Presentation is loading. Please wait.

Presentation is loading. Please wait.

IEEE MEDIA INDEPENDENT HANDOVER DCN: sec

Similar presentations


Presentation on theme: "IEEE MEDIA INDEPENDENT HANDOVER DCN: sec"— Presentation transcript:

1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-08-0268-01-0sec
Title: WiMAX Access Network Security Date Submitted: September 10, 2008 Presented at IEEE session #28 in Big Island Authors or Source(s):  Shubhranshu Singh, Subir Das Abstract: Study of WiMAX Access Network Security sec

2 IEEE 802.21 presentation release statements
This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws < and in Understanding Patent Issues During IEEE Standards Development IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual < and in Understanding Patent Issues During IEEE Standards Development sec

3 Network Reference Model
ASN: Access Service Network CSN: Connectivity Service Network MS: Mobile Station

4 ASN Security Architecture
Functional Entities Authenticator Same as EAP authenticator Authentication Relay Relays EAP packets (unmodified) via an authentication relay protocol Key Distributor Key holder for MSK, PMK Distributes AK and context to key receiver via AK transfer protocol Key Receiver Key holder for AK & derives e specified keys from AK

5 ASN Reference Model Single ASN-GW Multiple ASN-GWs

6 ASN Security Architecture
Integrated Model Authentication Relay Authentication Relay protocol Authenticator AK transfer protocol Key Receiver Key Distributor BS

7 ASN Security Architecture
Standalone Model Authentication Relay Authenticator Authentication Relay protocol AK transfer protocol Key Receiver Key Distributor BS ASN-GW

8 Authentication Relay Protocol

9 Authentication & Authorization
Authenticator ASN AAA Proxy (s) AAA Server Home CSN BS ASN Link Up & SBC exchange EAP request / Identity EAP response / Identity EAP over Radius/Diameter EAP Method (EAP-TLS, etc) MSK Transport Master session key (MSK) established in MS and AAA server Pairwise Master Key (PMK) established in MS and Authenticator Authorization key (AK) established in MS and authenticator AK transferred to the BS PKMv2 procedure (SA-TEK 3 way handshake) Registration Path establishment Supplicant MS PKMv2 Procedures

10 Security Credentials Within one Authenticator Domain AK is newly generated from the same PMK (as long as PMK is valid) Validating the AK is usually combined with the procedure of ranging which include e RNG-REQ and RNG-RSP with CMAC tuple Between Authenticator Domains PMK cannot be shared and therefore AK can not be generated using the same PMK


Download ppt "IEEE MEDIA INDEPENDENT HANDOVER DCN: sec"

Similar presentations


Ads by Google