Encryption Protocol for Wimax, 4G and LTE Wireless Networks, Research Proposal Example

Introduction

Security protocol represents an abstract protocol which performs functions related to security and implements cryptographic methods. When data is encoded through encryption then only computers having the appropriate decoder can read it and also use it. Encryption can be used by anyone who wants to safeguard files and electronic mails sent to friends and colleagues. The encryption key can tell the computer about what kind of computations are required for encrypting something or to decrypt something. There are different forms of encryption out of which public-key and symmetric-key are the two kinds of encryption used. In the former one each of the systems have a pair of public-private keys, in this kind of a system one key is used for encrypting something in one system and the other system uses the other key to decrypt the same. In the latter, there is only one key which can be used for both encryption as well as decryption.

Research Aim

The main aim of this research study is to design a new encryption protocol which can be utilized in wireless network like Wimax, 4G and LTE etc.

Comparison of existing encryption protocols

Kerberos

Kerberos is an authentication protocol for the computer networks which functions on the base of “tickets” for allowing nodes that communicate over non-secure networks for proving its identity to each other through a secure way. Its designers had primarily aimed at the model of client server which provides an authentication which is mutual for both that is the user as well as the server. Both verify the other’s identity. Kerberos protocol information’s and signals are protected from replay attacks and eavesdropping. Kerberos is built on the cryptography of the symmetric key and it requires third party which can be trusted and as another option it may use cryptography through the public key too during certain authentication phases. Kerberos mostly uses port that is 88 which is the default one (Schneier).

Here the client enters into authentication by itself to AS or the Authentication Server which further forwards usernames to the Key Distribution Centre or KDC. The KDC is for issuing the Ticket Granting Ticket or TGT that is stamped by time and this encrypts using the user’s codes or passwords and it also returns encrypted results to the workstation of the user. This certainly is not a frequent thing to be done, typically at the user logon; where the TGT is valid till final expiry, though it may be renewed in a more transparent way by the session manager of the user while they log in. When any of the clients need communication with the other node that is “principal” in the Kerberos parlance then it sends a TGT to TGS which is the Ticket Granting Service, it usually shares a similar or maybe the same kind of host as KDC. After verification of the TGT, if the result is valid then only the user has the permission to access a requested service, TGS issues Ticket and as well as the session keys, which the client gets back in return. The client can then send this Ticket to SS or the service serve together with a request for its service (Katz & Lindell).

IPSec

The IPSec secures traffic on the IP networks and is more widely used than the GRE. This system is capable of encryption of information between different devices which includes router, firewall and desktop to router and or desktop to the server. There are two sub categories of this system that helps VPN to secure the packets. They are Encapsulated Security Payload, that is ESP, which encrypts the load of the packet that is the data transfer with the help of symmetric key and the other is the Authentication Header that is AH which uses hashing operation which helps in hiding some important packet information which can be the identity of the sender and it continues till the destination has been reached.

In the network devices, the IPSec can be used in either of the modes that are transport mode where both the systems are into encrypting data which is being transferred between them or the Tunnel mode where a virtual tunnel is built between the two exchanging networks of the respective devices. And as one can assume and guess the VPN does use the IPSec system in the tunnel mode where both IPSec AH and the IPSec ESP work together that supports about 40-bit and also 128-bit of encryption for any kind of authentication scheme PPP supports and lastly L2TP or Layer 2 Tunneling Protocol where a Combination feature of PPTP as well as L2F fully supports the IPSec system; this is also applicable on site-to-site VPNs (Yang)

In VPN, computers at both the ends encrypt information which enters the tunnel while the other system present at the other end decrypts the same. But VPN cannot work with just a pair of these keys, it needs more of it to encrypt correctly and this is exactly the point where protocols makes its entry. VPN which is site-to-site can use either GRE that is Generic Routing Encapsulation or IPSec that is Internet Protocol Security. The GRE functions by providing framework regarding how passenger protocol can be packaged for transportation over Internet Protocol or also known as IP. This system determines what kind of packet is being used and which connection is there between the sender and the receiver.

Things are changing with time and so are the technologies which are being introduced over the present VPNs.  Even though the new technologies are ruling the market yet it has not been able to rule out the current VPN security advantages which are still used widely.

RC4

RC4 is the stream cipher which Rivest had designed for RSA Data Security, which is now known as RSA Security. It is that stream cipher which is of a variable size of key with operations that are byte-oriented. Based on using of random permutation is this kind of an algorithm. Frequent analysis show that the cipher period is overwhelming and can likely be higher than 10100. For each output byte about 8 to 16 machines should be used for operations and cipher runs at a good speed in software. Independent analysis has been able to scrutinize the algorithm which is considered safe and secure.

RC4- Uses

RC4 is majorly used for filing encryption in the products like RSA SecurPC- utility software which encrypts disks as well as files on all systems that are on desktops and laptops. It is even used for securing the communication channel, encrypting traffic from a secure site using SSL or the Secure Sockets Layer. The Handshake Protocol that Netscape Communications Corporation had developed for providing privacy and security over different Internet systems (Vadhan)

Skipjack

In cryptography, the Skipjack is the block cipher which is for an encryption algorithm that the U.S.National Security Agency or NSA had developed. Initially it was classified and originally it intended for proper use in the Clipper chip which involved controversies. At the same time, the algorithm had been declassified and it now provides unique views of cipher designs, which is from agency government intelligence.

Skipjack uses the 80 bitrate key for encrypting or decrypting a 64 bitrate data block. It is the unstable Feistel network, which has 32 rounds, and it was designed for using in secured phones.

Cryptanalysis

Both Adi Shamir and Eli Biham had discovered an attack which was against half of the 32 rounds that is 16 rounds within the span of just one day study and analysis and along with Alex Biryukov this extended to 31 rounds out of the total 32 rounds and unfortunately with the attack which was only a bit faster than the real exhaustive search within a few months  by using impossible and differential cryptanalysis (Schneier).

A differential attack which was truncated also published 28 rounds of the Skipjack cipher. This later was complemented by attack on the full 32 rounds. Biham, Biryukov and Shamir’s attack is still considered the best analysis of cryptography of the Skipjack which is well known to public. There were much other news of such attacks but not all were published.

Variations of the Originals

After both DES and DVP products gained market acceptance and people started using them worldwide, a flaw became more obvious. When using encryption in radios, the agents came across the fact that their respective radios were not transmitting to distance of which the difference was more which was not so in the case of being in clear mode. In an atmosphere of high commotion and also denial, Motorola went back and learnt the  fact that the use of either of the two lead to a lower range and less speed which would be as less as about 30% at times. To rectify this two more protocols had been added on to the original versions which then gave 4 such protocols which were DES and DES-XL, DVP and DVP- XL. This helps in maintaining the range differences and DVP-XL has keys the number of which had been increased from the earlier number to 7.9 X 1028. DES-XL and DVP-XL both use different types of encrypting ways which is known as the counter addressing. It is important to remember that every radio must use exactly the same kind of encryption for inter-communication in a secure mode like DVP-DVP, DES-XL-DES-XL and so on.

The 5th protocol which is unique is called the DVI-XL that is Digital Voice International. As we know that a DES product requires munitions license for exporting from the States, the DVI-XL has the ability to allow other countries which can also enjoy same type encryption such as the DES-XL, but due to a reduced available key number it fails at times. This is not too general in the States even though it is quite commonly used in countries like England.

Key Variable Loader

If one has been reading the article from the very beginning with complete concentration then they may end up asking themselves that how can one gets those keys inside the radios. It is indeed a very good question and it can be answered in the following way. A device looking more like a radio was in circulation in order to load encrypted keys. These were generally better recognized as ‘Keyloaded’, or ‘KVL’. The device is built in a manner that the “keys” can be inserted. A specially designed cable is attached with KVL and the radio, which in turn attaches itself with the interface port. Only the numbers are entered by any individuals in order to generate the “key” for the traffic of radio. An approx. of 20 characters entered gets transformed tin the desired key. However, around 16 keys can be stored in the non-volatile storage memory of KVL, which makes the radios to load as and when required. Radio shops guards these devices as one can get control over the entire system by the mean of KVL. These KVL can be of five varieties. They are for DES, DVP, DES-XL, DVP-XL and DVI-XL. A ‘Super KVL’ is capable of loading all four types of encryption protocols. Literature provided by Motorola has not listed its occurrence.

WiMAX Security Protocols

For forming the foundation for further discussions on WiMAX security, it is important to review the protocols of Wi-Fi. Wired Equivalency Privacy that is WEP has been the first encryption system, which was used for Wi-Fi. It has been using RC4 cipher to encrypt. Both 128- and or the 256-bit keys today are standard like before. These are the global standards currently prevailing in the networking world. Wired Equivalency Privacy had been designed for providing roughly equivalent to security, which was provided by a wired connection. Somehow, the fact that the encryption keys at that point were not that strong for competing with today’s power of computing. This kind of a protocol is being used by many networks.

The security device which is final is for using USB tokens and smart cards. Many of these kinds of devices carry quite strong types of encryption which combines two or maybe more than two kinds of authentication, like biometrics and password. Even though this type of a security is usually considered the strongest as well as the safest by some, a drawback may be that this can be a bit more expensive than others which are similar. The higher price would be for the need for purchase physical devices which would be for each and every employee or member of a team and also for supporting authentication ways that have been selected.

WMAN widely uses the WiMAX and brings the internet to its nodes. Two types of WiMAX prevail in the industry. They are Mobile WiMAX and Fixed WiMAX. 802.6-2004 standard forms the base for fixed type. This contributes to the fact that it does not support mobility. However, 802.6e-2005 is the base for mobile WiMAX.

The Privacy Layer

Two schemes are used for encrypting data and get supported in 802.16 standards like Triple Data Encryption Standard or 3DES and Advanced Encryption Standard or AES. Both the schemes are usually block ciphers, that are the security algorithms operating on a chunk and a block of the data at one time against stream ciphers that act on single byte. AES is into handling 128-bit chunk of information or data at any given point of time. It has shown a good speed in both the software and as well as the hardware implementations. Both of these IS are due to its respective speed WiMAX. During the process of authentication, about 128- or maybe 256-bit key needs to be created and this can be used along with cipher. Additionally, there it is to be recreated at regular intervals for good security.

Amendment 802.16e-2005 specifies Privacy and the Key Management Protocol Version 2 which is management implementation key. This system can handle transfer of the keys between base stations and subscriber’s station by the use of X.509 digital certificates as well as RSA that is the algorithm of public-key. Additionally there is security which is provided through refreshing keys and connecting at more regular intervals. If a long key like1024 bitrates are being used, then the algorithm of RSA is secure. One must understand that the longer the key, the safer the system would be. It becomes difficult for intruders to get in (Delfs and Knebl).

Authentication

User authentication and the authentication of the device for WiMAX mainly consist of a support of certificate using Internet Engineering Task Force or IETF Extensible Authentication Protocol. EAP is that structure which is designed for performing authentication by the using functions which could negotiate with different procedures. There are about 40 different kinds of procedures and they are known as EAP methods, it includes some of the defined within IETF standard along with the others which have been introduced and developed by the outside entities. Few of these kinds of credentials which WiMAX is able to use for authenticating the purposes have been digital certificates, user name and passwords and smart cards. In the terminal devices, the X.509 certificate which is digital with both MAC address as well as public key could perform the device authentication whenever needed. Adding both the user Authentication as well as the device authentication can create additional security layer (Delfs and Knebl).

Wireless Control Messages

Another method of authentication which is used along with WiMAX is the support for the control messages. This kind of a handshake when used assures both message authenticity as well as the data integrity in the message. CMAC that is Cipher-based Message Authentication Code has been using block of cipher algorithm whereas HMAC or keyed-Hash Message Authentication Code uses hash function for combining with secret key. Both are those types of schemes are WiMAX supported.

Fast Handovers

The process involved for the transfer of a device from one system to another system is known as ‘handover.’ Three options can be used for the same which have been specified by the IEEE 802.16e-2005 even though the support is required only for one which is the hard handover or abbreviated as HHO. This negotiation scheme establishes identification as well as the communication with new bases before it releases connection with old bases. This handover method can surely help and improve the man-in-the-middle-attacks (Katz and Lindell).

Security Attacks

Both Wi-Fi and the WiMAX tend to use different physical as well as data layers. This results in security attacks which differ depending on the schemes which are in place.

Wi-Fi Security Attacks

Wi-Fi is the older wireless system which is more prone to security attacks from others but at the same time it is also the prevalent service. Ryan Paul’s article published on 25th April, 2007 – “Evil twin”- Attack, this wireless networks “Security researchers have started to note this and the WiMAX: The Protocols of Security 6 increases instances of attacks of the “Evil twin,” where malicious user usually sets up a Wi-Fi network which is open and then monitors the traffic for intercepting private data.” Other security threats which have co-existed are MAC spoofing, Denial-of Service or DoS, man-in-the-middle and the network injection threat where intruders try and inject into a network the command for re-configuring it (Vadhan).

Attacks on WiMAX Securities

Some of the threats to WiMAX are packet scrambling and jamming and they are the common and generalized kinds that can affect mostly its physical layer. Certain signals, which travel close to, or crosses the WiMAX may harm it to a certain extent and thus act as a threat. The example of an 850 MHz signal can be considered, and one can find the second harmonic wave, although it is not that strong, when at 1700 MHz or simply 2 x 850. The third kind of harmonic wave, which is much weaker, can be found at 2550 MHz or 3 x 850. Because WiMAX can be transmitted through a frequency band which is licensed, jamming is unintentional and rare. Regular analysis can bring up the jamming attacks before the operations’ person. Digital certificates can help the server to a good extent. A simple process of authenticating in one way can allow the opportunity for creating rogue based station as well as snoop traffic by the intruders. Authentication that uses EAP-TLS would enable both base station as well as mobile station for the use of X.509 certificates which is for establishing their legitimacy (Schneier).

Conclusion

The network like WiMax, 4G, LTE are too highly likely to get exposed to security threats. In case of WiMax key reason is the radio frequency spectrum can easily get entered utilizing various network tools. This leads to jam of Wimax signals. Moreover the intruders can also make use of various denial services attacks. The traffic in WiMax can be secured using various encryption protocols CCMP which utilizes AES especially for integrity and data transmission. Even the PKM can be used here for extensible authentication bringing end to end authentication via TLS public key encryption.

The Wi-Fi system is more spread out and more people use it as they believe that it is the safest way of data transfer from one device to another. The WiMAX is also considered safe even if it is not as safe as the Wi-Fi as people also use this for data transfer, which proves the safety provided by the system.

References

Delfs, Hans and Helmut Knebl. Introduction to Cryptography: Principles and Applications. New York: Springer, 2007.

Katz, Jonathan and Yehuda Lindell. Introduction to Modern Cryptography: Principles And Protocols. London: CRC Press, 2008.

Schneier, Bruce. Applied cryptography: protocols, algorithms, and source code in C. London: Wiley, 1996.

Vadhan, Salil P. Theory of Cryptography: 4th Theory of Cryptography Conference, TCC 2007, Amsterdam, The Netherlands, February 21-24, 2007, Proceedings. London: Springer, 2007.

Yang, Samuel C. 3G CDMA2000: Wireless System Engineering. London: Artech House, 2004.