See

discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/289218189

An assessment of authentication and key

management protocol of IEEE 802.16d (WIMAX)
Wireless Mesh Networks

Article in INFORMATION, Japan · May 2013

CITATIONS READS

0 3

4 authors, including:

Muhammad Bakhsh
Pakistan Academy for Rural Development,Pehawar
22 PUBLICATIONS 25 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

mobile learning assessment model development View project

All content following this page was uploaded by Muhammad Bakhsh on 19 July 2017.

The user has requested enhancement of the downloaded file.

INFORMATION- An International Interdisciplinary Journal Vol.16, No.05,2013

An Assessment of Authentication and Key Management Protocol of

IEEE 802.16d (WIMAX) Wireless Mesh Networks

Muhammad Bakhsh *, Iftikhar Ahmad***, Muhammad Javed Iqbal ** and Mohammed Y

Aalsalem****
*Research Wing, Academy for Rural Development, Peshawar, Pakistan
E-mail: mbakhsh7@yahoo.com

**Department of Computer and Information Sciences, Universiti Teknologi PETRONAS, Perak, Malaysia
E-mail: javed1797@hotmail.com

****DSE, College of Computer and information Sciences, King Saud University, Saudi Arabia.
E-mail:iftahmad@ksu.edu.sa

****Department of Computer Science, Faculty of Computer and Information System, Jazan University, Saudi
Arabia.

Abstract
WIMAX is a wireless metropolitan area network technology that supports fixed, nomadic, portable
and mobile wireless access. It provides a cost effective fixed wireless alternative to conventional wired
DSL. A wireless network is more vulnerable than a wired, to external threats. We have assessed the
authentication and Key management process in 802.16 mesh networks. In this paper we analyze the
existing protocols, as well as related work and assessed the existing authentication and key management
protocol. We have proposed some changes in the existing authentication and key management process
which may improve the efficiency of WiMAX mesh networks. In proposed scenario it is expected that
BS efficiency may be increased in responding the requesting SS’s and a mechanism of how a BS
maintains the information about active nodes. This work may help in future research on 802.16 mesh.

Key Words: Subscriber Station/ Terminal Equipment, Neighboring Node, Communicating Node

1. Introduction
It is the era of technology where the Wireless technologies growing in a faster way due to
its easy deployment. WIMAX is the IEEE 802.16 standard-based wireless technology intended
for wireless MAN released in 2001[2]. WIMAX's main utilize will be for fixed and mobile
wireless broadband, that will enable a wireless alternative for cable, Broadband (remove the
hurdle of distance limitations for DSL and T1 level services) [6]. WIMAX supports and
integrates easily to other wired and wireless technologies such as Ethernet, IPv4-6, ATM and
Wi-Fi. WIMAX, which have primarily aimed at making wireless broadband network access,
Without the cost of stringing wires (as in cable-access broadband) or the distance limitation of
DSL. IEEE 802.16 also known as BWA or WMAN [9].

© International Information Institute, Japan (www.information-iii.org) 3005

INFORMATION- An International Interdisciplinary Journal Vol.16, No.05,2013

The network architecture of WIMAX on the basis of working is mainly divided into two types:
i). Point to Multipoint Mode, ii). Mesh Mode
Depending upon the architecture and configuration WIMAX mesh networks can be divided
into three types. These are infrastructure mesh, client mesh and hybrid mesh. Infrastructure
mesh provides wireless backbone that is similar to wired backbone. In this way clients get
service from backbone mesh. The Client mesh architecture consists of passive clients that may
be mobile or fixed and who has no involvement in infrastructure mesh and perform a function
of routing and packet forwarding. Hybrid meshes are more usable form, which combines the
concept of infrastructure and client mesh [5] as in Fig.1.

“-------------“ Wireless Link

Fig.1. Architecture of Mesh Network

The theoretical data rate is 70 Mb/s with a range of up to a maximum of 50 km for fixed
stations and 5-15 km for mobile stations. IEEE 802.16a standard [6] defines the message
format to establish a mesh network connection. Subsequently, the Mesh mode specifications
were integrated into the IEEE 802.16d [5].

1.12 Security

Wireless MAN has recently gained considerable popularity due to their self configuring and
rapid extension capabilities. WIMAX security supports two quality encryptions standards,
DES3 and AES. Basically, all traffic on a WIMAX network must be encrypted using Counter
Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) which uses
AES for transmission security and data integrity. The security architecture of WIMAX MAC
layer consists of three sub layers convergence sub layer, common part sub layer and security
sub layer. The security sub layer provides authentication, authorization encapsulation, and
encapsulation and control management facility [7-9].

© International Information Institute, Japan (www.information-iii.org) 3006

INFORMATION- An International Interdisciplinary Journal Vol.16, No.05,2013

2. Related Work
David et al., review the IEEE 802.16 standard, enumerate the security limitations like water
torture attack, jamming radio spectrum , confidentiality (any one can read and write the
channel), replay attack , BS masquerading can be possible, key management failure due to
small two bit key and also suggest modifications to protect the standard against these threats.
[3]. But still authentication protocol is vulnerable to replay attack because they did not mention
any method of key freshness and node authentication in mesh mode. If this technique is applied
on mesh then there can be a threat of malicious sponsor node at the transit. The threat of replay
attack is also present. Enumerate the security limitations in the existing authentication and key
management protocol, illustrate possible attacks and proposed some modifications in the
existing authentication and key management protocol. The authors proposed the mutual
authentication both for BS and SS and a secure handover roaming protocol is proposed that can
be used in the future 802.16e for mobility [4].
Yun et al., analyze the security of IEEE 802.16 in mesh mode and find out vulnerabilities
in mesh mode [8]. Authorization attacks includes message modification between candidate and
sponsor node (modification may be done by the malicious sponsor node, security level roll back
attack (modification of the authentication request message which selects the weaker
cryptographic algorithms and DoS (modification of the SA list which may be removal of any
SA which causes even DoS). Threats to link establishment, traffic encryption keys and traffic
are also discussed. Bongk young et al., describe the analysis of security mechanism based on
mesh network architecture focusing on authentication and authorization [5]. Communication
between the mesh nodes is scheduled using time division multiple access time slots. Scheduling
is done by centralized algorithm, distributed algorithm or by hybrid algorithm. They give a new
scheme for joining node authentication by adding two new messages in the existing scheme
which is an extra burden on the bandwidth.
Fan et al., describes the analysis of security mechanism based on PMP (point-to multipoint)
network architecture focusing on authentication and authorization of SS only [1]. They give the
idea of RADIUS server, in this case BS act as an intermediary between the RADIUS and the
SS. They suggest some improvements in the Wireless Key Management Infrastructure (WKMI)
used for the key management through the support of Extensible Authentication Protocol (EAP).
Since several research groups are working on WIMAX wireless standard. The protocol
proposed in [3] use for authentication of SS and remove the replay attack on BS by mutual
authentication. Chances of BS masquerading still exist. The protocol for mutual authentication
both for BS and SS to avoid replay attacks by including Time Stamps with each Message [4].
The key management protocol proposed in [3, 4] is used in PMP networks only. The concept of
RADIUS server was proposed which authenticate the SS [1]; it also deals with PMP networks.
WIMAX networks can work in mesh mode [5].

© International Information Institute, Japan (www.information-iii.org) 3007

INFORMATION- An International Interdisciplinary Journal Vol.16, No.05,2013

3. Problem Overview
As compared to IEEE 802.11a/b/g based mesh network, the 802.16-based WIMAX mesh
networks provide higher bandwidth, range and security. The key management protocol
described in [4] works only for PMP networks. They can not give any idea about WIMAX
mesh. The security scheme used by [1] implemented for PMP networks and used RADIUS as
an authentication server. This technique is not useful in Mesh networks because of single
authentication server (i.e. RADIUS) that increase the interference between the nodes. The level
of interference depends upon how the data is routed in the WIMAX mesh network.
In this paper, we consider the following scenario of WIMAX-based mesh deployment. A
mesh network is partially managed by a node, which we refer to as Mesh BS. Mesh BS serves
as the interface for WIMAX-based mesh to the external network. Authentication and
authorization of a new node is done by neighboring node at entry level in mesh. Mesh BS only
controls the session and issuance keys for communication in mesh nodes. BS periodically
updates itself by getting authentication certificate along with BCID from the mesh nodes which
was given to them by the neighboring node having identification of BS.

4. Proposed Model
Most common attacks on the authentication protocol includes message replay, man in the
middle, parallel session, interleaving etc [4]. Authentication is an issue in the WiMAX mesh.
In the existing technique message- 1 is optional and only informative; the security analysis can
be started from the next message. The said protocol has life time in message three, can be
removed in the proposed scenario. One more thing which can be considered is that in the
existing system, after the authentication the node did not uniquely be identified.
In the proposed system when a fresh SS/CN/TE wants to join the mesh first it detects all the
available BS/NN (neighbor SS). Now new SS/CN can be authenticated by the any BS or NN.
In this scenario when a new node is authenticated by the NN there is a chance of malicious NN.
This threat is being removed by including the SIGBS in the authentication process which was
received by the NN during its own authentication process. After the authentication, new CN/SS
requests for the keying material to BS and then use the services of the mesh network. The
improved version may be written as;
For Network Entry;
M1. CNNN: [Cert CN | Nonce CN | ] SIGCN
M2. NNCN: [Cert NN | Nonce CN | Nonce NN ] SIG NN
For the authentication of new node;
M1 CNBS: Cert (CN. Manufacturer)
M2 CNBS: [Nonce CN | Cert CN | Capabilities | SAID ]SIG CN

© International Information Institute, Japan (www.information-iii.org) 3008

INFORMATION- An International Interdisciplinary Journal Vol.16, No.05,2013

M3. BSCN: [Nonce CN | Nonce BS | KUBS (Pre-AK) | SeqNo | SAIDList | Cert (BS) | BCID] SIG
BS.

The messages exchanged for the new node that is authenticated by BS are, Message 1 (M1)
says that first SS sends its certificate to BS that is issued by its manufacture. This is an optional
message. Message (M2) is then sent by SS that contain Time stamp, certificate, its capabilities
list, SAID list and its own signature. Finally Message (M3) is the reply of the M1&M2 which
contain authentication key with time stamp, SAID list, its own certificate, signature, and Basic
Connection ID. In the this system when a SS (Requestor/node) wants to communicate with
another SS(Responder/node) (in mesh networks it kept in mind that SS can be authenticated at
entry time by the neighboring SS’s after that the requestor SS request to BS for keying
information to use the services of mesh network which is proposed in next part.
The certificate contains the node’s public key, certificate, signature and SAID list. The node
uses the certificate in the authorization process. In response BS send a message by time
stamping it to avoid replay attack. This time stamp can also be used for session. BCID is a
unique number which identifies a node.
BS periodically updates itself by checking the active nodes and retrieve following
information from them, which are used in a process of key issuance.
M1 BSN: Nonce BS |SIG BS
M2 NBS: Nonce N |Cert N | BCID | SIGN.
The message contains time stamp to avoid frequent messaging to BS and signature for
authentication. For the management of keying material the system in [4] may be improved as
M1. SSBS: [Nonce S | SeqNo | SAID] SIGSS
M2. BSSS: [Nonce B | Nonce S | SeqNo | SAID | OldTEK| KUSS(NewTEK) | SIGBS
In Message1, SS send BS its own public key for the message authentication, signatures,
Sequence No derived from the AK which was provided to SS during authentication, SAID,
time stamp of SS and SIG of SS to avid repudiation. BS reply with NewTEK encrypted with
the public key of SS, it also include a time stamp and signature of BS. Now BS has a role only
to manage the keys for active nodes. Using this technique secure communication can be
possible, no malicious SS can participate in the mesh network and BS bandwidth is used in
more affection manner. Peer-to-peer communication can be possible.

5. Testing and Performance Evaluation

Due to difficulty in the availability of the hardware that was required for implementation of
the proposed system. We have used a mathematical model to prove our work. In mathematical
model we take some values in both the scenarios that are previous one and proposed. In some
extent, it is proved that the proposed scenario is better that that of the previous. In our proposed
hybrid approach Spoofed requests are controlled, Avoid the reply attack , Avoid flooding,

© International Information Institute, Japan (www.information-iii.org) 3009

INFORMATION- An International Interdisciplinary Journal Vol.16, No.05,2013

Jumping Forward is controlled, Man in the middle attack is removed ,Improve Service
Delivery, Reduce the authentication packet size, Bandwidth is saved , Inexpensive in
processing and Inexpensive in power consumption. In the proposed system intra-
communication between the nodes can not disturb the BS. In the previous key management
protocol hash function is used which is expensive in computing, power consumption and may
cause the denial of service for the nodes. We replace it with signatures which also increase the
processing capability of the BS.

5.1 Test Scenario

We consider the following scenario of WIMAX-based mesh deployment. A mesh network is
partially managed by a node, which we refer to as Mesh BS. Mesh BS serves as the interface
for WIMAX-based mesh to the external network. Authentication and authorization of a new
node is done by neighboring node at entry level in mesh. Mesh. A mesh network is partially
managed by the BS. By considering the above scenario we use mathematical model to test and
evaluate the work.

5.2 Performance and Evaluation

The proposed system has following advantages over the previous work.
i. Spoofed requests are controlled
ii. Avoid the reply attack
iii. Avoid flooding
iv. Jumping Forward is controlled
v. Man in the middle attack is removed
vi. Improve Service Delivery
First, we have checked our system for the legitimate requests. In this case we send all
legitimate requests to check whether our systems authenticate all legitimate requests or it may
also stop some legitimate requests. We have send three hundred legitimate requests and all are
authenticated as shown in the Fig 2. In the second scenario we have checked our developed
system for the mixed requests which includes legitimate and spoofed requests. In this case we
send 190 spoofed and 90 legitimate requests in a mixed mode Fig. 3 shows that developed
system authenticate all the 90 legitimate requests only. System discarded all the spoofed
requests. Figure 4 shows the issuance of authentication key in case of the existing protocol. In
this case we send mixed requests on the existing authentication protocol 190 spoofed and 100
legitimate but the existing protocol issue 290 authentication keys. In the proposed system same
number of authentication requests are send as that in the Fig. 4 for authentication but it issue the
authentication keys to the legitimate requests only and discard all the spoofed requests as shown

© International Information Institute, Japan (www.information-iii.org) 3010

INFORMATION- An International Interdisciplinary Journal Vol.16, No.05,2013

in the Fig. 5 which remove extra burden of processing from the BS/Authentication server.

350 200
180
300
160
Authenticated Requests

250 140

Requests
120 Spoofed Requests
200
Authenticated
100 Ligitimate Requests
Requests
150 Authenticated Requests
80

100 60
40
50
20
0 0
30 60 90 120 150 180 210 240 270 300 20 40 60 80 100 120
Total Requests Nodes

Fig.2. authentication of legitimate requests Fig.3. Spoofed and legitimate requests

Issuance of AK in Existing Protocol Issuance of AK in AKMM

300 200
180
250 160
140
200
Requets

Requets
Spoofed Requests 120 Spoofed Requests
150 Ligitimate Requests 100 Ligitimate Requests
No of AK Issued 80 No of AK Issued
100 60
50 40
20
0 0
25 50 75 100 125 150 25 50 75 100 125 150
Nodes Nodes

Fig.4. Issuance of AK in existing protocol Fig.5. Issuance of AK in AKMM

14000

12000

10000

8000
Bytes

Existing Protocol
6000 AKMM

4000

2000

0
200 400 600 800 1000 1200
AK Requests

Fig. 6. Payload comparison of messages in AK requests (common fields are omitted)

The above graph shows the data comparison of the two protocols in case of authentication
requests, graph shows that the proposed protocol has fewer amounts of data which is attached
along with payload from CN to BS. So the message size for our protocol is lighter as compared
to previous one. The above graph shows the message size comparison in case of authentication
reply proposed protocols have lesser size as compared to the previous protocol.

© International Information Institute, Japan (www.information-iii.org) 3011

 INFORMATION- An International Interdisciplinary Journal Vol.16, No.05,2013

6. Conclusion

In this paper we have proposed an authentication process and a Key management protocol
for WIMAX mesh networks. Through this protocol, authentication of new node is done at entry
level by neighboring node or BS in the mesh. The key issuance authority is BS. BS periodically
updates its database by taking BCID from active nodes including their signature. This
technique is useful in case of mesh it can be further improved. More work is required on
WIMAX mesh networks privacy and key management.

7. Acknowledgments
This work was supported by the Research Center of College of Computer and Information
Sciences, King Saud University. The authors are grateful for this support.

References
[1] Fan Y., Huaibei Z., Lan Z., Jin F., An Improved Security Scheme in WMAN based on IEEE
Std. 802.16, IEEE International Conference on Communications (2007). p1160 - 1165
[2] White Paper, IEEE 802.16a Standard and WiMAX Igniting Broadband Wireless
Access, WiMAX Forum, www.wimaxforum.org.
[3] David, J., Jesse W., Overview of IEEE 802.16 security, IEEE Security & Privacy,
2(2004), pp.40-48.
[4] Sen X., Manton M., Chin H., Security issues in privacy and key management protocols
of IEEE 802.16, In ACM Proceedings of the 44th annual Southeast regional conference
(ACM-SE 44), (2006), 113-118.
[5] Asad A., Marius P., Jadwiga I., Evaluation of Multi-radio extensions to AODV for wireless
mesh networks, Pervasive Mob. Computing, (2009), 93-109.
[6] IEEE 802.16, IEEE Standard for Local and metropolitan area networks, IEEE Press, 2004.
[7] Sen. X., Chin H., Attacks on PKM Protocols of IEEE 802.16 and Its Later Versions, 3rd
IEEE International Symposium on Wireless Communication Systems, (2006), p185–189.
[8] Akyildiz, IF.,Wang, X., A Survey on Wireless Mesh Networks. IEEE Communications
Magazine, 43(2005):S23–S30.
[9] Kwon, B., Lee, Christopher P., Chang, Y., Copeland, JA., A Security Scheme for
Centralized Scheduling in IEEE 802.16 Mesh Networks, Military Communications
Conference( 2007). p1-5.
*Corresponding author : Muhammad Javed Iqbal *
Department of Computer and Information Sciences, Universiti Teknologi PETRONAS, Bandar
Seri Iskandar, 31750 Tronoh, Perak, Malaysia.

© International Information Institute, Japan (www.information-iii.org) 3012

View publication stats