Browse > Article

Prevention Scheme of DDoS Attack in Mobile WiMAX Networks Using Shared Authentication Information  

Kim, Young-Wook (서울대학교 전기컴퓨터공학부, 뉴미디어통신공동연구소)
Bahk, Sae-Woong (서울대학교 전기컴퓨터공학부, 뉴미디어통신공동연구소)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.34, no.2B, 2009 , pp. 162-169 More about this Journal
Abstract
Message Authentication Code (MAC) assures integrity of messages. In Mobile WiMAX, 128-bit Cipher-based MAC (CMAC) is calculated for management messages but only the least significant half is actually used truncating the most significant 64 bits. Naming these unused most significant 64bits Shared Authentication Information (SAI), we suggest that SAI can be applied to protect the network from DDoS attack which exploits idle mode vulnerabilities. Since SAI is the unused half of CMAC, it is as secure as 64bits of CMAC and no additional calculations are needed to obtain it. Moreover, SAI doesn't have to be exchanged through air interface and shared only among MS, BS, and ASN Gateway. With these good properties, SAI can efficiently reduce the overheads of BS and ASN GW under the DDoS attack.
Keywords
Mobile WiMAX; idle mode; CMAC; DDoS; SAI;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. Bellardo, S. Savage, '802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practi cal Solutions,' Usenix 2003, June 2005
2 M. Zhang, Y. Fang, 'Security Analysis and Enhancements of 3GPP Authentication and Key Agreement Protocol,' IEEE Trans. on WIRELESS COMMUNICATIONS Vol. 4 N o. 2, pp. 734-742, March 2005   DOI   ScienceOn
3
4 J. H. Song, R. Poovendran, J. Lee, and T. I wata, 'The AES-CMAC Algorithm,' RFC 4493, June 2006
5 'WiMAX End-to-End Network Systems Architecture - Stage 3: Detailed Protocols and Procedures' WiMAX Forum, August 2006
6 J. Arkko, H. Harverinen, 'Extensible Authen tication Protocol Method for 3rd Generation Authentication and Key Agreement(EAP-AKA),' IETF RFC 4187, January 2006
7 'Standard for Local and Metropolitan area networks- Part16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems,' IEEE Std 802.16e-2005, February 2006
8 Y. Kim, H. Lim, and S. Bahk, 'SAI:Shared Authentication Information for Preventing DDoS attacks in Mobile WiMAX Networks,' CCNC 2008, January 2008
9 W. Liang, W. Wang, 'Quantitative Study of Authentication and QoS in wireless IP networks,' INFOCOM 2005, March 2005
10 M. Dworkin, 'Recommendation for Block C ipher Modes of Operation: The CMAC Mod e for Authentication,' NIST Special Publication 800-38B, May 2005
11 'Standard for Local and Metropolitan area networks- Part 16: Air Interface for Fixed Broadband Wireless Access Systems,' IEEE std 802.16-2004, October 2004
12 V. Gupta, S. Krishnamurthy, and M. Falouts os, 'Denial-of-Service Attacks at the MAC Layers in Wireless Ad Hoc Networks,' MILCOM 2002, October 2002
13