Reverse Engineering: WiMAX and IEEE 802.16e

Wireless communications is part of everyday life. As it is incorporated into new products and services, it brings additional security risks and requirements. A thorough understanding of wireless protocols is necessary for network administrators and manufacturers. Though most wireless protocols have strict standards, many parts of the hardware implementation may deviate from the standard and be proprietary. In these situations reverse engineering must be conducted to fully understand the strengths and vulnerabilities of the communication medium. New 4G broadband wireless access protocols, including IEEE 802.16e and WiMAX, offer higher data rates and wider coverage than earlier 3G technologies. Many security vulnerabilities, including various Denial of Service (DoS) attacks, have been discovered in 3G protocols and the original IEEE 802.16 standard. Many of these vulnerabilities and new security flaws exist in the revised standard IEEE 802.16e. Most of the vulnerabilities already discovered allow for DoS attacks to be carried out on WiMAX networks. This study examines and analyzes a new DoS attack on IEEE 802.16e standard. We investigate how system parameters for the WiMAX Bandwidth Contention Resolution (BCR) process affect network vulnerability to DoS attacks. As this investigation developed and transitioned into analyzing hardware implementations, reverse engineering was needed to locate and modify the BCR system parameters. Controlling the BCR system parameters in hardware is not a normal task. The protocol allows only the BS to set the system parameters. The BS gives one setting of the BCR system parameters to all WiMAX clients on the network and everyone is suppose to follow these settings. Our study looks at what happens if a set of users, attackers, do not follow the BS\u27s settings and set their BCR system parameters independently. We hypothesize and analyze different techniques to do this in hardware with the goal being to replicate previous software simulations that looked at this behavior. This document details our approaches to reverse engineer IEEE 802.16e and WiMAX. Additionally, we look at network security analysis and how to design experiments to reduce time and cost. Factorial experiment design and ANOVA analysis is the solution. In using these approaches, one can test multiple factors in parallel, producing robust, repeatable and statistically significant results. By treating all other parameters as noise when testing first order effects, second and third order effects can be analyzed with less significance. The details of this type of experimental design is given along with NS-2 simulations and hardware experiments that analyze the BCR system parameters. This purpose of this paper is to serve as guide for reverse engineering network protocols and conducting network experiments. As wireless communication and network security become ubiquitous, the methods and techniques detailed in this study become increasingly important. This document can serve as a guide to reduce time and effort when reverse engineering other communication protocols and conducting network experiments

A heterogeneous short-range communication platform for internet of vehicles

The automotive industry is rapidly accelerating toward the development of innovative industry applications that feature management capabilities for data and applications alike in cars. In this regard, more internet of vehicles solutions are emerging through advancements of various wireless medium access-control technologies and the internet of things. In the present work, we develop a short-range communication–based vehicular system to support vehicle communication and remote car control. We present a combined hardware and software testbed that is capable of controlling a vehicle’s start-up, operation and several related functionalities covering various vehicle metric data. The testbed is built from two microcontrollers, Arduino and Raspberry Pi 3, each of which individually controls certain functions to improve the overall vehicle control. The implementation of the heterogeneous communication module is based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 and IEEE 802.15 medium access control technologies. Further, a control module on a smartphone was designed and implemented for efficient management. Moreover, we study the system connectivity performance by measuring various important parameters including the coverage distance, signal strength, download speed and latency. This study covers the use of this technology setup in different geographical areas over various time spans

Network-Assisted Handover for Heterogeneous Wireless Networks using IEEE 802.21

The IEEE 802.21 is a standard for enabling handover in heterogeneous wireless networks. Published in January 2009, it defines protocols and messages for mobile-to-node and node-to-node communication in a technology-neutral and flexible manner. The need arises because of the widespread diffusion of different technologies for wireless communications (e.g., WiFi, WiMAX, LTE) coexisting in the same geographical area. Even though the number of multi-radio multi-technology mobile devices is increasing significantly, there are no open solutions in the market to enable efficient inter-technology handover. As is often the case with communication standards, the structure of the required components, the procedures, and the algorithms are left unspecified by the IEEE 802.21 standard so as to promote competion by differentiation of equipment capabilities and services. The contribution of this thesis is two-fold: i) a design and an implemenation of the Media Independent Information Service (MIIS) server; and, ii) a solution to enable network-assisted handover using the IEEE 802.21 standard, aimed at reducing the handover latency and the energy consumption of mobile devices due to scanning. The MIIS server has been fully implemented in C++ under Linux. In order to perform testbed evaluations, all the required components have been implemented, as well, within an open source framework for IEEE 802.21 called ODTONE. Modifications to the latter have been performed for optimization and fine tuning, and for extending those functional modules needed but not fully implemented. For a realistic evaluation, Linux-based embedded COTS devices have been used, equipped with multiple IEEE 802.11a and IEEE 802.11g wireless network interface cards. This has required additional development for kernel/user space binding and hardware control. Testbed results are reported to show the effectiveness of the proposed solution, also proving the MIIS server scalability

Acesso banda larga sem fios em ambientes heterogéneos de próxima geração

Doutoramento em Engenharia InformáticaO acesso ubíquo à Internet é um dos principais desafios para os operadores de telecomunicações na próxima década. O número de utilizadores da Internet está a crescer exponencialmente e o paradigma de acesso "always connected, anytime, anywhere" é um requisito fundamental para as redes móveis de próxima geração. A tecnologia WiMAX, juntamente com o LTE, foi recentemente reconhecida pelo ITU como uma das tecnologias de acesso compatíveis com os requisitos do 4G. Ainda assim, esta tecnologia de acesso não está completamente preparada para ambientes de próxima geração, principalmente devido à falta de mecanismos de cross-layer para integração de QoS e mobilidade. Adicionalmente, para além das tecnologias WiMAX e LTE, as tecnologias de acesso rádio UMTS/HSPA e Wi-Fi continuarão a ter um impacto significativo nas comunicações móveis durante os próximos anos. Deste modo, é fundamental garantir a coexistência das várias tecnologias de acesso rádio em termos de QoS e mobilidade, permitindo assim a entrega de serviços multimédia de tempo real em redes móveis. Para garantir a entrega de serviços multimédia a utilizadores WiMAX, esta Tese propõe um gestor cross-layer WiMAX integrado com uma arquitectura de QoS fim-a-fim. A arquitectura apresentada permite o controlo de QoS e a comunicação bidireccional entre o sistema WiMAX e as entidades das camadas superiores. Para além disso, o gestor de cross-layer proposto é estendido com eventos e comandos genéricos e independentes da tecnologia para optimizar os procedimentos de mobilidade em ambientes WiMAX. Foram realizados testes para avaliar o desempenho dos procedimentos de QoS e mobilidade da arquitectura WiMAX definida, demonstrando que esta é perfeitamente capaz de entregar serviços de tempo real sem introduzir custos excessivos na rede. No seguimento das extensões de QoS e mobilidade apresentadas para a tecnologia WiMAX, o âmbito desta Tese foi alargado para ambientes de acesso sem-fios heterogéneos. Neste sentido, é proposta uma arquitectura de mobilidade transparente com suporte de QoS para redes de acesso multitecnologia. A arquitectura apresentada integra uma versão estendida do IEEE 802.21 com suporte de QoS, bem como um gestor de mobilidade avançado integrado com os protocolos de gestão de mobilidade do nível IP. Finalmente, para completar o trabalho desenvolvido no âmbito desta Tese, é proposta uma extensão aos procedimentos de decisão de mobilidade em ambientes heterogéneos para incorporar a informação de contexto da rede e do terminal. Para validar e avaliar as optimizações propostas, foram desenvolvidos testes de desempenho num demonstrador inter-tecnologia, composta pelas redes de acesso WiMAX, Wi-Fi e UMTS/HSPA.Ubiquitous Internet access is one of the main challenges for the telecommunications industry in the next decade. The number of users accessing the Internet is growing exponentially and the network access paradigm of “always connected, anytime, anywhere” is a central requirement for the so-called Next Generation Mobile Networks (NGMN). WiMAX, together with LTE, was recently recognized by ITU as one of the compliant access technologies for 4G. Nevertheless, WiMAX is not yet fully prepared for next generation environments, mainly due to the lack of QoS and mobility crosslayer procedures to support real-time multimedia services delivery. Furthermore, besides the 4G compliant WiMAX and LTE radio access technologies, UMTS/HSPA and Wi-Fi will also have a significant impact in the mobile communications during the next years. Therefore, it is fundamental to ensure the coexistence of multiple radio access technologies in what QoS and mobility procedures are concerned, thereby allowing the delivery of real-time services in mobile networks. In order to provide the WiMAX mobile users with the demanded multimedia services, it is proposed in this Thesis a WiMAX cross-layer manager integrated in an end-to-end all-IP QoS enabled architecture. The presented framework enables the QoS control and bidirectional communication between WiMAX and the upper layer network entities. Furthermore, the proposed cross-layer framework is extended with media independent events and commands to optimize the mobility procedures in WiMAX environments. Tests were made to evaluate the QoS and mobility performance of the defined architecture, demonstrating that it is perfectly capable of handling and supporting real time services without introducing an excessive cost in the network. Following the QoS and mobility extensions provided for WiMAX, the scope of this Thesis is broaden and a seamless mobility architecture with QoS support in heterogeneous wireless access environments is proposed. The presented architecture integrates an extended version of the IEEE 802.21 framework with QoS support, as well as an advanced mobility manager integrated with the IP level mobility management protocols. Finally, to complete the work within the framework of this Thesis, it is proposed an extension to the handover decisionmaking processes in heterogeneous access environments through the integration of context information from both the network entities and the enduser. Performance tests were developed in a real testbed to validate the proposed optimizations in an inter-technology handover scenario involving WiMAX, Wi-Fi and UMTS/HSPA

Radio Communications

In the last decades the restless evolution of information and communication technologies (ICT) brought to a deep transformation of our habits. The growth of the Internet and the advances in hardware and software implementations modified our way to communicate and to share information. In this book, an overview of the major issues faced today by researchers in the field of radio communications is given through 35 high quality chapters written by specialists working in universities and research centers all over the world. Various aspects will be deeply discussed: channel modeling, beamforming, multiple antennas, cooperative networks, opportunistic scheduling, advanced admission control, handover management, systems performance assessment, routing issues in mobility conditions, localization, web security. Advanced techniques for the radio resource management will be discussed both in single and multiple radio technologies; either in infrastructure, mesh or ad hoc networks

Suporte de mobilidade em redes WIMAX

O desenvolvimento crescente da Internet, com novos serviços e aplicações que requerem elevadas exigências a nível de qualidade de serviço, como por exemplo, o VoIP e IPTV, a crescente necessidade de um utilizador estar sempre contactável em qualquer sítio e a qualquer momento, torna necessária a integração actual da Internet com as redes móveis da próxima geração. A tecnologia IEEE 802.16 surge como uma tecnologia de banda larga sem fios que pode ter um papel fundamental num ambiente de próxima geração. Devido aos seus baixos custos de instalação e à possibilidade de chegar facilmente a zonas rurais ou a zonas de difícil acesso, torna-se um sério candidato para suprir as necessidades dos utilizadores. A necessidade de mobilidade pelo utilizador, para aceder a diversos serviços em diferentes sítios ou ser identificado remotamente para a posterior recepção de informação também é um desejo futuro. O protocolo IEEE 802.21 surge como um meio que providencia a optimização de handover entre diferentes tecnologias de acesso, quer sejam elas WiFi, WiMAX, 3GGP ou 3GPP2, no sentido de proporcionar ao utilizador a utilização de diferentes serviços de uma forma transparente à tecnologia de acesso, quando em situações de mobilidade. Esta dissertação apresenta a arquitectura desenvolvida para proporcionar a correcta avaliação da atribuição de QoS e mobilidade transparente, num ambiente real de próxima geração. Serão também efectuados testes com o equipamento WiMAX disponível, no sentido de mostrar o seu correcto comportamento na atribuição de QoS fim-a-fim em cenários ponto-a-ponto e ponto-a-multiponto com serviços com características de tempo real. A integração do software da primeira fase do projecto WEIRD e o seu correcto comportamento em ambientes de atribuição de QoS também vai ser estudado. A implementação dos diferentes módulos, em especial a implementação da unidade central da arquitectura de IEEE 802.21 (MIHF), vai ser descrita, no sentido de avaliar o desempenho do WiMAX e do protocolo IEEE 802.21 numa rede real no âmbito da segunda fase do projecto WEIRD. Os resultados obtidos demonstram que a arquitectura desenvolvida consegue fornecer QoS fim-a-fim com suporte de mobilidade entre redes heterogéneas. ABSTRACT: The growing development of the Internet, with new services and applications that require a high level of quality of service, such as, VoIP and IPTV, the increasing need for a user to be always reachable anywhere and at anytime, motivates the integration of current Internet with the next generation of mobile networks. The IEEE 802.16 technology emerges as a technology for broadband wireless access that may have a key role in a next generation environment. Due to its low costs of installation and its ability to easily reach rural areas or areas with difficult access, it becomes a serious candidate to supply the needs of users. The mobility’s necessity by the user, to access to several services in different locations or be identified remotely for subsequent receipt of information, is also a future desire. The IEEE 802.21 protocol provides the optimization of handover between heterogeneous networks, such as WiFi, WiMAX, 3GGP or 3GPP2, to offer the user different services in a transparent manner to his access technology, when in situations of mobility. This Thesis presents the architecture developed to provide the correct integration of QoS and seamless mobility, in a real next generation environment. It will also present tests carries out with the available WiMAX equipment, to show its correct behaviour in the allocation of end-to-end QoS in point-to-point and point-to-multipoint scenarios with real-time services. The integration of software from the first phase of the WEIRD project and its correct behaviour in environments of QoS allocation will also be studied. The implementation of the various modules, in particular the implementation of the central unit of IEEE 802.21 architecture (MIHF), will be described, to evaluate the performance of WiMAX and IEEE 802.21 protocol in a real network provided by the second phase of the WEIRD project. The obtained results show that the developed architecture is able to provide end-toend QoS with seamless mobility support over heterogeneous networks