Академический Документы
Профессиональный Документы
Культура Документы
Authorisation
WiMAX technology uses Privacy Key Management (PKM) protocol in order to provide and
ensure the integrity of data distribution between mobile stations, establishing security
associations between mobile stations. PKM uses several techniques such as: RSA public-key
algorithm, digital certificate and AES encryption algorithm. PKM implementation is
reinforced by the fact that the base station uses PKM protocol as a protection of the contents
by asking the user to meet a certain criteria before granting them access to the content
therefore using PKM as an authentication protocol by protecting the content and integrity of
the data from theft. Base station usually applies this condition in terms of network services.
Feature
Authentication
Security Association
PKMv1
RSA-based one-way
PKMv2
Mutual authentication.
authentication: The BS
authenticates the SS
methods: EAP or RSA
One SA family: Unicast. Three SA families: Unicast,
Composed of three types of Group
security
Association
of
primary,
Data encryption
and
Triple
Table shows the main differences between PKMv1 and PKMv2 (Nuaymi, 2007)
Evaluation
PKMv2 is more effective than PKMv1. PKMv2 uses two types of encryption EAP and RSA.
In terms of features is possess, PKMv2 is much more secure for transferring data from base
station to mobile stations. PKMv2 can be achieved through two types of user/device
authentication techniques:
RSA-based authentication: RSA-based authentication works in a way where together with the
RSA encryption, the X.509 certificate comes along. That is the X.509 is a certificate which is
issued by the subscriber station manufacturer to the base station. The certificate contains the
public key of the subscriber station and its MAC address. Therefore when a user request an
authorisation key, the subscriber station will then send the digital certificate to the base
station, where it is validated and then uses the public key to encrypt the authorisation key
which is sent back to the subscriber station.
EAP-based authentication: includes a set of EAP request messages that are exchanged
between the client and the authentication server. EAP defines a set of request and response
messages, where the base station sends a request to the authentication server therefore based
on the responses, access to the client may be granted or denied. There are a variety of EAP
methods that have been created to support authentication, using a variety of credentials, such
as passwords, certificates, tokens, and smart cards.
Recommendation
By implementing PKMv2 EAP- based authentication in International e-Cash business, we
can therefore prevent the man-in-the-middle attack as well as protecting the network from
theft by ensuring data integrity and authenticity. Both wireless client and access points are
strongly authenticated using digital certificates, therefore it is mandatory for the client to hold
a digital certificate. Through EAP authentication, the client can be re-authenticated and rekeyed as often as needed without inconveniencing the end user at all.
Data Encryption
Encryption is the process by which data is encoded so that only a computer that possesses the
mathematical decoder can use or read it. It is the common method used to safeguard the
confidentiality of data transmission between mobile stations. However encryption in WiMAX
technology uses block or stream of data referred as plain text, then taking another block or
stream of data known as the encryption key to produce a cipher text preventing potential
hackers to understand the content of the data.
Symmetric encryption algorithm
The users share the same key to both encrypt and decrypt data. Symmetric encryption is done
by block cipher using some secret key. The block cipher works in a way where it uses a fixed
length of data proceeding by using a secret key to produce a cipher text, which is usually of
the same size as the original text block.
DES
AES
DES (2015)
56
64
32GB
72,057,594,037,927,936
2^128+2^192+2^256
to
decrypt message
Evaluation
AES may be used for traffic data encryption and can also be used for the encryption of the
traffic encryption keys (Nuaymi, 2007). AES is much faster than DES. AES was built with
the ability to be resistant to any type of attacking techniques. WiMAX technology enforces
the use of 128 it encryption key. If a hacker attempts of hack an encrypted message using
AES algorithm, the combinations will be much more than that of DES, as the longer the
encryption key the less chance the hacker will be able to break the message. This quality of
AES is essential for the banking system of International e-cash, since top secret information
will be travelling from one branch to another.
Data Encryption standard (DES) & Triple DES: Both DES and Triple DES are secret
encryption algorithm. DES is a mandatory part of the WiMAX technology. It is responsible
for data traffic encryption, whereas Triple DES is used for the encryption of the traffic
encryption keys. The algorithm are applied to a block of data rather than one bit. DES works
in a way that when a text is encrypted, it uses a 56 bit secret key to encrypt the block group
into a 64 bit. This process usually consists of 16 identical rounds which can run in four
different modes that is encrypting blocks individually or making each cipher block dependent
on all the previous blocks. The decryption process works in the same way as the encryption,
except that the keys order are reversed. For this method the most commonly named attack is
brute force, involving trying each key until you find the right one.
Recommendation
By implementing AES encryption algorithm in international e-cash, WiMAX will provide
branches with strong support for confidentiality of data being shared over the network as well
as ensuring the integrity of data through security across the wireless interface. This Technique
will also prevent brute force attack securing during data transmission. Furthermore AES will
also improve the performance in a variety of settings such as smartcards, hardware and
software implementations. In terms of economic feasibility, AES is cheaper to implement in
both software & hardware and uses a little memory.
References
Nuaymi, L. (2007). WiMAX. Chichester: John Wiley.
Freewimaxinfo.com, (n.d.). WiMAX EAP- Extensible Authentication Protocol. [online]
Available at: http://freewimaxinfo.com/authentication-acess-control.html [Accessed 28 Jul.
2015].
Freewimaxinfo.com, (n.d.). Wimax AES | Advanced Encryption Standard in WiMAX. [online]
Available at: http://freewimaxinfo.com/aes-in-wimax.html [Accessed 28 Jul. 2015].
Joan, B. (2011). Difference Between DES and AES. [online] Differencebetween.net. Available
at: http://www.differencebetween.net/technology/difference-between-des-and-aes/ [Accessed
28 Jul. 2015].
Nguyen, T. (2009). A survey of WiMAX security threats. [online] Cse.wustl.edu. Available at:
http://www.cse.wustl.edu/~jain/cse571-09/ftp/wimax2/ [Accessed 28 Jul. 2015].
Rouse, M. (2014). What is Data Encryption Standard (DES)?. [online] TechTarget. Available
at: http://searchsecurity.techtarget.com/definition/Data-Encryption-Standard [Accessed 12
Jul. 2015].