P. 1
A Survey on WiMAX

A Survey on WiMAX

|Views: 1,016|Likes:
Published by ijcsis
This paper describes an overview of WiMAX. The paper outlines fundamental architectural components for WiMAX and explains WiMAX Security Issues. Furthermore various 802.16 standards, IEEE 802.16 protocol architecture and WiMAX Market will be discussed.
This paper describes an overview of WiMAX. The paper outlines fundamental architectural components for WiMAX and explains WiMAX Security Issues. Furthermore various 802.16 standards, IEEE 802.16 protocol architecture and WiMAX Market will be discussed.

More info:

Published by: ijcsis on Jun 12, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No.

2, 2010

A Survey on WiMAX
Mohsen Gerami
The Faculty of Applied Science of Post and Communications Danesh Blv, Jenah Ave, Azadi Sqr, Tehran, Iran. Postal code: 1391637111

e-mail: artimes0@hotmail.com
Abstract—This paper describes an overview of WiMAX. The paper outlines fundamental architectural components for WiMAX and explains WiMAX Security Issues. Furthermore various 802.16 standards, IEEE 802.16 protocol architecture and WiMAX Market will be discussed. Keywords: WiMAX; IEEE 802.16; Security; Protocol; Market;

the WiMAX waves, you need a receiver for WiMAX for connecting your computer or device. WiMAX has a range of around 50 km in a circle. Terrain, weather and buildings affect this range and this often results in many people not receiving signals good enough for a proper connection. Orientation is also an issue, and some people have to choose to place their WiMAX modems near windows and turned in certain specific directions for good reception. A WiMAX connection is normally non-line-of-sight, which means that the transmitter and the receiver need not have a clear line between them. But a line-of-sight version exists, where performance and stability is much better, since this does away with problems associated with terrain and buildings [3]. II. WIMAX FUNDAMENTAL ARCHITECTURAL COMPONENTS



WiMAX, meaning Worldwide Interoperability for Microwave Access, is a telecommunications technology that provides wireless transmission of data using a variety of transmission modes, from point-to-multipoint links to portable and fully mobile internet access. The technology provides up to 10 Mbps broadband speed without the need for cables. The technology is based on the IEEE 802.16 standard (also called Broadband Wireless Access). The name "WiMAX" was created by the WiMAX Forum, which was formed in June 2001 to promote conformity and interoperability of the standard. The forum describes WiMAX as "a standards-based technology enabling the delivery of last mile wireless broadband access as an alternative to cable and DSL" [1]. As compared to a wireless technology like Wi-Fi, WiMAX is more immune to interference, allows more efficient use of bandwidth and is intended to allow higher data rates over longer distances. Because it operates on licensed spectrum, in addition to unlicensed frequencies, WiMAX provides a regulated environment and viable economic model for wireless carriers. These benefits, coupled with the technology's global support (e.g., ongoing worldwide deployments, spectrum allocation and standardization), make it the popular choice for quick and cost-effective delivery of super-fast broadband wireless access to underserved areas around the world [2]. WiMAX is cheaper than wired DSL because it does not require placing wires around the area to be covered, which represents an enormous investment for the provider. Not requiring this investment opens the door to many service providers who can start retailing out wireless broadband with low capital, thereby causing prices to drop due to competition . As with any wireless technology, the requirements for WiMAX are basically a transmitter and a receiver. The transmitter is a WiMAX tower, much like a GSM tower. it is the part of the service provider's facilities. One tower, also called a base station, can provide coverage to an area within a radius of around 50 km. On the other side, in order to receive

WiMAX has four fundamental architectural components: Base Station (BS). The BS is the node that logically connects wireless subscriber devices to operator networks. The BS maintains communications with subscriber devices and governs access to the operator networks. A BS consists of the infrastructure elements necessary to enable wireless communications, i.e., antennas, transceivers, and other electromagnetic wave transmitting equipment. BSs are typically fixed nodes, but they may also be used as part of mobile solutions—for example, a BS may be affixed to a vehicle to provide communications for nearby WiMAX devices. A BS also serves as a Master Relay-Base Station in the multi-hop relay topology. Subscriber Station (SS). The SS is a fixed wireless node. An SS typically communicates only with BSs, except for multihop relay network operations. SSs are available in both outdoor and indoor models. Mobile Subscriber (MS). Defined in IEEE 802.16e-2005, MSs are wireless nodes that work at vehicular speeds and support enhanced power management modes of operation. MS devices are typically small and self-powered, e.g., laptops, cellular phones, and other portable electronic devices. Relay Station (RS). Defined in IEEE 802.16j-2009, RSs are SSs configured to forward traffic to other RSs, SSs, or MSs in a multi-hop Security Zone [4].


http://sites.google.com/site/ijcsis/ ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010

also improved quality of service (QOS) and certain improvements in the media access control (MAC) layer along with adding support for the HiperMAN European standard. The number of supported physical (PHY) layers was increased. Transport mediums such as IP, Ethernet and asynchronous transfer mode (ATM) were added. At its core, the technology is intended to take a number of best of breed proprietary enhancements that had been made by vendors using the 802.11 standard and combine them together in a very marketable and standardized WiMAX product. For example, older broadband wireless technology such as the Wi-Fi or 802.11b system utilized carrier sense multiple access with collision detection (CSMA/CD) crosstalk methods for base stations and customer premise equipment (CPE) to talk to one another. Basically, this meant that each radio was constantly talking and creating inefficient overhead. It also resulted, especially at times of high traffic, in increased packet collisions and retransmissions, further exacerbating the problem. Some of the proprietary MAC systems built later utilized the base station to define when the CPE would be polled in order to eliminate this problem. In the way of a permanent cure the 802.16 protocol supports multiple methods of polling that a vendor can choose to use. Some of these include piggybacking polling requests within overhead traffic, group polling or dynamic co-opting of bandwidth from another unit by the CPE. The key is that the radios will be interchangeable based on the Forum's initial product profile as well as more efficient [6]. A. The various 802.16 standards 802.16a: Licensed Frequency 2 GHz to 11 GHz. The Working IEEE 802.16a operates at the MAC and PHY specification and specifies the transfer of non-visual connections (NLOS). Frequencies are important for the 3.5 GHz and 5.8 GHz licensed for royalty-free applications. The data is at a channel width of 20 MHz 75 Mbit / s. 802.16a is replaced by 802.16-2004. Specifications of 802.16 802.16b: Licensed Exempt Frequencies, with a focus on the frequency band of between 5 GHz and 6 GHz. This group also runs under the name Wireless HUMAN (High Speed Unlicensed MAN). 802.16c: Profiles of transmission frequencies in the frequency range from 10 GHz to 66 GHz. The channel width is in the U.S. 25 MHz, 28 MHz in Europe. 802.16c is replaced by 802.16-2004. 802.16d: Profiles of transmission frequencies in the frequency range of 2 GHz to 66 GHz. Replaced by 802.162004. This standard provides visual and non-visual connections in the range of 2 GHz to 66 GHz. 802.16e-2005: Mobile Wireless MAN (WMAN). This working group defines a mobile access in the context of IEEE 802.16. Here are ranges of more than 10 Mbps in cells in the range of several kilometers and speeds exceeding 100 kph investigated. In addition, 16e-clients between different radio

Figure 1. WiMAX network architectures: (a) PMP mode; (b) mesh mode [5].

WiMAX devices communicate using two message types: management messages and data messages. Data messages transport data across the WiMAX network. Management messages are used to maintain communications between an SS/MS and BS, i.e., establishing communication parameters, exchanging security settings, and performing system registration events (initial network entry, handoffs, etc.) IEEE 802.16 defines frequency bands for WiMAX operations based on signal propagation type. In one type, WiMAX employs a radio frequency (RF) beam to propagate signals between nodes. Propagation over this beam is highly sensitive to RF obstacles, so an unobstructed view between nodes is needed. This type of signal propagation, called line-ofsight (LOS), is limited to fixed operations and uses the 10–66 gigahertz (GHz) frequency range. The other type of signal propagation is called non-line-of-sight (NLOS). NLOS employs advanced RF modulation techniques to compensate for RF signal changes caused by obstacles that would prevent LOS communications. NLOS can be used for both fixed WiMAX operations (in the 2–11 GHz range) and mobile operations (in the 2–6 GHz range). NLOS signal propagation is more commonly employed than LOS because of obstacles that interfere with LOS communications and because of strict regulations for frequency licensing and antenna deployment in many environments that hinder the feasibility of using LOS [4]. III. IEEE 802.16

The IEEE developed the 802.16 in its first version to address line of sight (LOS) access at spectrum ranges from 10 GHz to 66 GHz. The technology has evolved through several updates to the standard such as 802.16a, 802.16c, the Fixed WiMAX 802.16d (802.16-2004) specification and lastly the mobile 802.16e set that are currently commercially available. The upcoming 802.16m is still a ways away from ratification. The first update added support for 2 GHz through 11 GHz spectrum with NLOS capability. Each update added additional functionality or expanded the reach of the standard. For example, the 802.16c revision added support for spectrum ranges both licensed and unlicensed from 2 GHz to 10 GHz. It


http://sites.google.com/site/ijcsis/ ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010

cells can switch, known as roaming. 802.16e is in conjunction with DSRC an interesting alternative for telematic and safety services in the automotive technology. 802.16f: MIB management for access networks. 802.16g: Definition of Management Plane. 802.16h: Coexistence of Networks. This Working Group deals with the problems of coexistence of different radio technologies in unlicensed bands transmission. 802.16i: Mobile One Plane Information 802.16j: bridging alternative to 802.11k. This involves Equipment for a mobile relay, which has several communications partner stations can connect. 802.16k: Bridging 802.16m: 802.16m The group is working on the high-speed transmission with up to 1 Gbit / s. 802.16-1: Air Interface for 10 GHz to 66 GHz. 802.16.2: Coexistence of Broadband Wireless Access Systems. This Working Group deals with the coexistence of existing systems. Replaced by 802.16.2-2004. 802.16.2-2004: Combines standards 802.16, 802.16a, 802.16c and 802.16d in a standard and regulate the coexistence of wireless broadband systems in the range of 10 GHz to 66 GHz. 802.16.2a: Recommended Practice for Coexistence of Fixed Broadband Wireless Access Systems. This group is the coexistence of PMP systems between 2 GHz and 11 GHz redefine. 802.16.3: Air Interface for Fixed Broadband Wireless Access Systems operating below 11 GHz. In this group are the unlicensed bands, such as the ISM band, the Personal Communications Services (PCS), and MMDS Unii for the use of a high-speed access MAN investigated [7]. The following table provides a summary of the IEEE 802.16 family of standards [8].



B. IEEE 802.16 protocol architecture The IEEE 802.16 protocol architecture is structured into two main layers: the Medium Access Control (MAC) layer and the Physical (PHY) layer, as described in the following table [9]:

Figure 2. The IEEE 802.16 Protocol structure

MAC layer consists of three sub-layers. The first sub-layer is the Service Specific Convergence Sub-layer (CS), which maps higher level data services to MAC layer service flow and connections [10]. The second sub-layer is Common Part Sublayer (CPS), which is the core of the standard and is tightly integrated with the security sub-layer. This layer defines the rules and mechanisms for system access, bandwidth allocation and connection management. The MAC protocol data units are constructed in this sub-layer. The last sub-layer of MAC layer is the Security Sub-layer which lies between the MAC CPS and the PHY layer, addressing the authentication, key establishment and exchange, encryption and decryption of data exchanged between MAC and PHY layers. The PHY layer provides a two-way mapping between MAC protocol data units and the PHY layer frames received and transmitted through coding and modulation of radio frequency signals [8].


http://sites.google.com/site/ijcsis/ ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010



Realizing the sticking point that security has been in the widespread adoption of broadband wireless service, the IEEE and the Forum both determined to define a robust security environment. WiMAX security supports two quality encryptions standards, that of the DES3 and AES, which is considered leading edge. The standard defines a dedicated security processor on board the base station for starters. There are also minimum encryption requirements for the traffic and for end to end authentication---the latter of which is adapted from the data-over-cable service interface specification (DOCSIS) BPI+ security protocol. Basically, all traffic on a WiMAX network must be encrypted using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) which uses AES for transmission security and data integrity authentication. The end-to-end authentication the PKM-EAP (Extensible Authentication Protocol) methodology is used which relies on the TLS standard of public key encryption. At least one chip company designed processors to support this standard of onboard security processor [11]. A. WiMAX security solutions By adopting the best technologies available today, the WiMAX, based on the IEEE 802.16e standard, provides strong support for authentication, key management, encryption and decryption, control and management of plain text protection and security protocol optimization. In WiMAX, most of security issues are addressed and handled in the MAC security sub-layer as described in the following figure:

identifiers is used. A 64bit initialization vector (IV) is used for each TEK [13]. Public key infrastructure (PKI): The WiMAX standard uses the Privacy and Key Management Protocol for securely transferring keying material between the base station and the mobile station. The privacy key management (PKM) protocol is responsible for privacy, key management, and authorizing an SS to the BS. The initial draft for WiMAX mandates the use of PKMv1 [14], which is a one-way authentication method. PKMv1 requires only the SS to authenticate itself to the BS, which poses a risk for a Man-in-the-middle (MITM) attack. To overcome this issue, PKMv2 was proposed (later adopted by 802.16e), which uses a mutual (two-way) authentication protocol [15]. Here, both the SS and the BS are required to authorize and authenticate each other. PKMv2 is preventing from the following [16]: BS and SS impersonations, MITM attack and Key exchange issue. PKMv2 supports the use of the Rivest-Shamir-Adlerman (RSA) public key cryptography exchange. The RSA public key exchange requires that the mobile station establish identity using either a manufacturer-issued X.509 digital certificate or an operator-issued credential such as a subscriber identity module (SIM) card. The X.509 digital certificate contains the mobile station's Public-Key (PK) and its MAC address. The mobile station transfers the X.509 digital certificate to the WiMAX network, which then forwards the certificate to a certificate authority. The certificate authority validates the certificate, thus validating the user identity.

Figure 3. MAC Security sub-layer . Source: IEEE Std. 802.16e 2006. Figure 4. Public Key Infrastructure [13].

Two main entities in WiMAX, including Base Station (BS) and Subscriber Station (SS), are protected by the following WiMAX security features[8]: Security associations: A security association (SA) is a set of security information parameters that a BS and one or more of its client SSs share in order to support secure communications. Data SA has a 16bit SA identifier, a Cipher (DES in CBC mode) to protect the data during transmission over the channel and two traffic encryption keys (TEKs) to encrypt data: one is the current operational key and the other is TEK [12]. When the current key expires, TEK a 2bit key

Once the user identity is validated, the WiMAX network uses the public key to create the authorization key, and sends the authorization key to the mobile station. The mobile station and the base station use the authorization key to derive an identical encryption key that is used with the advanced encryption standard (AES) algorithm [13]. Authentication: Authentication is the process of validating a user identity and often includes validating which services a user may access. The authentication process typically involves a supplicant (that resides in the mobile station), an


http://sites.google.com/site/ijcsis/ ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010

authenticator (that may reside in the base station or a gateway), and an authentication server [13].

The real test of WiMAX security will come when providers begin wide-scale network deployments, and researchers and attackers have access to commodity CPE equipment. Other attacks including WiMAX protocol fuzzing may enable attackers to further manipulate BSs or SSs. Until then, the security of WiMAX is limited to speculation [18]. V. GLOBAL WIMAX MARKET

World Interoperability for Microwave Access or WiMAX, has been gaining a lot of attention as a wireless broadband alternative, as it provides reliable, secure and high quality broadband access for mobile Internet users. The technology supports bandwidth-heavy applications and User Generated Content (UGC) services that customers want. WiMAX promises a better-performing, less-expensive alternative to many technologies (like DSL, Wi-Fi) that are already available in the market. According to new research report ―Global WiMAX Market Analysis‖, WiMAX has tremendous potential to offer global standardized broadband wireless platform. Many countries across the globe will adopt WiMAX to facilitate rapid economic development. Moreover, the move to WiMAX, a technology that is ready for deployment now, will be preferable to waiting for alternative technologies that may not be available for three or more years. As a result, the number of WiMAX users is forecast to grow over 87% between 2010 and 2012. The research reveals that, by 2012 the Asia-Pacific region will lead the number of global WiMAX users accounting for over 45% of the total user base, followed by North America and Europe. Major growth is expected in Asia-Pacific and MEA as these countries are deploying the technology more rapidly. Moreover, government support and operators' initiatives to provide the region with faster Internet access in remote areas is also fostering growth into the WiMAX market [19]. The WiMAX market is coming out of the recession period strongly, posting three consecutive quarters of revenue growth for 802.16e equipment and devices. With Clearwire in the U.S. announcing strong quarterly results, Yota in Russia expanding rapidly, and others such as UQ in Japan being aggressive, the WiMAX business model seems to be working. Though we are still in the early days, WiMAX is proving to be a good fit in a range of broadband segments in developed as well as developing markets [20]. WIMAX MARKET HIGHLIGHTS • Worldwide vendor revenue from 802.16d and 802.16e WiMAX network equipment and devices hit $1.08 billion in 2009, down 19% from 2008, as the market suffered the effects of the recession • However, 4Q09 was the third consecutive quarter of WiMAX equipment and device revenue growth, up 3% from 3Q09 o Quarterly revenue levels remain short of the prerecession market highs of over $300 million seen in early 2008

Figure 5. EAP-based authentication [13].

WiMAX uses the Extensible Authentication Protocol (EAP) to perform user authentication and access control. EAP is actually an authentication framework that requires the use of "EAP methods" to perform the actual work of authentication. The network operator may choose an EAP method such as EAP-TLS (Transport Layer Security), or EAP-TTLS MSCHAP v2 (Tunneled TLS with Microsoft ChallengeHandshake Authentication Protocol version 2). The messages defined by the EAP method are sent from the mobile station to an authenticator. The authenticator then forwards the messages to the authentication server using either the RADIUS or DIAMETER protocols [17]. Data privacy and integrity: WiMAX uses the AES to produce ciphertext. AES takes an encryption key and a counter as input to produce a bitstream. The bitstream is then XORed with the plaintext to produce the cipher text. AES algorithm is the recommendation of 802.16e security sub-layer, since it can perform stronger protection from theft of service and data across broadband wireless mobile network. Besides CCMMode and ECB-Mode AES algorithm supported in 802.162004, 802.16e supports three more AES algorithms: CBCMode AES, CTR-Mode AES and AES-Key-Wrap[13]. B. WiMAX threats Despite good intentions for WiMAX security, there are several potential attacks open to adversaries, including: Rogue Base Stations DoS Attacks Man-in-the-Middle Attacks Network manipulation with spoofed management frames


http://sites.google.com/site/ijcsis/ ISSN 1947-5500

• The WiMAX market is showing positive signs of steady growth from this year onward, with major rollouts underway in USA, Japan, Russia, and India

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010

[1] [2] [3] WiMax Forum - Technology. http://www.wimaxforum.org/technology/. Retrieved 2008-07-22. http://www.agilent.com/about/newsroom/tmnews/background/wimax/. Retrieved 2009-11-18. Nadeem Unuth, http://voip.about.com/od/mobilevoip/a/UsingWiMAXTechnology.htm. Retrieved 2009-10-12. Karen Scarfone, Cyrus Tibbs, Matthew Sexton, 2009,Guide to Security for WiMAX Technologies, US National Institute of Standards and Technology-Special Publication 800-127(Draft), 46 pages (Sep. 2009) David Johnston & Jesse Walker,2009, Overview of IEEE 802.16 security http://slingbroadband.com/wimax/category/wimax-faq// . Retrieved 2008-11-28. http://www.wifinotes.com/wimax/IEEE-802.16.html 8- Trung Nguyen, 2009, A survey of WiMAX security threats, http://www.cse.wustl.edu/~jain/cse571-09/ftp/wimax2/index.html http://www.cse.wustl.edu/~jain/cse574-08/ Department University of Bridgeport, Bridgeport, CT. http://www.asee.org/activities/organizations/zones/proceedings/zone1/20 08/Professional/ASEE12008_0022_paper.pdf http://slingbroadband.com/wimax/category/wimax-faq// . Retrieved 2008-11-28. J. Hasan, 2006, Security Issues of IEEE 802.16 (WiMAX), School of computer and Information Science, Edith Cowan University, Australia, 2006. Mitko Bogdanoski, Pero Latkoski, Aleksandar Risteski, Borislav Popovski,,2008,IEEE 802.16Security Issues: A Survey, Faculty of Electrical Engineering and Information Technologies, Ss. Cyril and Methodius University, Skopje, Macedonia.,http://2008.telfor.rs/files/radovi/02_32.pdf D. Johnston and J. Walker, 2004, Overview of IEEE 802.16 Security, IEEE Security & Privacy, magazine May/June 2004. S. Adibi, G. B. Agnew,T. Tofigh, 2008,End-to-End (E2E) Security Approach in WiMAX: Security Technical Overview for Corporate Multimedia Applications, 747-758, Handbook of Research on Wireless Security (2 Volumes) Edited By: Yan Zhang, Jun Zheng, Miao Ma, 2008. S.Adibi, G. B. Agnew, 2008, End-to-End Security Comparisons Between IEEE 802.16e and 3G Technologies, 364 - 378, Handbook of Research on Wireless Security (2 Volumes) Edited By: Yan Zhang, Jun Zheng, Miao Ma, 2008. S. Adibi, G. B. Agnew, 2008, Extensible Authentication (EAP) Protocol Integrations in the Next Generation Cellular Networks, 776-789, Handbook of Research on Wireless Security (2 Volumes) Edited By: Yan Zhang, Jun Zheng, Miao Ma, 2008. Joshua Wright, http://www.computerworld.com.au/article/170510/wimax_security_issu es/?fp=16&fpid=1, Network World Global WiMAX Market Analysis, 2009, http://www.bharatbook.com/Market-Research-Reports/Global-WiMAXMarket-Analysis.html Webb Richard, 2010, London, United Kingdom, March 1, 2010— Infonetics Research WiMAX Equipment, Devices, and Subscribers market share and forecast report,2010, www.infonetics.com

• Starting in 2011-2012, 802.16m WiMAX products are expected to be tested, certified, and commercially available, offering speeds comparable to LTE • For the combined WiMAX equipment and device market, Motorola took the #1 spot in 2009, with 17% of worldwide revenue, just ahead of Alvarion • Huawei showed the biggest growth in WiMAX equipment and device market share in 2009 • The number of WiMAX subscribers jumped 75% in 2009 to 6.8 million worldwide [21].


[5] [6] [7] [8] [9] [10]

[11] [12]


[14] [15]

Figure 6. WiMAX Market Forecast.




WiMAX allows operators to present their subscribers true broadband connectivity in fully mobile, all-IP networks. The IEEE 802.16e standard has changed several security mechanisms and need more research on its securities vulnerabilities. WiMAX is a very promising technology for delivery of fully mobile personal broadband services. WiMAX market presents enormous business opportunities. WiMAX can be deployed to drive new revenue streams on much shorter timelines and at much lower capex than FTTx, xDSL, or cable modem alternatives. WiMAX is an opportunity.



[20] [21]


http://sites.google.com/site/ijcsis/ ISSN 1947-5500

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->