Security implementation and considerations

International e-Cash is a financial organization dealing with money transaction at every

minute of the day. It is essential to protect and preserve the information that are being
transmitted from the head quarter to the branches or from branches to branches.
The IEEE 802.16 network standard is based from the two layers of the Open Systems
Interconnection (OSI) model that is the Data Link Layer and the Physical Layer. The Data
Link Layer can be further divided into the Medium Access Layer (MAC) and the Logical
Link Contol (LLC).
The Security sublayer of the MAC layer is responsible to maintain the effective connection
through authentication and encryption.
The physical layer main purpose is responsible for the effective transmission of data between
two entities. Basically this includes the transmission power and other physical characteristics
including modulation and demodulation (Nuaymi, 2007).
The two main methods of ensuring data network security in WiMAX are authorization and
data encryption.

Authorisation
WiMAX technology uses Privacy Key Management (PKM) protocol in order to provide and
ensure the integrity of data distribution between mobile stations, establishing security
associations between mobile stations. PKM uses several techniques such as: RSA public-key
algorithm, digital certificate and AES encryption algorithm. PKM implementation is
reinforced by the fact that the base station uses PKM protocol as a protection of the contents
by asking the user to meet a certain criteria before granting them access to the content
therefore using PKM as an authentication protocol by protecting the content and integrity of
the data from theft. Base station usually applies this condition in terms of network services.

Feature
Authentication

Security Association

PKMv1
RSA-based one-way

PKMv2
Mutual authentication.

authentication: The BS

Supports two authentication

authenticates the SS
methods: EAP or RSA
One SA family: Unicast. Three SA families: Unicast,
Composed of three types of Group
security

Association

associations: MBS Security Associtation.

primary, dynamic and static. Composed

Key encryption

of

primary,

dynamic and static.

Use of three encryption New encryption method
algorithms:

Data encryption

and

Triple

DES, implemented: AES with key

RSA and AES.

wrap.
DES in the CBC mode & Use of the same algorithm
AES in the CCM mode

plus AES in the DTR mode

and AES in the CBC mode
implementation.

Table shows the main differences between PKMv1 and PKMv2 (Nuaymi, 2007)
Evaluation
PKMv2 is more effective than PKMv1. PKMv2 uses two types of encryption EAP and RSA.
In terms of features is possess, PKMv2 is much more secure for transferring data from base
station to mobile stations. PKMv2 can be achieved through two types of user/device
authentication techniques:

RSA-based authentication: RSA-based authentication works in a way where together with the
RSA encryption, the X.509 certificate comes along. That is the X.509 is a certificate which is
issued by the subscriber station manufacturer to the base station. The certificate contains the
public key of the subscriber station and its MAC address. Therefore when a user request an
authorisation key, the subscriber station will then send the digital certificate to the base
station, where it is validated and then uses the public key to encrypt the authorisation key
which is sent back to the subscriber station.

EAP-based authentication: includes a set of EAP request messages that are exchanged
between the client and the authentication server. EAP defines a set of request and response
messages, where the base station sends a request to the authentication server therefore based
on the responses, access to the client may be granted or denied. There are a variety of EAP
methods that have been created to support authentication, using a variety of credentials, such
as passwords, certificates, tokens, and smart cards.

Recommendation
By implementing PKMv2 EAP- based authentication in International e-Cash business, we
can therefore prevent the man-in-the-middle attack as well as protecting the network from
theft by ensuring data integrity and authenticity. Both wireless client and access points are
strongly authenticated using digital certificates, therefore it is mandatory for the client to hold
a digital certificate. Through EAP authentication, the client can be re-authenticated and rekeyed as often as needed without inconveniencing the end user at all.

Data Encryption

Encryption is the process by which data is encoded so that only a computer that possesses the
mathematical decoder can use or read it. It is the common method used to safeguard the
confidentiality of data transmission between mobile stations. However encryption in WiMAX
technology uses block or stream of data referred as plain text, then taking another block or
stream of data known as the encryption key to produce a cipher text preventing potential
hackers to understand the content of the data.
Symmetric encryption algorithm
The users share the same key to both encrypt and decrypt data. Symmetric encryption is done
by block cipher using some secret key. The block cipher works in a way where it uses a fixed
length of data proceeding by using a secret key to produce a cipher text, which is usually of
the same size as the original text block.

Figure 3 Symmetric encryption (2005)

WiMAX supports two vigorous symmetric encryption block cipher:

Feature
Topology

DES

AES

Encryption Key length

Block size (bits)
Maximum amount of data

DES (2015)
56
64
32GB

AES structure (2007)

128,192,256
128
256 million gigabytes

72,057,594,037,927,936

2^128+2^192+2^256

that can be transferred

using a single key
Hacking
attempts

to

decrypt message

Evaluation
AES may be used for traffic data encryption and can also be used for the encryption of the
traffic encryption keys (Nuaymi, 2007). AES is much faster than DES. AES was built with
the ability to be resistant to any type of attacking techniques. WiMAX technology enforces
the use of 128 it encryption key. If a hacker attempts of hack an encrypted message using
AES algorithm, the combinations will be much more than that of DES, as the longer the
encryption key the less chance the hacker will be able to break the message. This quality of
AES is essential for the banking system of International e-cash, since top secret information
will be travelling from one branch to another.
Data Encryption standard (DES) & Triple DES: Both DES and Triple DES are secret
encryption algorithm. DES is a mandatory part of the WiMAX technology. It is responsible
for data traffic encryption, whereas Triple DES is used for the encryption of the traffic
encryption keys. The algorithm are applied to a block of data rather than one bit. DES works
in a way that when a text is encrypted, it uses a 56 bit secret key to encrypt the block group
into a 64 bit. This process usually consists of 16 identical rounds which can run in four
different modes that is encrypting blocks individually or making each cipher block dependent
on all the previous blocks. The decryption process works in the same way as the encryption,
except that the keys order are reversed. For this method the most commonly named attack is
brute force, involving trying each key until you find the right one.
Recommendation
By implementing AES encryption algorithm in international e-cash, WiMAX will provide
branches with strong support for confidentiality of data being shared over the network as well
as ensuring the integrity of data through security across the wireless interface. This Technique

will also prevent brute force attack securing during data transmission. Furthermore AES will
also improve the performance in a variety of settings such as smartcards, hardware and
software implementations. In terms of economic feasibility, AES is cheaper to implement in
both software & hardware and uses a little memory.

References
Nuaymi, L. (2007). WiMAX. Chichester: John Wiley.
Freewimaxinfo.com, (n.d.). WiMAX EAP- Extensible Authentication Protocol. [online]
Available at: http://freewimaxinfo.com/authentication-acess-control.html [Accessed 28 Jul.
2015].
Freewimaxinfo.com, (n.d.). Wimax AES | Advanced Encryption Standard in WiMAX. [online]
Available at: http://freewimaxinfo.com/aes-in-wimax.html [Accessed 28 Jul. 2015].

Joan, B. (2011). Difference Between DES and AES. [online] Differencebetween.net. Available
at: http://www.differencebetween.net/technology/difference-between-des-and-aes/ [Accessed
28 Jul. 2015].
Nguyen, T. (2009). A survey of WiMAX security threats. [online] Cse.wustl.edu. Available at:
http://www.cse.wustl.edu/~jain/cse571-09/ftp/wimax2/ [Accessed 28 Jul. 2015].
Rouse, M. (2014). What is Data Encryption Standard (DES)?. [online] TechTarget. Available
at: http://searchsecurity.techtarget.com/definition/Data-Encryption-Standard [Accessed 12
Jul. 2015].