Why WiMAX Will Not Fail

WiMAX provides robust access control, data privacy and data integrity using sophisticated authentication and encryption technologies. This article investigates the architecture enabling the high-level security -- Rajiv Kumar Singh


In today’s fast-paced lifestyle, consumers want communication at faster speed and lower cost, more broadband capabilities as well as nomadic and mobility support. Keeping these demands in mind, IEEE 802.16 working group has come up with a new wireless communications standard called the broadband wireless access (BWA). Commonly known as WiMAX (worldwide interoperability for microwave access), this is a fast evolving technology used to form wide-range wireless networks with high data rate of information transfer.

We live in a variety of networking environments for using Internet-based services and applications. Data security becomes an important issue in such interconnected networks in order to safely transmit or receive information. Due to this, different security protocols are designed and deployed with network standards.

The latest update given by WiMAX Forum—the IEEE 802.16m—claims to offer up to 100Mbps mobile and 1Gbps fixedspeeds. The update is added to the WiMAX standard in both its versions—fixed(IEEE 802.16d-2004) and mobile (IEEE 802.16e-2005) broadband wireless access.

WiMax protocol
IEEE 802.16 standard essentially specified two aspects of the air interface for WiMAX—the physical layer (PHY) and the media access control layer (MAC) (refer Fig. 1). The physical layer defnes electrical and physical specification for devices, establishment and termination of a connection to a communication medium, communication flow control, modulation, coding, etc. On the other hand, MAC layer is further divided into three sub-layers—convergence, common part, and security or privacy.

Fig. 1: WiMAX protocol layers
Fig. 2: WiMAX security sublayer

The convergence sub-layer de-scribes how wireline technologies such as asynchronous transfer mode (ATM), Ethernet, 802.1 (LAN/MAN) and Internet protocol (IP) are encapsulated on the air interface and how data is classified.The common part sub-layer is responsible for idle-mode processes like cell selection, paging structures and location-area updates. This layer is also responsible for sleep-mode processes, handover procedures, multicast and broadcast services, quality-of-service (QoS) class and automatic repeat request (ARQ) processes. It also does header suppression, packing and fragmentation for efficient use of spectrum.

The security sub-layer provides subscribers with privacy, authentication or confidentiality across the broadband wireless network. It is accomplished by applying crypto-graphic transforms to MAC packet data units carried across connections between the subscriber station and the base station. Secure communications are delivered by using secure key exchange during authentication, and encryption using advanced encryption standard (AES) or data encryption standard (DES) during data transfer. The MAC layer incorporates privacy key management version 2 (PKMv2) for MAC layer security. PKMv2 incorporates support for extensible authentication protocol (EAP).

Fig. 3: Public key exchange
Fig. 3: Public key exchange
Fig. 4: Authentication using extensible authentication protocol
Fig. 4: Authentication using extensible authentication protocol

In addition, the security sub-layer provides operators strong protection from theft of service. The base station protects against unauthorised access to data transport services by securing the associated service flowsacross the network. The security sub-layer employs an authenticated client/server key management protocol in which the base station server controls distribution of keying material to the client subscriber station. Additionally, the basic security mechanisms are strengthened by adding digital certificate-basedsubscriber station device authentication to the key management protocol.

Security components
WiMAX security uses two component protocols—encapsulation protocol and privacy key management (PKM) protocol. The encapsulation protocol is used for securing packet data across the wireless network. This protocol defines a set of supported cryptographic suites, i.e., pairings of data encryption and authentication algorithms and the rules for applying these algorithms to a MAC packet data unit payload.

On the other hand, the PKM protocol is used for secure distribution of keying data from the base station to the subscriber station. Through this key management protocol, the subscriber station and the base station synchronise keying data. In addition, the base station uses the protocol to enforce conditional access to network services. The stack of security components of the system is shown in Fig. 2.

Key management protocol. There are two PKM protocols supported in IEEE Standard 802.16—PKM version 1 (PKMv1) and PKMv2 with more enhanced features such as new key hierarchy, advanced encryption standard (AES)-cipher message authentication code, AES-key-wraps, and multicast and broadcast services. PKM protocol allows mutual authentication, unilateral authentication, periodic re-authentication/re-authorisation and key refresh.

Key management protocol uses either extensible authentication protocol, or X.509 digital certificatestogether with Rivest-Shamir-Adlerman (RSA) public-key encryption algorithm or a sequence starting with RSA authentication and followed by extensible authentication protocol authentication. It uses strong encryption algorithms to perform key exchanges between a subscriber station and base station. RSA protocol support is mandatory in PKMv1 but optional in PKMv2. However, extensible authentication protocol support is optional in both the versions of key management protocol, unless specifically required.


Please enter your comment!
Please enter your name here