Security is a broad and complex subject, and this section provides only a brief introduction to it. I am going to cover the basic security issues, introduce some terminology, and provide a brief overview of some of the security mechanism of WiMAX Technology.
Well designed security architecture for a WiMAX and other wireless communication networks should support the following essential requirements:
- Privacy: Provide protection from eavesdropping as the user data traverses the network from source to destination.
- Data integrity: Ensure that user data and control/management messages are protected from being tampered with while in transit.
- Authentication: Have a mechanism to ensure that a given user/device is the one it claims to be. Conversely, the user/device should also be able to verify the authenticity of the network that it is connecting to. Together, the two are referred to as mutual authentication.
- Authorization: Have a mechanism in place to verify that a given user is authorized to receive a particular service.
- Access control: Ensure that only authorized users are allowed to get access to the offered services.
WiMAX security is typically handled at multiple layers within a system. Each layer handles different aspects of security, though in some cases, there may be redundant mechanisms. As a general principle of security, it is considered good to have more than one mechanism providing protection so that security is not compromised in case one of the mechanisms is broken. At the link layer, strong encryption should be used for wireless systems to prevent over-the-air eavesdropping. Also needed at the link layer is access control to prevent unauthorized users from using network resources: precious over-the-air resources. (Chong Li, 2006)
Link layer encryptions are not often used in wired links, where eavesdropping is considered more difficult to do. In those cases, privacy is ensured by the comprehensive security mechanisms used at the higher layers. At the network layer, a number of methods provide security. The network itself may be protected from malicious attack through the use of firewalls. Authentication and authorization services are typically done through the use of Authentication, Authorization, and Accounting (AAA) protocols, such as RADIUS (Remote Access Dial-In User Service).. At the transport layer, TLS its precedent was called Secure Sockets layer (SSL) may be used to add security to transport layer protocols and packets. At the application layer, digital signatures, certificates, digital rights management, and so on are implemented, depending on the sensitivity of the application. (Arkoudi-Vafea Aikaterini, 2006)