Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in 802.16e 1. Outline  802.16e Security Introduction  802.16e Network Architecture  Security Architecture  X.509 cerf.  PKMv1  RSA Authentication.

Similar presentations

Presentation on theme: "Security in 802.16e 1. Outline  802.16e Security Introduction  802.16e Network Architecture  Security Architecture  X.509 cerf.  PKMv1  RSA Authentication."— Presentation transcript:

1 Security in e 1

2 Outline  e Security Introduction  e Network Architecture  Security Architecture  X.509 cerf.  PKMv1  RSA Authentication  PKMv2  RSA based Authentication  EAP based Authentication  Double EAP Authentication  RSA and EAP Authentication 2

3 802.16e Network Architecture 3

4 802.16e Network model 4

5 Security Architecture  Encapsulation protocol  A set of supported cryptographic suites  The rules for applying those algorithms to a MAC PDU payload  Key management protocol  Providing the secure distribution of keying data from the BS to the SS  Authentication protocol  RSA authentication protocol  Extensible Authentica5555tion Protocol 5

6 Supported Cryptographic suites in e Data Encryption/key Length (Bits) Data AuthenticationTEK Encryption/Key Length (Bits) None 3-DES/128 DES CBC/56None3-DES/128 None RSA/1024 DES CBC/56NoneRSA/1024 AES CCM/128 AES ECB/128 AES CCM/128 AES key wrap/128 AES CBC/128NoneAES ECB/128 AES CTR/128NoneAES ECB/128 AES CTR/128NoneAES key wrap/128 DES: Data Encryption ; AES: Advanced Encryption Standard ; CBC: Cipher Block-Chaining ; CTR: Counter ; ECB: Electronic Codebook 6

7 Cryptographic technology PKMv1PKMv2 Data En/Decryption56 bit CBC-Mode DES 128 bit CCM-Mode AES 128 bit CBC-Mode AES 128 bit CTR-Mode AES Data AuthenticationNot Support128 bit CCM-Mode AES Key GenerationNot DefineDot16KDF Key En/Decryption128bit EDE-Mode 3-DES 1024 bit RSA 128 bit ECB-Mode AES 128 bit AES-Key-Wrap 7

8 X.509 certificate 8

9 Private Key Management  PKMv1  Use in d  Only support RSA authentication  Only BS can authenticate SS  PKMv2  Support EAP authentication and RSA authentication  MBS (Multimedia Broadcast Services)  Key hierarchy  New cryptographic technology  BS has a certificate  BS and SS can authenticate each other 9

10 PKMv1-Authentication and Authorization 10

11 PKMv1: Re-authentication  Re-authentication 相較於開始的 authentication 少了傳送 Authentication information 這個步驟  為了避免中斷 SS 和 BS 之間的服務或連線, SS 會在 key lifetime 快到的時候傳送 Authorization request 過去, 然後 BS 和 SS 會同時啟動新的 AK 11

12 PKMv1:TEK exchange BS Key Request Key Reply [SS Certificate, SAID, HMAC-Digest] [Key-Sequence-Number, SAID, TEK- Parameters, HMAC-Digest] Encrypted Data Encrypt TEK with SS’s public key 12

13 Key hierarchy  The PKMv2 defines hierarchy for keys  Pre-PAK (pre-Primary AK) yielded by the RSA-based authorization process  MSK yielded by the EAP based authentication process  MBSAK from which keys used to protect MBS traffic are derived. 13

14 Key hierarchy (cont.) Pre-PAK: pre-Primary AKMTK: MBS Transport Key AK: AuthorizationEIK: EAP Integrity Key MAK: Multicast and Broadcast Service AK MGTEK: MBS Group Traffic Encryption Key KEK: Key Encryption KeyTEK: Traffic Encryption Key GKEK: Group Key Encryption Key GTEK: Group Traffic Encryption Key 14

15 PKMv2: RSA-based Authentication BS Authentication Information Authorization Request [Cert(manufacturer)] [Cert(MS), Security-Capabilities, MSRandom(64bits),SAID] Authorization Reply [Cert(BS),pre-PAK,PAK-Lifetime,PAK- SeqNumber,MSRandom,SA-Descriptor(s), BSRandom]  Authorization ACK 15

16 PKMv2: RSA-based Authentication (cont.)  RSA based authentication  EIK|PAK <= Dot16KDF(pre-PAK,SS MAC address | BSID | ” EIK+PAK ”, 320)  AK<= Dot16KDF(PAK,SS MAC address | BSID | PAK| ” AK ”,160) 16

17 PKMv2: EAP Authentication 17

18 PKMv2: EAP Authentication  One level EAP based authentication  Using the authentication exchange message to get MSK (Master session key)  PMK<= truncate(MSK,160)  AK<=Dot16KDF(PMK,SS MAC Address | BSID | “ AK ”,160) 18

19 PKMv2:Two level EAP Authentication  Step1: SS->BS: PKMv2_EAP_START (no attribute) SS BS: First round EAP conversation with PKMv2 EAP Transfer message without HMAC/CMAC Digest BS->SS:EAP_success BS->SS:EAP_complete [EAP payload|signed by EIK]  Step2: SS->BS:PKMv2_EAP_START signed by EIK BS->SS:PKMv2 Authenticated EAP [EAP- Identity/Request] SS BS:Second EAP conversation with PKMv2 Authenticated EAP message signed by EIK 當 Step2 success SS 和 BS 可以 generate AK from PMK1 and PMK2 19

20 PKMv2 AK key derivation: Two level EAP- based 20

21 PKMv2:Two level EAP Reauthentication 21  Step1: SS->BS: PKMv2 EAP Start signed by H/CMAC Key_U SS BS: EAP conversation with PKMv2 EAP Transfer message BS->SS: PKMv2 EAP Complete signed by AK  Step2: SS->BS: PKMv2 EAP Start signed by H/CMAC_Key_U SS BS: PKMv2 EAP Transfer signed by AK

22 PKMv2 :RSA+EAP based Authentication  First round :execute RSA-based authorization  Second round:execute Double EAP mode 22

23 PKMv2 AK key derivation:RSA+EAP based 23

24 KEK and Message Authentication code generation 24

25 KEK and Message Authentication code generation (cont.) 25

26 PKMv2: SA-TEK 3-Way handshake 26

27 Conclusion 27  Authentication & authorization  It improves single authentication to become mutual authentication between SS and BS  It reduces the possibility of fake BS attack  Data privacy  IEEE e add secure encryption standard such as AES-key- wraps.  Key exchange  Add new method to protect integrity and support MBS

Download ppt "Security in 802.16e 1. Outline  802.16e Security Introduction  802.16e Network Architecture  Security Architecture  X.509 cerf.  PKMv1  RSA Authentication."

Similar presentations

Ads by Google