Overview of IEEE 802.16 Security
IEEE Security and Privacy
Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks
802.11 denial-of-service attacks: real vulnerabilities and practical solutions
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
ICCTD '09 Proceedings of the 2009 International Conference on Computer Technology and Development - Volume 02
An analysis of mobile WiMAX security: vulnerabilities and solutions
NBiS'07 Proceedings of the 1st international conference on Network-based information systems
A Review of Some Security Aspects of WiMAX and Converged Network
ICCSN '10 Proceedings of the 2010 Second International Conference on Communication Software and Networks
Hi-index | 0.00 |
The IEEE 802.16 Working Group on Broadband Wireless Access Standards released IEEE 802.16-2004 which is a standardized technology for supporting broadband and wireless communication with fixed and nomadic access. After the IEEE 802.16-2004 standard, a new advanced and revised standard was released as the IEEE 802.16e-2005 amendment which is foundation of Mobile WiMAX network supporting handover and roaming capabilities. In the area of security aspects, compared to IEEE 802.16-2004, IEEE 802.16e, called Mobile WiMAX, adopts improved security architecture--PKMv2 which includes EAP authentication, AES-based authenticated encryption, and CMAC or HMAC message protection. However, there is no guarantee that PKMv2-based Mobile WiMAX network will not have security flaws. In this paper, we investigate the current Mobile WiMAX security architecture focusing mainly on pointing out new security vulnerabilities such as a disclosure of security context in network entry, a lack of secure communication in network domain, and a necessity of efficient handover supporting mutual authentication. Based on the investigation results, we propose a novel Mobile WiMAX security architecture, called RObust and Secure MobilE WiMAX (ROSMEX), to prevent the new security vulnerabilities.