**3.1. Multicast and broadcast service**

Multicast and Broadcast Service (MBS) of IEEE 802.16e is a new feature for broadband wireless standards [3]. It is a mechanism that allows a BS to distribute the same set of data to several MSs concurrently. As highlighted before, first the MSs need to be authenticated by the BS using PKMv2 [3]. After that, the Group Key Encryption Key (GKEK) and the Group Traffic Encryp‐ tion Key (GTEK) are established. IEEE 802.16e introduced the MBRA as a basic rekeying algorithm to generate, update and distribute the GKEKs and GTEKs upon member changes. The MBRA uses the GTEK which is shared among all MSs to encapsulate the data traffic. The BS generates the GKEK and the key is used to encapsulate the GTEK. The GKEK is also encapsulated by the KEK of each MS. Each MS has a unique KEK which is obtained from the AK. Although, the MBRA of MBS is quite well designed, it still suffers from efficiency and scalability problem and it does not address backward and forward secrecy [8, 18]. To explain this point, in the MBRA algorithm, the BS should unicast n messages, where n is the number of MS, with the aim of updating the group keys, which unfortunately would cause weak scalability due to the increased number of unicast messages. Moreover, when there are high numbers of MSs, and the effect of sending high volume of unicast/broadcast messages would increase communication costs, and consequently this will result in poor efficiency.

Rekeying algorithms in WiMAX networks need to execute using one of the following three events:


The MBRA algorithm of Mobile WiMAX which is a simple rekeying will only happen at the expiration time of GTEK or GKEK. As shown in Figure 5, from time to time, the BS broadcasts message (1) encrypted by GKEK to all MSs in order to update the GTEK as well as sending a unicast message (2) to all MSs which has been encapsulated by the KEK of each MS as shown by the equations below:

$$BS \Rightarrow all \ MS: \{GTEK\}\_{GKE} \tag{1}$$

**3.2. Rekeying algorithms**

affects-n phenomenon.

to this method being vulnerable to attacks [8, 9].

does not address the 1-affects-n phenomenon [17], very well.

As mentioned earlier, in the MBRA algorithm, the number of unicast messages on rekeying increase with the number of MS, and hence this method is neither scalable nor efficient. In addition, it does not address forward and backward secrecy, which consequently would lead

Key Management in Mobile WiMAX Networks

http://dx.doi.org/10.5772/56154

135

Researchers in [18] performed a detailed analysis of the MBRA algorithm and identified its deficiencies. They proposed an improved scheme to address the deficiencies identified. Even though their method showed some improvements on the MBRA, but they suffer a downside in that, the BS needs to send n (n being the number of MS) unicast messages upon every membership changes, which consequently resulted in the drastic drop in network efficiency for a large number of MSs. In addition, the proposed method also sends some plaintexts for message broadcasting, which could cause critical security breaches [19]. In fact, despite some improvements to the MBRA rekeying, the proposed method suffers from some security issues such as Denial of Service (DoS) [19] as well as poor scalability and efficiency. In addition, it

The authors in [20] proposed a new group key management protocol called Group-Based Key Distribution Algorithm (GKDA) in which the security keys are distributed into subgroups. The MBS group is first divided into N subgroups; hence, N GKEKs for the subgroups are used instead of one GKEK being shared among all MSs. By doing so, only that GKEK which is used for a certain subgroup needs to be updated whenever any membership change (e.g. leave event) occurs in that subgroup. The GKEK is encapsulated by each MS's KEK in the subgroup, and then unicast to each MS. Although the GKDA provides forward and backward secrecy, it is still not scalable and efficient enough, because when the number of MS in each subgroup grows bigger, the number of unicast messages to update GKEKs grows likewise. Nevertheless, GKDA is still better than MBRA in terms of reducing the number of unicast messages needed to perform updates of the group keys. In GKDA, the GTEK update mode is more lengthy because it consists of N GTEKs which are encapsulated by N GKEKs, and thus it consumes more energy to send the messages. Moreover, the scheme does not have a good support for 1-

In [21], the authors proposed an algorithm called Efficient sub-Linear rekeying Algorithm with Perfect Secrecy (ELAPSE) in order to address the problems of MBRA algorithm. Although this method solves the forward and backward secrecy problems, it suffers from some weaknesses in terms of scalability and efficiency. In ELAPSE, when member join or leave events happen frequently within a large group, the overall performance will degrade due to communication and computational costs. This method is based on key hierarchy and sub-grouping of the MSs in the cell by means of a binary tree. ELASPE divides the number of MS into N=log (n,2) subgroups where n is the number of MS, and each subgroup keeps a set of hierarchical keys named Sub Group KEKs (SGKEKs) instead of a single GKEK. The number of subgroups (N) is defined in advance by the administrator depending on the application's requirements, i.e. the number of subgroups is permanent. The result is weak performance in terms of efficiency and scalability. We illustrate this issue by way of an example as shown in Figure 6, which shows a binary tree with four subgroups. All MSs maintain similar GTEK, and each MS in each

$$BS \to each \ MS: \left( GKEK \right)\_{KEK} \tag{2}$$

**Figure 5.** MBRA messages [19]

The nomenclatures are listed as in Table 1.


**Table 1.** Nomenclature of key management
