International Journal of Computer Applications (0975 – 8887) Volume 33– No.3, November 2011 1 Securing Bandwidth Request Messages in Wimax Kaushik Adhikary #1 , Rajinder Kumar #2 , Amit Kumar #3 #1, #3 Deptt. of CSE, MMU, Mullana, India #2 Cyber Security Research Centre, PEC, Chandigarh, India ABSTRACT Privacy, confidentiality and authentication are the issues which are been focused by the security sublayer which is defined in the IEEE 802.16 standard. WiMAX which is the Wireless Interoperability for Microwave Access is the latest technology for Wireless Communication. It has been developed to replace DSL/fibre cable. It has been developed to provide ‘last mile’ broadband connectivity to home or business location. The IEEE 802.16 has many flaws in its security which has led to various vulnerabilities. One of the vulnerability which has been detected by us is the bandwidth request messages. This paper analyses the attacks which can be carried on the bandwidth request messages, its effect on the performance and the suitable solution to counter this attack. Keywords WiMAX, PKM, Bandwidth Request Message, denial-of service attack 1. INTRODUCTION WiMAX is the latest wireless technology that has been developed. It was formed by the WiMAX forum in June 2001. It has been developed to deliver broadband access service and backhaul services to residential and enterprise customer at economical rates. It is similar to Wi-Fi [1] but has higher speed, has greater range and can cater a large number of users. As Wi-Fi refers to the interoperable implementation of IEEE 802.11 Wireless LAN standard similar to this WiMAX [2] refers to the interoperable implementation of the IEEE 802.16 standard. Wireless technology because of its open medium and unstoppable range is vulnerable to various attacks. Earlier technologies of Wireless have been found to have much vulnerability. For instance, unauthorized users, man-in-the-middle attacks, and key analysis are found in Bluetooth. User authentication, auditing, and nonrepudiation are the security services which it lacks. Due to the weakness of its WEP (Wired Equivalent Privacy) protocol Wi-Fi faces many security problems. They are easily attacked by brute force attacks, dictionary attacks, and algorithmic attacks since WEP keys are static, rather short, and shared among devices. And the result of Leak of WEP keys leads to eavesdropping, message modification, and masquerading. Repetition in key stream generation is caused by short initialization vectors (IVs). Attackers easily analyze this. The weakness of authentication process causes replay attacks and man-in-the-middle attacks. Due to the open medium traffic analysis, access point is easily compromised. Session hijacking is also possible during handover process. Denial-of-service attack is also a big risk. IEEE Standard 802.11 mitigates some of the problems, but the standard faces compatibility problem with existing Wi-Fi devices. Very few studies have been carried out on the security aspects of the IEEE 802.16 standard as it is a new standard. IEEE 802.16 uses Privacy and Key Management Protocol that provides privacy and authentication. In WiMAX above the Physical layer lays the Security Layer. The Key Refreshment mechanism is provided in the Privacy and Key Management Protocol [3]. Current researches have shown that IEEE 802.16 is still prone to attacks. 2. PROBLEM IDENTIFICATION 2.1 Spoofing of bandwidth request messages Using Bandwidth Request messages, an SS may ask and obtain channel resources; requests can be aggregate (containing an absolute value) or differential (containing the difference from current assignment). Aggregate requests are sent in the unscheduled time period where each SS can transmit using a contention technique. As bandwidth Requests are included into unauthenticated frames, they might be forged by an attacker. Pretending to be some other station and requesting very limited channel resources, the attacker can send false aggregate requests and as a result, the BS will update the schedule and communicate it with the following UL-MAP and DL-MAP. Fig 1: Spoofing of Bandwidth Request messages The possibility of having a centralized resource allocation to distinguish several service classes, according to the credentials of the user is one of the most interesting features that distinguish IEEE 802.16 from IEEE 802.11 as said [4]. An authorized SS of the network can reduce the resources allocated to its neighbors with this attack with the aim of having more resources disposable to itself [as shown in fig 1]. The victim stations will not have the chance to issue some new valid requests, if the attack is repeated at every time interval.