New cryptanalysis and modelling for wireless networking

Alzaabi, Mohamed Abdulla Hasan Saif

January 2015

High data rates and interoperability of vender devices have made WiMAX a prime desire for use worldwide. WiMAX is based on the IEEE 802.16 standard. IEEE 802.16a, b, c & d versions were updated within three years of the first launch of WiMAX. However, during those early years reports were published that highlighted the security weaknesses of the standard. These weaknesses prompted the IEEE to issue a new version, 802.16e to tackle the security issues. Despite this security enhancement, WiMAX remains vulnerable. This research project looks at the vulnerability of WiMAX 802.16e Subscriber Station/Mobile Station authentication at the initial entry and proposes approaches to the prevention of Denial of Service (DoS) attacks at this point in order to secure the Media Access Control (MAC) layer from such threats. A new protocol has been designed and developed to provide confidentiality, authentication and integrity to WiMAX users. This new protocol is integrated with Z algorithm (an algorithm described later in this paper) to provide: • Confidentiality of management messages • Message Authentication code • ID to provide for message integrity and user authentication. A simulation package was also required, to prove that a linear load of DoS attack would disable or exhaust the capacity of the base station of a WiMAX network, as well as providing other simulation functions. The freely available simulation tool NIST (NIST IPSec (Internet Protocol Security) and IKE (Internet Key Exchange) Simulation) is oriented towards fixed network communications (NIIST, 2003). There are no other relevant simulation tools; hence the purpose of this research project is to develop a new tool to simulate WiMAX security vulnerabilities and test the new protocol.

004.6

Paving the Path of LTE Toward 5G: Physical Layer Assurance and Operation in the Unlicensed Spectrum

Labib, Mina Salah Said

28 September 2020

Long-Term Evolution (LTE) is the fourth generation (4G) wireless communications standard and its evolution is paving the path for the fifth generation (5G) technology. LTE is also considered for supporting public safety networks, Machine-to-Machine (M2M) communications, and many other applications. Hence, it is critical to ensure that the LTE system performs effectively even in harsh signaling environments. Unfortunately, LTE is vulnerable to intentional interference at the physical layer. We define the term LTE control channel spoofing, which refers to the case when an adversary sets a fake LTE-like base station (evolved NodeB or eNodeB) that transmits a partial or full LTE downlink frame to deceive LTE devices and hinder them from attaching to a real cell. Based on analyzing the initial cell selection process in the LTE specifications, we identify three different level of LTE control channel spoofing. We have built a testbed to demonstrate the feasibility of such an attack. The experimental results show that LTE control channel spoofing can cause permanent denial of service for LTE devices during the cell selection process. We propose effective mitigation techniques to enhance the immunity of LTE systems against all the three forms of LTE control channel spoofing, and ensure that it is secure and available when and where needed. Moreover, the commercial success of LTE and the resulting growth in mobile data demand have motivated cellular network operators to strive for new innovations. LTE-Unlicensed has been recently proposed to allow cellular network operators to offload some of their data traffic by accessing the unlicensed 5 GHz frequency band. There are three variants of LTE-Unlicensed that have been proposed in the industry. These variants differ in their operational features, but they enhance the capacity of LTE and represent a big milestone in its evolution toward 5G. However, LTE-Unlicensed faces several challenges when operating in the 5 GHz bands, as this spectrum is mainly occupied by Wi-Fi and by various radar systems. Therefore, we analyze the algorithms proposed in the industry for the LTE-Unlicensed and Wi-Fi coexistence, and we develop a new spectrum sharing technique for the coexistence between LTE-Unlicensed and radar systems. In order to analyze LTE-Unlicensed and Wi-Fi coexistence, we first explain the technical details of each of the three variants of LTE-Unlicensed, and we provide a comparative analysis of them in terms of their operational features. Then we develop an unbiased and objective evaluation of their proposed coexistence mechanisms with Wi-Fi systems, and numerically compare their performance. In order to emphasize the need for developing a new spectrum sharing technique for the coexistence between LTE-Unlicensed and radar systems, we first present the different regulatory requirements for the 5 GHz unlicensed bands in several world regions, and we perform a comprehensive survey on the different radar types within the 5 GHz sub-bands. Then we develop a novel spectrum sharing technique based on chance-constrained stochastic optimization to allow the LTE-Unlicensed eNodeB to share the spectrum efficiently with a radar system. The optimization problem is formulated to guarantee the minimum performance criteria for the radar operation, and at the same time allows the LTE-Unlicensed eNodeB to control its transmit power to maximize the performance for the serving LTE-Unlicensed device. A mathematical model is used to transform the stochastic optimization problem into a deterministic one, and an exhaustive search is used to solve the resulting optimization problem. Due to the power control mechanism resulting from the proposed algorithm, numerical results show a significant reduction in the protection distance required between the radar and the LTE-Unlicensed network for the two to coexist, as the proposed algorithm can allow the two systems to operate effectively with a protection distance of only 3.95% of the one imposed by the regulations.

LTE

LTE-A

LTE-U

LAA

MulteFire

LTE security

Jamming

LTE control channel spoofing

Spectrum sharing

LTE and Wi-Fi coexistence

LTE and radar coexistence