RuggedCom WiN51 Series, User Manual & Installation Manual

Page: 18 / 61

WiN5200 Product Description | 18
signal than the WiMAX network overwhelming network data feeds either in intermittent
bursts or with sustained carrier waves.
Since most WiMAX network services are delivered over licensed bands (currently 3.5 GHz
internationally and 2.5 GHz both internationally and in the US), this offers spectrum
relatively quiet from accidental interference. Accidental interference in licensed spectrum
cannot always be completely discounted as there is a possibility of second and third harmonic
interference waves, for example, from much lower frequency signals if those are in close
proximity to the WiMAX antenna systems or that cross them with a signal close enough in
physical proximity to locally overload the WiMAX signal. In practice, this is rare.
Packet scrambling is an attack that occurs when control packets in the respective downlink
and uplink subframes are sniffed then scrambled and returned to the network. This attack is
much harder to mount than a jamming attack. Since most WiMAX networks today use time
division duplexing (TDD), to include the Win-Max™ system, an attacker can parse this
timing sequence and capture control data, the preamble and map, scramble them and send
them back with correct timing to interrupt legitimate signal, resulting in slowdowns and
effectively lowered bandwidth. Intercepted and scrambled packets are possible with
frequency division duplexing (FDD) as well which transmits both the uplink and downlink
simultaneously, but it is even harder to exploit this attack than with TDD systems.
While it may seem the physical layer is inherently most vulnerable as the security elements of
WiMAX are located at higher layers, the fact is hackers can often find lower hanging fruit in
terms of useful exploits higher in the stack, because as WiMAX supports multiple selections
on what service providers can choose to implement in terms of authentication, sometimes the
door can be left open for them by the choices made.
2.4.2.2 Authentication
Traditionally the first level of security authentication for older broadband wireless
technologies has been MAC authentication and WiMAX supports this, although providers
don't settle for this method. This technique allowed service providers to log permitted MAC
device addresses and allow only those addresses to access the network. Hackers long ago
figured out how to spoof these. If a base station is not set up with adequate authentication
measures, an attacker can capture control packets and pose as a legitimate subscriber even
with older MAC device authentication enabled.
A second, newer and much better choice, embraced by the Win-Max™ system, is the built in
support for X.509 device certificates embedded with the use of extensible authentication
protocol---transport layer security (EAP-TTLS) method, added with the 802.16e standard and
WiMAX Forum.