Document Actions
Roses and Thorns of WiMAX Security
Ari Takanen, CTO,
Codenomicon Ltd.
To contact the author: art@codenomicon.com
By now, everyone understands that security is not an add-on technology. WiMAX is
no different from other next generation technologies. WiMAX security has to be
built in, and considered at all phases in the software development including
design, implementation and testing. After release of the products, the remaining
defects are sorted out by good post-deployment plans during the product
lifecycle. Finally the actual deployment guidelines set the true security of the
network. Any security mechanism is only useful if used, and security update is
only effective if deployed.
Discussion about WiMAX security is polarized. Some security practitioners still
see security as a set of features, such as strong encryption and authentication
mechanisms. On the other hand, a skilled security auditor will analyze the
complexity of the used communication interfaces, and will recognize the same
security features as additional opportunities to break the used network
elements.
Let’s assume that WiMAX designs are now fixed, and mostly secure. WiMAX uses the
best practices in encryption to protect from third party access. Still, some
aspects of the WiMAX security design look suspicious. For example, the
unencrypted management frames are interesting from security analysis point of
view. Only time will tell if the management channel will actually be exploited
by the evil-doers. But even with the best possible protocol design, the job is
not even half done!
Most of the real world vulnerabilities in communication devices are due to
programming errors in various implementations rather than due to inherently
broken protocol design. In this regard, WiMAX should be an interesting target
for security analysis. Some aspects of security are just subsets of quality. All
robustness and reliability improvements will lead directly to decreased
development and deployment costs, as well as increase public acceptance and
ensure faster adoption.
Anyone who has implemented protocol parsers can probably agree that the more
complex the protocol specification is, the more likely it is that there are some
lurking mistakes in the implementation. Complex protocols used in WiMAX, such as
EAP and X.509, can actually prove to be sweet spots for those who look to score
against WiMAX security. And WiMAX is not only about the used wireless protocols.
For true end-to-end security the IP stack of base station and all the layers
above need to be tested for robustness, and configured properly. From the users
perspective a DoS attack on upper layer services causes as much havoc as the
low-level MAC problems.
Are we bound to repeat the deployment mistakes of previous wireless technology
platforms? If we look at the past mistakes in, for example, Bluetooth and WiFi,
we can see that these technologies have become notorious for severe security
shortcomings during their relatively short history. New vulnerabilities and
exploits are reported and demonstrated every week in live and public wireless
networks. This has partially resulted in the loss of credibility for all
wireless technologies. Based on my discussions with various security experts
there are two schools at the moment: one is expecting to see security issues
similar to WiFi, and the other believes that the threats are not severe as
security is built-in into WiMAX. However, implementation quality is still being
ignored as the most important factor of security. Now it is the time to make a
difference, and everyone is involved in these next steps. What can we do to
avoid making the same mistakes all over again with WiMAX?
Codenomicon
Codenomicon develops robustness testing tools for proactive elimination and
prevention of security vulnerabilities. Major manufacturers, service providers
and enterprises use these products for security assessment, software
development, risk analysis, purchase criteria and acceptance testing.
Codenomicon test tools are available for testing the security of any
communication devices and architectures.
http://www.codenomicon.com/
_____
tags:
