1 / 16

WiMAX Security( 簡介 ) - encryption - Public key infrastructure

WiMAX Security( 簡介 ) - encryption - Public key infrastructure. Why encryption?. Encryption a mechanism that protects data confidentiality and integrity plaintext to ciphertext. Encryption. Encryption is always applied to the MAC PDU payload;

oriana
Télécharger la présentation

WiMAX Security( 簡介 ) - encryption - Public key infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WiMAX Security(簡介)- encryption- Public key infrastructure

  2. Why encryption? • Encryption • a mechanism that protects data confidentiality and integrity • plaintext to ciphertext

  3. Encryption • Encryption is always applied to the MAC PDU payload; • the generic MAC header is not encrypted; some • management messages are not encrypted.

  4. Encryption -- WiMAX • WiMAX uses the Advanced Encryption Standard (AES) to produce ciphertext. • Receiver of the ciphertext simply reverses the process to recover the plaintext.

  5. Public key infrastructure • The WiMAX 802.16e-2005 standard uses the Privacy and Key Management Protocol version 2 (PKMv2) for securely transferring keying material between the base station and the mobile station. • PKMv2’s components • X.509 digital certificates • RSA public-key algorithm • Strong encryption algorithm to perform key exchanges between SS to BS. • PKMv2 mechanism • Validates user identity and establishes an authorization key (AK) • AK is used to derive the encryption key described in the previous section.

  6. Public key infrastructure • PKMv2 supports the use of the Rivest-Shamir-Adlerman (RSA) public key cryptographyexchange. • RSA public key exchange • requires that the mobile station establish identity using either a manufacturer-issued X.509 digital certificate or an operator-issued credential such as a subscriber identity module (SIM) card. • X.509 digital certificate contains the mobile station's Public-Key (PK) and its MAC address.

  7. X.509 加密資料 (public key) 解密資料 (private key)

  8. Public key infrastructure • The mobile station transfers the X.509 digital certificate to the WiMAX network, which then forwards the certificate to a certificate authority. The certificate authority validates the certificate, thus validating the user identity.

  9. Public key infrastructure • Once the user identity is validated, the WiMAX network uses the public key to create the authorization key, and sends the authorization key to the mobile station. The mobile station and the base station use the authorization key to derive an identical encryption key that is used with the AES algorithm.

  10. Privacy Key Management Subscriber Station Base Station 1. Authentication Information Message 2. Authorization Request (X.509(Public, Mac address), cryptographic , SS ID 3. Authentication Reply (public [AK], AK Sequence, AK lifetime, SAID) AK Encryption 4. Key Request (AK key Sequence, SAID, HMAC-Digest) 5. Key Reply (AK key Sequence , SAID, KEK [Old-TEK], KEK [New-TEK], HMAC-Digest) TEK Encryption 6. TEK Encryption

  11. Keys in 802.16 1.public key -- issue by manufacturer 2.authorization key (AK) -- distributed by the BS; refreshed periodically; encrypted by SS’s public key 3.Key encryption key(KEK) -- derived from AK by BS and SS. 4.Traffic encryption key (TEK) -- distributed by the BS; refreshed periodically; encrypted by KEK 5.Traffic -- encrypted / decrypted by TEK

  12. Access authentication

  13. User Authentication

  14. WiMAX Key Hierarchy and Distribution

More Related