National Conference on computing and signal processing (NCCCN 09 &NCSIP-09) Chennai, India.

BIOMETRICS SECURITY IN WIMAX

Paul Omesh Ajeeth Boaz Brunel University Wireless communication systems E-Mail:ajeethboaz@gmail.com Abstract- The Aim of this project is to apply fingerprint and voice recognition over WiMAX and designing an algorithm, simulating it for any scenario using WireShark and enhance the security features of mobile WiMAX according to 802.16e standards. The purpose of this research is to improve the effectiveness of security system in WiMAX by applying Fingerprint/voice recognition and compare its performance with other wireless technologies like WiFi, 3G & 3.5G. I. INTRODUCTION The fingerprint/voice recognition is applied to allow a particular user to login to the WiMAX station which would reduce the use of WiMAX features by unauthorized users. The basics are reviewing some technological background on the multibiometric technologies and the purpose behind it. The next step would discuss, in detail, the comparison of biometric technologies to find optimum security model in WiMAX. This also includes information on biometric techniques in the market and industry to find economical biometric model. This research goes into greater depth on why biometrics has been selected and current biometric methods and summary of biometrics implementations, and influences that may affect the results from a biometric device. The projects main aim is to provide adequate security to prevent theft of services, thus protecting the
FIG 1. COMPARISON OF WIRELESS TECHNOLOGY FAMILY

service providers investments in the wireless infrastructure. The following chapters would explain how fingerprint/voice recognition is applied over WiMAX.

II. Key Technologies A. WiMAX: Wireless Interoperability for Microwave Access is the latest telecommunication technology that aims in delivering last mile wireless broadband access as an alternative to cable and DSL. WiMAX is based on IEEE 802.16 or Wireless MAN; it attained its name from the WiMAX forum formed in June 2001. Based on the performance WiMAX has been divided into Fixed WiMAX and Mobile WiMAX respectively. 802.16d was the working party that developed the Fixed WiMAX standard hence 802.16-2004 is often called 802.16d. It is frequently referred to as Fixed WiMAX since it has no support for mobility. 802.16e-2005 is an amendment to 802.16-2004 and is often referred as 802.16e. It supports mobility and is also frequently called "mobile WiMAX".

Using the 2 to 6 GHz frequencies which can penetrate walls and other dense objects It allows people to communicate while walking or riding in cars and provides a mobile voice over IP (VoIP) and higher-speed data alternative to the cellular networks (GSM, TDMA, CDMA). WiMAX relies on a process consisting of a session setup and authentication. The RLC manages and monitors the quality of the service flow. This process is a series of exchanges downlinks and uplinks (DLs and ULs) between the BS and SS. The process starts with channel acquisition by the newly installed SS following this a complex process determines what FDD and TDD settings will be used for the service flow. The FEC sets encryption, bandwidth requests, burst profiles, and so on. WiMAX uses a X.509 encryption to set up the session and after this is established it uses 56-bit DES encryption protect the transmission. Both these tasks eliminate theft of services and ensures privacy of the session.

of-Sight (NLOS) operation in the lower frequencies, which is not possible in higher bands. The OFDM format was selected to compete with formats such as CDMA due to its special ability to support NLOS performance and also maintains a high level of spectral efficiency. In the case of CDMA, in order to maintain processing gain adequate to overcome interference, the RF bandwidth must be much larger than the data throughput. Data rates up to 70 Mbps would require RF bandwidths exceeding 200 MHz to deliver comparable processing gains and NLOS performance. B. Biometrics: Compared to the traditional identification and verification methods such as some paper, magnetic card, password or ID, biometrics is a much convenient technology since it reduces piracy and is much secure. Biometrics is considered to be much safer than the previous traditional methods because it uses physical, biological and behaviour characteristics such as fingerprints, face, voice and iris which cannot be forged and is unique for every single person. Biometric has become an important feature of security, intelligence, law enforcement, and ecommerce.

Fig 2. LOS feature of WiMAX

The 802.16 standard addressed Line-of-Sight (LOS) environments at high frequency bands operating in the 10-66 GHz range, whereas the 802.16e standard is designed for systems operating in bands between 2 GHz and 11 GHz. The significant difference between these two standards lies in their ability to support Non-Line-

Fig 3. Biometric market report of International Biometric Group 2007

The increasing utility of biometrics in every sector has also found its presence in wireless applications, which has been implemented in this research. This project aims in implementing biometric technology in WiMAX. The various

biometrics techniques, the physical characteristics such as Fingerprint, Face, Retinal, Iris and Behavioural characteristics such as Voice, Signature, and Keystrokes were studied and analysed in depth. The different Types of Biometric System and Processes such as authentication, identification and acceptability, FRR (False Rejection Rate), FAR (False Acceptance Rate), FER (Failure to Enrol Rate), and ERR (Equal Error Rate) were also reviewed. C. Security in WiMAX: The security service offered by the WiMAX involves three stages namely authentication, data key exchange and data encryption, which are discussed in detail. Nevertheless, new security features in the latest standard have been covered and some open issues of WiMAX security are discussed. C.1. Authentication: A Privacy Key Management (PKM) protocol is used which provides secure distribution of keying data from BS to SS. The PKM protocol uses public key cryptography to establish a secret AK between the SS and the BS. Authentication is carried out between the Substation (SS) and the Base station (BS). The substation initially performs an Authentication request by carrying a digital certificate X.509 to the BS, which contains the public key and MAC address. The BS verifies the digital certificate and then uses the verified public key to encrypt an AK that the BS then sends back to the requesting SS [1]. C.2. Data Key Exchange: The AK received by the SS from the BS helps the SS to derive a key Encryption key (KEK) and message authentication keys. The SS sends a TEK (Traffic Encryption Key) key request to its BS for the privacy of one of its authorized SAIDs (Security Association Identifications). The BS responds to a Key Request with a Key Reply message containing the BSs active keying material for a specific SAID. This Key request sent by the BS provides the requesting SS the remaining lifetime of each of the two sets of active keying material for its respective SAID. C.3. Data Encryption: To ensure maximum protection and privacy for the data being transmitted in WiMAX networks, the IEEE 802.16 standard initially employed the use of DES (Data Encryption Standard) in CBC (Cipher Block Changing) mode. After few researches, DES was identified to be insecure and has been replaced by the AES. Hence the IEEE 802.16e standard recommends the use of AES for use in encryption. A fundamental flaw in the authentication mechanism used by WiMAX's privacy and key management (PKM) protocol is the lack of base station or service provider authentication. This makes WiMAX networks open to man-in-themiddle attacks and exposes subscribers to various confidentiality and availability attacks. The 802.16e amendment added support for the Extensible Authentication Protocol (EAP) to WiMAX networks. Support for EAP protocols is currently optional for service providers. Limited authentication method makes it much easier for attackers to invade the network. The SS alone carries the digital certificate; this can be overcome by adding new type of authentication message and enabling mutual authentication by the BS and the SS. This project aims in enhancing the security features of WiMAX by applying biometric fingerprint and voice recognition. III. Test Methodologies The test was conducted on three technologies, WiMAX, Wi-Fi and 3G. Fingerprint was sent over WiMAX, Wi-Fi and 3G and their corresponding delay, throughput, packet loss and jitter were recorded and analyzed. The measurement methodologies of QoS(delay, throughput, packet loss and jitter) were measured using Wireshark software. Jitter was monitored automatically on

the client and server sides and calculated manually using few equations. Packet loss was measured

manually since Wireshark is a one-side monitoring tool and doesnt support

automatic measurement of packet loss. Delay was measured manually for fingerprint, Throughput was measured automatically using Wireshark. A. Delay measurement in Wireshark has two drawbacks, synchronization between the client and the server and secondly the received packets are not in order since the application uses UDP which is connectionless. Professional hardware and software are required to obtain an accuracy in synchronization between the client and server, as an alternative PING utility was used, Ping f lPacketsizeDestinationIP This test was conducted for every file size around 20 times in different periods of the day. Wireshark software captured the process on both the client and server sides when the test was conducted. B. Jitter was calculated using the following expressions. When a packet is sent by the client, the received packets are filtered and measured in the server side. Similarly when the server is sending a packet, the received packets are filtered and measured at the client side. The measured packets from Wireshark were then exported to excel and the jitter was calculated at both sides (JS & JC) using the following expressions.

IV Results and Analysis As shown in Table 1 the Delay, Throughput and Jitter were calculated and tabulated respectively. The file sizes were chosen from the fingerprint database and for every file size the Delay, Throughput and Jitter were calculated over WiMAX network as explained earlier.
FILE SIZE (Kb)
WiMAX

108 117

141

300

514

749

936 1117

Delay (ms)
Throughpu t (Mb/sec)

31.18 33.8

35.3

38.3

39.7

48.5

48.5

54.4

4.1 1.11

4.1 0.78

3.46 0.11

4.68 0.22

3.33 1.11

4.05 1.0

3.27 1.67

4.21 0.44

Jitter

Table 1: WiMAX calculated results

The performance of WiMAX was compared with the existing wireless technologies like WiFi and 3G. The Delay (latency) was measured, calculated and tabulated for every single technology. The same fingerprint used over WiMAX was used on WiFi and 3G networks to compare the performance. The results of this experimental research are showed in table 2. As it is observed, the transmission time of a packet over WiMAX is significantly faster than the other technologies.
Comparison between WiMAX, Wi-Fi & 3G:

:N is total no of packets, Tsn is the

time at which the packet(n) is received at the server.

N is total no of packets, Tsn is the time at which the packet(n) is received at the server.

FILE SIZE (Kb)

Tech Nonology WiMAX 31.18 Wi-Fi 3G

108

117

141

300

514

749

936

1117

Net Jitter =

33.8 86.05

35.3 91.6

38.3 91.1

39.7 93.9

48.5 90.47

48.5 93.05 366.2

54.4 90.05 391.3

91.7

197.7 204.9

235.2 258.4 289.7 318.1

TIME (ms)

Table 2: File Size/Time/Technology for Fingerprint Recognition

over the internet, since it involves unacceptably longer delays. V. CONCLUSION A Client/Server architecture for Biometric Fingerprint verification over WiMAX has been proposed. The study has analyzed the transmission of biometric data over WiMAX. The study has also included a comparison of performances of WiMAX with the existing wireless technologies (WiFi & 3G). Based on the experimental investigations it is shown that it is feasible to transmit biometric data over WiMAX due to its incomparable speed and secure network. It is also shown that the overall transmission time is relatively smaller. VI. REFERENCES [1]Johann Siau, Aladdin M. Ariyaeeinia, Biometrics over the internet, COST275 Technical Meeting, INST Paris, April 2002. [2]W. Balachandran, L. Nie, Navigation System, International patent No. WO98/04885, 1988 [3] http://www.wireshark.org/ [4] http://www.wimax-industry.com/ar/7z.htm [5]http://www.techweb.com/encyclopedia/defineterm .jhtml;jsessionid=XJZUOQNJJ1FQGQSNDLOSKH0 CJUNN2JVN?term=802.16 [6]Frank Ohrthman, McGraw Hill WiMAX HANDBOOK,

Figure 4: Test results The results in figure 4 clearly illustrate the performance of every single technology. From which we can see the performance of WiFi is highly influenced by the type of internet connection, traffic of the network and the time of usage. The comparisons show the performance of a WiMAX network to transfer fingerprint is faster and secure when compared to the other existing wireless technologies. Looking at the experimental investigations, it is shown that it may not be feasible to transmit raw biometrics data

[7]Koon hoo teo, zhifeng tao, jinyun zhang., The Mobile Broadband WiMAX standard, setember 2007, Available at: http://www. ieee.com. [8]Tevfik yiicek, M kemal ozdemir,Huseyin Arslan, Francis E. retnasothie., A comparative study of initial downlink channel estimation algorithms for mobile WiMAX, Available at: http://www.ieee.com.