Security: WiMAX Security Functions

Unlike Wi-Fi, WiMax systems were designed at the beginning with robust security in mind. The standard includes state of the art methods for ensuring user data privacy and preventing unauthorized access, with additional protocol optimization for mobility. Security is handheld by a privacy sub layer within the WiMax Medium Access Control (Mac). The key aspects of WiMax security are as follows;

Support for Privacy

User data is encrypted using cryptographic schemes of proven robustness to provide privacy. Both Advanced Encryption standard (AES) and Triple data Encryption Standard (3DES) are supported. Most system implementation will liely uses AES, as it is the new encryption standard approved as compliant with Federal Information Processing Standard (FIPS) and is easier to implement. The 128-bit or 256-bit key used for deriving the cipher is generated during the authentication phase and is periodically refreshed for additional protection. (Jamshed Hasan)

Authentication

WiMAX offers a flexible means for authenticating subscriber stations and users to prevent from unauthorized use. The authentication structure is based on the Internet Engineering Task Force (IETF) EAP, which supports a variety of identifications, such as username/password, digital certificates, and smart cards. WiMAX terminal devices come with built-in X.509 digital certificates that contain their public key and MAC address. WiMAX operators can apply the certificates for device authentication and use a username/password or smart card authentication on top of it for authentication of users. (Sanida Omerovic)

Flexible Key Management Protocol

The Privacy and Key Management Protocol Version 2 (PKMv2) is used for transmitting keying material securely from the base station to the mobile station. PKM are also used to periodically reauthorize and refreshing the keys. PKM is a client-server protocol: The mobile station acts as the client; the base station, the server. PKM uses X.509 digital certificates and RSA (Rivest Shamer Adleman) public-key encryption algorithms to securely perform key exchanges between the base station and the mobile station. (David Johnston & Jesse Walker, 2004)

Protection of Control Messages

The integrity of over the air control messages is protected by using message digest schemes, such as Advance Encryption Standard (AES) based Cipher-based Message Authentication Code (CMAS) or Message Digest 5 based HMAC (Hash-based Message Authentication). (Jamshed Hasan)

Support for Fast Handover

To support fast handovers, WiMAX allows the mobile station to use pre-authentication with a particular target base station to assist accelerated re-entry. A three-way handshake scheme is supported to optimize the re-authentication mechanisms for supporting fast handovers, while at the same time preventing any man-in-the-middle attacks. (David Johnston & Jesse Walker, 2004)