|
IEEE Protocol | WiMAX |
|
| | 802.16 | 802.16e |
|
Passive attacks | Eavesdropping | Cannot be avoided. | Cannot be avoided. |
(i) Information disclosure of the SS's location at certain period of times due to the fact that management messages are sent in the clear | (i) Information disclosure of the SS's location at certain period of times due to the fact that management messages are sent in the clear |
(ii) SS's and BS's MAC address interception | (ii) SS's and BS's MAC address interception |
Traffic analysis |
Cannot be avoided |
Cannot be avoided |
Active attacks | Key cracking | (i) With DES-CBC there is possibility of cracking if TEK | (i) With DES-CBC there is possibility of cracking |
(ii) With AES-CCM, threat if PN-key combination is used more than once | (ii) With AES-CCM, threat if PN-key combination is used more than once |
(iii) TEK encryption well secured | (iii) With AES-CBC, no key cracking possible |
| (iv) TEK encryption well secured |
User-Authentication Breaching |
If network equipment stop being standalone units, as it is the case now, and instead 802.16 compliant chipsets take their place inside laptops, as it was announced from WiMAX forum members, the change of Firmware can lead to authentication breaching |
If network equipment stop being standalone units, as it is the case now, and instead 802.16 compliant chipsets take their place inside laptops, as it was announced from WiMAX forum members, the change of Firmware can lead to authentication breaching |
Masquerading (Spoofing) |
(i) SS's MAC address spoofing |
(i) SS's MAC address spoofing |
(ii) Lack of mutual authentication could lead to BS's spoofing | (ii) Lack of mutual authentication with PKM v.1 could lead to BS's spoofing |
Replay attacks |
(i) In PKM authentication, replay attack on the 2nd and 3rd message |
(i) In PKM v.1 authentication, replay attack on the 2nd and 3rd message |
(ii) In SA-TEK 3-way handshake replay attack possible if AK hasn't changed | (ii) In PKM v.1 SA-TEK 3-way handshake replay attack possible if AK hasn't changed |
| (iii) In PKM v.2 authentication, replay attack on the 2nd message |
Message modification attacks | (i) Message modification of the 3rd message in PKM of the encrypted AK |
(i) For data traffic integrity, DES-CBC, AES-CCM and AES-CBC mode ensure safety on message modification attacks |
(ii) For data traffic integrity, DES-CBC and AES-CCM mode ensure safety on message modification attacks | (ii) The HMAC and CMAC protected Management messages are safe on modification attacks |
(iii) The HMAC protected Management messages are safe on modification attacks | |
DoS attacks (PHY layer) |
(i) Jamming |
(i) Jamming |
(ii) Scrambling (on control and management messages) | (ii) Scrambling (on control and management messages) |
DoS attacks (MAC layer) |
(i) Message modification of the 3rd message in PKM |
(i) Message modification of the 3rd message in PKM v.1 |
(ii) Replay attacks on 2nd message in PKM authentication | (ii) Replay attacks on 2nd message in PKM v.1 and v.2 authentication |
(iii) Replay attack in SA-TEK 3-way handshake, if AK hasn't changed | (iii) Replay attack in PKM v.1 SA-TEK 3-way handshake, if AK hasn't changed |
(iv) DoS attacks with Reset Command (RES-CMD) management message | (iv) DoS attacks with Reset Command (RES-CMD) management message |
(v) DoS attacks with Ranging Response (RNG_RSP) set to value 2 [Abort] | (v) DoS attacks with Ranging Response (RNG_RSP) set to value 2 [Abort] |
|