11 WiMAX 安全子層於嵌入式系統下之探討與實現 Speaker: Yen-Jen Chen ( 陳燕仁 ) Advisor: Dr. Kai-Wei Ke ( 柯開維博士 ) Date: 07/28/2008 The research and implementation of WiMAX.

Slides:

Advertisements

Similar presentations

A Centralized Scheduling Algorithm based on Multi-path Routing in WiMax Mesh Network Yang Cao, Zhimin Liu and Yi Yang International Conference on Wireless.

Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Security Issues in Mobile WiMAX(IEEE e) Frank, A Ibikunle Covenant University, Electrical and Information Engineering Department, Ota IEEE.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

Security in e 1. Outline  e Security Introduction  e Network Architecture  Security Architecture  X.509 cerf.  PKMv1  RSA Authentication.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Cryptography and Network Security Chapter 17

Performance Analysis of the IEEE Wireless Metropolitan Area Network nmgmt.cs.nchu.edu.tw 系統暨網路管理實驗室 Systems & Network Management Lab Reporter ：黃文帥.

1 IEEE based Wireless MAN （ WiMAX ）架構下 IPTV Multicasting 系統之設計與研究 Design and Study of an IPTV multicating system over IEEE based Wireless.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Overview of IEEE Security Advisor: Dr. Kai-Wei Ke Speaker: Yen-Jen Chen Date: 03/26/2007.

A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.

Chapter 8 Web Security.

1 Security in d and e Advisor: Dr. Kai-Wei Ke Speaker: Yen-Jen Chen Date: 03/04/2008.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless and Security CSCI 5857: Encoding and Encryption.

1 /10 Pascal URIEN, IETF 69 th, Monday July 23 rd Chicago, IL, USA draft-urien-16ng-security-api-00.txt Security API for the IEEE Security Sublayer.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Speaker：Yi-Jie Pan Advisor：Dr. Kai-Wei Ke 2014/04/28

A Study of the Bandwidth Management Architecture over IEEE WiMAX Student :Sih-Han Chen Advisor : Ho-Ting Wu Date :

WiMax Security Introduction About WiMax WiMax security

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

A Multicast Mechanism in WiMax Mesh Network Jianfeng Chen, Wenhua Jiao, Pin Jiang, Qian Guo Asia-Pacific Conference on Communications, (APCC '06)

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

1 Understanding Secure Socket Layer (SSL) Advisor Advisor Prof. Tzonelih Hwang Presenter Prosanta Gope.

Your Wireless Network has No Clothes* William A. Arbaugh, Narendar Shankar Y.C. Justin Wan University of Maryland Presentation by Eddy Purnomo,

Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.

Cryptography and Network Security (CS435) Part Thirteen (IP Security)

Wireless Network Security CSIS 5857: Encoding and Encryption.

A Bandwidth Scheduling Algorithm Based on Minimum Interference Traffic in Mesh Mode Xu-Yajing, Li-ZhiTao, Zhong-XiuFang and Xu-HuiMin International Conference.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

WIMAX 聚合子層於嵌入式系統下之探討與實現 The research and implementation of WiMAX convergence sublayer system over an embedded system 1 Speaker: Chao-Sung Yah ( 葉昭松 )

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Cryptography CSS 329 Lecture 13:SSL.

Broadband Access Networks and Services Chapter 7 IEEE Standard Byeong Gi Lee Seoul National University EE Spring 2004.

1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.

Visit for more Learning Resources

Prasad Narayana, Yao Zhao, Yan Chen, Judy Fu (Motorola Labs)

The Secure Sockets Layer (SSL) Protocol

WIMAX聚合子層於嵌入式系統下之探討與實現

WiMAX安全子層於嵌入式系統下之探討與實現

Security in Wireless Metropolitan Area Networks (802.16)

Security in Wireless Metropolitan Area Networks (802.16)

Presentation transcript:

11 WiMAX 安全子層於嵌入式系統下之探討與實現 Speaker: Yen-Jen Chen ( 陳燕仁 ) Advisor: Dr. Kai-Wei Ke ( 柯開維博士 ) Date: 07/28/2008 The research and implementation of WiMAX security subsystem over an embedded system

22 Outline Introduction Overview of IEEE Security Overview of IEEE e-2005 Security IEEE Security Sublayer Implementation System Architecture Subsystem design System flow System over embedded system System test Conclusion and Future Work

33 MAC Privacy Sub-layer ● Provides secure communication Data encrypted with cipher clock chaining mode of DES ● Prevents theft of service SSs authenticated by BS using key management protocol

44 Security Architecture

Authentication 5

Key Derivation 6

Data Key Exchange 7

Data Encryption 8

99 Outline Introduction Overview of IEEE Security Overview of IEEE e-2005 Security IEEE Security Sublayer Implementation System Architecture Subsystem design System flow System over embedded system System test Conclusion and Future Work

10 Security Architecture

11 EAP authentication protocol EAP is a authentication framework not a specially authentication mechanism the four methods in e RSA based authentication One level EAP based authentication Two level EAP based authentication RSA based authentication followed by EAP authentication

12 EAP authentication protocol (Cont.) RSA based authentication One level EAP based authentication

13 EAP authentication protocol (Cont.) Two level EAP based authentication RSA based authentication followed by EAP authentication

14 Key hierarchy in the e

15

16 Outline Introduction Overview of IEEE Security Overview of IEEE e-2005 Security IEEE Security Sublayer Implementation System Architecture Subsystem design System flow System over embedded system System test Conclusion and Future Work

17 System Architecture Data Privacy subsystem (DPS) Get the data form different system Verify the data if encrypt or decrypt Dispatch the data to the subsystem Authentication subsystem (AS) Verify the certification Add the relative information Generate the AK (New one or Update old) Key Management subsystem (KMS) Save the information of the key (TEK KEK HMAC-keys etc.) Use AK to Generate key (KEK HMAC-key) Generate the TEK (New one or Update old) 17 Data Privacy subsystem (DPS) Get the data form different system Verify the data if encrypt or decrypt Dispatch the data to the subsystem Authentication subsystem (AS) Verify the certification Add the relative information Generate the AK (New one or Update old) Key Management subsystem (KMS) Save the information of the keys (TEK KEK HMAC-key etc.) Use AK to Generate key (KEK HMAC- key) Generate the TEKs (New one or Update old)

18 Subsystem design (Data Privacy Subsystem) Data Encryption Function Get key from key management subsystem Get the security algorithm from Security Suit Function Data Decryption Function Get key from key management subsystem Get the security algorithms from Security Suit Function Send the tek relative information to key management subsystem Send the certification to Authentication subsystem Security Suit Function Provide the different encrypt/decrypt algorithms and signature algorithm 18 Data Encryption Function Get key from Key Management subsystem Get the security algorithm from Security Suit Function Data Decryption Function Get key from Key Management subsystem Get the security algorithms from Security Suit Function Send the TEK relative information to key management subsystem Send the certification to Authentication subsystem Security Suit Function Provide the different encrypt/decrypt algorithms and signature algorithm

19 Subsystem design (Authentication Subsystem) 19 Content Checker function Send the AK relative information to AK Checker Send the Certification relative information to Certification Checker Get AK back from AK Checker or Certification Checker AK Checker function Get AK relative information from Content Checker Send AK generate message to AK Generator Send AK back to Content Checker Content Checker function Send the AK relative information to AK Checker Send the Certification relative information to Certification Checker Get AK back from AK Checker or Certification Checker AK Checker function Get AK relative information from Content Checker Send AK generate message to AK Generator Send AK back to Content Checker

20 Subsystem design (Authentication Subsystem) Certification Checker function Get Certification from Content Checker Send AK generate message to AK Generator Send AK back to Content Checker AK Generator function Get AK generate message from AK Checker or Certification Checker Send new AK to Key management subsystem, AK Checker,Certification Checker Certification Checker function Get Certification from Content Checker Send AK generate message to AK Generator Send AK back to Content Checker AK Generator function Get AK generate message from AK Checker or Certification Checker Send new AK to Key management subsystem, AK Checker,Certification Checker

21 Subsystem design (Key management Subsystem) Content Checker Function Get key request or tek relative information from DPS Send key request to Key checker Send tek relative information to TEK Checker Get new TEK or Request key info Key Checker Function Get key request message from Content Checker Get request key from Key Pool Send request key to Content Checker 21 Content Checker Function Get key request or TEK relative information from DPS Send key request to Key checker Send TEK relative information to TEK Checker Get new TEK or Request key info Key Checker Function Get key request message from Content Checker Get request key from Key Pool Send request key to Content Checker

22 Subsystem design (Key management Subsystem) TEK Checker Function Get TEK relative information from Content Checker Send key generate message to Key Generator Get new TEK form Key Generator Key Generator Function Get key generator message from TEK Checker Get New AK info from AS Key Pool Function Get new key info form Key Generator Send back the request key info TEK Checker Function Get TEK relative information from Content Checker Send key generate message to Key Generator Get new TEK form Key Generator Key Generator Function Get key generator message from TEK Checker Get New AK info from AS Key Pool Function Get new key info form Key Generator Send back the request key info

23 System flow (Uplink) 23

24 System flow (Downlink) 24

25 System over embedded system 25

26 System over embedded system Central Controller Communication Pros. Easy to implement Cons. Need extra effort Every sublayer do not Know the existence of others 26

27 System over embedded system Layered Communication Pros. Easy to do cross sublayer information exchange Cons. More complicated implementation 27

28 System over embedded system Class Diagram Data Generator Object Application class WiMAX Sublayer Object CSInterface class CommonPart class C_Sec_Core class Layer Controller Object Ctrl_CSInterface class Ctrl_CommonPart class Ctrl_ C_Sec_Core class Ctrl_Interface class Network Object Transmission class 28

29 System test 29

30 System test is the IP of SS is the IP of BS is the IP of relay node

31 System test Test 1 and Test 2 show that the system uses the different encrypt/decrypt algorithm (Exp 1) After the Test 1 and Test 2 the System Starts TEK key Request Procedure (Exp 2)

32 Test 3 and Test 4 show that the system uses the second TEK (Exp 3) Test 5 shows that the system uses the new TEK which got at Exp 2 (Exp 5) System test

33 Outline Introduction Overview of IEEE Security Overview of IEEE e-2005 Security IEEE Security Sublayer Implementation System Architecture Subsystem design System flow System over embedded system System test Conclusion and Future Work

Conclusion and future work Authentication X.509 certification exchange and verify Provide AK generator Update the AK before the lifetime end Key Management Manage the keys as KEK,TEK,HMAC keys Provide the Key Generator Keep the key fresh Update the TEK before the lifetime end Data privacy Data encrypt/decrypt algorithms (DES-CBC,AES-CCM) Key encrypt/decrypt algorithms (3DES,AES-ECB) Digest algorithms (HMAC-SHA1,HMAC-RSA) 34

35 Conclusion and future work Provide the security sublayer modules of d and e and reserve authentication architecture of e over the embedded system Integrate CS and CPS over embedded system Add the authentication of e Directly connect

Any Question? 36 Questions Any

37 Thank You ! Thanks for your listening

System test Test1 and Test2 show that the system uses the different encrypt/decrypt algorithm (Step1) Test3 and Test4 show that the system uses the second TEK Test5 shows that the system use the new TEK which got at Step2 38