WiMAX

October 31, 2008

Part 4 - WiMAX Security

Posted by: By Paul DeBeasi

Introduction

Lots of articles and white papers have been written on the topic of WiMAX radio technology, but what about WiMAX security? Should users feel safe that their transmitted data is free from eavesdropping and manipulation? How does a WiMAX operator ensure that only authorized users access the network and that they use only the appropriate services?

This blog post is the fourth in a five part WiMAX tutorial series, and focuses on WiMAX security. It is based upon a series of articles that I wrote for Search Mobile Computing. The first part introduced WiMAX technology, applications, and terminology. The second part described WiMAX services. The third part focused on WiMAX performance. The final blog post will discuss WiMAX devices.

Data Privacy and Integrity

Encryption is a mechanism that protects data confidentiality and integrity. Encryption takes plaintext (i.e., your data) and mixes that information using a complex mathematical algorithm to produce ciphertext. The ciphertext is then transmitted over the wireless network and cannot be understood by an eavesdropper.

WiMAX uses the Advanced Encryption Standard (AES) to produce ciphertext. AES takes an encryption key and a counter as input to produce a bitstream. The bitstream is then exclusive OR’d with the plaintext to produce the ciphertext (see Figure 1).

AES

Figure 1: AES Encryption

The receiver of the ciphertext simply reverses the process to recover the plaintext. In order for this process to work both the transmitter and the receiver must share the same encryption key.

Public Key Infrastructure

The WiMAX 802.16e-2005 standard uses the Privacy and Key Management Protocol version 2 (PKMv2) for securely transferring keying material between the base station and the mobile station. The PKMv2 mechanism validates user identity and establishes an authorization key (AK). The authorization key is very important because it is used to derive the encryption key described in the previous section.

PKMv2 supports the use of the Rivest-Shamir-Adlerman (RSA) public key cryptography exchange. The RSA public key exchange requires that the mobile station establish identity using either a manufacturer issued X.509 digital certificate, or an operator issued credential such as a subscriber identity module (SIM) card.

The X.509 digital certificate contains the mobile station’s Public-Key (PK) and its MAC address. The mobile station transfers the X.509 digital certificate to the WiMAX network, which then forwards the certificate to a certificate authority (see Figure 2). The certificate authority validates the certificate, which thus validates the user identity.

>PKI

Figure 2: Public Key Infrastructure

Once the user identity is validated, the WiMAX network uses the public key to create the authorization key, and sends the authorization key to the mobile station. The mobile station and the base station use the authorization key to derive an identical encryption key that is used with the AES algorithm.

Authentication

Authentication is the process of validating a user identity and often includes validating which services a user may access. The authentication process typically involves a supplicant (that resides in the mobile station), an authenticator (that may reside in the base station or a gateway), and an authentication server (see Figure 3).

WiMAX uses the Extensible Authentication Protocol (EAP) to perform user authentication and access control. EAP is actually an authentication framework that requires the use of “EAP methods” to perform the actual work of authentication. The network operator may choose an EAP method such as EAP-TLS (Transport Layer Security), or EAP-TTLS MS-CHAP v2 (Tunneled TLS with Microsoft Challenge -Handshake Authentication Protocol version 2). The messages defined by the EAP method are sent from the mobile station to an authenticator. The authenticator then forwards the messages to the authentication server using either the RADIUS or DIAMETER protocols.

EAP

Figure 3: EAP-based authentication

The EAP exchanges validate the user, ensure appropriate access control, and may also start the billing process. Enterprise network managers use a very similar process to authenticate users on a WiFi network.

Conclusion

WiMAX provides robust user authentication, access control, data privacy and data integrity using sophisticated authentication and encryption technology. WiMAX users should feel safe that their transmitted data is free from eavesdropping or manipulation and that only authorized users are able to access WiMAX services.

Looking ahead to part 5

Next time we look at mobile WiMAX devices. Why type of devices will support WiMAX and how pervasively will WiMAX be embedded into mobile devices?


Posted by Paul DeBeasi at 06:35 AM in WiMAX | | Comments (0) | TrackBack (0)

|

October 22, 2008

Part 3 - WiMAX Performance

Posted by: Paul DeBeasi

Introduction
My last blog post talked about the joint venture – called Clearwire – that received almost $15 billion from Google, Intel, Comcast, Time Warner, and Bright House Networks. According to joint venture announcement, Clearwire expects to dramatically enhance the speed in which customers access the Internet. What does it mean to “dramatically enhance the speed of Internet access”?

This blog post is the third in a five part WiMAX tutorial series, and focuses on WiMAX performance. It is based upon a series of articles that I wrote for Search Mobile Computing. The first part introduced WiMAX technology, applications, and terminology. The second part described WiMAX services. Follow-on blogs will discuss WiMAX security, and devices.

Important Performance Metrics
First, we must define what we mean by the term performance. Performance includes many factors. Two of the most visible metrics, from a user’s point of view, are download speed in megabits per second (Mbps), and upload speed in Mbps. Download speed has traditionally been the metric that most users care about because it affects the user’s web-browsing experience. However, the emergence of peer-to-peer networking and the growing need to upload user-generated content such as videos and pictures is creating the need for faster upload speeds.

Factors Affecting Performance
Next, we must draw a distinction between peak performance and average performance. Peak performance is the best possible performance that the technology can achieve under idealized conditions. The peak performance makes for a great headline, but users will never experience this lofty performance level. Conversely, average performance is the performance that users will typically experience using a deployed mobile service. Average performance can vary throughout a coverage area and is affected by many factors such as:

• Chanel bandwidth: Most mobile cellular systems are designed to operate with varying degrees of bandwidth. For example, a 10-megahertz (MHz)-wide channel provides twice as much bandwidth as a 5-MHz-wide channel. As channel bandwidth increases, the system can transmit more bits per second over the channel.

• Backhaul capacity: Many base stations do not have sufficient transmission capacity to transfer received wireless traffic into the core of the network, thus restricting individual user performance levels.

• Multiple input, multiple output (MIMO) antenna configuration: MIMO radio systems take advantage of multipath interference by transmitting unique data streams over the different paths. A 2 x 2 MIMO configuration, for example, uses two transmit antennas and can take advantage of two unique paths. The greater the number of antennas, the more bits per second the system can potentially transmit over the channel.

• Path loss: Path loss reduces the received signal and gets worse as the mobile device moves away from the base station. Weather conditions, such as rain, snow, and fog, can also increase path loss.

• Shadowing: Shadowing occurs when obstructions such as buildings and tress block the path of the wireless signal.

• Network load: Wireless is a shared medium so per-user performance in an individual base station sector will decrease as the number of users increases (cellular networks make use of sector antennas in order to improve frequency reuse).

• Mobility speed: The faster the mobile device moves the more difficult it is to maintain communication.

WiMAX Performance
Network operators deploy mobile technologies using varying amounts of channel bandwidth. In order to describe performance in a bandwidth-neutral way, throughput (Mb/s) is typically divided by the channel bandwidth (MHz). The resultant quantity provides the number of bits per second transmitted per cycle (b/s/Hz).

Figure 1 shows the peak and average sector throughput for WiMAX. Note that the average download speed is approximately 30 Mbps using a 20 MHz channel (similar to IEEE 802.11g average throughput). This means that there is approximately 30 Mbps of shared bandwidth available for download transmission per sector. For example, if there are 20 users connected to the network using the same sector, and if half of the users are downloading data at the same time, then each user will receive approximately 3 Mbps average download throughput. Note that WiMAX has sophisticated quality of service mechanisms that will help network operators equitably regulate per-user performance.

Wimax_4
Figure 1: Mobile WiMAX Throughput (Source: Intel)

Over time, average performance will improve as the WiMAX network evolves. In addition, other technologies such as High Speed Packet Access (HSPA), Evolution-Data Optimized (EV-DO), and Long Term Evolution (LTE) will compete with mobile WIMAX to offer high speed Internet access.

Conclusion
Clearwire promises to dramatically enhance the speed of Internet access with their new mobile WiMAX service. Although many factors can affect performance, the service is expected to provide average download speeds of several mega-bits per second. Other technologies such as HSPA, EV-DO, and LTE will also compete with Mobile WiMAX.

Looking ahead to part 4
Next month we look at mobile WiMAX security. How safe is mobile WiMAX? More specifically, how does the technology provide authentication, data privacy and data integrity?


Posted by Paul DeBeasi at 03:52 AM in network management, WiMAX | | Comments (0) | TrackBack (0)

|

October 18, 2008

Part 2: WiMAX Services

Posted by: Paul DeBeasi

Introduction
Mobile WiMAX is a new business opportunity for incumbent mobile operators, Internet companies, and wireline operators to provide high-speed mobile broadband data services. But where and when will WiMAX service be available?

This blog post is the second in a five part WiMAX tutorial series. It is based upon a series of articles that I wrote for Search Mobile Computing. The first part introduced WiMAX technology, applications, and terminology. Follow-on blog posts will discuss WiMAX performance, security, and devices.

Where in the world is WiMAX?
WiMAX services are in the early stages of deployment throughout the world. In South Korea a subset of WiMAX called WiBRO has been deployed throughout roughly 25% of the country. But as of the end of 2007 only 100,000 subscribers, out of a population of roughly 50,000,000 people, have signed up for service. The mobile Taiwan project, referred to as M-Taiwan, is an ambitious plan to deploy WiMAX throughout all of Taiwan. The Taiwanese government awarded WiMAX frequency spectrum licenses in July 2007, but service is not yet available.

Sprint Xohm
Sprint launched its mobile WiMAX service (called Xohm) in September 2008. The service offers download speeds of 2-4 Mbps and upload speeds of 1-3 Mbps. But the service is not just all about fast Internet access. They make it very easy to sign up for the service. Subscribers are able to sign up by the day or by the month, without binding contracts or cancellation fees. They also allow you to use any of your WiMAX-enabled devices, unlike most mobile services that restrict usage to a single device. Finally, they hint at future services such as online storage, location-based services, and Google Mail.

Clearwire
Clearwire launched their portable wireless Internet service in August 2004, originally designed using pre-standard WiMAX technology. The service is now available in over 16 states across the United States as well as in Europe using standard WiMAX technology. They offer a nomadic WiMAX service (see blog post “part 1” for a definition of nomadic) that competes with cable and DSL Internet service and requires use of a WiMAX modem. The modem is similar to a cable modem except that the WiMAX modem can be moved to any location that receives a Clearwire WiMAX signal and has access to power. The subscriber pays a monthly fee for Internet access, and optionally for phone service.

In May 2008, Sprint and Clearwire formed a new $14.5B joint venture that will focus entirely on mobile WiMAX. The joint venture will be called Clearwire and includes investment from Google, Intel, Comcast, Time Warner, and Bright House Networks. Sprint and Clearwire expect to complete the joint venture transaction in the fourth quarter of 2008. The fundamental question is, does the new ClearWire have sufficient long-term capital to build a nation wide footprint?

Market forces
Most forecasts for mobile WiMAX show rapid growth. For example, Senza Fili Consulting predicts that mobile WiMAX will grow to approximately 25 million subscribers by 2012 (see Figure 1). Although these growth numbers are quite good for a new technology, they have a long way to go to catch up to the 3+ billion subscribers currently using mobile cellular service.

Wimax_figure_3
Figure 1: WiMAX Subscribers Forecast (Source: Senza Fili Consulting, 2007)

The current mobile cellular operators are in a dominant position to capture most of the demand for mobile broadband, and will heavily compete with WiMAX operators. Unlike fixed broadband service, which can be cost-effectively deployed in a limited geographic area, mobile broadband service will require a costly investment over a wide area in order to provide sufficient coverage for roaming mobile users. Mobile broadband also requires that the operator own wireless spectrum throughout the coverage area. Lastly, it requires extensive operational experience with wireless technology in order to deploy, maintain, and evolve a sprawling mobile network. Aside from the mobile cellular operators, few companies can satisfy the mobile broadband requirements for capital, spectrum, and wireless experience. And in the US, Sprint and Clearwire are hardly in a strong financial position.

Conclusion
WiMAX service is available in a few select locations, and will provide high-speed broadband Internet access. However, don’t believe all of the WiMAX hype. It will take many years and many billions of dollars to deploy a nationwide WiMAX network. Data service plans from traditional mobile operators will offer the best combination of high-speed data access and broad coverage.

Looking ahead to part 3
The next blog post will look at WiMAX performance. We will discuss what performance factors are important, what performance you should expect, and how WiMAX compares to 3G and future 4G services.


Posted by Paul DeBeasi at 02:43 AM in network management, WiMAX | | Comments (1) | TrackBack (0)

|

October 09, 2008

WiMAX Tutorial Series - Part 1

Posted by: Paul DeBeasi

Introduction
Sprint recently launched their WiMAX service, dubbed Xohm, in Baltimore with plans to expand the service to Chicago, Washington, and other cities. Should Sprint be optimistic about their new WiMAX service? Well, Intel thinks so. Sriram Viswanathan, general manager of Intel’s Worldwide Interoperability for Microwave Access (WiMAX) program office, once stated that WiMAX “could potentially be the biggest thing since the Internet itself.” That is quite a bold statement and underscores the sentiment of many WiMAX proponents. But as the WiMAX industry has grown, so has WiMAX hype and confusion.

This blog post is the first in a five-part WiMAX tutorial series based upon articles I wrote for Search Mobile Computing. The series begins by introducing WiMAX technology, applications, and terminology. Follow-on blog posts will discuss WiMAX services, performance, security, and devices.

Fixed WiMAX
The IEEE originally formed the IEEE 802.16 working group in 1998 to provide a standard for wireless metropolitan area networks. The primary application was for high-speed fiber access solutions using high frequency line-of-sight (LOS) fixed wireless connections. The original standard was referred to as 802.16 and evolved to support fixed broadband wireless access over lower frequency non-line-of-sight (NLOS) wireless connections. The evolved standard, 802.16-2004, is often referred to as fixed WiMAX.

Mobile WiMAX
Once the 802.16-2004 standard was complete, the IEEE committee began work to further evolve the standard to support mobile applications. Mobile communication is more complex than fixed communication. The technology must be able to hand off a wireless connection from one base station to another while the user is moving, without dropping the connection. The new 802.16e-2005 standard was completed in December 2005, and not only supports mobile applications but also nomadic and fixed applications. 802.16e-2005 is often referred to as mobile WiMAX.

Physical Layer
The fixed/mobile WiMAX PHY layer uses a technology called Orthogonal Frequency Division Multiplexing (OFDM). OFDM techniques have been around for decades. The technology is now commonplace in wireless systems such as WiFi. OFDM evolved from earlier single-carrier modulation systems and frequency division multiplexing systems. OFDM is a type of frequency division multiplexing system that provides better channel throughput because each of the underlying sub carriers are orthogonal to each other.

Media Access Control Layer
The primary job of the MAC layer is to provide an interface between the PHY layer and upper layer protocols. Each instance of the MAC layer in a fixed/mobile WiMAX station has a 48-bit address as defined by the IEEE Std 802. Unlike the distributed and connectionless 802.11 MAC, the WiMAX MAC is centralized and connection-oriented. A 16-bit connection identifier (CID) identifies each WiMAX connection. Each WiMAX MAC layer protocol data unit uses the CID, instead of the MAC address, to identify source and destination. WiMAX has a rich quality of service mechanism that is based upon the Data Over Cable Service Interface Specifications (DOCSIS).

WiMAX applications
At the most basic level, WiMAX supports mobile, fixed, and nomadic wireless applications. A mobile application provides communication while the user is in transit. A good example is a business traveler that communicates while on a train. The Sprint Xohm service provides Internet access while moving at high speeds using WiMAX technology. It will compete with 3G technologies like EV-DO (from Verizon Wireless) and HSDPA (from AT&T).

Fixed wireless applications often provide last mile connections in rural or underdeveloped areas that do not have Digital Subscriber Line (DSL), Hybrid Fiber-Coax (HFC), or other last mile wired infrastructure. Enterprises can either purchase fixed WiMAX technology for use in their own private network (e.g., a point-to-point wireless connection between two buildings) or can purchase fixed WiMAX service from a wireless Internet service provider (WISP). Towerstream is an example of a WISP that provides fixed, high-speed WiMAX access for business users in many urban areas.

Finally, a nomadic application is one where a user moves from location to location but communicates only while stationary. A good example is a repair-person that needs high speed network access while parked at a customer location, but not while they are driving. The WiMAX service from Clearwire can be used for nomadic (and fixed) applications.

Summary
Table 1 summarizes the how WiMAX technology relates to WiMAX applications. Over time, 802.16e-2005 will likely become the dominant standard for fixed, nomadic, and mobile applications thus limiting the use of 802.16-2004.

Picture_1_7
Table 1: WiMAX applications and technologies

As we can see from this blog post, terminology is important. Therefore, throughout the rest of this WiMAX tutorial series will use the following terminology to ensure clarity.

• Fixed WiMAX will refer to technology that adheres to the 802.16-2004 standard.

• Mobile WiMAX will refer to technology that adheres to the 802.16e-2005 standard.

• Fixed WiMAX application will refer to a last mile wireless application irrespective of the underlying technology standard.

Looking ahead to part 2
In the next blog post we look at WiMAX services. We will discuss what services will be offered, who will offer the services, and when they will be generally available.

More information
For a much deeper treatment of this subject, see “Fundamentals of WiMAX” by Jeffrey G. Andrews, et. Al.

Posted by Paul DeBeasi at 07:33 AM in WiMAX | | Comments (0) | TrackBack (0)

|

November 16, 2007

WiMAX: Why The Fuss?

Posted by: Paul DeBeasi

The hype surrounding WiMAX sort of reminds me of the hype surrounding ATM back in the early 1990’s.  Back then the conventional thinking was that ATM would revolutionize networking because it would enable a single universal network.  ATM would provide a high performance network with end-to-end quality of service (QoS) suitable for data/voice/video transmission.  Networking would never be the same!

The reality is that ATM never lived up to the hype.  For instance, ATM for local area networks never took off (remember LAN Emulation?).  Instead, ATM found its niche within wide area networks (WANs) and is one of many technologies now used.

Now here comes WiMAX.  It is supposed to revolutionize mobile wireless communication.  WiMAX is supposed to usher in a new era of high performance, secure, and QoS-enabled mobile broadband communication.  WiMAX will be deployed “everywhere” and will crush current mobile cellular technology such as EV-DO (offered by Verizon Wireless) and HSPA (offered by AT&T) because WiMAX was designed for data whereas mobile cellular technology was designed for voice.  Intel will even embed WiMAX on laptops and other mobile devices enabling pervasive WiMAX communication that will rival WiFi ubiquity.

Yeah right! 

There are close to 3 billion mobile subscribers using GSM-based and CDMA-based technology.  There are hundreds of millions of devices with embedded WiFi.  WiMAX has a long way to go before it will come close to unseating the dominance of these incumbent technologies. 

Don’t get me wrong.  WiMAX brings many innovations such as higher speed transmission, connection-oriented networking, and radio innovations such as MIMO and beamforming. But many of these innovations will be integrated into future generations of the incumbent technologies. The result will be that WiMAX will never replace these incumbent technologies but will find its niche in fixed and mobile wireless applications. 

Posted by Paul DeBeasi at 09:24 AM in Paul DeBeasi, WiMAX | | Comments (0) | TrackBack (0)

|

  • Burton Group Free Resources Stay Connected Stay Connected Stay Connected Stay Connected

Categories


Read more Burton Group blogs

Archives

More...

About

Blog powered by TypePad