 |
||||
 | ||||
1.
Broadband Internet access 2.
Real time applications a.
Video streaming b.
VoIP, Video on Demand c.
Telemedicine application/Video Conference d.
Surveillance and monitoring (forests, volcano, etc.) e.
E-learning 3.
General applications and services based on IP connectivity Application types: 1.
Legacy (no direct signaling capabilities for QoS): -
Need an agent to help them 2.
Signaling capable: e.g. SIP based -
Possible direct interaction with control plane for QoS reservation WiMAX uses Internet Protocol, IP as the core
transport mechanism, and as a result, WiMAX security measures need to
incorporate not only the traditional security requirements for a wireless
telecommunications system, but also those relating to the use of IP systems. In view of the need for a high
level of WiMAX security, the IEEE 802.16 working groups incorporated security
measures into the standard during the concept stages to counteract WiMAX
security threats. WiMAX security has been embedded into the standard from the
beginning rather than being added as an extra at a later stage. By adopting this
approach, WiMAX security has been made more effective while being less intrusive
to the user. WiMAX security elements are
included in the standard and fall under four main headings: i
Authentication of the user device ii
Higher-level user authentication iii
Advanced over-the-air encryption iv
Methods for securing the control and signaling within an IP
scenario Each of these WiMAX security
areas has been addressed within standards, but even so, it is still necessary
for the network operators to use good practice to ensure that security is not
compromised. It is quite possible to circumvent the best security technology if
the correct operating procedures are not in place.
When developing any security
system it is necessary to understand the means by which security could be
compromised and in this way build in the relevant security measures. Some of the main threats to WiMAX
security are summarized in the table below: Type of security attack Description / details of the security attack Man-in-the-middle This form of WiMAX security issue occurs when a base
station is set up to impersonate a base station in the network, either
just to a subscriber, or a two way impersonation between the subscriber
and the base station. Privacy compromise This type of security attack takes the form of the
attacker capturing user and / or signaling traffic being conveyed over the
wireless or the wired elements of the network. These packets can be
analyzed and information extracted at a later time. Theft of service This occurs if users without authorized access are
able to access the network and utilize it without payment. Denial of service (physical) This is achieved by degrading the network performance
by physically disrupting the physical elements of the network, e.g. by
jamming the radio channels used. Denial of service (protocol) This form of denial of service involves overloading
the network or system resources by introducing new traffic or modifying
existing traffic. This happens when Internet websites are maliciously
targeted by millions of requests to overload their resources. Replay This form of WiMAX security issue occurs if
previously valid messages are injected into the system to exhaust
resources or lock out valid users. Although these are broad descriptions for the major forms
of WiMAX security issue, they all need to be addressed so that malicious
attempts cannot succeed in disrupting he network, obtaining user information or
data, or gaining unauthorized access to the network.
The WiMAX standard includes
several security protection measures to address and overcome the various WiMAX
security threats that are posed to the system. These include mutual device /
user authentication techniques, a flexible key management tool, traffic
encryption, and control and management message protection.
|
|