Shared Authentication Information for Preventing DDoS attacks in Mobile WiMAX Networks

Recent broadband wireless technologies such as HSDPA and mobile WiMAX achieve high data rate transmission, making wireless networking environments more similar to wired environments. As a result, wireless networks are also being exposed to DDoS attack. In this paper, we consider a possible DDoS attack in mobile WiMAX networks and solve this problem by using our proposed shared authentication information (SAI). SAI exploits unused upper 64 bits of the 128-bit cipher-based message authentication code (CMAC) which has been designed to provide the integrity of management message. In the mobile WiMAX network, the lower significant 64 bits of CMAC are truncated and used. Therefore we are able to use the upper 64 bits for our SAI while assuring the same level of security guaranteed by CMAC. Since SAI can be obtained from CMAC calculation, no additional calculations or message exchanges are required for sharing SAI and only the entity having the CMAC key can know SAI. Owing to these properties, using SAI can be a simple defense mechanism against DDoS attack without incurring overhead at access service network gateway (ASN GW) and base station (BS).