Security Vulnerabilities and Solutions in Mobile WiMAX

The development of IEEE 802.16 was started by the IEEE in 2001. After that it was revised several times and ended in the final standard IEEE 802.16-2004 which corresponds to revision D and is often called Fixed WiMAX [1]. It defines Wireless Metropolitan Broadband access for stationary and nomadic use. This means end devices can not move between base stations (BS) but they can enter the network at different locations. This specification was extended by the development of IEEE 802.16e which supports mobility so mobile stations (MS) can handover between BS while communicating. IEEE 802.16e is often called Mobile WiMAX [2] and is an amendment to the IEEE 802.16-2004 standard. Commercial services of Mobile WiMAX are already planned for several countries. On the link layer Mobile WiMAX introduces new features like different handover types, power saving methods and multiand broadcast support. Furthermore IEEE 802.16e eliminates most of the security vulnerabilities discovered in its predecessors [3]. It uses EAP-based mutual authentication, a variety of strong encryption algorithms, nonces and packet numbers to protect against replay attacks and reduced key lifetimes. First of all some parts of the functionality of Mobile WiMAX are introduced. Afterwards different security vulnerabilities and possible solutions to solve them are presented. 1.2 Initial network entry procedure