An IBC and Certificate Based Hybrid Approach to WiMAX Security

  • Rodoper, Mete (Wireless Information Network Laboratory (WINLAB), Rutgers University) ;
  • Trappe, Wade (Wireless Information Network Laboratory (WINLAB), Rutgers University) ;
  • Jung, Edward Tae-Chul (School of Computing and Software Engineering, Southern Polytechnic State University)
  • Published : 2009.12.31

Abstract

Worldwide inter-operability for microwave access (WiMAX) is a promising technology that provides high data throughput with low delays for various user types and modes of operation. While much research had been conducted on physical and MAC layers, little attention has been paid to a comprehensive and efficient security solution for WiMAX. We propose a hybrid security solution combining identity-based cryptography (IBC) and certificate based approaches. We provide detailed message exchange steps in order to achieve a complete security that addresses the various kind of threats identified in previous research. While attaining this goal, efficient fusion of both techniques resulted in a 53% bandwidth improvement compared to the standard's approach, PKMv2. Also, in this hybrid approach, we have clarified the key revocation procedures and key lifetimes. Consequently, to the best of knowledge our approach is the first work that unites the advantages of both techniques for improved security while maintaining the low overhead forWiMAX.

Keywords

References

  1. IEEE std. 802.16-2001 ieee standard for local and metropolitan area networks part 16: Air interface for fixed broadband wireless access systems. IEEE Std 802.16-2001, pp. 0–322, 2002
  2. IEEE standard for local and metropolitan area networks part 16: Air interface for fixed and mobile broadband wireless access systems amendment 2: Physical and medium access control layers for combined fixed and mobile operation in licensed bands and corrigendum 1. IEEE Std 802.16e- 2005 and IEEE Std 802.16-2004/Cor 1-2005 (Amendment and Corrigendum to IEEE Std 802.16-2004), pp. 0–822, 2006
  3. I. F. Akyildiz and X. Wang, "A survey on wireless mesh networks," IEEE Commun. Mag., vol. 43, no. 9, pp. S23–S30, Sept. 2005 https://doi.org/10.1109/MCOM.2005.1509968
  4. A. Shamir, "Identity-based cryptosystems and signature schemes," in Proc. CRYPTO4 on Advances in Cryptology, USA, 1985, pp. 47–53
  5. WiMAX Forum, 2008
  6. IEEE standard for local and metropolitan area networks part 16: Air interface for fixed broadband wireless access systems. IEEE Std 802.16-2004 (Revision of IEEE Std 802.16-2001), pp. 0–857, 2004
  7. Data-over-cable service interface specification
  8. D. Johnston and J. Walker, "Overview of IEEE 802.16 security," IEEE Security Privacy, vol. 2, no. 3, pp. 40–48, 2004 https://doi.org/10.1109/MSP.2004.20
  9. S. Xu, M. Matthews, and C.-T. Huang, "Security issues in privacy and key management protocols of IEEE 802.16," in Proc. ACM-SE, USA, 2006, pp. 113–118
  10. Michel Barbeau. Wimax/802.16 threat analysis. In Azzedine Boukerche and Regina Borges de Araujo, editors, Q2SWinet, pp. 8–15. ACM, 2005
  11. Y. Zhou and Y. Fang, "Security of IEEE 802.16 in mesh mode," in Proc. IEEE MILCOM, Oct. 2006, pp. 1–6
  12. Z. Hamid and S. A. Khan, "An augmented security protocol for wirelessman mesh networks," in Proc. ISCIT, 2006, pp. 861–865
  13. B. Kwon, C. P. Lee, Y. Chang, and J. A. Copeland, "A security scheme for centralized scheduling in IEEE 802.16 mesh networks," in Proc. IEEE MILCOM, 2007, pp. 1–5
  14. L. Martin, "Identity-based encryption comes of age," Computer, vol. 41, no. 8, pp. 93–95, Aug. 2008 https://doi.org/10.1109/MC.2008.299
  15. Y. Zhang and Y. Fang, "A secure authentication and billing architecture for wireless mesh networks," Wireless Netw., vol. 13, no. 5, pp. 663–678, 2007 https://doi.org/10.1007/s11276-006-8148-z
  16. X. Boyen and L. Martin. Identity-based cryptography standard (ibcs) #1: Supersingular curve implementations of the bf and bb1 cryptosystems. RFC 5091 (Informational), Dec. 2007
  17. B. Aboba, D. Simon, and P. Eronen. Extensible Authentication Protocol (EAP) Key Management Framework. RFC 5247 (Proposed Standard), Aug. 2008
  18. R. Housley, W. Polk, W. Ford, and D. Solo. Internet X.509 Public Key nfrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280 (Proposed Standard), April 2002. Obsoleted by RFC 5280, updated by RFCs 4325, 4630
  19. K. Hoeper and G. Gong, "Key revocation for identity-based schemes in mobile ad hoc networks," LNCS, vol. 4104, pp. 224–237. Springer, 2006
  20. K. Hoeper and G. Gong, "Bootstrapping security in mobile ad hoc networks using identity-based schemes with key revocation," Technical report, 2006
  21. S. Balfe, K. D. Boklan, Z. Klagsbrun, and K. G. Paterson, "Key refreshing in identity-based cryptography and its applications in manets," in Proc. IEEE MILCOM, Oct. 2007, pp. 1–8
  22. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard), May 2008
  23. M. Nasreldin, H. Aslan, M. El-Hennawy, and A. El-Hennawy, "Wimax security," in Proc. AINA Workshops, 2008, pp. 1335–1340
  24. E. B. Fernandez, M. VanHilst, and J. C. Pelaez, "Patterns for wimax security," 2007
  25. L. Maccari, M. Paoli, and R. Fantacci, "Security analysis of IEEE 802.16," in Proc. IEEE ICC, June 2007, pp. 1160–1165
  26. S. Xu and C.-T. Huang, "Attacks on pkm protocols of IEEE 802.16 and its later versions," in Proc. ISWCS, Sept. 2006, pp. 185–189
  27. Dan Boneh and Matthew Franklin, Identity-Based Encryption from the Weil Pairing, pp. 213–229. Springer-Verlag, 2001
  28. J. Baek, J. Newmarch, R. Safavi-naini, and W. Susilo, "A survey of identity-based cryptography," in Proc. Australian Unix Users Group Annual Conference, 2004, pp. 95–102
  29. N. Asokan, K. Kostiainen, P. Ginzboorg, J. Ott, and C. Luo, "Applicability of identity-based cryptography for disruption-tolerant networking," in Proc. MobiOpp, USA, 2007, pp. 52–56
  30. P. Kamat, A. Baliga, and W. Trappe, "An identity-based security framework for vanets,' in Proc. VANET, New York, NY, USA, 2006, pp. 94–95
  31. K. Fall, "A delay-tolerant network architecture for challenged internets," in Proc. SIGCOMM, USA, 2003, pp. 27–34
  32. L. B. Oliveira, R. Dahab, J. Lopez, F. Daguano, and A. A. F. Loureiro, "Identity-based encryption for sensor networks," in Proc. IEEE PerCom, Mar. 2007, pp. 290–294
  33. C. Gentry and A. Silverberg, "Hierarchical id-based cryptography," in Proc. ASIACRYPT, UK, 2002, pp. 548–566
  34. D. B. Johnson and D. A. Maltz, "Dynamic source routing in ad hoc wireless networks," Mobile Computing, pp. 153–181. 1996