In wireless metropolitan area networks (MAN), the data service for a mobile is based on the model of service flow, a MAC layer transport service that describes the unidirectional flow of either uplink or downlink data. The establishment of a service flow uses a two phase model: a service flow is first admitted with provisioned resources, and then the service flow is then activated to have the resources committed on an on-demand basis. The service flow may be de-activated later to conserve network resources.
Primarily, when a WiMAX network has no downlink or uplink data, it will enter either Sleep Mode or Idle Mode, both of which aim to trim down the power utilization of the mobile station. Upon the availability of data, the serving base station will awaken the mobile station. The mobile station then establishes a connection with the base station via initial ranging. Ranging parameters are then adjusted for the connection. Finally, the service flow is reactivated for data transfer, and the mobile station returns to the normal operation stage. Depending on whether the serving base station has the necessary information, the mobile station may need to carry out more signaling operations, such as basic capability negotiation, authentication and key management, re-registration, as well as IP connectivity reestablishment. Given the above signaling procedures, attackers may also launch similar signaling attacks to WiMAX base station by triggering unnecessary state transitions that overload the base station with signal processing that leads to denial of service (DoS) attacks.. (Ramana Mylavarapu, 2005)