Scribd Logo
Upload

Welcome to Scribd!

  • Part 8 - WiMAX Security

    Uploaded by

    Tân Hoàng
    24 views34 pages
    The document discusses WiMAX network security and is divided into several sections. It begins with an introduction to WiMAX standards and security evolution. It then describes the lower layers of WiMAX including the MAC layers, physical layers, and frame structures. The next sections cover security according to the 802.16-2004 and 802.16e standards, including the hierarchy of keys used and authentication processes. Threats to WiMAX security are also briefly discussed.

    Original Description:

    Original Title

    Part 8 - WiMAX Security.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses WiMAX network security and is divided into several sections. It begins with an introduction to WiMAX standards and security evolution. It then describes the lower layers of WiMAX including the MAC layers, physical layers, and frame structures. The next sections cover security according to the 802.16-2004 and 802.16e standards, including the hierarchy of keys used and authentication processes. Threats to WiMAX security are also briefly discussed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    24 views34 pages

    Part 8 - WiMAX Security

    Uploaded by

    Tân Hoàng
    The document discusses WiMAX network security and is divided into several sections. It begins with an introduction to WiMAX standards and security evolution. It then describes the lower layers of WiMAX including the MAC layers, physical layers, and frame structures. The next sections cover security according to the 802.16-2004 and 802.16e standards, including the hierarchy of keys used and authentication processes. Threats to WiMAX security are also briefly discussed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 34

    WELCOME TO

    WIRELESS AND MOBILE


    NETWORK SECURITY
    Chapter 8: WiMAX Security

    ➢ Introduction
    ➢ WiMAX low layers
    ➢ Security according to 802.16-2004
    ➢ Security according to the IEEE-802.16e
    standard
    ➢ The role of the smart card in WiMAX
    infrastructures

    11/3/2021 503075 – Welcome 2


    Introduction

    ▪ The IEEE 802.16 standard deals with last mile network


    technologies. It is intended for the building of Wireless
    Metropolitan Area Networks (WMANs) supporting indoor
    or outdoor features. These are aimed at fixed, nomadic or
    large mobility uses (a car moving at normal speed for
    example). It is a flexible framework, compatible with a large
    range of frequencies such as 10-66 GHz or 2-11 GHz.

    11/3/2021 503075 – Welcome 3


    Introduction

    ➢ A brief history

    11/3/2021 503075 – Welcome 4


    Introduction

    ➢ Some markets
    ▪ Topology

    11/3/2021 503075 – Welcome 5


    Introduction

    ➢Topology

    11/3/2021 503075 – Welcome 6


    Introduction

    ➢Security evolution in WiMAX standards


    The security of exchanges between subscribers and the headend is
    based on several parameters: a cookie, a cryptographic key computed
    via a Diffie Hellman procedure, and two random numbers generated by
    each entity. The MAC frames are ciphered by the DES algorithm, with a
    key size of 40 or 56 bits.

    11/3/2021 503075 – Welcome 7


    WiMAX low layers

    ▪ Conforming to the IEEE 802 LAN models, the logical


    architecture of a node is divided in two subsets

    11/3/2021 503075 – Welcome 8


    WiMAX low layers

    ➢MAC layers
    ▪ The convergence sub-layer (CS)
    ▪ The common part sub-layer (CPS)
    ▪ The privacy sub-layer (PS)

    11/3/2021 503075 – Welcome 9


    WiMAX low layers

    ➢The physical layer


    ▪ WirelessMAN-SC PHY layer
    ▪ WirelessMAN-OFDM PHY layer
    ▪ WirelessMAN-OFDMA PHY layer
    ▪ WirelessMAN-SOFDMA (scalable OFDMA)

    11/3/2021 503075 – Welcome 10


    WiMAX low layers

    ➢Connections and OSI interfaces

    11/3/2021 503075 – Welcome 11


    WiMAX low layers

    ➢MAC frame structure

    11/3/2021 503075 – Welcome 12


    WiMAX low layers

    ➢The management frames

    11/3/2021 503075 – Welcome 13


    WiMAX low layers

    ➢ Connection procedure of a subscriber to the


    WiMAX network

    11/3/2021 503075 – Welcome 14


    WiMAX low layers

    ➢ Connection procedure of a subscriber to the


    WiMAX network

    11/3/2021 503075 – Welcome 15


    Security according to
    802.16-2004
    Keys Features
    Khóa này được truyền bởi BS và được mã hóa nhờ khóa công khai
    Authorization Key
    của người đăng ký. Các khoá KEK và HMAC được tính trực tiếp từ
    (AK)
    giá trị AK.

    Key Encryption Key Giá trị khóa này được suy ra từ AK bởi BS và người đăng ký. Nó
    (KEK) được sử dụng để mã hóa và giải mã các khóa TEK.

    Khóa này được BS giao cho thuê bao. Giá trị khóa được mã hóa bởi
    Traffic Encryption
    khóa KEK theo thuật toán được thương lượng trong quá trình trao
    Key (TEK)
    đổi PKM. Nó được sử dụng để mã hóa các khung dữ liệu.

    HMAC key Các phím HMAC được suy ra từ giá trị AK. Chúng được liên kết với
    HMAC_KEY_D thuật toán HMAC và cho phép chúng ta xác thực khung quản lý
    HMAC_KEY_U HMAC_KEY_U) và đường xuống (HMAC_KEY_D).
    HMAC_KEY_S HMAC_KEY_S chỉ được sử dụng cho cơ sở hạ tầng MESH.

    11/3/2021 503075 – Welcome 16


    Security according to
    802.16-2004
    ➢ Authentication, authorization and key distribution
    ▪ PKM authentication and authorization by the PKM protocol

    11/3/2021 503075 – Welcome 17


    Security according to
    802.16-2004
    ➢ Authentication, authorization and key distribution
    ▪ TEK key distribution procedure

    11/3/2021 503075 – Welcome 18


    Security according to
    802.16-2004
    ➢ Security associations
    ▪ Security association for management frames authentication
    ▪ Security associations for data coding

    11/3/2021 503075 – Welcome 19


    Security according to
    802.16-2004

    ➢ Cryptographic elements
    ▪ Encryption and decryption of the AK

    11/3/2021 503075 – Welcome 20


    Security according to
    802.16-2004

    ➢ Cryptographic elements
    ▪ Calculation of the KEK and HMAC keys
    ▪ The KEK and the keys associated with the HMAC algorithms are
    deduced from the AK thanks to the following procedures:
    • KEK= Truncate(SHA1(K_PAD_KEK | AK),128), the value K_PAD_KEK
    being a fixed number of 512 bits.
    • HMAC_KEY_D= SHA1(H_PAD_D | AK);
    • HMAC_KEY_U= SHA1(H_PAD_U | AK);
    • HMAC_KEY_S = SHA1(H_PAD_D | OperatorSharedSecret).

    11/3/2021 503075 – Welcome 21


    Security according to
    802.16-2004

    ➢ A brief overview of the IEEE 802.16-2004 threats


    ▪ Attacks at the PHY level
    ▪ Attacks at the MAC level

    11/3/2021 503075 – Welcome 22


    Security according to the
    IEEE-802.16e standard

    11/3/2021 503075 – Welcome 23


    Security according to the
    IEEE-802.16e standard

    ➢ Hierarchy of the keys


    Keys Characteristics
    Pre Primary AK This key is managed by the BS, and encrypted by the subscriber’s public
    Pre-PAK key, during an optional PKM-RSA process.
    This key is deduced from the pre-PAK key, thanks to the Dot16KDF
    Primary AK
    function and input parameters such as the subscriber‘s MAC address and
    PAK
    the BS identifier. This value is involved in the calculation of the AK.
    Master Session Key This key is obtained at the end of a first EAP authentication session. It is
    MSK used for the calculation the EIK and PMK keys.
    This key is calculated from the pre-PAK or the MSK. It is used for
    EAP Integrity Key authenticating EAP messages, during the first occurrence (EIK=f(pre-
    EIK PAK)) or for other occurrences (EIK=f(MSK)) of an authentication
    session.
    Master Session Key 2 This key is obtained from a second EAP authentication session. It is used
    MSK2 for the calculation of the PMK2.
    Pairwise Master Key This key is calculated from the MSK value. It is used for the calculation
    PMK of the AK.
    Pairwise Master Key 2 This key is deducted from the MSK2 value. It is used for the calculation
    PMK2 of the AK.
    11/3/2021 503075 – Welcome 24
    Security according to the
    IEEE-802.16e standard

    ➢ Hierarchy of the keys


    Pairwise Master Key This key is calculated from the MSK value. It is used for
    PMK the calculation of the AK.
    Pairwise Master Key 2 This key is deducted from the MSK2 value. It is used for the
    PMK2 calculation of the AK.
    This is obtained thanks to the Dot16KDF function with input
    Authorization Key
    parameters such as the PAK, PMK, PMK2, subscriber’s MAC
    AK
    address and BS identifier.
    Key Encryption Key The KEK is deduced from the AK value. It is used for the
    KEK encryption of TEKs.
    This key, is generated by the BS and is transmitted encrypted
    Traffic Encryption Key
    to the subscriber thanks to the KEK. It is used for the
    TEK
    encryption of data frames.
    CMAC or HMAC keys used In general, this key is deduced from the AK, the subscriber’s
    for uplink channels MAC address and from the BS identifier. It authenticates
    C/HMAC_Key_U uplink messages.
    CMAC or HMAC used for In general, this key is deduced from the AK, the subscriber’s
    downlink channels MAC address and from the BS identifier. It authenticates
    C/HMAC_Key_D downlink messages.
    11/3/2021 503075 – Welcome 25
    Security according to the
    IEEE-802.16e standard

    ➢ Hierarchy of the keys


    This key is generated by the BS and transmitted encrypted
    Group Key Encryption Key
    to the subscriber thanks to the TEK. It is used for the
    GKEK
    encryption of the GTEK

    CMAC or HMAC group keys


    This key is calculated from the GKEK. It is used for some
    used for downlink channels
    messages of the PKMv2 protocol.
    C/HMAC_Key_GD

    Group Traffic Encryption This key is produced in a random fashion by the BS and is
    Key transmitted to the subscribers, encrypted by GKEK. It is used
    GTEK for transmitting data to the members of a group.

    This key is deduced from a GTEK and from a secret value


    MBS Transport Key MAK (MBS AK) whose distribution is not described by the
    MTK standard. This value is used for broadcasting services such as
    Pay TV.

    11/3/2021 503075 – Welcome 26


    Security according to the
    IEEE-802.16e standard

    ➢ Authentication with PKMv2-RSA

    11/3/2021 503075 – Welcome 27


    Security according to the
    IEEE-802.16e standard

    ➢ Authentication with PKMv2-EAP

    11/3/2021 503075 – Welcome 28


    Security according to the
    IEEE-802.16e standard

    ➢ SA-TEK 3-way handshake

    11/3/2021 503075 – Welcome 29


    Security according to the
    IEEE-802.16e standard

    ➢ TEK distribution procedure

    11/3/2021 503075 – Welcome 30


    Security according to the
    IEEE-802.16e standard

    ➢ (Optional) GTEK updating algorithm

    11/3/2021 503075 – Welcome 31


    Security according to the
    IEEE-802.16e standard

    ➢ The role of the smart card in WiMAX infrastructures

    11/3/2021 503075 – Welcome 32


    Security according to the
    IEEE-802.16e standard

    ➢ The role of the smart card in WiMAX infrastructures

    11/3/2021 503075 – Welcome 33


    Q&A

    11/3/2021 502047 – Welcome 34

    You might also like