1 / 14

802.16g-2007 (WiMAX) ( Management Plane Procedures and Services)

802.16g-2007 (WiMAX) ( Management Plane Procedures and Services). What does one compromised base station get you?. Matt Bravo mbravo@stanford.edu. Analyzed Scenario. Network of many base stations (BS) Many more mobile subscribers (MS) One infected/compromised BS on the network.

yahto
Download Presentation

802.16g-2007 (WiMAX) ( Management Plane Procedures and Services)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 802.16g-2007 (WiMAX)(Management Plane Procedures and Services) What does one compromised base station get you? • Matt Bravo • mbravo@stanford.edu

  2. Analyzed Scenario • Network of many base stations (BS) • Many more mobile subscribers (MS) • One infected/compromised BS on the network

  3. Impact on a WiMAX • WiMAX does not have good compartmentalization • Should “fail gracefully” • Can lead to breaking crypto on ANY device attached to network, not just devices attached to the compromised BS

  4. What is 802.16g-2007 • “...provides enhancements to the MAC and PHY management entities...” • “Introduction of a set of control and management primitives for the IEEE 802.16 entities...” • Clarifies and enhances 802.16e-2005

  5. 802.16 Architecture

  6. What is a handoff? • A mobile subscriber needs to switch base stations • important to not have to do RSA and re-authorize/re-authenticate to network (QoS) • Goal: don’t drop the connection

  7. Section 6.3.22.2 HO Process (802.16e-2005) • Defines that “Regardless of having received MS information from serving BS, target BS may request MS information from the backbone network.” • Note that this is an optimization, that conformant devices and handovers may NOT reuse ANY information, but we really want to.

  8. 14.2.2.3 Security for handoffs (802.16g-2007)

  9. The Problem • Misbehaving BS does not wait for a notification before requesting context information (notifications are NOT ACK’d) • Assume that BSID and MAC are know (these are advertised and not encrypted) • No attributes in C-SM-REQ have any proof of a need to know

  10. C-SM-REQ • Serving BSID, Target BSID • MS MAC address • Security info (optional) • Spec stated that NCMS ‘should’ respond to this request

  11. 14.2.5 Handover context for connections (802.16g-2007) • Defines the set of shared information between BS and target BS • Use this context to validate a BS need to know for security context information • Dropped packets and QoS still a concern here

  12. Locality Filtering • Add a table in NCMS to allow a BS to request only a subset of the network • Also could use this method to detect the compromised BS

  13. Revise C-SM-REQ • Add an attribute to C-SM-REQ • Perhaps a last transmitted sequence number from the serving BS • serving BS could reject requests with invalid sequence number

  14. Conclusion • WiMAX trust its infrastructure! • Without breaking the spec, implement locality filters • Extend primitives with a sequence number, prove a need to know in the request

More Related