1. IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-08-0268-00-0sec
Title: WiMAX Access Network Security
Date Submitted: September 10, 2008
Presented at IEEE session #28 in Big Island
Authors or Source(s):
 Shubhranshu Singh, Subir Das
Abstract: Study of WiMAX Access Network Security
sec

2. IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws < and in Understanding Patent Issues During IEEE Standards Development
IEEE presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual < and in Understanding Patent Issues During IEEE Standards Development
sec

3. Network Reference Model
ASN: Access Service Network
CSN: Connectivity Service Network
MS: Mobile Station

4. ASN Reference Model
With Single ASN-GW
With multiple ASN-GW

5. ASN Security Architecture
Functional Entities
Authenticator
Same as EAP authenticator
Authentication Relay
Relays EAP packets (unmodified) via an authentication relay protocol
Key Distributor
Key holder for MSK, PMK
Distributes AK and context to key receiver via AK transfer protocol
Key Receiver
Key holder for AK & derives e specified keys from AK

6. ASN Security Architecture
Integrated Model
Authentication
Relay
Authentication
Relay protocol
Authenticator
AK transfer
protocol
Key Receiver
Key Distributor BS

7. ASN Security Architecture
Standalone Model
Authentication
Relay
Authenticator
Authentication
Relay protocol
AK transfer
protocol
Key Receiver
Key Distributor BS
Single Device

8. Authentication Relay Protocol

9. Authentication & Authorization
Authenticator
ASN
AAA Proxy (s)
AAA Server
Home CSN BS
ASN
Link Up & SBC exchange
EAP request / Identity
EAP response / Identity
EAP over Radius/Diameter
EAP Method (EAP-TLS, etc)
MSK Transport
Master session key (MSK) established in MS and AAA server
Pairwise Master Key (PMK) established
in MS and Authenticator
Authorization key (AK) established in MS and authenticator
AK transferred to the BS
PKMv2 procedure (SA-TEK 3 way handshake)
Registration
Path establishment
Supplicant MS
PKMv2 Procedures

10. Handoff optimization guidelines
Same Authenticator Domain
AK is validated by signing and verifying a frame via the CMAC using the AK which is newly generated from the same PMK as long as the PMK remains valid
Validating the AK is usually combined with the procedure of ranging which include e RNG-REQ and RNG-RSP with CMAC tuple
Different Authenticator Domain
PMK cannot be shared