Experts warn of WiMax security holes

Even before the much-hyped WiMax wide area wireless networking gets off the ground experts are warning of security issues affecting the technology.

Analyst firm ABI Research noted that, contrary to many users' expectations, WiMax does have "a number of security vulnerabilities".

"They say that if you don't learn from the past, you are doomed to repeat it, " said ABI vice president Stan Schatt.

"Early Wi-Fi consumers enjoyed a false sense of security until there were some well-publicised hacking exploits.

"The WiMax Forum has emphasised how much more secure WiMax is than early Wi-Fi. As a result, there may be WiMax customers who are similarly lulled into a false sense of security."

Schatt warned that the flaws should begin to show themselves once the first big WiMax rollouts begin.

Gaps in WiMax security fall into three categories: user terminals; intrusion detection; and connectivity service networks. User terminals will need encryption acceleration to handle AES processing demands.

In addition, access service networks at the edge of WiMax networks offer the ideal place for vendors to add intrusion detection and protection software and hardware.

The ABI report stated: "Connectivity service networks, as part of carrier back offices, will require stateful firewall software or robust firewall appliances, as well as additional Radius servers to handle the extra load imposed by roaming clients on WiMax authentication."

The study added that, with the exception of a few large corporations such as Motoro la, Nortel and Alcatel, few WiMax vendors have the internal expertise to fill all these gaps.

However, ABI noted that this lack of security support leaves the field open for smaller specialised developers to create and supply solutions.

"To some extent, WiMax security specialists will attempt to sell solutions directly to end-users," said Schatt.

"But the lesson learned from Wi-Fi is that these products are most attractive to customers when tightly integrated. So most WiMax security solutions will be offered through partnerships with WiMax equipment vendors.

"Like the early prospectors in the California gold rush, WiMax vendors may or may not strike it rich.

"But, like the merchants who sold miners their picks, shovels and necessary supplies, the providers of WiMax security tools - companies such as Cavium Networks, AirTight Networks and Redline Communications - will almost certainly prosper."

• WiMax faces fight from existing mobile operators
• Intel fires up first mobile WiMAX baseband chipset design
• WiMAX may challenge Asia 3G 'in five years'