1. Security in 802.16e 1

2. Outline  802.16e Security Introduction  802.16e Network Architecture  Security Architecture  X.509 cerf.  PKMv1  RSA Authentication  PKMv2  RSA based Authentication  EAP based Authentication  Double EAP Authentication  RSA and EAP Authentication 2

3. 802.16e Network Architecture 3

4. 802.16e Network model 4

5. Security Architecture  Encapsulation protocol  A set of supported cryptographic suites  The rules for applying those algorithms to a MAC PDU payload  Key management protocol  Providing the secure distribution of keying data from the BS to the SS  Authentication protocol  RSA authentication protocol  Extensible Authentica5555tion Protocol 5

6. Supported Cryptographic suites in 802.16e Data Encryption/key Length (Bits) Data AuthenticationTEK Encryption/Key Length (Bits) None 3-DES/128 DES CBC/56None3-DES/128 None RSA/1024 DES CBC/56NoneRSA/1024 AES CCM/128 AES ECB/128 AES CCM/128 AES key wrap/128 AES CBC/128NoneAES ECB/128 AES CTR/128NoneAES ECB/128 AES CTR/128NoneAES key wrap/128 DES: Data Encryption ; AES: Advanced Encryption Standard ; CBC: Cipher Block-Chaining ; CTR: Counter ; ECB: Electronic Codebook 6

7. Cryptographic technology PKMv1PKMv2 Data En/Decryption56 bit CBC-Mode DES 128 bit CCM-Mode AES 128 bit CBC-Mode AES 128 bit CTR-Mode AES Data AuthenticationNot Support128 bit CCM-Mode AES Key GenerationNot DefineDot16KDF Key En/Decryption128bit EDE-Mode 3-DES 1024 bit RSA 128 bit ECB-Mode AES 128 bit AES-Key-Wrap 7

8. X.509 certificate 8

9. Private Key Management  PKMv1  Use in 802.16d  Only support RSA authentication  Only BS can authenticate SS  PKMv2  Support EAP authentication and RSA authentication  MBS (Multimedia Broadcast Services)  Key hierarchy  New cryptographic technology  BS has a certificate  BS and SS can authenticate each other 9

10. PKMv1-Authentication and Authorization 10

11. PKMv1: Re-authentication  Re-authentication 相較於開始的 authentication 少了傳送 Authentication information 這個步驟  為了避免中斷 SS 和 BS 之間的服務或連線， SS 會在 key lifetime 快到的時候傳送 Authorization request 過去, 然後 BS 和 SS 會同時啟動新的 AK 11

12. PKMv1:TEK exchange BS Key Request Key Reply [SS Certificate, SAID, HMAC-Digest] [Key-Sequence-Number, SAID, TEK- Parameters, HMAC-Digest] Encrypted Data Encrypt TEK with SS’s public key 12

13. Key hierarchy  The PKMv2 defines hierarchy for keys  Pre-PAK (pre-Primary AK) yielded by the RSA-based authorization process  MSK yielded by the EAP based authentication process  MBSAK from which keys used to protect MBS traffic are derived. 13

14. Key hierarchy (cont.) Pre-PAK: pre-Primary AKMTK: MBS Transport Key AK: AuthorizationEIK: EAP Integrity Key MAK: Multicast and Broadcast Service AK MGTEK: MBS Group Traffic Encryption Key KEK: Key Encryption KeyTEK: Traffic Encryption Key GKEK: Group Key Encryption Key GTEK: Group Traffic Encryption Key 14

15. PKMv2: RSA-based Authentication BS Authentication Information Authorization Request [Cert(manufacturer)] [Cert(MS), Security-Capabilities, MSRandom(64bits),SAID] Authorization Reply [Cert(BS),pre-PAK,PAK-Lifetime,PAK- SeqNumber,MSRandom,SA-Descriptor(s), BSRandom]  Authorization ACK 15

16. PKMv2: RSA-based Authentication (cont.)  RSA based authentication  EIK|PAK <= Dot16KDF(pre-PAK,SS MAC address | BSID | ” EIK+PAK ”, 320)  AK<= Dot16KDF(PAK,SS MAC address | BSID | PAK| ” AK ”,160) 16

17. PKMv2: EAP Authentication 17

18. PKMv2: EAP Authentication  One level EAP based authentication  Using the authentication exchange message to get MSK (Master session key)  PMK<= truncate(MSK,160)  AK<=Dot16KDF(PMK,SS MAC Address | BSID | “ AK ”,160) 18

19. PKMv2:Two level EAP Authentication  Step1: SS->BS: PKMv2_EAP_START (no attribute) SS BS: First round EAP conversation with PKMv2 EAP Transfer message without HMAC/CMAC Digest BS->SS:EAP_success BS->SS:EAP_complete [EAP payload|signed by EIK]  Step2: SS->BS:PKMv2_EAP_START signed by EIK BS->SS:PKMv2 Authenticated EAP [EAP- Identity/Request] SS BS:Second EAP conversation with PKMv2 Authenticated EAP message signed by EIK 當 Step2 success SS 和 BS 可以 generate AK from PMK1 and PMK2 19

20. PKMv2 AK key derivation: Two level EAP- based 20

21. PKMv2:Two level EAP Reauthentication 21  Step1: SS->BS: PKMv2 EAP Start signed by H/CMAC Key_U SS BS: EAP conversation with PKMv2 EAP Transfer message BS->SS: PKMv2 EAP Complete signed by AK  Step2: SS->BS: PKMv2 EAP Start signed by H/CMAC_Key_U SS BS: PKMv2 EAP Transfer signed by AK

22. PKMv2 :RSA+EAP based Authentication  First round :execute RSA-based authorization  Second round:execute Double EAP mode 22

23. PKMv2 AK key derivation:RSA+EAP based 23

24. KEK and Message Authentication code generation 24

25. KEK and Message Authentication code generation (cont.) 25

26. PKMv2: SA-TEK 3-Way handshake 26

27. Conclusion 27  Authentication & authorization  It improves single authentication to become mutual authentication between SS and BS  It reduces the possibility of fake BS attack  Data privacy  IEEE 802.16e add secure encryption standard such as AES-key- wraps.  Key exchange  Add new method to protect integrity and support MBS