3. LITERATURE REVIEW
5.2 Hybrid Security Classification Approach to Attacks in WiMAX
5.2.1 Summary
WiMAX(World Wide Interoperability for Microwave Access) is a wireless com-munication technology that provides the possibility of last mile wireless broad-band access in order to replace cable and DSL. The end users have the possibility of using WiMAX as the primary connection medium for benefiting from services like VoIP connections, on-demand video screening and mobile banking transac-tions. Overall most of the WiMAX-related research has been concentrated on physical and MAC layers; from the beginning there has been attention to security issues when it comes to WiMAX due to previous experiences like Wifi, but it requires to be further investigated. Numerous security problems should be miti-gated in expected scenarios and for different types of users in the security stand-ard of WiMAX. In this research work, a novel hybrid classification approach will be provided based on a new perspective. In this attempt vulnerabilities and threats are classified meticulously into two categories. In addition to this the criteria’s of evaluation are also two that is explained later. Also attacks are classified in four classes together with their sub branches. The attacks are each explained shortly.
The important point is that those attacks which cannot be realized under real con-ditions are omitted and not taken into account. This perspective has led into a less scattered and more concentrated investigation.
There are many attacks which pose threats to WiMAX. Most of them affect the MAC layer because this layer is in charge of security issues. The focus will be mostly on the attacks associated with this layer. Many people in scientific com-munity have tried their best to classify and categorize the attacks and security issues of WiMAX and even some of them are so complete but the thing is that many of those attack are just according to pure theoretical grounds and some of them cannot happen under any circumstances. The second thing is that other clas-sification versions look so scattered and one cannot find an integration between them. The third point of being distinguishable is that by removing the absurd the-oretical attacks and having an integrated approach, our version will be more
com-prehendible and understandable even in a glance. In the same time maximum ef-forts have been made in order not to neglect important posing threats and attacks.
5.2.2 Objectives and Approaches
The attacks are categorized according to their kind into many classes. The attacks are categorized in 4 classes. As a result of the lack of some attack namings, re-spective names are coined with an arbitrary naming to boost the understandability of the dissertation. We classify the attacks based on the imposing risk to the sys-tem as: Major and Minor. This categorization is carried out by focusing on two criteria’s:
1) Probability of happening - This criteria implies the attack occurrence possibil-ity being carried out by utilizing the faults and system susceptibilities. The attack is counted as unlikely to happen if its costly, serious hurdles are on the way, or the risk of becoming known is high. An attack is foreseen in case its related costs/risks for the attacker are low and there are no impediments regarding the attack.
2) Effect on the system - This factor is a sign for the respective impact on the sys-tem, if the attack would be a successful one. The attack is counted as having low effect in case it influences a few users, for a short- limited time. An intrusion is counted as having a considerable impact if it influences a huge number of users for a remarkable time duration and leads to provider’s financial or confidentiality loss for many users.
5.2.3 Results
The results of the classification and categorization of the author have been pre-sented thoroughly, Based on author’s studies, the attacks which fell into the real-izable category were collected and sorted out in four different groups which are also integrated in their nature and provide a better and more precise understanding of the subject. In addition to this in scenarios when the attack was scarce, we have coined new labels. Finally the last point is that the attacks are only judged as be-ing “Major” or “Minor” like black and white and there is no categorization in between. The criteria’s of the classification are not something special or new and the author took these criteria’s also in the VoIP paper.
5.2.4 Contribution to the Research Area
Nowadays, one can find research papers that have highlighted some of the securi-ty flaws and vulnerabilities of the IEEE 802.16. In this dissertation we have taken a hybrid classification approach so that the attacks are categorized in 4 classes together with their sub branches. In addition to this all of them are labeled in terms of severity and the risk which they impose, based on criteria’s as probabil-ity of happening and the effect on the system. Furthermore, we evaluated briefly the characteristic of each attack. Finally our analysis made it clear that some at-tacks cannot be performed against the standard whereas majority of them can cause minor harm to the network.