Because WiMax promises to deliver 70 million bits per second (BPS) of bandwidth at prices lower than current 1 million BPS connections, the new wireless network option is gaining interest among telecommunications providers. As this occurs, questions are arising about its security functions.
“Security is typically an afterthought to vendors,” Shawn Merdinger, an industry analyst focusing on security issues, told TechNewsWorld. “That is, they make their products work, ship them and decide to secure them later. Typically, they have not subjected their products to real world attacks.”
Indeed, history has demonstrated that security is often the last item considered when new technologies make their way to market. When the Institute of Electrical and Electronics Engineers (IEEE) crafted its WiFi standards, the security features were so weak that problems arose almost as soon as the devices started shipping. Vendors spent years as well as a lot of money trying to rectify them.
Recognizing that error, the IEEE included several mechanisms to protect WiMax devices from attack. WiFi’s major problems centered on authentication — the steps the equipment took to ensure that the person transmitting information was a legitimate user.
“The key system used with WiFi networks was static and could be cracked,” Phillip Redman, vice president, enterprise network services, mobile and wireless for Gartner, told TechNewsWorld. WiMax networks rely on the X.509 certificate mechanism, a dynamic system, which makes it more difficult for hackers to spoof the identity of legitimate subscribers.
Beware the Middleman
While WiMax’s authentication functions are stronger than WiFi’s features, they are not foolproof. A potential problem with the former’s authentication mechanism is a lack of base station or service provider authentication. This shortcoming makes WiMax networks susceptible to man-in-the-middle attacks and could potentially expose subscribers to various security breaches. A possible way to address this limitation is by the use of the Extensible Authentication Protocol, an authentication mechanism designed for network devices.
Another weakness in WiFi security was its encryption. WiMax supports the Advanced Encryption Standard (AES), which has a lower likelihood of being cracked. While it is a significant improvement, this function may create performance problems. The AES functions are helpful but may not be supported by all end-user terminals, Merdinger said. Some may need encryption acceleration hardware to handle AES processing demands.
WiMax management frames are not encrypted, so theoretically an attacker could collect information about subscribers and the wireless networks themselves. The outsider may be able to use the management frame opening to launch denial of service attacks or disconnect legitimate users.
License for Chaos
In many cases, WiMax deployments run in licensed RF spectrum, which in theory provides them with protection from unintentional interference. However, an attacker could easily find tools to jam that spectrum.
“Security is one area where vendors’ work is never done,” said Craig Mathias, principal at market research firm Farpoint Group. New attacks are emerging that may test WiMax security functions. Fuzzing (designing programs to crack the code found on Web pages and browsers) has become a popular hobby for hackers, and it is unclear if WiMax networks will address this problem.
WiMax network design also raises new security concerns. Because it was built as a WAN technology, users move from one base station to the next and from one carrier’s network to a different one. Consequently, carriers will need to enhance their back-office security features with stronger firewall software and more robust Radius servers, an authentication and accounting system used by many Internet service providers.
Guarding the Data Center
Potential problems extend to the carrier’s data center. Because WiMax remote connections feed into central device and network management stations, carriers have to put extra checks in place to limit access to the central systems.
A single rogue access point, reverse SSH (secure shell), or stunnel-encrypted tunnel in the data center’s WiMax management network “will compromise the entire network,” said Merdinger. (A stunnel is a free multi-platform computer program.) Chances are good that problems will arise from poorly designed management interfaces and little thought being given to differences in management protocols, such as SSH versus Telnet, and HTTP versus HTTPS.
Competition may create some security holes. “I expect the WiMax device vendors’ rush to market will present multitudes of security bugs that should have been resolved,” said Merdinger. Potential problems include default accounts, hardcoded credentials and remote debugging access features being inadvertently left in WiMax devices.
One reason why such problems may arise is the experience level of the WiMax equipment suppliers. Many of the devices are coming from small start-up companies, with little to no experience in network security. On the plus side, that does not apply to all suppliers — large corporations, such as Motorola, Nortel and Alcatel, have the expertise needed to address the potential security gaps. In addition, start-up vendors like Cavium Networks, AirTight Networks and Redline Communications are building their businesses by developing WiMax management tools.
Glitches Not Guaranteed
Not every market observer anticipates widespread security glitches. “WiMax is much more secure than WiFi, and I don’t expect the same volume of problems,” Farpoint Group’s Craig Mathias told TechNewsWorld.
How secure are WiMax networks? Since the deployments are at an early stage, no one knows for sure. The answer to that question will become clearer as large rollouts take shape, but that may take some time.
“WiMax will gain acceptance in greenfield networks where a carrier does not have any other market segments but it will not be a mainstream technology for at least a few years,” concluded Gartner’s Redman.