate by issuing a revocation statement and by sending it to the nodes which stored the certificate in question. The implicit revocation relies on the expiration time contained in the certificates. Every certificate whose expiration time passes is implicitly revoked; this second mechanism is straightforward, but requires some loose time synchronization of the nodes.

The quest for security in WIMAX led a PGP type PKI. In PGP, any node can issue a certificate and as such it allows a completely distributed architecture, apart from the central repository, which holds these certificates. It proposes a scheme to avoid the need for a central repository of certificates in the PGP system. This scheme involves each node keeping mini-repositories, which hold all the certificates the node issues and all the certificates issued on it. When nodes A and B meet, they merge their mini-repositories. The repositories are constructed according to the „Shortcut Hunter algorithm‟ . This algorithm constructs repositories such that two nodes merging repositories have a high probability of finding a chain of certificates between them if one exists. This scheme is useful in a civilian environment where delegation of trust through a number of nodes is acceptable. Let the notation A → B mean that A trusts B. Then what the implications A → B, B → C, C → D and

D → E signify is that A chooses to trust E i.e. A → E. An alternative approach is to use a Certificate Authority (CA) to issue certificates. A CA is a third party trusted by all in the system, which effectively eliminates the need for a repository of certificates. Rather than finding a certificate linking A → B → C → D → E, one simply recovers the certificate A → E. As such, the CA can be seen as a one-hop shortcut through the web of trust. The problem with this is the CA must be trusted by all and becomes a single point of failure in the event of an attack..

THE SB-TRUST MODEL

In PGP‟s “web-of-trust” model [9], each entity manages its own trust based on direct recommendation and seeks to further quantify the notions of trust and recommendation it uses a seniority-based (SB) trust model which is as follows. Trust management and maintenance are distributed in both space (k) and time (T) domains in the SB-model. Thus SB-model describes a seniors-securing approach to node authentication in WIMAX. In other words, the parameter T characterizes

the time-varying feature of a trust relationship, while k

signifies the number of senior nodes required to work as

CA. An entity is trusted if any k trusted available senior entities claim so within a certain time period T. Once a node is trusted by its senior group, it is globally accepted as a trusted node. Otherwise, if the seniors distrusted an entity then it is regarded as untrustworthy in the entire network. If a node cannot find k senior nodes in certain network, it may roam to meet more nodes or wait for new senior nodes to move in.

CONSTRUCTION OF SB-PGP MODEL

In this work, we apply the SB-model for issuing PGP type certificate. Let us consider a WIMAX, to be established, for instance, in a conference where people having mobile nodes communicate with one another having insecure wireless channel. I assume N mobile nodes, and N may be dynamically changing as mobile nodes join, leave, or fail over time. Among them, some of the nodes that joined in the beginning are considered as senior nodes and later joining nodes are considered junior nodes but the size of senior nodes group may increase dynamically and sequentially according to the size of network. Besides, N is constrained if there may be a large device population otherwise not.

 Specifically, for the model construction, we

make the following assumptions:

 Each node has a unique nonzero ID and a

mechanism to discover available senior member nodes of the network.

 Communication with senior nodes is more

reliable compared with junior nodes of the networks.

 Mobility is centralized by a maximum node

moving speed Smax .

 Each senior node is equipped with some local detection mechanism to identify Misbehaving nodes among its surrounding nodes, e.g. those proposed in [6, 1].

 All nodes are maintaining the seniority table like routing table.

(6)

International Journal of Emerging Technology and Advanced Engineering

763

type certificate and issue it to a newly incoming node after satisfying its information in T time. In other words, the parameter T characterizes the time-varying feature of a trust relationship, while k signifies the number of senior nodes required to sign on PGP certificate or work as CA. An entity is trusted if any k trusted available senior entities then it is globally accepted as a trusted node, Otherwise, untrustworthy for the entire network. The architecture of the model resulting from these assumptions is given in the following section.

ARCHITECTURE OF SB-PGP NETWORK

Consider a SB-trust model and introduce the PGP type certification design, which is based on the de facto standard RSA. Now what is the structure of group of senior nodes working as CA. To see this, consider a network environment which does not follow a hierarchical or centralized control and fixed infrastructure and all member of the network are equivalent in terms of status. In this model functionality of the CA is performed by two or more senior most nodes of the network. These senior nodes collectively sign on the certificate of a new node, after satisfying themselves about its information. PGP type certificate is signed by more then one node. The size of CA nodes increases dynamically. Initially we divide our ad-hoc networks nodes in two groups, senior group SN and junior group JN. The size of senior group increases dynamically. Let

SN = ceiling (N × M %) + 1 (1a)

Where SN = (set of senior nodes in senior group) N = (total number of nodes in ad-hoc network) (1b)

SCA = (set of nodes required for CA functionality)

M = (variable %).

Notice that M can change according to security level required in the networks. If M increases then the size of the senior group increases and availability of the networks also increases. However, security of the network decreases, because if the seniority number of a node is lower down, then its confidence level is also down.

SCA = ceiling (SN × K%) + 1 (2a)

Where

SCA = (umber of senior most nodes required in the network for CA)

SN = (senior-most nodes)

K = (Variable %) (2b)

K : Depends on M. K can change according to security level required in the networks. If K increases then the number of nodes require for CA also increases and security of the network increases but availability of the CA of network decreases. Here SCA is number of senior most nodes require for CA to sign on the certificate for new reliable node. The signature procedure by each senior node of CA is done sequentially[9].

Again, notice that the junior group consideration involves a dynamic topology, which is proportional to the network size and senior group size. Consequently, the size of junior group (JN) will grow with the difference of growth in total number of nodes (N) of the network being considered and the growth in size of senior group (SN),

which results in the following equation JN = N – SN .

REFERENCES

[1] Zdenek Becvar, Jan Zelenka, Implementation of Handover Delay Timer into WiMAX, (http://fireworks.intranet.gr).

[2] IEEE P802.16e/D12, “Air Interface for Fixed and Mobile Broadband Wireless Access Systems: Amendment for Physical and Medium Access Control Layers for Combined Fixed and Mobile Operation in Licensed Bands”, October 2005.

[3] Arpan Mandal, Mobile wimax: pre-handover optimization using hybrid Base Station selection procedure, University of Canterbury, 2008.

[4] Andrews, J. G., A. Ghosh, Fundamentals of WiMAX : Understanding broadband wireless networking, Prentice Hall ,et al. (2007).

[5] T. Bchini, N. Tabbane, E. Chaput, S. Tabbane and A-L. Beylot, Performance of Soft Handover – FBSS Compared to Hard Handover in case of High Speed in IEEE 802.16e for Multimedia Traffic, 5th International Conference: Sciences of Electronic, Technologies of Information and Telecommunications March 22-26, TUNISIA 2009.

[6] IEEE Std: “Air Interface for Fixed and Mobile Broadband Wireless Access Systems,” IEEE 802.16e, Part 16, February 2006.

[7] HyangDuck Cho, JaeKyun Park, Keumsang Lim, Jongha Kim, Wooshic Kim,The Mobile Controlled handover method for Fixed Mobile Convergence between WLAN, CDMA and LAN. [8] Liu, Zhou,Challenges and Solutions for Handover Issues in 4G

Wireless Systems, An Overview.

(7)

International Journal of Emerging Technology and Advanced Engineering

764

[10] WiMAX Forum. “WiMAX End-to-End Network Systems

Architecture,” Draft Stage 2: Architecture Tenets, Reference Model and Reference Points, June 2007.

[11] Youngbin Im, Hakyung Jung, Ji Hoon Lee, Vertical Handovers in Multiple Heterogeneous Wireless Networks: A Measurement Study for the Future Internet.

[12] Zdenek Becvar, Jan Zelenka ,Handovers in the Mobile WiMAX. [13] Michael Carlberg Lax and Annelie Dammander ,WiMAX - A

Study of Mobility and a MAC-layer Implementation in GloMoSim. [14] N. P. Singh , Brahmjit Singh, Performance Enhancement of

Cellular Network Using Adaptive Soft Handover Algorithm. [15] Zdenek BECVAR, Pavel MACH, Robert BESTAK, Initialization

of Handover Procedure in WiMAX Networks.

[16] Kumar Mrinal , Chetan Aneja, Vikram Gupta, Swati Sharma , Mobility Improvement In IEEE 802.16.

[17] Antti Makelainen,Analysis Of Handoff Performance In Mobile Wimax Networks, 2007.

[18] Jamil Sultan, M. Ismail, N. Misran and K. Jumari,Spectral Efficiency Evaluation Of Downlink Mobile Multi-Hop Relay Systems Employing Macro Diversity Handover Technique ,2008. [19] S. Pyo and Y. Choi,A Fast Handover Scheme Using Exponential

Smoothing Method, 2009.

[20] On Performance Evaluation of Different QoS Mechanisms and AMC scheme for an IEEE 802.16 based WiMAX Network by Vinit Grewal and Ajay K Sharma, 2010.

[21] Andres Arjona, A Study Of Mobile VoIP Performance In Wireless Broadband Networks, 2009.

[22] Bogdan Ciubotaru and Gabriel-Miro Muntean, QMS-Quality of Multimedia Streaming Metric for Soft-Handover in Heterogeneous Wireless Environments, 2010.

[23] Rajat Prakash and Venugopal V. Veeravalli, Locally Optimal Soft Handoff Algorithms.

[24] A. Trivino Cabrera, E.Casilari, Network Simulator: A Learning Tool for Wireless Technologies.

[25] J. Chung, M. Claypool. NS by Example. Worcester Polytechnic

Institute (WPI)

_{http://nile.wpu.edu/NS/purpose}

.

[26] IEEE Std 802.16-2004. Part 16: Air Interface for Fixed Broadband Wireless Access

Systems. Technical report,June 2004.IEEE Standard for Local and metropolitan area networks. All images used with authorization from IEEE.

[27] IEEE Std 802.16e/D9. Part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems - Amendment for Physical and Medium Access Control Layers for Combined Fixed and Mobile Operation in Licensed Bands. Technical report, June 2005. Draft IEEE Standard for Local and metropolitan area networks. [28] J. H. park, K. Y. Han, D. H. Cho, “Reducing inter-cell handover

events based on cell ID information in multi-hop relay systems,” 65th IEEE Vehicular Technology Conference, VTC Spring 2007, pp. 743-747, 22-25, April 2007.

[29] Wimax Forum, “Mobile WiMAX – Part I: A technical overview and performance evaluation,” August, 2006

[30] IEEE Std: “Soft Handover and Fast BS Switching Procedure,” IEEE 802.16 Broadband Wireless Access Working Group, June 2004.

[31] Ray, S. K., A. Mandal, et al. (2007).Hybrid Predictive Base Station (HPBS) Selection Procedure in IEEE 802.16e-Based WMAN. ATNAC 2007.

[32] Parviz Yegani, “WiMAX Overview,” IETF-64 Cisco Systems, November 2005.

[33] Koodli, R., "Fast Handovers for Mobile IPv6", RFC 4068, 2005. [34] WiMAX Forum, “WiMAX‟s technology for LOS and NLOS