Performance Improvement of IEEE 802.16 / Wimax Using Elliptic Curve Cryptography Pranita K. Gandhewar, Kapil N. Hande Computer Science & Engineering Department G. H. Raisoni College of Engineering Nagpur, India Abstrac-: The IEEE Standard 802.16 (WiMax) promises to provide wireless broadband access to homes, businesses and core telecommunication networks worldwide. However, security is a key concern to the success of IEEE Standard 802.16. Wireless networking is not as secure as other networking technologies. But IEEE 802.16 provides much higher security as compared to other wireless technologies, such as IEEE 802.11 (Wi-fi). IEEE 802.16 provides several security mechanisms, which provides more security by protecting the network against unauthorized access. Many paper provides the security improvement mechanism for WiMax. Many sophisticated authentication and encryption techniques have been embedded into WiMAX but it still exposes to various attacks. This paper provides a mechanism for increasing the efficiency & hence improves the existing model. Keywords- IEEE 802.16, Wi-Max, Security, Authentication, Authorization, Encryption, RSA, ECC. I. INTRODUCTION IEEE 802.16 is also known as WiMAX (Worldwide Interoperability of Microwave Access). WiMAX basically operates on two layers: physical layer (PHY) & MAC layer. MAC layer has three sub-layers, convergence sub-layer, common part sub-layer & security sub-layer. Security is a key concern to the success of IEEE 802.16. IEEE 802.16 security specification can mainly be found within the MAC layer as it consists of security sub-layer [5]. Security sub- layer provides authentication, secure key exchange, encryption and integrity control across the BWA system. In the 802.16 standard, encrypting connections between the MS and the BS is made with a data encryption protocol applied for both ways. An encapsulation protocol is used for encrypting data packets across the BWA. An authentication protocol, the Privacy Key Management (PKM) protocol is used to provide the secure distribution of keying data from the BS to the MS [4]. Through this secure key exchange, due to the key management protocol the MS and the BS synchronize keying data. The basic privacy mechanisms are strengthened by adding digital-certificate-based MS authentication to the key management protocol. In addition, the BS uses the PKM protocol to guarantee conditional access to network services [1]. The encryption algorithm used at MAC layer in the existing model is the RSA algorithm. In the proposed model, we use ECC (Elliptic Curve Cryptography) algorithm. The main objective of this paper is to enhance the security & improve the performance of the BWA system by using ECC algorithm instead of RSA. There are many advantages of using ECC over RSA. The main advantage of using ECC is that it provides same level of security as that of the RSA at lower key size. Lower key size requires less memory as well as less bandwidth. As it uses lower key size the time required to compute the ECC key is also minimum. Low computation time consumes low power & hence requires low computational power. Also the time required to break the ECC key is much higher than the time required to break the RSA key. Section II gives the brief overview Security Associations. Existing security model of IEEE 802.16 is given in section III & the proposed model is explained in the section IV. Finally, conclusion is given in the section V. II. SECURITY ASSOCIATIONS A Security Association (SA) is defined as the set of security information shared between a BS and one or more of the MSs connected to that BS in order to support secure communications across the WiMAX to access network. SA provides a set of security information by which secured communication can be established. By means of the SA a MS is authorized for a WiMAX-service. Security associations (SAs) maintain the security state relevant to a connection. IEEE 802.16 uses an identifier known as security association identifier (SAID) SAID is a 16-bit identifier which uniquely identifies SA. SAs are managed by the BS. When authentication event takes place the BS gives the MS a list of security association associated with its connection. IEEE 802.16 uses two types of SA: data SA & authorization SA, but explicitly defines only one i.e. data SA, which protects transport connection between one or more MSs & one BS [2]. The data SA consists of following components:  A 16-bit SA identifier (SAID)  Two traffic encryption keys (TEKs) for data encryption  Two 2-bit key identifier one for each TEK  TEK lifetime  A 64-bit initialization vector (IV) for each TEK  Encryption Algorithm (DES in CBC mode or AES in CCM mode)  H-MAC digest  Types of data SA (primary, static or dynamic) There are three basic types of data SAs: Primary, Static & Dynamic [3]. Generally MS has a primary SA for its secondary management connection & two more for the downlink & uplink links. Management & data transport connections are mapped to these SAs & secured according to the security mechanisms defined in SAs. Static SAs are provisioned within the BS. They are only initiated if the MS intends to use a new service & are dynamically terminated when data transfer in the service ends. Dynamic SAs are created & deleted as required in response to the initiation & termination of specific service flow. These are dynamically Pranita K. Gandhewar et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 2 (3) , 2011, 1309-1311 1309