Last Mile Solution

The primary goals of the attacker are:

• To understand who uses the network.
• What is accessible?
• What are the capabilities of the equipment on the network?
• When it is used least and most?
• What is the coverage area?

Securing a wireless network takes concerted effort in several areas. From planning and analyzing the needs of the network, to the actual implementation, to administration and maintenance, each phase needs to tackle the question of security individually as well as at a collective level. A host of technologies and tactics are available for securing wireless networks; the challenge is figuring out the right combination, ensuring that it is compatible with the functionality of the network and making sure that it gets implemented.

THE WEAKEST LINK
As it is rightly said; a chain is weak enough for its weakest link. Some of the devices that are weak enough to provide a break through into the roots of their network are a serious danger for the host network; as they unconsciously act as a backdoor for the malicious activity intenders.

Handheld devices a Security threat for host Network
Though wireless data stream get more attention, the greatest risk to wireless connectivity may be the handheld devices themselves. These smart handheld devices are a wide security threat or loophole for a rather strong host network.
Laptops and desktop systems have the resources-ample power, speedy processors and lots of storage, to efficiently handle security-related tasks, such as cryptographic calculations. In contrast, PDAs, with their low power, relatively slow processors and limited storage capacity, were intended to support personal applications that don’t generally require robust security. As they lack the processing power for strong encryption, memory management and solid password security, they are an open door to the network, and possibly of the weakest links.

Wireless being used to crack into non-wireless networks
Some organizations that have no wireless access points installed do not feel that if they need to address wireless security concerns. This is a common deceptive inference. Now most of the modern days laptops are equipped with wireless. Issues can arise in a supposedly non-wireless organization when a wireless laptop is plugged into the corporate network. A cracker could while residing in a certain range can break in through the wireless card on a laptop and gain access to the wired network. This problem is aggravated by what is referred to as the “transient” nature of wireless and wimdows XP.

OS flaw in wireless laptops
The default settings for Windows causes a wireless laptop to be more than eager to make connections with any open and can prove very detrimental. Many of the users don’t pay attention towards that very important issue and thus get themselves in a trap and push the whole network reliability in the ditch.

One of the well-known attacks of the wireless networks is the man-in-the-middle attack found in both the IEEE 802.15 networks and the IEEE 802.11 networks. The IEEE 802.16 networks also suffer from the attack because the PKMv1 lacks the Authorization Node’s authentication. This leads to message modification and masquerading problems. The Authorization Node spoofing is a possible masquerading that have found.

The authorization process via RSA authentication protocol in PKMv1 allows only the Authorization Node to authenticate nodes in the mesh network. The node sends its certificate to the Authorization Node and waits for an Auth Reply message. An attacker can sniff the Auth Request message and masquerade as the Authorization Node. Attacker then replies the Auth Request message with an Auth Reply message containing a fake AK, an Operator Shared Secret, and other associated parameters. The node then performs the registration process with the Registration Node. Normally, an innocent node sends a REG-REQ message to the Registration Node, and the Registration Node replies with a REG-RSP message. The messages in the registration process are authenticated with the HMAC-Digests. The keys used to produce the digests are derived from the AK.

If the attacker can also masquerade as the Registration Node, innocent node receives the REG-REQ message and replies with an REGRSP message. The node then understands that it has already entered the network.

The man-in-the-middle attack does not result only in masquerading, but also unauthorized modification. The modification of the different messages causes different levels of violence. Modifying the “right” message at the “right” time can lead to a serious problem. It is found that if an attacker modifies the Auth Request message at a particular state of the Authorization state machine, a target node will not achieve the authentication.

One of the reasons that cause permanent error is the incompatibility of the security capabilities between the node and the Authorization Node. A node initiates the authorization process by sending an Auth Request message. The message contains sets of cryptographic algorithms supported by the node. The Authorization Node chooses a set of algorithms shared with the node and replies with an Auth Reply message. If the Authorization Node determines that there is not any shared suite, it sends a Perm Auth Reject message to the node. This makes the node move from the Auth Wait state or the Re-Auth Wait state to the Silent state in the Authorization state machine.

Different from authorization in the PMP mode, the process is performed via a tunnel provided by the Sponsor Node. An innocent node sends an Auth Request message, but the message can be modified. If an attacker modifies the Security-Capabilities attribute in the Auth Request message, the Authorization Node may understand that the node does not share any cryptographic suite and it causes a permanent error condition. If the node attempts to send any Auth Request message, the Authorization Node replies with an Auth Reject message .The attack breaks integrity and also availability because it obstructs the node’s traffic.

This blog discusses some of the inherent characteristics of Wireless communications system, which make it attractive for users. They are as follows:

Mobility
A Wireless communications system allows user to access information beyond their desk, and conduct business from anywhere.

Reach
Wireless communication systems means people are better connected, and are reachable where ever they are.

Simplicity
Wireless communications system is faster and easier to deploy than cabled networks. Installation can take place without hassles and ensuring minimum disruption.

Flexibility
Wireless communications system provides flexibility as a subscriber can have full control of his communication. Customer is always accessible irrespective of his location, activity or time of the day, provided he is willing.

Cost
The initial costs of implementing a Wireless communications system compares favourably to traditional wire line or cable system. Communications can reach where wiring is infeasible or costly.

Global Accessibility
As today most parts of the globe are well covered by one wireless services provider or other. The roaming service provided by service providers allow flexibility to stay connected anywhere.

Smart Service Capability
Wireless communications system due to its fundamental feature of intelligent terminal device, which is capable of processing data, is capable to deliver various smart services like SMS, MMS, M-Banking, etc.

Cultural
Wireless communications system is a personal device, whereas wire line is more of a location device i.e. office or residence. There are many more cultural positives of wireless, not to deny negatives as well.

As network has proven their feats as major market player and is contributing immensely towards shrinking the gap and promoting the new and high standards of communication. But along with that they are under the serious security challenges offered to them form the hackers community relentlessly and quite too often.

Both Wired and wireless networks is the target of malicious activists. The main difference between wired and wireless networks is the anonymous, uncontrolled coverage areas between the end points of the network. This allows attackers to perform a number of attacks that are not found in traditional wired networks.

In general, attacks on wireless networks fall into four basic categories: passive attacks, active attacks, man-in-the-middle attacks and jamming attacks.

Passive Attacks on Wireless Networks
A passive attack occurs when someone listens to or eavesdrops on network traffic.  Armed with a wireless network adaptor that supports promiscuous mode, the eavesdropper can capture network traffic for analysis using easily available tools. A passive attack on a wireless network may not be malicious in nature.  As the wireless communication takes place on unlicensed public frequencies any one can use these frequencies.  This makes protecting a wireless network from passive attacks more difficult.

Active Attacks on Wireless Networks
Once an attacker has gained sufficient information from the passive attack, the hacker can then launch an active attack against the network. There are a potentially large number of active attacks that a hacker can launch against a wireless network.  For the most part, these attacks are identical to the kinds of active attacks that are encountered on wired networks.  These include, but are not limited to, unauthorized access, spoofing, and Denial of Service (DoS) and Flooding attacks, as well as the introduction of Mal-ware and the theft of devices.

Man-in-the-Middle Attacks on Wireless Networks
Placing a rogue access point within range of wireless stations is wireless-specific variation of a man-in-the-middle attack. The potential attacker fooled both the parties at either end and impersonates itself as the actual potent user.

Jamming Attacks on Wireless Networks
Jamming is a special kind of DoS attack specific to wireless networks.  Jamming occurs when spurious RF frequencies interfere with the operation of the wireless network.  In some cases, the jamming is not malicious and is caused by the presence of other devices, such as cordless phones, that operate in the same frequency as the wireless network.

WiMAX is designed for building a network infrastructure when the environment or distance is not favorable to a wired network. Also, WiMAX is a cheaper and quicker alternative than having to lay wire.

Third world countries will greatly benefit from deploying WiMAX networks. WiMAX can handle virtually all the same protocols WiFi can including VoIP. African countries are now going to start deploying WiMAX networks instead of cell phone networks, as a long term planning.

Disaster zones can also utilize WiMAX giving them the ability to distribute crisis information quickly and cheaply.

Militaries are already using wireless technology to connect remote sites. Logistics will be simplified with the ease of tracking with RF technologies. WiMAX can also handle Web-cams and streaming video which would provide capability for the commanding eye on the target. Take it other look; if planes were able to drop preconfigured self deploying WiMAX antennas in strategic areas giving troops real time battlefield connectivity. Armed with wireless cameras, drones and a GPS one soldier would truly be an Army of One.

Following are some of the salient features of WiMAX:

High Data Rates: The inclusion of MIMO antenna techniques along with flexible sub-channelization schemes, Advanced Coding and Modulation all enable the Mobile WiMAX technology to support peak DL data rates up to 63 Mbps per sector and peak UL data rates up to 28 Mbps per sector in a 10 MHz channel.

Quality of Service (QoS): The fundamental premise of the IEEE 802.16 MAC architecture is QoS. It defines Service Flows which can map to DiffServ code points or MPLS flow labels that enable end-to-end IP based QoS.

Scalability: Despite an increasingly globalize economy, spectrum resources for wireless broadband worldwide are still quite disparate in its allocations. Mobile WiMAX technology therefore, is designed to be able to scale to work in different channelizations from 1.25 to 20 MHz to comply with varied worldwide requirements.

Security: The features provided for Mobile WiMAX security aspects are best in class with EAP-based authentication, AES-CCM-based authenticated encryption, and CMAC and HMAC based control message protection schemes. Support for a diverse set of user credentials exists including; SIM/USIM cards, Smart Cards, Digital Certificates, and Username/Password schemes based on the relevant EAP methods for the credential type.

Mobility: Mobile WiMAX supports optimized handover schemes with latencies less than 50 milliseconds to ensure real-time applications such as VoIP perform without service degradation. Flexible key management schemes assure that security is maintained during handover.

802.16 was originally designed to provide a flexible, cost effective, standards-based last-mile broadband connectivity to fill in the broadband coverage gaps that are not currently served by “wired” solutions such as cables or DSL, the evolved versions of the standard are aiming to create new forms of broadband services both with high-speed and mobility.

Still now in the world of network and telecommunication there exist myriads of problems, issues and challenges with both the wired and un-wired medium. WiMAX is designed to potentially address those contraventions.

Working of WiMAX is very much like a WLAN (or Wi-Fi), However WiMAX eliminates range and capacity constraints of WLAN because it is designed to work over distances of up to 50 km and to create wireless metropolitan area networks (WMANs), where as the WLAN is limited to few hundred meters only. The WiMAX network has number of base stations and there associated antennas that are mend to wirelessly communicate with the number of client devices (or subscriber stations). The WiMAX - MAN is schematically similar to the point-to-multipoint layout of a cellular network. It revolves around strategically positioned, highly elevated base stations that beam signals to CPE within their radii.

The fixed wireless-access coverage CPE can only communicate to their respective base station, this revision would enable seamless communication from station to station.

A WiMAX base station is connected to public networks using optical fibre, cable, microwave link or any other high-speed point-to-point connectivity referred as a backhaul. WiMAX base stations are either directly wired to the Internet or use WiMAX links to other base stations In few cases like mesh networks, point-to-multipoint WiMAX link to other base stations is used as a backhaul.

Each base station serves Subscriber Stations (also called Customer Premise Equipment) using non-line-of-sight or line-of-sight point-to-multipoint connectivity referred as “Last mile”. Base station provides wireless coverage over an area called a cell. Ideally WiMAX should use non-line-of-sight point-to-multipoint antennas to connect residential or business subscribers to the base station.

As with conventional cellular mobile networks, the base-station antennas can be omni directional, giving a circular cell shape, or directional to give a range of linear or sector shapes for point-to-point use or for increasing the network’s capacity by effectively dividing large cells into several smaller sector areas.

The communications landscape is shifting dramatically under the increasing pressure of rapid technology development and intensifying competition. The most significant development in the communications industry in the past ten years has been the dramatic rise in network capabilities and the subsequent fall in communications pricing.

Today, broadband sources such as fiber-optic, wireless access and cable modems provide very high-speed access to information and media of all types via corporate networks and the World Wide Web, creating an “always-on” environment. The result will eventually be a widespread convergence of entertainment, telephony and computerized information: data, voice and video, delivered to a rapidly evolving array of Internet appliances, PDAs, wireless devices (including cellular telephones) and desktop computers.

There are multiple transmission media or technologies that can be used to provide broadband access. Each technology has its respective advantages and disadvantages, and will likely compete with each other based on performance, price, quality of service, geography, user friendliness, and other factors.

Cable
The same cable network that currently provides television service to consumers is being modified to provide broadband access with maximum download speeds as much as 6 Mbps. Internet protocol (IP) telephony is one of the services that can be delivered over coaxial cable. For the cable operators, IP telephony enables them to offer voice services that, to date, have been the domain of the telephone companies.

Digital Subscriber Line (DSL) & ADSL
DSL is a modem technology that converts existing copper telephone lines into two-way high-speed data conduits. Data transmission speeds typically range up to 3 Mbps for downloading and 768 kbps for uploading. DSL technology is a copper-loop transmission technology for transmitting high-speed data over ordinary telephone wires. Different variants of DSL exist to address different technology trade-offs.

Satellite
Satellite broadband Internet service like cable, is a shared medium, meaning that privacy may be compromised and performance speeds may vary depending upon the volume of simultaneous use. Another disadvantage of Internet-over-satellite is its susceptibility to disruption in bad weather. On the other hand, the big advantage of satellite is its universal availability.

Power line Communication (PLC)
Power utilities around the world are recognizing the natural competitive advantage they have in telecommunications. This comes from the use of infrastructure they have in place (ducting, building access, poles), their systems (billing, call centers). It is a natural extension of business activity for a power company to enter into telecommunications.

HomePlug-AV – Keep an Eye on Power
HomePlug-AV is gaining interest as with characteristics capable of supporting multiple High Definition TV streams simultaneously using a single A/C power outlet are essentially impressive. Its performance becomes more compelling as well as incredulous when one considers the “noise” injected by electric motors, fluorescent lights, and air conditioners.

Wireless – Radio Access
In the last 15 years radio access networks have transitioned from analog to digital technologies and moved on from voice-only services. Today’s WiMAX, Wi-Fi and WCDMA networks are pushing the performance of the wireless interface to a completely different level and this development is expected to continue for the foreseeable future.

With the advent and expand of new horizons in the world of communication the challenges pertained to it also increases. The wireless network has gained a wide acceptance and adaptation in the various domains of life. It must be credited for the induction of a certain boom and bonanza in the domain of networks and communication. WiMAX is a new splendor in the Telecom sector; promising high bandwidth (broadband) connectivity with mobility. But it is seized by the dreads of security exploits due to authorization vulnerability. So if the security measures and preventives are superseded by a malicious activist the results will be horrific and horrendous and will lead towards a catastrophic dead end. This reflects the importance of concrete security architecture.

Both Wired and wireless networks is the target of malicious activists. The main difference between wired and wireless networks is the anonymous, uncontrolled coverage areas between the end points of the network. This allows attackers to perform a number of attacks that are not found in traditional wired networks.

The security in WiMAX is ensured by different cryptographic methods that are been employed by the 802.16 standard. Along side there are various certificates and keys that are designed to structure reliability.

X.509 Certificates

In the authentication process of a node with the Authorization Node, the protocol employs X.509 public key infrastructure certificate.

AKs

The AK (Authorization key) is a 20-byte key from which a KEK, a HMAC_KEY_D, and a HMAC_KEY_U are derived. AKs are shared between the Authorization Node and the node.

KEKs

The KEK (Key Encryption Key) is a 128-bit key used to encrypt the TEK. The KEK is derived from an AK.

TEKs

The TEK is a key used to encrypt or decrypt traffic between a node and its neighbor. After authorization, the node starts TEK exchange with each neighbor. TEKs are identified by 2-bit Key Sequence Numbers enabling 4 different keys (TEK0-TEK3).

HMAC Keys

The HMAC-Digest is an attribute containing a 160-bit keyed hash. It is calculated by using the HMAC with the secure hash algorithm SHA-1. The HMAC-Digest is used for message authentication.

Encryption of AK

A node obtains AKs in Auth Reply messages from the Authorization Node. The exchange of AK is performed while one station either BS or SS seeks the authorization from other, mostly when BS seeks authorization from SS.

Encryption of TEK

A node initiates the TEK exchange with each neighbor, and the neighbor generates a TEK attached in a Key Reply message.

Data Encryption

The packet data transmitted between nodes is also encrypted.

Cryptographic Suites

In the process of node authorization, a node exchanges the security capabilities with the Authorization Node by sending it a list of cryptographic algorithms in Auth Request message. The algorithms are used for data encryption, data authentication, and TEK encryption.

Operator Shared Secrets

The Operator Shared Secret is a private key which each node obtains from the provider. An Operator Shared Secret is sent to a node in an Auth Reply message. Each node has up to two active Operator Shared Secrets. To produce a HMAC-Digest in the Mesh mode, HMAC_KEY_S is derived from the Operator Shared Secret. The Operator Shared Secret used to create the HMAC_KEY_S is identified by the Operator Shared Secret Sequence Number in an Auth Reply message.