WiMAX Security:
Solutions for Secure 802.16

Published: August 2007
41 Pages
Author: Ahmed M. Abdelsalam
Single-user $ 95 US
 Company-wide $ 495 US

Two Ways to Order

(1) Order by FAX - CLICK HERE (PDF)
or
(2) Order On-line with Credit Card (see below)


Order via Secure E-commerce
Click "Order Now" below:

Single-user

$ 95 US
 Company-wide

$ 495 US

Also see: Broadband Wireless: WiMax Industry

Overview

Data security has become a major issue in most network protocols. This is due to the increasing importance of information. Due to this importance, different security protocols were designed, and deployed with network standards in order to add the security. This publicaton addresses the security protocols defined by one of the modern wireless communication standards, the Broadband Wireless Access, commonly known as WiMAX, a fast evolving technology that is used to form wide range wireless networks with dramatically high data rate of information transfer.

WiMAX opens the door to thousands of applications that make use of the solid wireless backbone to connect people together. With the high data rate, applications will include video transfer, voice calls, and many other services. All those types of applications will require a solid secure medium to operate and exchange information safely. This is what the IEEE decided to add to the WiMAX standard in its both versions - fixed and mobile broadband wireless access. This publication contains information about security schemes defined by IEEE, including authorization, data authentication and data security. It covers these topics from the implementation point of view by giving information about implementing those different types of protocols into a WiMAX subscriber/base station system.
Key Findings
  • Importance of WiMAX Security
  • Standards of WiMAX Security
  • WiMAX Security architecture
  • What is Public Key Management (PKM) Protocol?
  • PKM version 1 Authentication, Security Associations, Authorization Management and Traffic Encryption Keys Management
  • PKM version 2 Authentication, Security Associations, Authorization Management and Traffic Encryption Keys Management
  • RSA-based authorization. Theory, Advantages, and Disadvantages
  • Extensible Authentication Protocol (EAP). Theory, Advantages, and Disadvantages
  • Cryptography algorithms and standards used in WiMAX Security
  • How WiMAX services are protected from being theft
  • Detection of hackers and network attackers
  • X.509 digital certificate usage, how to obtain, and verification
  • Public Key Infrastructure usage within WiMAX Security
  • How to establish a secure conference meeting over WiMAX network
  • How to secure Multicast and Broadcast connections

Target Audience
  • Software and hardware developers of WiMAX solutions
  • Vendors of WiMAX devices that wish to develop certified WiMAX devices
  • Network Security developers working on development of new security protocols
  • Cryptography software and hardware developers working on developing advanced cryptographic modules and libraries
Table of Contents

Abstract. 2

Table of Contents. 3

Copyright 2007. 5

Introduction.. 6

WiMAX Security sublayer. 7

Architecture. 7

PKM Protocol. 8

PKM version 1. 9

Introduction. 9

Authentication. 9

Security Associations Management 10

Types of Security associations. 11

Primary Security Association. 11

Static Security Association. 11

Dynamic Security Association. 11

Security capabilities (Cryptographic Suite) 12

Security Capabilities Selection Process. 12

Data Encryption Algorithms. 13

Data Authentication Algorithms. 13

TEK Encryption Algorithms. 14

Authorization Key Management 14

Authorization Key Generation. 15

Authorization Key Transfer 15

Authorization Key State Machine. 15

Traffic Encryption Keys Management 16

PKM version 2. 17

Introduction. 17

Authentication. 17

RSA-based Authorization. 17

EAP-Based Authentication. 17

Security Associations Management 19

Unicast Security Associations (SA) 19

Multicast Security Associations (GSA) 19

Multicast Broadcast Group Security Associations (MBSGSA) 19

SA TEK 3Way Handshake Process. 20

Handover 20

Authorization Key Management 21

AK in case of RSA-based authorization. 21

AK in case of EAP-based authentication. 21

AK in case of EAP-based Authentication after RSA-based authorization. 22

AK in case of EAP-based authentication afteR EAP-based authentication. 22

Traffic Encryption Keys Management 22

Traffic Encryption Key (TEK) 22

Group Traffic Encryption Key (GTEK) 22

Group Key Encryption Key (GKEK) derivation. 23

Key Update Command. 24

MBS Traffic Key (MTK) 24

WiMAX Cryptography. 25

Introduction. 25

Traffic Encryption Algorithms. 25

Data encryption with DES in CBC mode. 25

DES Keys. 26

Data encryption with AES in CCM mode. 26

PDU payload format 26

PN (Packet Number) 27

Data encryption with AES in CTR mode. 27

Encrypted MBS PDU payload format 27

Data encryption with AES in CBC mode. 28

CBC IV generation. 28

Data Authentication Algorithms. 29

TEK Encryption Algorithms. 29

Encryption of TEK with 3-DES. 29

Encryption of TEK with RSA.. 29

Encryption of TEK-128 with AES. 30

Encryption of TEK-128 with AES Key Wrap. 30

HMAC-Digests. 30

HMAC authentication keys. 31

Cipher-based MAC (CMAC) digests. 31

Calculation of CMAC Value. 31

Key Encryption Keys (KEKs) 33

PKMv1 KEKs. 33

AES KEKs in PKMv2. 33

Encryption of GKEK in PKMv2. 33

Encryption of GKEK with 3-DES in PKMv2. 33

Encryption of GKEK with RSA in PKMv2. 34

Encryption of GKEK with ECB mode AES in PKMv2. 34

Encryption of GKEK with AES Key Wrap in PKMv2. 35

X.509 Digital Certificate. 35

Introduction. 35

X.509 Digital Certificate and 802.16 standard. 36

Importance of X.509 Digital Certificate in Wireless Networks. 37

VeriSign® X.509 Digital Certificates. 38

X.509 signature and Verification. 38

Public-key encryption of AK. 38

RSA Cryptography. 38

RSA Usage in IEEE 802.16 standard. 39

References. 40



Do you need independent WiMAX consulting or training?

Mind Commerce also provides independent and
customized research, consulting, and training

Contact Mind Commerce: Click Here or email at:
Research@MindCommerce.com
Consulting@MindCommerce.com or
Training@MindCommerce.com

Click here for Mind Commerce Training

Mind Commerce also accepts Request for Proposal (RFP)
RFP@MindCommerce.com


Go to Publications Main Page

Copyright © 2002-2007 Mind Commerce LLC
Mind Commerce® is a registered service mark of Mind Commerce LLC