Regresar

Enhanced intrusion detection system for PKMv2 EAP-AKA used in WiBro

Abstract:

WiBro (Wireless Broadband), the service based on the IEEE 802.16e (mobile WiMAX) standard, is an emerging wireless broadband Internet technology providing full mobility through open IP based network with various types of terminals. The security of WiBro is based on the IEEE 802.16e-2005 with new version of PKMv2 (Privacy Key Management version 2) which allows the use of EAP-AKA protocol for authentication. However, the enhanced security solution does not make WiBro free from attacks creating the need for additional security measures. Present study proposes an option of such security measure in form of an intrusion detection system for the authentication phase of WiBro. The proposed system makes use of formalized specifications of the normal operation of the PKMv2 EAP-AKA authentication to detect misbehavior messages being transmitted over the network. Once defined the architecture and design, the proposed intrusion detection system was developed and implemented in an experimental network to verify its capabilities by simulations. Simulations show how the proposed solution detects existing attacks and provides capabilities to detectnew attacks that violate the normal flow of EAP-AKA protocol. The specification-based characteristic of the proposed intrusion detection system allows effective detection of unknown attacks which is very useful in a complicated WiBro environment with the potential to be a victim of new type of attacks in the future. © 2011 Asain Network for Scientific Information.