Upload
phungtruc
View
224
Download
1
Embed Size (px)
Citation preview
DETECTION OF ROGUE BASE STATIONS IN WIMAX/IEEE802.16 USING SENSORS
Deepti Deepika Khokhar
Department of ComputerScience Department of Computer Science
Indo Global College of Engineering Indo Global College of Engineering
PTU, Jallandhar (India) PTU, Jallandhar (India)
Abstract
This paper considers the problem of detecting rogue base station
in Wimax/802.16 networks. IEEE 802.16 is an emerging standard
for broadband wireless communications that is receiving a lot of
attention. Security support is mandatory for any communication
networks. For wireless systems, security support is even more
important to protect the users as well as the network provider.
Since wireless medium is available to all, the attackers can easily
access the network and the network becomes more vulnerable for
the user and the network service. The rogue base station puzzles a
set of subscribers who try to get service which they believe to be a
legitimate base station. It may lead to disturbance in service. In
this paper we will give an overview of Wimax and Rogue Base
Station Attacks in Wimax. Our proposed algorithm make use of
sensitivity parameters as well use of sensors for detecting rogue
Base station.
Keywords: - Wimax/IEE802.16, Rogue base station attacks,
Existing Technique for detection, proposed method using Sensors
1. INTRODUCTION
WiMAX is a wireless digital communications system, also known
as IEEE 802.16, that is intended for wireless "metropolitan area
networks". WiMAX can provide broadband wireless access (BWA)
up to 30 miles (50 km) for fixed stations, and 3 - 10 miles (5 - 15
km) for mobile stations. IEEE 802.16 consists of the access points
like base station (BS) and subscriber station (SS). Base Station (BS)
is a tower that broadcast signals. Wimax base station can normally
covers the area of about 50 kilometers. Subscriber station (SS) is
used to provide connectivity. Access to a Wimax base station is
similar to accessing a wireless access point (AP) in a Wi-Fi
network, but the coverage is more. They are also known as mobile
stations which are used as a source of network connection for end
user. Backhaul is a backbone and it is used to interconnect several
base stations or towers with one another.
Basically there are two modes of operation in 802.16 i.e. P2MP
(Point to Multi Point) and Mesh Mode of operation. In P2MP mode
of operation a base station can communicate with subscriber station
and/or base stations. It composed of a central base station (BS)
supporting multiple subscriber stations (SS), providing network
access from one location to many. The communication between BS
and SS is established based on Req / Grant mechanism . In a mesh
topology, every device has a dedicated point to point link to every
other device, each station can create its own communication with
any other station in the network and is then not restricted to
communicate only with the BS.A subscriber station can directly
communicate with another subscriber’s station within its
communicating range. WiMAX is one of the hottest broadband
wireless technologies around today. WiMAX systems are expected
to deliver broadband access services to residential and enterprise
customers in an economical way WiMax is a wireless broadband
solution that offers a rich set of features with a lot of flexibility in
terms of deployment options and potential service offerings. Some
of the more salient features that deserve highlighting are as follows:
High speed broadband access to mobile internet.
Mobility support.
Deepti et al ,Int.J.Computer Technology & Applications,Vol 3 (4), 1577-1582
IJCTA | July-August 2012 Available [email protected]
1577
ISSN:2229-6093
Wireless rather than wired access.
Much easier to extend to rural areas.
Broad coverage area.
Very high peak data rates
Support for TDD and FDD
Security has become a primary concern in order to provide
protected communication in Wireless environment. Since WIMAX
uses air interface for the transmission medium, both the PHY and
MAC layers are readily exposed to security threats. The various
classes of wireless attacks are interception, fabrication,
modifications, interruption and repudiation. Two main entities in
WiMAX are Base Station (BS) and Subscriber Station (SS). A
rogue base station attacks can also be conducted due to absence of
efficient security mechanism. These types of attacks occur due to
absence of mutual authentication mechanism between the
Subscriber Stations (SS) and the Base Stations (BS). These types
of threats are also known as identity theft threats.
2. ROGUE BASE STATIONS ATTACKS IN
WIMAX/ IEEE802.16
These are commonly known as identity theft attacks. The rogue BS
(base station) makes the SS (subscriber station) believing that they
are connected to the legitimate BS, thus it can intercept SSs’ whole
information. SS can be compromised by a forged BS which
imitates a legitimate BS. They are also known as Masquerade
attack in which one system assumes the identity of another.
A rogue BS is a malicious station that impersonates or duplicates
legitimate base station. The rogue base station puzzles a set of
subscribers who try to get service which they believe to be a
legitimate base station. The attacker generates his own
Authorization Reply Message containing its own self generated
AK. Hence attacker can register himself as a BS with victim SS.
The attacker has to capture the identity of legitimate BS. Then it
builds messages using the stolen identity. The attacker must
transmit while achieving a RSS (receive signal strength) higher
than the one of the fake base station. [9]
Figure 1. Working of Rogue Base Station
3. EXISTING METHOD
The existing method to detect the rogue base station is a Scanning-
interval. The existing technique is based on the received signal
strength. A handover can be initiated by a MS when the RSS from
the serving BS falls below a certain threshold. A MS can explore
the neighbourhood and discover other available BSs.
To conduct that exploration, the MS can make a demand to its
serving BS for a time interval during which the MS scans the
frequencies and assesses the RSS of available BSs. [9]
The scanning interval allocation request (MOB-
SCNREQ) message is sent by a MS to its serving BS.
The BS replies with a scanning interval allocation
response (MOB-SCN-RSP) message.
The response contains Ids (i.e. MAC addresses) of
recommended BSs. During the allocated scanning
interval, the MS may perform association tests with the
recommended BSs.
The MS may conclude by sending a scanning result
report (MOBSCAN- REPORT) message to the serving
BS.
The MS reports the RSSs of the recommended BSs.
Deepti et al ,Int.J.Computer Technology & Applications,Vol 3 (4), 1577-1582
IJCTA | July-August 2012 Available [email protected]
1578
ISSN:2229-6093
The report consists of a list of pairs. Each pair consists of
a BS ID and a corresponding RSS. This technique uses
the RSS parameter mainly to detect the malicious stations.
Figure 2. Scanning Interval Based Method
4. PROPOSED METHOD
Our proposed method basically use the concept of dynamic
threshold for calculating sensitivity of base stations (BS) and
specific values for calculating the angle, height, distance for
ultimately taking a decision for detecting the rogue base stations.
By doing so we have developed the technique which works on
dynamic threshold and precise values for detecting malicious
stations.
The proposed detection algorithm primarily works as scanning
algorithm which checks the sensitivity of Base station after every
2ms. This sensitivity is checked for each channel and each
frequency of complete spectrum. The value of threshold sensitivity
is calculated on the basis of mean value of sensitivity values of last
twenty four hours (both high and low). In case of sensors which are
calculating readings from various reference points allowable error
threshold 0.1% is allowed and if error is more than this, there is
some suspicious activity.
5. FLOWCHART FOR PROPOSED
METHOD
Figure 3. Flowchart for Rogue Base Station Detection
Deepti et al ,Int.J.Computer Technology & Applications,Vol 3 (4), 1577-1582
IJCTA | July-August 2012 Available [email protected]
1579
ISSN:2229-6093
6. COMPARISON BETWEEN EXISTING
AND PROPOSED METHOD
The existing technique is based on scanning intervals and our
proposed algorithm is based upon sensitivity and sensor readings.
The proposed algorithm is more accurate and reliable than the
existing algorithm because proposed algorithm is based on sensor
readings and will calculate distance, angle and height of each base
station for detecting any malicious activity.
TABLE I. Comparison B/w Existing and proposed method
QoS parameters Existing technique
(based on scanning
intervals)
Proposed algorithm
(based on sensitivity
and sensor readings)
RSS True True
Sensitivity False True
Outage False True
Distance b/w Base
stations
False True
Height of base
station
False True
Angle of base station False True
7. RESULTS
Figure 4. No of Epochs vs. No of IDS Sessions
From figure 4 it is apparent in the graph that minimum number of
ephocs required to reach minimum gradient and minimum
possible error based on which neural network classifier can stop
learning further, ranges from 6 to maximum of 13 which are quite
less in terms of reaching optimal solutions for solving
classification problem between normal and abnormal behaviour.
This graph is showing readings of seven IDS sessions or scanning
reaching for identifying abnormal readings from the sensitivity,
angle, distance, height measuring devices.
Figure 5. Time taken in classification per IDS Sessions
The graph shown in figure 5 shows time taken in classification in
seven sessions of IDS.
Figure 6. Performance Vs No of IDS Sessions
MSE measures the average of the squares of the "errors." The error
is the amount by which the value implied by the estimator differs
Deepti et al ,Int.J.Computer Technology & Applications,Vol 3 (4), 1577-1582
IJCTA | July-August 2012 Available [email protected]
1580
ISSN:2229-6093
from the quantity to be estimated..Its value must be close to 0 for
the neural network classifier to accurately classified normal and
abnormal behaviour. It is apparent from graph that most of
readingsout of 7 are close to 0,except some values which are close
to 2.5 and less.
Figure 7. Accuracy Vs No of IDS Sessions
The accuracy is the proportion of true results both positives and
negatives. From 7 sessions of IDS, accuracy remains on an average
above 90%. As the session increases the accuracy remains in a
bracket of above 85% ,which is good enough for identifying true
positive to verify normal and abnormal behaviour.
8. CONCLUSION
We have develop a framework in which we have tried to identify
BS based on intrinsic functioning parameters like sensitivity and
extrinsic parameters like height, angle, distance from reference
points. In this process we also developed a basic scanning
algorithm using neural network to identify suspicious/malicious
BS. These scenarios might change however as there is evolving
community o people who wants to exploit vulnerabilities of
various wireless network. Therefore in future we suggest other
scenarios must be explored to identify security framework which
acts as defence or detection mechanism. These detection
mechanisms can might use usage of clustering, regression or other
classifying methods to identify fake BS.
REFERENCES
[1] “Detection of Rogue Base Station Using MATLAB”, Ramanpreet Singh,
Sukhwinder Singh International Journal of Soft Computing and Engineering
(IJSCE) ISSN: 2231-2307, Volume-1, Issue-5, November 2011
[2] “A Simple Key Management Scheme Based on WiMAX” Lang Wei-min,
Department of Information Warfare PLA Institute of Communication Command
Wuhan, China E-mail: [email protected], Wu Run-sheng, Wang jian-qiu,
Institute of Physics and Communication & Electronics Jiangxi Normal University
Nanchang, China E-mail: [email protected] 2008 IEEE
[3] “Research on the Authentication Scheme of WiMAX” LANG Wei-min,
ZHONG Jing-li, LI Jian-Jun, Department of Information Warfare, PLA Institute of
Communication Command, Wuhan, China E-mail: [email protected] , QI Xiang-
yu, Armored Force Engineering Institute, Beijing, China E-mail:
[email protected] 2008 IEEE.
[4] “Authentication Scheme in Multi Hop WiMAX Network” in Proc International
Conference on Computer and Electrical Engineering, Huixia Jin, Li Tu, Gelan Yang
et.al , “An Improved Mutual December 20-22, 2008.
[5] “Analogy of Promising Wireless Technologies on Different Frequencies:
Bluetooth, WiFi, and WiMAX” ,Sanjeev Dhawan IEEE 2nd International
Conference on Wireless Broadband and Ultra Wideband Communications,2007.
[6] “Fundamentals of WiMAX: Understanding Broadband Wireless Networking”,
New Jersey: Jeffrey G. Andrews, Arunabha Ghosh, Rias Muhamed, Pearson
Education Incorporation, 2007.
[7] “WiMAX: A Wireless Technology Revolution” Boca Raton: G. S. V. Radha
Krishna Rao, G. Radhamani, Auerbach Publications, 2007.
[8] “WiMAX/802.16 threat analysis”, M. Barbeau, Proceedings of the 1st ACM
International Workshop on Quality of Service & Security in Wireless and Mobile
Networks, pp. 8–15, October 2007.
[9] “Rogue-Base Station Detection in WiMax/802.16 Wireless Access Networks”
La détection de fausses stations de base dans les réseaux d’accès sans fil
WiMax/802.16 Michel Barbeau School of Computer Science, Carleton University,
1125 Colonel By Drive, Ottawa, ON, Canada K1S 5B6 Jean-Marc Robert1 Alcatel,
CTO Security Research and Competence Center, 600 March Rd., Ottawa,2006.
[10] “Rogue AP Detection in the Wireless LAN for Large Scale Deployment”
Sang-Eon Kim, Byung-Soo Chang, Sang Hong Lee KT 17 Woomyeon-dong,
Seocho-gu, Seoul 137-792, Korea and Dae Young Kim Department of InfoComm
Engineering,2006
[11] “Securing a Wireless World”, IEEE Comm. Mag., vol. 94, Hao Yang, Fabio
Ricciato, Songwu Lu, and Lixia Zhang, no.2, pp 442-454, Feb 2006.
[12] “IEEE Standard for Local and Metropolitan Area Networks. Air Interface for
Fixed and mobile Broadband WirelessAccess Systems” IEEE Std 802.16e. New
York: IEEE Press, 2006.
[13] “Broadband Wireless Access with WiMax/802.16: Current Performance
Benchmarks and Future Potential”, GHOSH (A.), WOLTER (D.R.), ANDREWS
(J.G.), CHEN (R.), IEEE Communications Magazine, 43, no. 2, pp. 129-136,
February 2005.
[14] “An improved security scheme in wman based on ieee standard 802.16,” ] F.
Yang, H. Zhou, L. Zhang, and J. Feng in 2005 International Conference on Wireless
Communications, Networking and Mobile Computing, 2005.
[15] “802.11 Wireless Network The Definitive Guide,” Matthew Gast, O’Reilly
April 2005.
[16] “Overview of IEEE 802.16 security,” D. Johnston and J. Walker, IEEE
Security & Privacy, vol. 2, no. 3, pp. 40–48, May/June 2004.
Deepti et al ,Int.J.Computer Technology & Applications,Vol 3 (4), 1577-1582
IJCTA | July-August 2012 Available [email protected]
1581
ISSN:2229-6093
[17] “Security Issues in Privacy and Key Management Protocols of IEEE 802.16,”
X. Sen, M. Matthews, H. Chin-Tser, Department of Computer Science and
Engineering - University of South Carolina Columbia, SC 29208, USA,2004.
[18] “Overview of IEEE 802.16 Security,” D. Johnston, J. Walker, Published by
IEEE Computer Society, 2004.
[19] “Security Issues in Privacy and Key Management Protocols of IEEE 802.16,”
X. Sen, M. Matthews, H. Chin-Tser, Department of Computer Science and
Engineering - University of South Carolina Columbia, SC 29208, USA,2004.
[20] “Overview of IEEE 802.16 Security,” D. Johnston, J. Walker, Published by
IEEE Computer Society, 2004.
[21] “Wireless Security Models, Threats, and Solutions,” Randall Nichols, and
Panos LekkasMcGraw-Hill 2002
[22] www.wimaxforum.org/resources/featured-research
[23] www.wimax.com
[24] www.wimaxindustry.com/wimaxwhitepapers. htm
Deepti et al ,Int.J.Computer Technology & Applications,Vol 3 (4), 1577-1582
IJCTA | July-August 2012 Available [email protected]
1582
ISSN:2229-6093