Security in 802.16e

  • 959 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
959
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
35
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Security in 802.16e
    1
  • 2. Outline
    802.16e Security Introduction
    802.16e Network Architecture
    Security Architecture
    X.509 cerf.
    PKMv1
    RSAAuthentication
    PKMv2
    RSA based Authentication
    EAPbased Authentication
    Double EAP Authentication
    RSA and EAP Authentication
    2
  • 3. 802.16e Network Architecture
    3
  • 4. 802.16e Network model
    4
  • 5. Security Architecture
    Encapsulation protocol
    A set of supported cryptographic suites
    The rules for applying those algorithms to a MAC PDU payload
    Key management protocol
    Providing the secure distribution of keying data from the BS to the SS
    Authentication protocol
    RSA authentication protocol
    Extensible Authentica5555tion Protocol
    5
  • 6. Supported Cryptographic suites in 802.16e
    DES: Data Encryption ; AES: Advanced Encryption Standard ;
    CBC: Cipher Block-Chaining; CTR: Counter ;
    ECB: Electronic Codebook
    6
  • 7. Cryptographic technology
    7
  • 8. X.509 certificate
    8
  • 9. Private Key Management
    PKMv1
    Use in 802.16d
    Only support RSA authentication
    Only BS can authenticate SS
    PKMv2
    Support EAP authentication and RSA authentication
    MBS (Multimedia Broadcast Services)
    Key hierarchy
    New cryptographic technology
    BS has a certificate
    BS and SS can authenticate each other
    9
  • 10. PKMv1-Authentication and Authorization
    10
  • 11. PKMv1: Re-authentication
    Re-authentication 相較於開始的authentication少了傳送Authentication information 這個步驟
    為了避免中斷SS和BS之間的服務或連線,SS會在key lifetime快到的時候傳送Authorization request過去,然後BS和SS會同時啟動新的AK
    11
  • 12. PKMv1:TEK exchange
    BS
    Key Request
    [SS Certificate, SAID, HMAC-Digest]
    Key Reply
    • Encrypt TEK with SS’s public key
    [Key-Sequence-Number, SAID, TEK-Parameters, HMAC-Digest]
    Encrypted Data
    12
  • 13. Key hierarchy
    The PKMv2 defines hierarchy for keys
    Pre-PAK (pre-Primary AK) yielded by the RSA-based authorization process
    MSK yielded by the EAP based authentication process
    MBSAK from which keys used to protect MBS traffic are derived.
    13
  • 14. Key hierarchy (cont.)
    14
  • 15. PKMv2: RSA-based Authentication
    BS
    Authentication Information
    [Cert(manufacturer)]
    Authorization Request
    [Cert(MS), Security-Capabilities, MSRandom(64bits),SAID]
    Authorization Reply
    [Cert(BS),pre-PAK,PAK-Lifetime,PAK-SeqNumber,MSRandom,SA-Descriptor(s), BSRandom]
    Authorization ACK
    15
  • 16. PKMv2: RSA-based Authentication (cont.)
    RSA based authentication
    EIK|PAK <= Dot16KDF(pre-PAK,SS MAC address | BSID | ”EIK+PAK” , 320)
    AK<= Dot16KDF(PAK,SS MAC address | BSID | PAK|”AK” ,160)
    16
  • 17. PKMv2: EAP Authentication
    17
  • 18. PKMv2: EAP Authentication
    One level EAP based authentication
    Using the authentication exchange message to get MSK (Master session key)
    PMK<= truncate(MSK,160)
    AK<=Dot16KDF(PMK,SS MAC Address | BSID | “AK”,160)
    18
  • 19. PKMv2:Two level EAP Authentication
    • Step1:
    SS->BS: PKMv2_EAP_START (no attribute)
    SS<->BS: First round EAP conversation with PKMv2 EAP Transfer message without HMAC/CMAC Digest
    BS->SS:EAP_success
    BS->SS:EAP_complete [EAP payload|signedby EIK]
    • Step2:
    SS->BS:PKMv2_EAP_START signed by EIK
    BS->SS:PKMv2 Authenticated EAP [EAP- Identity/Request]
    SS<->BS:Second EAP conversation with PKMv2 Authenticated EAP message signed by EIK
    當Step2successSS和BS可以generate AK from PMK1 and PMK2
    19
  • 20. PKMv2 AK key derivation: Two level EAP-based
    20
  • 21. PKMv2:Two level EAP Reauthentication
    21
    Step1: SS->BS: PKMv2 EAP Start signed by H/CMAC Key_U
    SS<->BS: EAP conversation with PKMv2 EAP Transfer message
    BS->SS: PKMv2 EAP Complete signed by AK
    Step2:SS->BS: PKMv2 EAP Start signed by H/CMAC_Key_U
    SS<->BS: PKMv2 EAP Transfer signed by AK
  • 22. PKMv2 :RSA+EAP basedAuthentication
    First round :execute RSA-based authorization
    Second round:execute Double EAP mode
    22
  • 23. PKMv2 AK key derivation:RSA+EAP based
    23
  • 24. KEKand Message Authentication code generation
    24
  • 25. KEKand Message Authentication code generation (cont.)
    25
  • 26. PKMv2: SA-TEK 3-Way handshake
    26
  • 27. Conclusion
    27
    Authentication & authorization
    It improves single authentication to become mutual authentication between SS and BS
    It reduces the possibility of fake BS attack
    Data privacy 
    IEEE 802.16e add secure encryption standard such as AES-key-wraps.
    Key exchange
    Add new method to protect integrity and support MBS