2886
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 63, NO. 6, JULY 2014
QoS-Aware Distributed Security Architecture for 4G Multihop Wireless Networks Perumalraja Rengaraju, Chung-Horng Lung, Member, IEEE, and Anand Srinivasan
Abstract—Vehicular communications have received a great deal of attention in recent years due to the demand for multimedia applications during travel and for improvements in safety. Safety applications often require fast message exchanges but do not use much bandwidth. On the other hand, multimedia services require high bandwidth for vehicular users. Hence, to provide mobile broadband services at a vehicular speed of up to 350 km/h, Worldwide interoperable for Microwave Access (WiMAX) and Long-Term Evolution (LTE) are considered the best technologies for vehicular networks. WiMAX and LTE are Fourth-Generation (4G) wireless technologies that have well-defined quality of service (QoS) and security architectures. However, some security threats, such as denial of service (DoS), an introduction of rogue node, etc., still exist in WiMAX and LTE networks, particularly in multihop networks. Therefore, strong security architecture and hasty authentication methods are needed to mitigate the existing security threats in 4G multihop wireless networks. Conversely, the network QoS should not be degraded while enhancing security. Thus, we propose QoS-aware distributed security architecture using the elliptic curve Diffie–Hellman (ECDH) protocol that has proven security strength and low overhead for 4G wireless networks. In this paper, we first describe the current security standards and security threats in WiMAX and LTE networks. Then, the proposed distributed security architecture for 4G multihop wireless networks is presented. Finally, we compare and analyze the proposed solution using testbed implementation and simulation approaches for WiMAX. From the simulation and testbed results for WiMAX networks, it is evident that the proposed scheme provides strong security and hasty authentication for handover users without affecting the QoS performance. For LTE networks, we present the theoretical analysis of the proposed scheme to show that similar performance can also be achieved. Index Terms—Distributed security, elliptic curve Diffie– Hellman (ECDH), Long-Term Evolution (LTE), multihop, Worldwide interoperable for Microwave Access (WiMAX).
Manuscript received December 18, 2012; revised May 19, 2013, September 1, 2013, and October 11, 2013; accepted November 2, 2013. Date of publication November 26, 2013; date of current version July 10, 2014. This work was supported in part by Ontario Centers for Excellence and EION Inc., Ottawa, ON, Canada. The review of this paper was coordinated by Dr. L. Chen. P. Rengaraju is with the Department of Information Technology, Velammal College of Engineering and Technology, Tamil Nadu 625 009, India (e-mail:
[email protected]). C.-H. Lung is with the Department of Systems and Computer Engineering, Carleton University, Ottawa, ON K1S 5B6, Canada (e-mail: chlung@sce. carleton.ca). A. Srinivasan is with EION Wireless Inc., Ottawa, ON K2K 2E3, Canada (e-mail:
[email protected]). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TVT.2013.2292882
I. I NTRODUCTION
I
N general, vehicular applications can be divided into two groups: safety and nonsafety applications. Safety applications often require fast message exchanges but do not use much bandwidth. In order to support safety applications, such as collision avoidance, hard-braking warnings, accident reporting, and intersection announcements, etc., vehicles are enabled to communicate with one another via (vehicle-to-vehicle communications) or via roadside access points (vehicle-to-roadside communications). These vehicular communications are expected to contribute to safer roads by providing timely information to drivers and to make travel more convenient. Conventionally, vehicular ad hoc networks are used to implement dedicated short-range communications (DSRC) for safety applications. The DSRC standard, i.e., IEEE 802.11p, is probably the best positioned technique to provide safety services. On the other hand, the nonsafety applications require high bandwidth and strong security to support multimedia services for vehicular users. To support multimedia services for vehicular users, the networks that have high bandwidth, such as cellular and satellite networks, are considered. When comparing cellular and satellite networks, satellite networks are more expensive but provide lower quality-of-service (QoS) performance (higher delay and lower maximum throughput) [49]. On the contrary, the telecommunication industry landscape for cellular networks is rapidly growing from second-generation (2G) to fourth-generation (4G) to accommodate the increasing usage of multimedia applications and users mobility. In 4G networks, Worldwide interoperable for Microwave Access (WiMAX) and Long-Term Evolution (LTE) are two emerging broadband wireless technologies aimed at providing high-speed Internet of 100 Mb/s at a vehicular speed of up to 350 km/h [9]. Further, 4G wireless standards provide well-defined QoS and security architecture. For this reason, 4G cellular networks are considered up-and-coming technologies for vehicular multimedia applications. WiMAX and LTE resemble each other in some key aspects, including operating frequency spectrum, high capacity, mobility, strong QoS mechanisms, and strong security with a similar key hierarchy from the core network to the access network. However, WiMAX and LTE also differ from each other in certain aspects, as they have evolved from different origins. LTE has evolved from 3rd Generation Partnership Projects (3GPP); thus, the LTE network has to support the existing 3G users’ connectivity, but there is no such constraint for WiMAX. Particularly, on the security aspect, the WiMAX authentication process uses Extensive Authentication Protocol Tunneled
0018-9545 © 2013 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
RENGARAJU et al.: DISTRIBUTED SECURITY ARCHITECTURE FOR 4G MULTIHOP WIRELESS NETWORKS
Transport Layer Security (EAP-TTLS) or EAP-Transport Layer Security (EAP-TLS), which allows enterprise customers to use X-509 certificates that contain enterprise-controlled password. On the other hand, the LTE authentication process uses the EAP Authentication and Key Agreement (EAP-AKA) procedure that authenticates only the International Mobile Subscriber Identity (IMSI) burned in a subscriber identity module (SIM) card. Consequently, the LTE security does not meet the enterprise security requirement, as LTE does not authenticate enterprisecontrolled security [12]. Although the authentication process is different between WiMAX and LTE, both have well-defined security architecture. In addition, the security key hierarchy is similar in both networks, and they both adopt symmetric key encryption. WiMAX uses either Advanced Encryption Standard (AES) or 3-Digital Encryption Standard (3DES), and LTE uses either AES or SNOW 3G. Nevertheless, some security threats, such as denial of service (DoS), an introduction of rogue node, etc., still exist in 4G wireless networks. As a result, strong security architecture and hasty authentication methods are needed to mitigate the existing security threats in 4G vehicular networks. Conversely, the network QoS should not be degraded while enhancing security. Further, the recent WiMAX and LTE standards have introduced relay nodes in a multihop network to increase network coverage and capacity. However, multihop networks also augment the security threats and prolong the transmission delay between the user and the destination. Therefore, the first objective of this research work is to analyze the security architecture in 4G multihop networks and provide QoS-aware solutions for the existing security threats. In wireless communications, security threats may occur in both the physical (PHY) and the medium access control (MAC) layers. The attacker can attack the radio frequency (RF) channel for the PHY-layer threats. For the MAC-layer threats, the attackers can spoof, modify, and replay the MAC-layer control messages. In one of the worst case scenarios, the attackers take total control of the network by knowing the confidential details in control messages. Nevertheless, in practice, Internet service providers may use the Internet Protocol Security (IPSec) approach at Layer 3 for their wireless access due to its popularity in wired networks [32], [33]. Usually, IPSec will affect the QoS performance, because the IPSec header in each packet consumes additional bandwidth. To mitigate the security threats and performance degradation, we propose a distributed security scheme using a protocol—elliptic curve Diffie–Hellman (ECDH)—that has lower overhead than that of IPSec. ECDH is a Layer-2 key agreement protocol that allows users to establish a shared key over an insecure channel. ECDH was investigated, and the results showed that it did not affect the QoS performance much in 4G single-hop WiMAX networks [46]. Therefore, ECDH is adopted in this research in dealing with the existing Layer-2 security threats for 4G multihop networks. Further, we also compare the security and QoS performance of the IPSec and the default security scheme as defined in the WiMAX standards, using a testbed implementation [47]. This paper is an extension of our previous effort, as presented in [46], which was simply an initial theoretical study based on the proposed ECDH scheme and considered only the WiMAX
2887
network. Further, as the MAC control functions are embedded in available WiMAX chipsets, we were unable to implement our proposed scheme in a real-time testbed. For this reason, the second objective of this paper is to perform simulations to evaluate the QoS performance of the proposed scheme using ECDH. Moreover, there is a lack of an integrated study and QoS-aware solutions for multihop WiMAX and LTE security threats in existing research efforts. Therefore, the third objective of this paper is then to analyze both WiMAX and LTE for network convergence that may be useful or even crucial for service providers to support high-speed vehicular applications. In short, we are motivated to fill those research gaps, and we have made the following contributions in this paper. • We conduct a thorough literature study and systematically analyze various security threads for both WiMAX and LTE multihop networks. • We extend the theoretical study of our initial solution in [46] and design the security architecture using ECDH for multihop WiMAX networks, which has been validated with NS-2 simulation. • We have identified the DoS/Reply attack threat in the LTE network during the initial network entry stage of the user equipment (UE). We also extend the theoretical study in [46] for multihop LTE networks. As the WiMAX and LTE networks have similarities in security key hierarchy from the core network to the access network and symmetric key encryption, we further apply the design of ECDH to LTE networks. The rest of this paper is organized as follows. Section II describes the security architecture as defined in WiMAX and LTE standards. The existing security threats and related works in 4G wireless networks are analyzed and described in Section III. Section IV discusses the proposed distributed security architecture using the ECDH key exchange protocol. The security and QoS analysis of the proposed scheme are compared with other practical approaches, which are presented in Section V. Finally, we conclude this paper in Section V. II. BACKGROUND Here, the single-hop and multihop WiMAX security architectures defined by the IEEE 802.16 standards is described in the first two subsections for better understanding of existing security threats and the proposed solution. In the last two subsections, the single and multihop LTE security architecture defined by the 3GPP standards is described. A. Security Architecture in Single-Hop WiMAX Standards The security architecture defined by the mobile WiMAX network is composed of two component protocols: 1) an encapsulation protocol for data encryption and authentication algorithms, and 2) a key management protocol [Privacy Key Management—version2 (PKMv2)] providing the secure distribution as keying data from the Base Station (BS) to the Mobile Station (MS) [4]. PKMv2-based initial ranging and connectivity is shown in Fig. 1. As presented in Fig. 1, after downlink channel synchronization (DL Sync.), the MS will send the ranging request (RNGREQ) message. In turn, the BS informs the frequency, time, and
2888
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 63, NO. 6, JULY 2014
Fig. 1. Initial ranging and network entry in mobile WiMAX [4].
power offset values in the RNG_RSP message. If any collisions occur during the request, the BS sends a failure notification in the RNG_RSP message, and the MS will repeat the ranging process. Once the MS succeeds in the ranging process, it negotiates for basic capabilities in the Subscriber Basic Capability Request (SBC_REQ) message. The subsequent steps, EAP-based authentication, authorization and security association (SA), and then secured data transfer, are shown in shaded blocks in Fig. 1, which are described in the passage that follows. EAP-Based Authentication: Authentication addresses establishing the genuine identity of the device or the user wishing to join a wireless network. The message flows in EAP-TTLSbased authentication are shown in Fig. 1. The authenticator in the access network gateway (ASN GW) sends an EAP Identity request to the MS, and the MS will respond to the request by sending a PKM-REQ (PKMv2 EAP-Transfer) message. The PKM-REQ message contains the details of SIM or X509 certificate. Then, the ASN GW forwards PKM-REQ to the AAA server over the radius protocol. The AAA server authenticates the device and provides the master session key (MSK) in the EAP-TTLS protocol. Then, AAA forwards the MSK to the authenticator (in ASN GW). The authenticator generates the AK from the received MSK and forwards AK to the BS. At the same time, the MS also generates the same AK from MSK. Now, the BS and the MS mutually authenticate each other using AK. Authorization and SA: Once the device or the user is authenticated by the network, the BS has to authorize the user by the unique SA Identity (SAID) using the SA-transport encryption key (SA-TEK) challenge messages, as shown in the second shaded block in Fig. 1. The Authorization Request includes MS’s X.509 certificate, encryption algorithm, etc. In response,
the BS sends the AK encrypted with the MS’s public key, a lifetime key, and an SAID. After the initial authentication from AAA, the BS authorizes the MS periodically. Traffic Encryption and MAC Message Protection: The MS establishes an SA for each service flow where the BS provides both uplink and downlink TEK to encrypt the data. Advanced encryption standard counter with cipher-block chaining mode (AES-CCM) is the ciphering method used for protecting all the user data. Initially, TEK is generated from the EAP-based authentication and then refreshed by the BS periodically. Alternatively, MAC messages are protected using AES-based cipher-based message authentication code (CMAC) or message-digest-based hashed MAC (MD5-based HMAC) schemes. For multicast broadcast service, the BS transmits the group key encryption key and the group traffic encryption key to each MS via unicast messages. B. Security Support in Multihop WiMAX Standards The security architecture defined in IEEE 802.16j for multihop WiMAX networks is pretty much similar to that of the mobile WiMAX standards. However, some additional features are added to support the multihop communications. The additional features are as follows [2]. • The network may use either the centralized or the distributed security mode. The distributed security mode will reduce the burden of the BS as well as the delay to reestablish the SA for multihop RSs/MSs. • An establishment of a security zone (SZ): An SZ is the set of trusted relationships between a BS and MSs or between RSs and MSs. RSs and MSs become members of a BS’s SZ by authenticating using PKMv2.
RENGARAJU et al.: DISTRIBUTED SECURITY ARCHITECTURE FOR 4G MULTIHOP WIRELESS NETWORKS
Fig. 2.
2889
Authentication and SAs during UE’s network entry in LTE.
• Transport tunnel connections may be established between the BS and an access RS to encapsulate the payload. For the tunnel-mode operation, one or more tunnels may be established between the BS and the access RS after the network entry is performed. In IEEE 802.16e, the BS or the MS will send the data in the form of bursts [collection of MAC protocol data units (PDUs)]. Each burst can be identified by their uplink or downlink connection identifier (CID). In the tunnel mode, MAC PDUs that traverse a tunnel will be encrypted and encapsulated in a relay MAC PDU with the relay MAC header carrying the traffic tunnel CID (T-CID)/management tunnel CID (MT-CID). The station at the ingress of the tunnel is responsible for encapsulating the MAC PDUs into the relay MAC PDU where the station at the egress of the tunnel is responsible for removing the MAC header. Similarly, the security architecture in the IEEE 802.16m standard has a few modifications to adapt to the advanced air interface network conditions [3]. The modifications are as follows. • Only EAP-based authentication is supported, not the Rivest Shamir and Adleman algorithm. • SAs are static only. • TEKs are derived at the MS and not at the BS, and the encryption algorithms are AES-CCM and AES-CTR. • There are three levels of MAC management message protections: no protection, CMAC, and encrypted by AES-CCM. • Instead of reauthentication, key renewal is used (using the key agreement protocol) during fast handovers. AMS-ID
is used for key derivation purposes and for initial and handover ranging. C. Security Architecture in Single-Hop LTE Standards The security architecture for LTE networks is described by 3GPP standards [6]. In LTE Evolved Packet System (EPS), multiple SAs exist in the system to protect different layers of the network [39]. The first security layer is to protect control plane signaling and user plane data between the UE and the evolved Node-B (eNB). This control plane signaling between the UE and the eNB is also called access stratum (AS) signaling. The second layer security is to protect the control plane between the UE and the mobility management entity (MME), which is also called nonaccess stratum (NAS). The third layer is the long-term SA between the UE and the home subscriber server (HSS). In addition to AS and NAS security layers, the LTE standards provide the security architecture for IP multimedia subsystem (IMS) services, Home eNB (HeNB), machine-type communication (MTC), etc. However, this paper focuses on solutions for access network security; those security threats are out of the scope of this paper. For access network security, the UE initial attachment and the security architecture for AS and NAS layers are investigated and described in the following paragraphs. The establishment of the AS and the NAS security contexts during UE’s initial attachment is shown in Fig. 2. The network elements in the LTE-EPS architecture are similar to those used in WiMAX, but several terms are different in LTE. For instance, in LTE, UE replaces MS, eNB replaces BS, MME replaces
2890
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 63, NO. 6, JULY 2014
ASN GW, and HSS replaces CSN-GW. AS in the WiMAX network, the UE first synchronizes with the downlink channel to receive and decode the cell system information, to communicate and operate properly within the cell. The downlink master information block (MIB) is transmitted using the broadcast channel (BCH), whereas system information blocks (SIBs) are transmitted using the downlink shared channel (DL-SCH). The next step in initial attachment and the connection setup procedure is random access. The random-access procedure nullifies the timing offset for uplink communications. In addition, in the random-access procedure, a unique cell radio network temporary identifier (CRNTI) is assigned to the terminal. Once the random-access preamble is transmitted, the UE monitors for random-access response, including CRNTI with the same PreambleID. If the received preamble identifier does not match the transmitted random-access preamble, the random-access response is considered not successful, and the UE continues until the count reaches PREAMBLE_TRANS_MAX. Authentication in EPS-AKA: The mutual authentication between the user and the network takes place by ensuring that the serving network (SN) authenticates the user’s identity and that the UE validates the signature of the network provided in the authentication token (AUTN). During the initial Attach Request, the UE sends its identity and serving network identity (SN ID), and eNB forwards the information along with its identifier to MME. Then, MME sends a request to the home environment (HE) querying the authentication vector for a specific SN ID and IMSI. The HSS in HE responds with an authentication vector. Each vector has AUTN, RAND, XRES, and KASME . The derived keys, i.e., KASME , Ck, and Ik, are stored in a key set and identified by a key set identifier (KSIASME ). The KSIASME is sent by the MME to the UE in the Authentication Request message along with the AUTN and RAND. The universal SIM (USIM) computes KASME , Ck, and Ik and then sends back the calculated RES in the Authentication Response message. Now, the MME compares RES with the received XRES from HSS. If RES and XRES are the same, MME starts the procedure for ciphering and integrity protection at the next establishment of a NAS signaling connection without executing a security-mode command (SMC) procedure [34]. SA for Ciphering and Integrity Protection: In EPS-AKA, ciphering is applied to both NAS and AS signaling messages and the user plane data at the AS to ensure confidentiality. On the other hand, integrity protection is applied to all signaling messages at both the NAS and the AS levels to ensure message originality. All integrity and cipher keys are derived from the master key K, which is unique to a user and is stored in a secure manner in both the USIM and the HE. Hence, HSS in HE and UE use the same procedure to generate the Ck and Ik from the key K using the same keying functions. Then, HSS forwards Ck and Ik to MME. The subsequent NAS domain session keys for ciphering (KNASenc ) and integrity protection (KNASint ) and AS domain keys for ciphering and integrity protection (KeNB , followed by KUPenc , KRRCenc , and KRRCint ) are derived using KASME . Security During Handover: To achieve a secure communication between the vehicular nodes (UE) and an eNB, an MME and the UE shall derive a KeNB and a next-hop (NH)
parameter from the KASME . An NH chaining counter (NCC) is associated with each KeNB and the NH parameter. To support fast handovers in vehicular networks, a new session key, i.e., K∗eNB , is derived from an existing key, i.e., KeNB , or from the NH parameter instead of generating a new key. D. Security Support in Multihop LTE Standards To support multihop operations, RNs are introduced, and some additional functions are added to eNB that support 1) S-GW/P-GW functionality for the RN, and 2) proxy functionality between the RN and MME-UE. The new eNB is called Donor eNB (DeNB). The additional security functions for multihop LTE are as follows [6]. • A removable universal integrated circuit card (UICC) is inserted into the RN for authentication purposes. • The AS level encryption is switched on between the RN and the DeNB. • The RN acts as the UE for DeNB and the eNB for regular UE devices. Hence, the distributed security architecture is realized in multihop LTE networks. • One-to-one binding is realized between an RN and a USIM, either by using symmetric preshared keys or by certificates. For certificates, the UICC inserted into the RN contains two USIMs, where USIM-INI is used for initial IP connectivity in an unsecured channel, and USIM-RN communicates only via a secure channel. III. S ECURITY T HREATS IN W ORLDWIDE INTEROPERABLE FOR M ICROWAVE ACCESS AND L ONG -T ERM E VOLUTION N ETWORKS The main cause for the MAC-layer security threats in 4G vehicular networks is due to certain unprotected MAC management messages between the MS and the BS. Many research efforts have been published on MAC-layer security threats in both WiMAX and LTE networks, and a few of them discussed the implementation of IPSec security for WiMAX vehicular networks. This section analyzes and classifies the security threats that exist in WiMAX and LTE networks separately in the following subsections. A. Security Threats in WiMAX Networks A comprehensive taxonomy of various attacks and countermeasures on single-hop WiMAX networks was reported in [50]. The security threats discussed in that paper are primarily due to unprotected MAC messages in a communication between the MS and the BS. When the control messages are in plain text, the attackers/intruders can easily spoof, modify, and reply to those control messages for the intended receiver node. The severity of the security threats may vary based on the modification of those control messages. Similarly, the attackers may send the continuous false packets unnecessarily to the receiving node for the water torture attacks. However, in the recent multihop WiMAX standard (IEEE 802.16m) [3], once the user is registered with the home network, the security layer may use three levels of protection for the MAC management
RENGARAJU et al.: DISTRIBUTED SECURITY ARCHITECTURE FOR 4G MULTIHOP WIRELESS NETWORKS
2891
TABLE I S ECURITY T HREATS IN WiMAX N ETWORKS
messages, i.e., no protection, CMAC, and encrypted by AESCCM. As a consequence of adding encryption support for MAC messages, some of the security threats discussed in [50] no longer exist for multihop WiMAX, which are highlighted in Table I. Further, the security threats that exist in multihop WiMAX networks were not discussed in [50]. Therefore, the security threats and countermeasures discussed in [50] and the additional security threats for multihop WiMAX that are discussed in other papers [46], [51] have been investigated, analyzed, and summarized in Table I. In addition, Layer-3 IPSec security was analyzed in a few research efforts to overcome the existing security threats in WiMAX [31]–[33]. To provide mobility support, IPSec is combined with Mobile IP (MIP) along with some modifications [31]. Although IPSec is combined with the MIP, it does not provide mobility support at high speed. B. Security Threats in LTE Networks Similar to WiMAX security, many research efforts have been published for LTE networks. To understand the concept of security threats in LTE, Cao et al. in [62] presented a comprehensive survey of various attacks and solutions in LTE networks.
The major categories are vulnerabilities in 1) access network; 2) IMS domain; 3) HeNB; and 4) MTC domain. However, due to the page limit, we only focused on the access network. The various security threats in LTE access networks have been studied and summarized in Table II. As we have identified the DoS/Reply attack in LTE, which is one of the major security threats in LTE, a detailed description of the attack is also presented. DoS Attack During Initial Attachment: In LTE networks, DoS attacks may be possible during the initial attachment because the UE is sending MAC messages in plain text to eNB. DoS attack during the initial attachment is very critical as the UE cannot register with the home network. This is similar to the DoS attack in WiMAX networks during initial network entry. During the random-access process, the UE sends the randomaccess preamble to eNB and waits for the response until the predefined time limit. eNB responds to UE for timing adjustments and bandwidth allocation by sending an Attach Request message along with the PreambleID. If the received randomaccess PreambleID does not match the transmitted randomaccess preamble, the random-access response is considered not successful, and the UE continues the random-access process until the count reaches the maximum limit. Since the response
2892
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 63, NO. 6, JULY 2014
TABLE II S ECURIY T HREATS IN LTE N ETWORKS
is in plain text, an attacker can easily change the PreambleID continuously. As a result, the UE cannot register with the home network, which leads to the DoS attack. IV. P ROPOSED D ISTRIBUTED S ECURITY A RCHITECTURE In many practical implementations, it has been proved that ECDH can establish a shared secret over an insecure channel at the highest security strength [29], [30]. Based on those studies, our proposed architecture considers ECDH as part of the Layer-2 security scheme for every node. Using EDCH, the MS/RS establishes a secured tunnel with the BS in the ranging process. Similarly, the UE/RN establishes a secured connection with the eNB/DeNB. The two main tasks of the proposed solution are 1) initial ranging for WiMAX or random-access procedure for LTE using ECDH, and 2) neighbor authentication using ECDH. The following passage describes the tasks in more detail. A. Secured, Initial Ranging in WiMAX/Random-Access Procedure in LTE The secured initial ranging (for WiMAX) or random-access procedure (for LTE) for the first-hop and the nth-hop node is shown in Fig. 4. The multihop network consists of one BS/eNB, a few RSs/RNs, and many MSs/UE devices. For the first hop,
the BS/eNB broadcasts the PHY layer and system parameters, including ECDH global parameters and public key of the BS/eNB in the downlink channel descriptor (DCD) message in the case of WiMAX and in MIBs and SIBs in the case of LTE. Consider the initial-ranging process, any WiMAX node (MS/RS) that wants to connect with the BS generates the public and private key pairs and sends the public key to the BS, along with initial-ranging code in the RNG_REQ message, which is encrypted using the BS public key. In turn, the BS will send the RSG_RSP message, which is encrypted with the MS/RS public key. Hence, the MS/RS establishes a secure tunnel with the BS during the initial-ranging process, and the subsequent MAC messages are encrypted using the receiver’s ECDH public key. In our secured initial-ranging process, the only additional bandwidth overhead is the exchange of global parameters and public keys, e.g., in WiMAX, the global parameter G(P, Q), and the BS’s public key PB in the DCD message, and then the RS’s public key PR in the RNG-REG message, which are highlighted in the first three messages, as shown in Fig. 3. The information in the remaining messages follows the standard, i.e., WiMAX messages presented in regular font are similar to that in Fig. 1, and LTE messages presented in italic font are similar to that in Fig. 2. The computational overhead is added for the BS and RS to encrypt the MAC messages using the receiver’s public key until the SA is established. In total, the
RENGARAJU et al.: DISTRIBUTED SECURITY ARCHITECTURE FOR 4G MULTIHOP WIRELESS NETWORKS
Fig. 3.
2893
Initial ranging and connectivity using the ECDH protocol [46].
additional overhead for the proposed scheme is only slightly higher compared with the original initial ranging and connectivity tasks. See the overhead from our simulation in Section V-B. Similarly, any LTE node (UE/RN) that wants to connect with the eNB generates the public and private key pairs and sends the public key to the eNB in a random-access preamble message, which is encrypted using the eNB’s public key. The eNB’s random-access response message is encrypted using the UE/RN public key. The subsequent Attach Request and other communications are encrypted using the receiver’s public key.
B. Distributed Security Using ECDH in Multihop WiMAX To establish hop-by-hop authentication and to reduce the computational overhead for the centralized node, distributed security architecture is necessary for multihop networks. Further, the centralized security mode introduces longer authorization and SA delay than that of the distributed mode, which affects the QoS performance in vehicular networks. In multihop LTE networks, the security architecture defined by the 3GPP standard is a distributed scheme. On the other hand, selection of the distributed security mode in WiMAX is optional, but data transfer using the tunnel mode is still an open issue. Hence, we proposed the distributed security architecture using ECDH for multihop WiMAX networks. For multihop (nth hop) connectivity using ECDH, the cell-edge RS broadcasts its public key, ECDH global parameters, RS-ID, and system parameters in the DCD broadcast message. The MS/RS that wishes to join with access RS starts the ranging and connectivity process. After the initial connectivity, if the newly connected node is an RS, then the superordinate RS will share the public key of the BS and the
corresponding global parameters. The new RS will associate with the BS by sending its public key to the BS. Hence, the multihop RS can send its traffic over the tunnel mode. Fig. 4 shows the SA and key management in the proposed security architecture. For multihop users, the access RS maintains the encryption and SA keys as similar to the BS, where the BS maintains the SA keys of single-hop MSs, RSs, and ECDH public key of multihop RSs. In Fig. 4, the BS maintains the SA and encryption keys of MS1, RS1, and RS2 as well as the ECDH public key of RS3. RS1 maintains the SA and encryption keys of MS2, MS3, and RS3. RS2 and RS3 maintain the encryption keys of MS4 and MS5, respectively. Suppose MS5 wants to send an encrypted data in a tunnel mode, first, it encrypts the traffic using SA-TEK associated with RS3. Then, RS3 decrypts the traffic using SA-TEK and encrypts the data using BS’s public key. Hence, the intermediate RS1 does not need to decrypt/encrypt the traffic. This architecture is useful and efficient for supporting the tunnel-mode operation. C. Neighbor Authentication and SA [46] We propose neighbor authentication and SA for multihop WiMAX/LTE networks to avoid network coding security threats and secured preauthentication for fast handovers. Providing fast-handover support improves the QoS performance of the vehicular networks. Consider the WiMAX network, if any new RS is connected with the network, the BS will inform the updated members list to the existing RSs group in a regular DCD message. Now, if the new RS finds another RS during channel scanning, it verifies whether the RS is genuine or not by verifying the RS-ID. Then, the new RS will send the public key and the RS-ID to the neighbor RS for establishing the SA.
2894
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 63, NO. 6, JULY 2014
Fig. 4. Distrubuted security architecture in WiMAX.
Fig. 6.
Connection diagram of the testbed setup [47].
message during a handover. Hence, the total overhead for establishing the SA is very small. Fig. 5. Neighbor authentication using the ECDH protocol.
The neighbor RS will also send the public key in response. At the end of association, RSs generate the uplink and downlink CMAC digital signatures from AK and exchange the digital signatures among them. Fig. 5 shows the neighbor authentication process. In step 1, the RS3 receives the updated RSs list after the ECDH agreement with the BS. During the scanning process, RS3 may find the DCD and other downlink parameters of RS2, as shown in step 2. Since RS3 knows that RS2 is a legitimate node based on the list that it received from the BS, it establishes the ECDH agreement with RS2. After the ECDH key agreement, both RS2 and RS3 share their digital signatures, as shown in steps 3 and 4. For LTE networks, multihop UE/RN connectivity and SA with neighbor RS is similar to that of the WiMAX networks. The corresponding LTE message sequence, which is in italics font and enclosed in parentheses, is from step 1 to step 4 in Fig. 5. In this proposed architecture, the additional bandwidth overhead is the exchange of global parameters and public keys with neighbor nodes using ranging messages. The only computational overhead is used to encrypt the preauthentication
V. S IMULATION , T ESTBED R ESULTS , AND A NALYSIS For existing and our proposed security schemes, measuring and analyzing both the security level and QoS performance is mandatory for 4G vehicular networks, as they intend to provide high QoS and security for their customers. Here, we first compare the performance of IPSec security for WiMAX networks with the default security scheme using testbed implementation. Then, we measure the connectivity latency performance of the proposed ECDH security scheme using NS2 simulation. Finally, we analyze the security and QoS performance of the proposed ECDH security for both WiMAX and LTE networks. A. IPSec and Basic Security Performance Using Testbed Setup The WiMAX testbed experiments consist of one IEEE802.16d-based EION’s Libra MAX BS Out-Door Unit (ODU), one In-Door Unit (IDU), and two Libra MAX subscriber stations (SSs), where the BS-ODU and SSs are wireless devices, and BS-IDU acts as a gateway for the BS-ODU unit. The network management system and AAA severs are running on the BS-IDU unit. The traffic generation/performance analysis tool used for the testbed is IXIA [45]. The BS and SSs connectivity
RENGARAJU et al.: DISTRIBUTED SECURITY ARCHITECTURE FOR 4G MULTIHOP WIRELESS NETWORKS
TABLE III S YSTEM PARAMETERS [47]
2895
TABLE V SS C ONNECTIVITY T IME [47]
TABLE IV IPS EC C ONFIGURATION AND S TATUS V ERIFICATION
Fig. 7. Throughput performance.
setup is shown in Fig. 6, and the system parameters are given in Table III. The network on the left side of the IPSec tunnel is the Left Subnet and that on the right side is the Right Subnet. Both SS1 and SS2 belong to the 192.168.2.xxx network and also the left side of the IPSec tunnel interfaces. For configuration and management purposes, one of the SSs (SS1 in Fig. 6) is connected to the PC through an Ethernet switch. Ethernet cables are used to connect the devices other than the wireless interface. Wireless connectivity is established using wireless RF cables with 60-dB attenuators instead of a wireless medium. The provisioning of wireless link capacity is configured in the AAA server. The BS and SSs are operating in a static routing mode. The security schemes used in this experiment are basic WiMAX MAC security and Layer-3 IPSec on top of the MAClayer security. The Layer-3 IPSec tunnel was enabled between SSs and BS-IDU. Once the SSs establish the connectivity with the BS-ODU, they initiate an IPSec connection with the BS-IDU. The IPSec configurations, handshake messages, and connection establishment status are shown in Table IV. The QoS performance metrics used in the experiments are SS connectivity latency, throughput, frame loss, and latency. For vehicular networks, MS connectivity latency is one of the main QoS requirements. When a handover occurs, the MS needs to be reauthenticated and authorized for existing service flows that may affect the quality of experience of an application. Table V shows the SS connectivity time for default MAC-layer security and IPSec. From the results, it is evident that the SS connectivity latency is higher (∼67% for SS1 and 100% for
Fig. 8. Frame loss performance.
SS2) for IPSec, as it consumes significant more time for IPSec connection. For vehicular networks, the IPSec tunnel has to be broken with current BS and reestablished with target BS during handovers. Hence, the IPSec solution is not suitable for vehicular networks. Fig. 7 shows the throughput (in megabits per second) performance of the system for both the default and the IPSec security schemes. Provisioning of uplink and downlink wireless link for both the SSs in the AAA server is varied from 0 to 20 Mb/s. Using an IXIA traffic generator, traffic is transmitted for the total provisioned wireless capacity, and the received traffic is also noted. From the results, it is clear that the throughput for the IPSec security scheme is less than that for the MAC-layer security scheme. Initially, when the wireless link capacity is small, corresponding payloads (1500-byte packet) in the traffic are small. Hence, the drop is negligible. However, when the traffic reaches the maximum link capacity at ∼19 Mb/s, the difference is countable, where the actual traffic received is only about ∼18.5 Mb/s. The difference in throughput is due to the additional overhead of 40 bytes of IPSec header in each frame. Fig. 8 shows the end-to-end frame loss performance with respect to the total link capacities of the two SSs. Initially, as the number of packets (payload) is small at low wireless
2896
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 63, NO. 6, JULY 2014
TABLE VI S YSTEM PARAMETERS
TABLE VII L ATENCY FOR D EFAULT AND ECDH S CHEME Fig. 9. Latency performance.
link capacity, frame loss is small (< 40) until the input traffic reaches ∼7 Mb/s. The frame losses in the IPSec scheme increases as the link capacity increases. The frame loss increases almost linearly for the IPSec scheme between the input traffic ∼8 Mb/s and ∼12 Mb/s. After that, the IPSec security scheme has much more packet losses where the frame loss at 15 Mb/s for the default MAC security scheme is ∼25, but in IPSec, it is ∼225, because a 40-byte IPSec header is added to each frame. This 40-byte overhead in the IPSec tunnel increases the frame losses for the IPSec security scheme. The packet drop increases in both schemes when the input traffic exceeds the practical system capacity of ∼18.5 Mb/s. The average delay/latency experienced by the traffic for different link capacities is shown in Fig. 9. The delay experienced by the traffic in the IPSec security scheme steadily increases from 4 to 9 Mb/s. The delay for the IPSec scheme is much higher than that for the MAC security scheme when the wireless link capacity reaches ∼10 Mb/s. After 10 Mb/s, the average delay experienced by the IPSec is more than double when compared with the default MAC security. At 11-Mb/s input traffic, the average delay experienced by the MAC security is ∼50 ms, whereas the average delay experienced by the IPSec is ∼100 ms. This increase in delay is due to the processing time for the IPSec encryption and additional queuing delay at SSs and BS. Although the wireless link capacity is the same, additional overhead in Layer-3 and Layer-2 headers increases the payload before entering into the wireless interfaces. B. ECDH Performance Using Simulation In the previous subsection, the performance of the IPSec security scheme is compared with the default WiMAX security scheme. In that experiment, the Layer-3 IPSec is crosscompiled and running as a module in the WiMAX target board. Hence, the IPSec tunnel is established between SS and BS-IDU after the IP connectivity. On the other hand, the ECDH implementation is at Layer 2. For that, as the lower MAC and security functions are embedded on the chips, it is not possible to test ECDH using testbed. Hence, simulation environment is selected for the ECDH performance evaluation. The simulation environment has the following assumptions. • The main aim of ECDH implementation is to protect the MAC messages that are in plain text.
• The WiMAX and LTE standards provide secure environments for data transfer once SA is established. • In many practical implementations, it has been proved that ECDH can establish a shared secret over an insecure channel at highest security strength [29], [30]. Hence, the intention for this simulation is to evaluate the QoS performance, not to measure the security strength. • Once the SA is established, the network adopts the default security (compliance to the standard). Hence, the security level and the QoS performance, such as latency for traffic, throughput, and frame loss, are the same. Based on the given assumptions, the main aim of this simulation is to find the MS initial connectivity latency and the handover latency of the vehicular networks. However, the existing WiMAX patches for NS-2 simulators and other simulators such as OPNET, etc., do not have the WiMAX security functions. Hence, we integrate the Diffie–Hellman algorithm with NS-2 for generating shared secret and added the necessary message flows for authentication and authorization functions. The MAC messages are encrypted using the receiver’s (either the BS or the MS) Diffie–Hellman public key. The system parameters used in this simulation are given in Table VI. ECDH-Related Computations: Diffie–Hellman public key A = Ga mod P, where a = private key. Public keys of network nodes BS = 155, RS = 243, MS1 = 947, MS2 = 597. Shared secrets between A and B = Ba mod P = Ab mod P, where, A, a = public and private keys of A. Shared secrets between BS and RS = 810; RS and MS1 = 609; RS and MS2 = 431. The simulation results for measuring the initial connectivity latency (first two rows) and handover latency (second two rows) are given in Table VII. From the initial connectivity latency
RENGARAJU et al.: DISTRIBUTED SECURITY ARCHITECTURE FOR 4G MULTIHOP WIRELESS NETWORKS
results in the first two rows, it is clear that both MS1 and MS2 are connected at the same frame period for both scenarios. The time needed to compute the key values and share secret is less than one frame duration (5 ms, given in Table VI). Hence, it is possible to schedule the subsequent MAC messages for both scenarios at the same time. Next, the handover latency is compared between the default and the ECDH schemes. The handover latency is the measure of the time difference between the Handover-Indication message and the connectivity with the target BS for data transfer. For measuring the handover latency in the ECDH scheme, the authentication process is performed at the BS, and during a handover, the Diffie–Hellman key is refreshed instead of reauthentication. When comparing the handover latency, the average handover latency for ECDH is ∼30% (from 42.2 to 20.1 ms for MS1 and from 47.1 to 30.2 ms for MS2) reduced because the message flows for basic capability and authentication (third and fourth message flows in Fig. 1) are not included in the handover process. Therefore, the proposed ECDH scheme aids in the preauthentication and reduces the latency during handovers for vehicular users. C. Security Analysis There are three security schemes considered for this analysis: 1) default MAC-layer security defined by standards; 2) IPSec security on top of the MAC-layer security; and 3) the proposed ECDH protocol at the MAC layer with default security. First, we explain how the proposed ECDH protocol overcomes the existing security threats in each category for both WiMAX and LTE networks. Later, we compare the performance of these three security schemes in Table VIII, where we enhanced our previous analysis in [47]. Analysis on ECDH Protocol Against Security Threats in WiMAX Networks: 1) Ranging attacks: In our proposed security architecture, RNG_REQ and RNG_RSP messages are encrypted by the public key of the receiver. Hence, the intermediate rogue node has difficulty in processing the message in a short period, and the system is free from DoS/Replay and other attacks during initial ranging. 2) Power-saving attacks: Already, the IEEE 802.16m standard provides an option for encrypting the control messages in a power-saving mode. For IEEE standards, the network may use ECDH implementation to overcome the power-saving attacks. 3) Handover attacks: The MOB NBR-ADV attacks do not exist in the IEEE 802.16 network because the BS can encrypt the message. For other networks, the messages are encrypted using ECDH to overcome those security threats. For latency issues during handover, two scenarios are considered: 1) RS mobility (e.g., RS is installed on top of a train, and WiMAX users are inside the train), and 2) MS mobility. For RS mobility in the proposed security architecture, reauthentication for RS is not necessary, because the BS or the target RS knows the list of RSs and the corresponding RS_ID in the network. Otherwise, if the target node is another BS, the serving BS can send the RS authentication information including AK in
2897
a secured manner, as defined in IEEE 802.16m. Hence, only key renewal is needed to refresh the SA that reduces latency during RS handover. For MS mobility, when the MS moves within the network, the MS authentication information including AK is transferred to the BS or the target RS using the ECDH tunnel. Otherwise, if the target node is another BS, the serving BS can send the RS authentication information in a secured manner, as defined in IEEE 802.16m. Hence, in either scenario, the latency during handovers is minimum due to preauthentication. 4) Miscellaneous attacks: For downgrade attack, if the level of security is low in the MS basic capability request message, the BS should ignore the message. For bandwidth spoofing, the BS should allocate the bandwidth only based on the provisioning of the MS. These downgrade attack and bandwidth spoofing can be solved by using basic intelligence in the BS. 5) Multihop security threats: One of the major issues in a multihop wireless network is the introduction of rogue node in a multihop path. In our distributed security mode, once the joining node is authenticated by the home network (AAA server), mutual authentication takes place between the joining node and the access node (RS or BS). Hence, the new node identifies the rogue node during the mutual authentication step, and no other credential information is shared. Thus, the proposed solution avoids the introduction of the rogue node problem. For tunnelmode security support, the communication between the BS and the access RS is encrypted using the ECDH public key of the receiver. Hence, the network supports tunnelmode operation using the ECDH tunnel. 6) Other security threats: Other security threats such as attacks against WiMAX security, multicast/broadcast attacks, and mesh mode attacks do not exist in IEEE 802.16m networks. Otherwise, if the network uses ECDH implementation, the control messages are encrypted. Hence, those security threats are avoided. Analysis on ECDH Protocol Against Security Threats in LTE Networks: 1) LTE system architecture security threats: Security threats such as injection, modification, eavesdropping attacks, HeNB physical intrusions, and rogue eNB/RN attacks still exist with ECDH implementation. 2) LTE access procedure attacks: Similar to WiMAX networks, the intruder can introduce a DoS/Replay attack during the random-access process, as the messages are in plain text. In our proposed security architecture, the random-access Request message is encrypted by the public key of eNB, and the response message is encrypted by the public key of UE. Hence, the messages exchanged during the random-access process are encrypted, and the DoS/Replay attack is avoided. For IMSI water torture attacks, we suggest EAP-based authentication that is similar to WiMAX, where the Attach Request message is encrypted by home network shared secrets. For disclosure of the user’s identity privacy, the Attach Request message is encrypted by eNB’s public key in ECDH
2898
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 63, NO. 6, JULY 2014
TABLE VIII P ERFORMANCE C OMPARISON OF D IFFERENT S CHEMES FOR 4G W IRELESS [47]
implementation. Hence, it is difficult for the attacker to decrypt the Attach Request message to know the IMSI. Thus, disclosure of the user’s identity is avoided. 3) Handover attacks: Location tracking is possible by eavesdropping the CRNTI information in a handover command message. However, this attack is avoided with the proposed scheme, because the CRNTI information is now encrypted. Other security threats, lack of backward secrecy, and desynchronization attacks still exist in ECDH implementation. 4) Miscellaneous attacks: If the attacker eavesdrops the CRNTI information in the random-access response or the handover command message, they can send a fake bandwidth request or false buffer status to allocate bandwidth unnecessarily. Using ECDH, eNB encrypts the randomaccess response message using UE’s public key. Hence, bandwidth-stealing attack is avoided. The lack of SQN synchronization is similar to the desynchronization attack and still exists in ECDH implementation. Analysis on ECDH Protocol Against Pollution and Entropy Attacks in Multihop WiMAX/LTE Networks: Pollution and entropy attacks are the major security threats in multihop wireless networks, when network coding is used for data transmissions. Since packets are unencrypted, attackers may introduce the polluted or stale packets that lead to pollution and entropy attacks. In our approach, every RS authenticates the neighbor
RSs and shares the digital signatures. Hence, the attackers have difficulty in introducing the pollution attack. For the entropy attack, the RS may introduce a time stamp field in the message header. Subsequently, the RS can verify the time stamp of a received packet with the older packets. If the time stamp is older, then the RS may drop the packet to avoid the entropy attacks. VI. C ONCLUSION AND F UTURE R ESEARCH As the increase in demand for multimedia applications and for the safety of mobile users, providing Internet that supports QoS-aware and safe multimedia services for vehicular networks is mandatory for service providers. To provide high bandwidth support at the vehicular speed of up to 350 km/h, the WiMAX and LTE networks are the preferred candidates. 4G networks have well-defined QoS and security architectures. However, some major security threats such as DoS attack still exist in 4G multihop networks, because certain MAC messages are transmitted only in plain text. For this reason, we have proposed a distributed security architecture using the ECDH algorithm in Layer 2 for 4G multihop wireless networks. In the proposed scheme, the wireless nodes are initially authenticated by the home network and then authorized by the access node. In addition, the proposed scheme requires only a slightly higher bandwidth and computational overhead than the default standard scheme (see the performance comparisons in Section V).
RENGARAJU et al.: DISTRIBUTED SECURITY ARCHITECTURE FOR 4G MULTIHOP WIRELESS NETWORKS
Based on the analysis, the proposed scheme overcomes most of the existing security threats, including pollution and entropy attacks due to network coding. To the best of our knowledge, an integrated view of WiMAX and LTE security threats and the IPSec overhead using actual experiments on or real measurements in a WiMAX environment have not been presented in the literature. This paper, therefore, presented an integrated view with emphasis on Layer-2 and Layer-3 technologies for WiMAX and LTE security, which is useful for the research community. In addition, the performance of the proposed and other security schemes is analyzed using simulation and testbed implementation. The QoS measurement using the testbed implementation and theoretical studies show that the IPSec scheme provides strong security for data, but not for the control messages. On the other hand, the simulation and theoretical studies indicate that the ECDH protocol eliminates most of the MAC-layer security threats and has the same QoS performance as the default MAC-layer security in 4G wireless networks. For the ECDH scheme, the handover latency is significantly reduced versus that of the default security scheme; thus, the ECDH scheme improves the QoS performance of the vehicular users. Consequently, we suggest the ECDH protocol for 4G multihop wireless networks, and it is suitable for vehicular networks, since the proposed security scheme aids in hasty authentication without compromising the QoS performance. Nevertheless, there are still threats to the LTE system architecture, i.e., disclosure of IMSI due to rogue RN, lack of backward secrecy, rogue RN attack, and synchronization attack. For disclosure of IMSI, the enterprise authentication protocol, e.g., EAP-TTLS, secures the identity protection of the user, which was studied in [42]. The other threats previously mentioned warrant further investigation. Currently, we are also working on other security threats in the LTE system architecture and security threats, such as IMS security, HeNB security, and MTC security, in other domains or layers of LTE networks. R EFERENCES [1] IEEE Standard for Local and Metropolitan Area Networks—Part 16: Air Interface for Fixed Broadband Wireless Access Systems, IEEE 802.162009, 2009. [2] Amendment to IEEE Standard for Local and Metropolitan Area Networks—Part 16: Air Interface for Fixed Broadband Wireless Access Systems—Multiple Relay Specification, IEEE 802.16j, 2009. [3] Amendment to IEEE Standard for Local and Metropolitan Area Networks—Part 16: Air Interface for Broadband Wireless Access Systems—Advanced Air Interface, IEEE 802.16m, 2011. [4] “WiMAX end-to-end network systems architecture (Stage 3: Detailed protocols and procedures) Release 1, V.1.3.0,” WiMAX Forum, Clackamas, OR, USA, 2008. [5] “Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal Terrestrial Radio Access Network (E-UTRAN); Overall description, Stage 2, Release 11,” 3GPP, Sophia-Antipolis, France, 3GPP TS 36.300 V11.3.0, 2011. [6] “3GPP System Architecture Evolution (SAE); Security architecture,” 3GPP, Sophia-Antipolis, France, 3GPP TS 33.401, v12.5.0, 2012, Release 12. [7] “Feasibility study on LTE relay node security, Release 10,” 3GPP, SophiaAntipolis, France, 3GPP TS 33.816 v10.0.0, 2011. [8] E. Dahlman, S. Parkvall, and J. Skold, LTE–LTE-Advanced for Mobile Broadband. Oxford, U.K.: Elsevier, 2011, pp. 301–322. [9] N. A. Ali, A.-E. M. Taha, and H. S. Hassanein, LTE, LTE-Advanced and WiMAX: Towards IMT-Advanced Networks. Chichester, U.K.: Wiley, 2012.
2899
[10] P. Rengaraju, C-H. Lung, and A. Srinivasan, “An analysis on mobile WiMAX security,” in Proc. IEEE Toronto Int. Conf. Sci. Tech. Hum., 2009, pp. 439–444. [11] N. Seddigh, B. Nandy, and R. Makkar, “Security advances and challenges in 4G wireless networks,” in Proc. 8th Annu. Conf. Privacy, Security, Trust, 2010, pp. 62–71. [12] L. Yi, K. Miao, and A. Liu, “A comparative study of WiMAX and LTE as the next generation mobile enterprise network,” in Proc. 13th Int. Conf. Adv. Comm. Tech., 2011, pp. 654–658. [13] T. Shon and W. Choi, “An analysis of mobile WiMAX security: Vulnerabilities and solutions,” in Lecture Notes in Computer Science, T. Enokido, L. Barolli, and M. Takizawa, Eds. Berlin, Germany: Springer-Verlag, 2007, pp. 88–97. [14] H. Jin, L. Tu, G. Yang, and Y. Yang, “An improved mutual authentication scheme in multi-hop WiMax network,” in Proc. Int. Conf. Comput. Elect. Eng., 2008, pp. 296–299. [15] T. Han, N. Zhang, K. Liu, B. Tang, and Y. Liu, “Analysis of mobile WiMAX security: Vulnerabilities and solutions,” in Proc. 5th Int. Conf. Mobile Ad Hoc Sensor Syst., 2008, pp. 828–833. [16] H-M. Sun, S-Y. Chang, Y-H. Lin, and S-Y. Chiou, “Efficient authentication schemes for handover in mobile WiMAX,” in Proc. 8th Int. Conf. Syst. Des. Appl., 2008, pp. 235–240. [17] D. Johnston and J. Walker, “Overview of IEEE 802.16 security,” IEEE Security Privacy Mag., vol. 2, no. 3, pp. 40–48, May/Jun. 2004. [18] C-T. Huang and J. M. Chang, “Responding to security issues in WiMAX networks,” IEEE Comput. Soc. IT Prof. Mag., vol. 10, no. 5, pp. 15–21, Sep./Oct. 2008. [19] H-M. Sun, Y-H. Lin, and S-M. Chen, “Secure and fast handover scheme based on pre-authentication method for 802.16-WiMAX,” in Proc. IEEE Region 10 Conf., 2007, pp. 1–4. [20] J. Hur, H. Shim, P. Kim, H. Yoon, and N.-O. Song, “Security considerations for handover schemes in mobile WiMAX networks,” in Proc. Int. Conf. Wireless Comm. Netw., 2008, pp. 2531–2536. [21] Y. Kim, H-K. Lim, and S. Bahk, “Shared authentication information for preventing DDoS attacks in mobile WiMAX Networks,” in Proc. 5th IEEE Conf. Consum. Comm. Netw., 2008, pp. 765–769. [22] F. Liu and L. Lu, “A WPKI-based security mechanism for IEEE 802.16e,” in Proc. Int. Conf. Wireless Comm., Netw. Mobile Comput., 2006, pp. 1–4. [23] B. Sikkens, “Security issues and proposed solutions concerning,” presented at the 8th Twente Student Conf. Information Technology, Enschede, The Netherlands, 2008. [24] Y. Lee, H. K. Lee, G. Y. Lee, H. J. Kim, and C. K. Jeong, “Design of hybrid authentication scheme and key distribution for mobile multi-hop relay in IEEE 802.16j,” in Proc. Euro Amer. Conf. Telematics Inf. Syst., 2009, p. 12. [25] A. DeCarlo, J. Porthy, S. Tyler, B. Xie, R. Reddy, and D. Zhao, “Distributed trust relationship and polynomial key generation for IEEE 802.16m network,” in Proc. Mobile WiMAX Symp., 2009, pp. 111–116. [26] J. Donga, R. Curtmolab, and C. N. Rotarua, “Secure network coding for wireless mesh networks threats challenges and directions,” J. Comput. Commun., vol. 32, no. 17, pp. 1790–1801, Nov. 2009. [27] G. Kambourakis, E. Konstantinou, and S. Gritzalis, “Revisiting WiMAX MBS security,” Int. J. Comput. Math. Appl., vol. 60, no. 2, pp. 217–223, Jul. 2010. [28] A. Deininger, S. Kiyomoto, J. Kurihara, and T. Tanaka, “Security vulnerabilities and solutions in mobile WiMAX,” Int. J. Comput. Sci. Netw. Security, vol. 7, no. 11, pp. 7–15, Nov. 2007. [29] S. Kumar, M. Girimondo, A. Weimerskirch, C. Paar, A. Patel, and A. S. Wander, “Embedded end-to-end wireless security with ECDH key exchange,” in Proc. IEEE Midwest Symp., Circuits Syst., 2003, pp. 786–789. [30] K. Lauter, “The advantages of elliptic curve cryptography for wireless security,” IEEE Wireless Commun. Mag., vol. 11, no. 1, pp. 62–67, Feb. 2004. [31] K. Byoung-Jo and S. Srinivasan, “Simple mobility support for IPsec tunnel mode,” in Proc. 58th IEEE VTC Conf., 2003, pp. 1999–2003. [32] E. Barka, K. Shuaib, and H. Chamas, “Impact of IPSec on the performance of the IEEE 802.16 wireless networks,” in Proc. Int. Conf. New Tech., Mobility Security, 2008, pp. 1–6. [33] L. Nazaryan, E. Panaousis, and C. Politis, “IPSec provisioning in WiMAX networks,” IEEE Veh. Technol. Mag., vol. 5, no. 1, pp. 85–90, Mar. 2010. [34] C. B Sankaran, “Network access security in next-generation 3GPP systems: A Tutorial,” IEEE Commun. Mag., vol. 47, no. 2, pp. 84–91, Feb. 2009. [35] M. Purkhiabani and A. Salahi, “Enhanced authentication and key agreement procedure of next generation evolved mobile networks,” in Proc. 3rd Int. Conf. Commun. Softw. Netw., 2011, pp. 557–563.
2900
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 63, NO. 6, JULY 2014
[36] Y. Park and T. Park, “A survey of security threats on 4G Networks,” Proc. IEEE GLOBECOM Workshops, pp. 1–6, 2007. [37] M. Al-Humaigani, D. Dunn, and D. Brown, “Security transition roadmap to 4G and future generations wireless networks,” in Proc. 41st Southeast. Symp. Syst. Theory, 2009, pp. 94–97. [38] C-K. Han, H-K. Choi, J. W. Baek, and W. Lee, “Evaluation of authentication signaling loads in 3GPP LTE/SAE networks,” in Proc. 34th IEEE Conf. Local Comput. Netw., 2009, pp. 37–44. [39] Z. Shi, Z. Ji, Z. Gao, and L. Huang, “Layered security approach in LTE and simulation,” Proc. 3rd Int. Conf. Anti-Counterfeiting, Security, Identification Commun., pp. 171–173, 2009. [40] D. Forsberg, L. Huang, K. Tsuyoshi, and S. Alanara, “Enhancing security and privacy in 3GE-UTRAN radio interface,” in Proc. Int. Conf. Pers., Indoor, Mobile Radio Commun., 2007, pp. 1–5. [41] D. Yu and W. Wen, “Non-Access-Stratum request attack in E-UTRAN,” in Proc. Int. Conf. Comput., Commun. Appl., 2012, pp. 48–53. [42] L. Huang, Y. Huang, and Z. Gao, “Performance of authentication protocols in LTE environments,” in Proc. Int. Conf. Comput. Intell. Security, 2009, pp. 293–297. [43] H. Mun, K. Han, and K. Kim, “3G-WLAN interworking: Security analysis and new authentication and key agreement based on EAPAKA,” in Proc. Wireless TeleCommun. Symp., 2009, pp. 1–8. [44] C-E. Vintila, V-V. Patriciu, and I. Bica, “Security analysis of LTE access network,” in Proc. 10th Int. Conf. Netw., 2011, pp. 29–34. [45] IxAutomate Data Sheet. [Online]. Available: http://www.ixiacom.com/ products/network_test/applications/ixautomate/ixautomate_datasheet/ index.php [46] P. Rengaraju, C-H. Lung, and A. Srinivasan, “Design of distributed security architecture for multihop WiMAX networks,” in Proc. 8th Annu. Conf. Privacy, Security, Trust, 2010, pp. 54–61. [47] P. Rengaraju, C-H. Lung, and A. Srinivasan, “Measuring and analyzing WiMAX security and QoS in testbed experiments,” in Proc. IEEE ICC, 2011, pp. 1–5. [48] T. M. Fernandez-Carames, M. Gonzalez-Lopez, and L. Castedo, “Mobile WiMAX for vehicular applications: Performance evaluation and comparison against IEEE 802.11p/a,” Int. J. Comput. Netw., vol. 55, no. 16, pp. 3784–3795, Nov. 2011. [49] T. Eibatt and A. Ephremides, “Design aspects of satellite-cellular hybrid wireless systems,” Int. J. Satell. Commun., vol. 20, no. 2, pp. 121–150, Mar./Apr. 2002. [50] C. Kolias, G. Kambourakis, and S. Gritzalis, “Attacks and Countermeasures on 802.16: Analysis and Assessment,” IEEE Commun. Surveys Tuts., vol. 15, no. 1, pp. 487–514, 1st Qtr., 2013. [51] J. Huang and C-T. Huang, “Secure mutual authentication protocols for mobile multi-hop relay WiMAX networks against rogue base/relay stations,” in Proc. IEEE Conf. Commun., 2011, pp. 1–5. [52] B. Bhargava, Y. Zhang, N. Idika, L. Lilien, and M. Azarmi, “Collaborative attacks in WiMAX networks,” J. Security Commun. Netw., vol. 2, no. 5, pp. 373–391, Sep./Oct. 2009. [53] S. Naseer, M. Younus, and A. Ahmed, “Vulnerabilities exposing IEEE 802.16e networks to DoS attacks: A survey,” in Proc. 9th Int. Conf. Softw. Eng., Artif. Intell., Netw., Parallel/Distrib. Comput., 2008, pp. 344–349. [54] J. Hong Kok Han, M. Yusoff Alias, and B. Min Goi, “Simulating denial of service attack using WiMAX experimental setup,” Int. J. Netw. Mobile Technol., vol. 2, no. 1, pp. 30–34, Jan. 2011. [55] M. Shojaee, N. Movahhedinia, and B. T. Ladani, “Traffic analysis for WiMAX network under DDoS attack,” in Proc. 2nd Int. Pacific-Asia Conf. Circuits, Commun. Syst., 2010, pp. 279–283. [56] J. Hong Kok Han, M. Yusoff Alias, and M. Goi Bok, “Potential denial of service attacks in IEEE802.16e-2005 networks,” in Proc. 9th Int. Conf. Commun., Inf. Technol., 2009, pp. 1207–1212. [57] F. Ibikunle, “Security issues in mobile WiMAX (802.16e),” in Proc. IEEE Mobile WiMAX Symp., 2009, pp. 117–122. [58] R. Rodney and A. Vikas, “An Analysis of WiMAX security vulnerabilities,” in Proc. Int. Conf. Wireless Netw. Embedded Syst., 2009. [59] L. Maccari, M. Paoli, and R. Fantacci, “Security analysis of IEEE 802.16 communications,” in Proc. IEEE Int. Conf. Commun., 2007, pp. 1160–1165.
[60] B. Kwon, R. A. Beyah, and J. Copeland, “Key Challenges in Securing WiMAX Mesh Networks,” J. Security, Commun. Netw., vol. 2, no. 5, pp. 413–426, Sep./Oct. 2009. [61] B. Kwon, C. P. Lee, Y. Chang, and J. Copeland, “A security scheme for centralized scheduling in IEEE 802.16 mesh networks,” in Proc. IEEE Int. Conf. Mil. Commun., 2007, pp. 1–5. [62] J. Cao, M. Ma, H. Li, and Y. Zhang, “A Survey on Security Aspects for LTE and LTE-A Networks,” IEEE Commun. Surveys Tuts., Apr. 2013, to be published. [63] J. Cao, H. Li, M. Ma, Y. Zhang, and C. Lai, “A Simple and Robust Handover Authentication between HeNB and eNB in LTE Networks,” Comput. Netw., vol. 56, no. 8, pp. 2119–2131, May 2012. [64] C-H. Han, “Security analysis and enhancements in LTE-advanced networks,” Ph.D. dissertation, Dept. Mobile Syst. Eng., Graduate School, Sungkyunkwan Univ., Seoul, Korea, 2011.
Perumalraja Rengaraju received the M.Eng. degree in communication systems from Anna University, Tamil Nadu, India, in 2006 and the Ph.D. degree in electrical and computer engineering from Carleton University, Ottawa, ON, Canada, in 2013. In September 2013, he joined the Department of Information Technology, Velammal College of Engineering Technology, Tamil Nadu, where he is currently an Associate Professor. He was with CDOT-Alcatel Research Center, Chennai, India, from 2006 to 2007 and with nGIN Technologies, Chennai, from 2007 to 2009, where he worked on the research and development of WiMAX technology. His current research interests include quality of service and security in Fourth-Generation wireless networks and other networking technologies.
Chung-Horng Lung (M’13) received the B.S. degree from Chung Yuan Christian University, Zhongli, Taiwan, and the M.S. and Ph.D. degrees from Arizona State University, Tempe, AZ, USA, all in computer science and engineering. From 1995 to 2001, he was with Nortel Networks. In September 2001, he joined the Department of Systems and Computer Engineering, Carleton University, Ottawa, ON, Canada, where he is currently an Associate Professor. His research interests include communication networks, wireless ad hoc/sensor networks, and software engineering.
Anand Srinivasan received the Bachelor’s degree from the University of Delhi, New Delhi, India; the Master’s degree in computing from Jawaharlal Nehru University, New Delhi; and the Ph.D. and M.Sc. degrees in computer science from the University of Victoria, Victoria, BC, Canada. He has over 15 years of experience in system and network design and performance of large-scale wired, wireless, and satellite networks. He is currently the Vice President for Technology and Product Management with EION Wireless Inc., Ottawa, ON, Canada. He is also an Adjunct Research Professor with the Department of System and Computer Engineering, Carleton University, Ottawa.
