Secure and Service-Oriented Network Control Framework for WiMAX Networks IEEE 802.16 supports both TDD ( time-division duplex) and FDD (frequency-division duplex) Multihop communication is needed for deployment of wimax network. Because of multihop Security is issues associated with wimax network Issue is how to support different services and applications in WiMAX networks

1. A Secure and Service Oriented
Network Control Framework
for WiMAX Networks
Khumanthem Jayanta Singh (110948008)

2. TABLE OF CONTENT
1) ABSTRACT
2) INTRODUCTION
3) LITERATURE SURVEY
4) PROBLEM STATEMENT
5) APPLICATION SCENARIOS
7) A SECURE AND SERVICE-ORIENTED
NETWORK CONTROL FRAMEWORK
8) FUTURE WORKS
9) CONCLUSION

3. Abstract
WiMAX, Worldwide Interoperability for Microwave Access, is an
emerging wireless communication system that can provide broadband
access with large-scale coverage. In this article we propose a secure and
service-oriented network control framework for WiMAX net-works. In
the design of this framework we consider both the security requirements
of the communications and the requirements of potential WiMAX
applications that have not been fully addressed previously in the network
layer design.
The proposed framework consists of two basic components: a service-
aware control frame-work and a unified routing scheme. Besides the
design of the framework, we further study a number of key enabling
technologies that are important to a practical WiMAX network. Our
study can provide a guideline for the design of a more secure and
practical WiMAX network.
INTRODUCTION
WiMAX (Worldwide Interoperability for Microwave Access) is an
emerging wireless communication system that is expected to provide
high data rate communications in metropolitan area networks (MANs)
[1]. In the past few years, the IEEE 802.16 working group has developed
a number of standards for WiMAX. The first standard was published in
2001, which aims to support the communications in the 1066 GHz
frequency band. In 2003 IEEE 802.16a was introduced to provide
additional physical layer specifications for the 211 GHz frequency band.
These two standards were further revised in 2004 (IEEE 802.16-2004).

4. Recently, IEEE 802.16e has also been approved as the official standard
for mobile applications. In the physical (PHY) layer, IEEE 802.16
supports four PHY specifications for the licensed bands. These four
specifications are Wireless-MAN-SC (single carrier), -SCa, -OFDM
(orthogonal frequency-division multiplexing), and -OFDMA (orthogonal
frequency- division multiple access).To support multiple subscribers,
IEEE 802.16 supports both time-division duplex (TDD) and frequency-
division duplex (FDD) operations. OFDM uses multiple sub-carriers but
the subcarriers are closely spaced to each other without causing
interference, removing guard bands between adjacent subcarriers. This is
possible because the frequencies (sub-carriers) are orthogonal; meaning
the peak of one sub-carrier coincides with the null of an adjacent
subcarrier. In an OFDM system, a very high rate data stream is divided
into multiple parallel low rate data streams. Each smaller data stream is
then mapped to individual data sub-carrier and modulated using some
Sorts of PSK (Phase Shift Keying) or QAM (Quadrature Amplitude
Modulation) OFDMA employs multiple closely spaced subcarriers, but
the sub-carriers are divided into groups of sub-carriers. Each group is
named a sub channel. The sub-carriers that form a sub-channel need not
be adjacent. In the downlink, a sub-channel may be intended for
different receivers. In the uplink, a transmitter may be assigned one or
more sub channels. Sub channelization defines sub-channels that can be
allocated to subscriber stations (SSs) depending on their channel
conditions and data requirements. Using sub channelization, within the
same time slot a
Mobile WiMAX Base Station (BS) can allocate more transmit power to
user devices (SSs) with lower SNR (Signal-to-Noise Ratio), and less
power to user devices with higher SNR. In the medium access control
(MAC) layer, IEEE 802.16 supports two modes: point-to-multipoint
(PMP) and mesh. The former organizes nodes into a cellular-like
structure consisting of a base station (BS) and subscriber stations (SSs).
The channels are divided into uplink (from SS to BS) and downlink
(from BS to SS), and both uplink and downlink channels are shared
among the SSs. PMP mode requires all SSs to be within the transmission
range and clear line of sight (LOS) of the BS. On the other hand, in

5. mesh mode an ad hoc network can be formed with all nodes acting as
relaying routers in addition to their sender and receiver roles, although
there may still be nodes that serve as BSs and provide backhaul
connectivity.
Literature Survey
According to the IEEE 802.16 standard [1], WiMAX technology
supports two operation modes: PMP and mesh. A WiMAX PMP net-
work aims at providing last-mile access to a broadband Internet service
Provider (ISP). An example of the network topology is illustrated in Fig.
1a, where the WiMAX network includes one BS and a number of SSs.
On the other hand, mesh mode implies the requirement of supporting
multihop ad hoc net-working by SSs. An example of a WiMAX mesh
network is illustrated in Fig. 1b. Notice that in this figure, we assume
that BS can provide access to the Internet; a relay station (RS) is a
special type of SS that can forward traffic flows to BSs or other RSs;
and a mobile station (MS)is an SS that can move in the network. The
Various Security schema discussed in [2] are WiMAX security supports
two quality encryptions standards, that of the DES3 and AES, which is
considered leading edge. The standard defines a dedicated security
processor on board the base station for starters. There are also minimum
encryption requirements for the traffic and for end to end authentication
the latter of which is adapted from the data-over-cable service interface
specification (DOCSIS) BPI+ security protocol. Basically, all traffic on
a WiMAX network must be encrypted using Counter Mode with Cipher
Block Chaining Message Authentication Code Protocol (CCMP) which
uses AES for transmission security and data integrity authentication. The
end-to-end authentication the PKM-EAP (Extensible Authentication
Protocol) methodology is used which relies on the TLS standard of
public key encryption. The author in [4] propose a novel routing
framework in the network layer, manycast routing. In this scheme the
customer does not need to specify the exact address of a server in the
network. Instead, it only needs to indicate the service it wants to access.

6. Moreover, in such a communication scenario, the client (i.e., the
customer) can communicate with a subset of all the servers in order to
achieve better reliability and/or security. In multicasting, if at least one
of the members in the group cannot satisfy the service requirement of
the application, the multicast request is said to be blocked. On the
contrary in many casting, destinations can join or leave the group,
depending on whether it satisfies the service requirement or not.
Problem statement
The main motivation for creating this article i is that we need to
take into account both the security concerns and the requirements of
potential WiMAX applications. Any other previous Wimax framework
does not provide such security concerns and availability of wide range of
application for Wimax with heterogeneity of end user devices.
APPLICATION SCENARIOS
Wimax can be used in the following application area. Internet
Access: Evidently, Internet access will still be the major demand in
WiMAX net-works, especially when they are newly deployed. To
support Internet access, a straightforward method is to provide a unicast
connection between SSs (including RSs and MSs) and the BS, which has
the link toward the Internet. Group Communications: Since WiMAX
net-works can cover a relatively large area, it is natural to imagine that
many group communications, such as videoconferences, will be
important applications in WiMAX networks. To support such
communication scenarios, multicast is the key technology. In a WiMAX
network, however, since all nodes are located inside, implementing such
group communication becomes possible. Metropolitan Area Distributed
Service: With the deployment of WiMAX networks, more and more
value-added services can be provided in a metropolitan area. To
efficiently support a large number of customers, distributed services can

7. be enabled. In other words, a customer can access the service from any
of the servers in the net-work in which these servers are distributed
to serve the entire metropolitan area. Content-Based Distribution: The
content-based routing scheme is a service-oriented communication
model [5]. In this scheme the sender of a message does not need to
explicitly specify its destination(s). The network layer will automatically
deliver the message to receivers that are interested in the content of the
message. In [5] the authors proposed to design an overlay network based
on broadcast service of the existing network. Quality Guaranteed
Applications: For many applications, it is desirable that the network
layer can provide a sufficient quality of service (QoS) guarantee, usually
in terms of bandwidth, data rate, delay, and delay jitter. However, wire-
less communications are naturally error-prone; thus, it is difficult to
provide such a guarantee in a wireless network. To address this issue, in
the literature multipath routing has been studied in many previous
works. Multihoming Applications: Multihoming [3] is a technology that
can provide services similar to those of multipath routing. The main
difference between these
Figure 1: WiMAX network architectures: a) PMP mode; b) mesh mode.

8. two schemes is that in multi-homing, one station has two or more IP
addresses and generally has the same number of interfaces. In this
manner, the station can have multiple paths to access the same resources.
A SECURE AND SERVICE-ORIENTED
NETWORK CONTROL FRAMEWORK
In this section we elaborate on a novel control framework to
address the security requirements in WiMAX networks, and full the
demands of existing and future application scenarios dis-cussed above.
Components
In this framework there are two major components. Service-Aware
Control Scheme To efficiently
support different applications, the net-work layer control scheme shall
be aware of the availability of different services. In general, the service
can be either located in a single node in the network or distributed in
multiple locations in the network. To provide these services, the servers
must register the type and availability of service to the control frame-
work. Moreover, the availability information shall be updated
periodically or based on predefined events. Upon receiving these
messages, the control framework will also be responsible for distributing
such message to nodes in the network. Unified Routing Scheme With
the availability information of the service, a unified routing scheme shall
be designed such that all the application scenarios discussed in the last
section shall be supported. The packets of a certain flow will be
forwarded based on the service and security requirements.

9. ENABLING TECHNOLOGIES
To deploy the proposed framework, a number of key technologies
must be addressed. In the rest of this section we address these issues.
Figure 2: The importance of the placement of BSs and RSs: a) a single
path; b) multiple paths.
PLACEMENT OF BSS AND RSS
In our framework, the placement of BSs and RSs is very important
for a broadband wireless service provider to offer a secure
communication platform. For example, in Fig. 2a, if there is only one
path between one MS and a server, it is not possible to guarantee the
security of the communication since a single RS in the path can damage

10. the confidentiality and integrity of the information transmission, or
block the traffic flow and affect the availability of the service. On the
other hand, if there are two or more paths available, secure
communication channels are more likely to exist between the MS and
the server, as shown in Fig. 2b.One important issue related to the
placement of BSs and RSs is the cost. Apparently, with increasing
numbers of BSs and RSs of a service provider, security and availability
will increase while cost will also soar. In such a case, it becomes a trade-
o_ between security and cost. On the other hand, given the constraint of
cost, the placement of BSs and RSs can be formulated as an optimization
problem, which shall be further investigated.
SECURITY MANAGEMENT
In the proposed framework the security management scheme is
very important to the system. Similar to [3], we consider the security
management scheme responsible for monitoring the operation of the
network and quickly identifying possible security attacks and threats.
KEY MANAGEMENT
In addition to the MAC layer, key management is also important to
the network layer. To provide a secure communication channel between
the end user and the server, it is important to develop a key management
scheme to establish a unique key for each session. In such a scenario the
proposed framework can be directly utilized to improve the reliability
and security of the key distribution. For instance, an MS can send key
material through multiple paths to the server. Since each path may
contain only a portion of all the information, the probability of the key
material being intercepted by an adversary can be significantly reduced.

11. SECURE ROUTING
In our scheme the routing algorithm takes into account the
following issues. Multiple-radio and multiple-channel: In the near
future, each node may be equipped with multiple radio interfaces.
Therefore, the routing scheme shall take this into account. Multiple
destinations. In our framework, an application can require multiple
destinations in the network. For example, there is no requirement for
selecting node disjoint paths in these schemes, which may not be
sufficient to defend against compromised RS nodes. Multipath routing:
As shown in the previous section, the multipath scheme is different from
existing methods. First, multipath routing may need to forward messages
to different destinations. Second, more paths may need to be set up.
Heterogeneity of user devices: In practice, the capabilities of user
devices (e.g., data rate) are highly heterogeneous. Several application
layer schemes and middleware schemes have been proposed recently.
However, it is appropriate for the network layer to consider such
differences because the capability information offend users can be
utilized to help choose the routing method used.
CONCLUSION
WiMAX is a promising wireless communication technology for
wireless MANs. In this article we address the design issue in multihop
WiMAX networks. Specifically, we propose a secure and service-
oriented network control framework in which both security concerns and
the requirements of potential WiMAX applications are taken into
account. In the framework there are two major components: a service-
aware control framework and a unified routing scheme. We then
demonstrate how these schemes can pro-vide the required service from
the network layer perspective. In addition to the design of the
framework, we also study several enabling technologies for the
framework, including the deployment of BSs and key management, and

12. secure routing. We believe that our study can provide a guideline for the
design of a more secure and practical WiMAX network.