The first obvious and straightforward application of WiMax is the retail wireless Internet access at a mobile basis, replacing today 3G Internet access of GSM and CDMA worldwide. Apart from that though, WiMax can be a real alternative for 4G wireless networks . The main problem in that is that there is not a market of an adequate size from vendors for personal mobile devices. This can be overcome if the demand rises, but it is a “chicken and egg” problem (the demand is waiting for the industry and the industry is waiting for the demand). WiMax was proposed as an alternative to DVB-T for the digital television, but DVB-T was preferred.
A very promising alternative use for WiMax is as a substitute for the last mile . The copper from the central offices of a provider to the subscriber’s premises is, usually in the Western World, public-owned and each provider pays a monthly fee for every local loop they use. As the management of the last mile across the country is a relatively difficult operation for a non-telecommunications company, in most cases the management (extension, upgrade, maintenance and of course the lease) is conducted by the incumbent telecommunications provider of each country ( eg British Telecom for the UK, Deutsche Telekom for Germany, KPN for the Netherlands, NTT for Japan etc), which is a now a privatized company and a former state monopoly. The contradiction of the incumbent of being simultaneously retail provider and manager of the access network used by its competitors (so the incumbent is responsible for activating the subscribers’ connections of its own competitors) leads to competition problems (margin squeeze, unethical competition with deliberately delayed activations and unfixed failures etc). The monopoly of the incumbent in the last mile cannot be easily overcome in many cases, even though many regulatory efforts have been made. The only 100% effective solution is to change the physical medium of the last mile. One solution is fibers, with Fiber To The Home (FTTH) networks, but when we talk about wireless solutions, this could be WiMax. One Base Station with a WiMax antenna can cover an area of tens of square kilometers ( , with r the cell radius) and (in theory even) hundreds of thousands of potential subscribers. In this case, the activation of the services would not depend on the last mile manager company, but on the provider itself, as only a terminal device (Customer’s Premises Equipment) and the credentials would be needed. Unfortunately for the competition, this has not worked in almost any country. It is characteristic that for example in Greece, the incumbent (OTE, former state monopoly and Deutsche Telekom owned today) has bided for a WiMax license, won it, but never used it commercially, for some analysts just in order to block the WiMax penetration and to keep its competitors dependent on the last mile that OTE manages.
Regulation in WiMax is mainly focused on the spectrum used. The channels at 2.5 and 3.5 GHz need a license, while the ones at 5.8 GHz do not. Licenses in countries are either given in auctions or at a first-come-first-serve basis . Just like GSM and all other wireless communications, spectrum shortage is a critical issue. Especially for the lower frequencies (which are more attractive, as they experience less attenuation over distance), there is a significant spectral congestion with loads of technologies claiming part of the spectrum.
There are a few security issues in WiMax mainly coming mainly from the fact that the physical medium (air interface) is shared and not dedicated for each user. Confidentiality and resistance to interception and eavesdropping are the main concerns. Message authentication is needed in order to ensure the integrity of both the message and the sender, while Denial of Service (DoS) attacks affect the availability of the service. The main types of attacks are: man-in-the-middle attack, message replay attack on authentication and authenticated key formation protocols, parallel session attack, interleaving attack, attack due to type flaw, reflection attack, attack due to name omission and attack due to misuse of cryptographic services. In the IEEE 802.16 standard, the privacy sublayer (PS) is on top of the physical layer, so the PS guards only the data link layer and not the physical layer, leaving it in general vulnerable to attacks .
Jamming is conducted with a source of strong noise in order to decrease the channel capacity, causing DoS problems, but it is easily detected with radio analyzers. Scrambling is jamming for a short period for time, but it is not trivial to implement it, because synchronization at certain time intervals is needed. Identity theft is also an issue in WiMax, which is done by reprogramming a device with the hardware address of another device. This is also difficult to be done, as the attacker must keep transmitting at the exact timeslots that the Base Station is, of course with a stronger signal. Water torture attack is also possible, where a series of frames that drain the receiver’s battery are transmitted. This can be neutralized with a data authenticity technology. There are two types of certificate in WiMax: one of the manufacturer’s and one at the Subscriber Station. There is not a certificate for the Base Station, so the Subscriber Station certificate is verified with a public key, making the scheme vulnerable. If there also is a Base Station certificate, making a mutual authentication, this vulnerability will vanish. Furthermore, the state of the Security Associations (SA) does not differentiate from one timeslot to the other, so a replay attack is possible. Also, the Cipher Block Chaining uses a 56-bit key, which can be decrypted with brute force with present computing power. Finally, an Authorization Key (AK) lasts for up to 70 days, while a Traffic Encryption Key (TEK) for 30 minutes, so a data Security Associations can use 3.360 TEK’s over the AK’s lifetime. The Security Associations Identifier is 2 bits long, but for 3.360 at least 12 bits are needed ( different TEK’s) .
Security mechanisms are always expensive processes. They require extensive research, evaluation and implementation outcomes. The mobility of IEEE 802.16e makes WiMax more vulnerable to attacks, so more precautions must be taken. Nevertheless, we must always keep in mind that “what locks, can be unlocked”.