Guide to Securing WiMAX Wireless Communications

The purpose of this document is to provide information to organizations regarding the security capabilities of wireless communications using WiMAX networks and to provide recommendations on using these capabilities. WiMAX technology is a wireless metropolitan area network (WMAN) technology based upon the IEEE 802.16 standard. It is used for a variety of purposes, including, but not limited to, fixed last-mile broadband access, long-range wireless backhaul, and access layer technology for mobile wireless subscribers operating on telecommunications networks.


WiMAX technology is a wireless metropolitan area network (WMAN) communications technology that is largely based on the wireless interface defined in the IEEE 802.16 standard. The industry trade association, the WiMAX Forum, coined the WiMAX trademark and defines the precise content and scope of WiMAX technology through technical specifications that it creates and publishes. The original purpose of IEEE 802.16 technology was to provide last-mile broadband wireless access as an alternative to cable, digital subscriber line-, or T1 service. Developments in the IEEE 802.16 standard shifted the technology’s focus toward a more cellular-like, mobile architecture to serve a broader market. Today, WiMAX technology continues to adapt to market demands and provide enhanced user mobility. This document discusses WiMAX wireless communication topologies, components, certifications, security features, and related security concerns.


The IEEE amendment that enabled mobile WiMAX operations is IEEE 802.16e-2005. Prior to its release, deployment of WiMAX networks was limited to fixed operations by the IEEE 802.16-2004 standard. Additionally, IEEE 802.16e-2005 provided significant security enhancements to its predecessor by incorporating more robust mutual authentication mechanisms, as well as support for Advanced Encryption Standard (AES). Although the IEEE 802.16-2004 and 802.16e-2005 standards were released within a year of each other, IEEE 802.16e-2005 product certification did not start until 2008, and IEEE 802.16-2004 products are still used in today’s information technology (IT) environments. The most recently ratified standard is IEEE 802.16-2009, which consolidated IEEE 802.16-2004, IEEE 802.16e-2005, and other IEEE 802.16 amendments from 2004 through 2008. IEEE also released IEEE 802.16j-2009 to specify multi-hop relay networking. This publication addresses IEEE 802.16-2004, IEEE 802.16e-2005, IEEE 802.16-2009, and IEEE 802.16j-2009.


WiMAX wireless interface threats focus on compromising the radio links between WiMAX nodes. These radio links support both line-of-sight (LOS) and non-line-of-sight (NLOS) signal propagation. Links from LOS WiMAX systems are generally harder to attack than those from NLOS systems because an adversary would have to physically locate equipment between the transmitting nodes to compromise the confidentiality or integrity of the wireless link. WiMAX NLOS systems provide wireless coverage over large geographic regions, which expands the potential staging areas for both clients and adversaries. Like other networking technologies, all WiMAX systems must address threats arising from denial of service attacks, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation.


To improve WiMAX system security, organizations should implement the following recommendations: …