[SATLUG] Re: WiMAX Security and BSidesSATX 2014

Sean Awaldt sean at awaldt.com
Fri Mar 14 19:15:30 CDT 2014


Thanks for posting that info, I meant to look it up today but lost track of
time.

Staying on the note of security, I just wanted to remind everyone that the
registration and call for papers are both open for BSidesSATX 2014. Active
duty military and students are free, everyone else is just $10!

http://www.securitybsides.com/w/page/75868889/BSidesSATX%202014

-- 
v/r

Sean Awaldt
On Mar 14, 2014 12:00 PM, <satlug-request at satlug.org> wrote:

> Send SATLUG mailing list submissions to
>         satlug at satlug.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://alamo.satlug.org/mailman/listinfo/satlug
> or, via email, send a message with subject or body 'help' to
>         satlug-request at satlug.org
>
> You can reach the person managing the list at
>         satlug-owner at satlug.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of SATLUG digest..."
>
>
> Today's Topics:
>
>    1. WiMAX MAC Security  (Chad Wilson)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 14 Mar 2014 09:42:48 -0700 (PDT)
> From: Chad Wilson <typedeaf at yahoo.com>
> Subject: [SATLUG] WiMAX MAC Security
> To: "satlug at satlug.org" <satlug at satlug.org>
> Message-ID:
>         <1394815368.83466.YahooMailNeo at web181501.mail.ne1.yahoo.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hi all. My first post to this mailing list!
>
> Last night at the SAT LUG meeting, a discussion about OSes for portable
> device led to a discussion on WiMAX security weaknesses.
> I made a suggestion that they could use shared key crypto to combat the
> threat of MITM attacks, and it was one persons opinion that cryptographic
> security could not be employed at MAC layer.
> I did a Google search on "WiMAX security" and wanted to share what I found.
>
> It appears that WiMAX uses IEEE 802.16 wireless protocol, which is chock
> full of security mechanisms employing just about every symmetric,
> asymmetric and hashing algorithm known to man.
> This article addresses several known vulnerabilities at the data link
> layer, specifically the man-in-the-middle attack:
>
>
> http://www.cse.wustl.edu/~jain/cse571-09/ftp/wimax2/#sec3.2.4
>
> The recommendation made by some security analysis team was to employ
> Diffie-Hellman key exchange at the MAC layer to solve the problem.
>
> Where I work, we deploy thousands of devices that communicate back to a
> centralized server using both Zigbee and a PPP internet connection over a
> private tunnel using the G3 mobile network.
>
> Zigbee, IEEE 802.15, is another wireless communications protocol that uses
> asymmetric key crypto at the MAC layer.
> We add the key to the device when the firmware is burned in. So the key is
> tied to a MAC address, which is also burned into the device.
>
> ------------------------------
>
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug
> Powered by Rackspace (http://rackspace.com)
>
> End of SATLUG Digest, Vol 122, Issue 6
> **************************************
>


More information about the SATLUG mailing list