Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security in 802.16d and 802.16e Advisor: Dr. Kai-Wei Ke Speaker: Yen-Jen Chen Date: 03/04/2008.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Security in 802.16d and 802.16e Advisor: Dr. Kai-Wei Ke Speaker: Yen-Jen Chen Date: 03/04/2008."— Presentation transcript:

1 1 Security in 802.16d and 802.16e Advisor: Dr. Kai-Wei Ke Speaker: Yen-Jen Chen Date: 03/04/2008

2 2 Outline Overview of 802.16d Security Security Architecture in the 802.16e Authentication in the 802.16e Key hierarchy in the 802.16e Conclusion References

3 3 Overview of 802.16d Security

4 4 MAC Privacy Sub-layer ● Provides secure communication Data encrypted with cipher clock chaining mode of DES ● Prevents theft of service SSs authenticated by BS using key management protocol

5 5 IEEE 802.16 Security Architecture

6 6 X.509 certificate

7 7 Security Association Data SA 16-bit SA identifier Cipher to protect data: DES-CBC 2 TEK TEK key identifier (2-bit) TEK lifetime 64-bit IV Authorization SA X.509 certificate  SS 160-bit authorization key (AK) 4-bit AK identification tag Lifetime of AK KEK for distribution of TEK = Truncate-128(SHA1(((AK| 0 44 ) xor 53 64 ) Downlink HMAC key = SHA1((AK|0 44 ) xor 3A 64 ) Uplink HMAC key = SHA1((AK|0 44 ) xor 5C 64 ) A list of authorized data SAs

8 8 Security Association BS use the X.509 certificate from SS to authenticate. No BS authentication Negotiate security capabilities between BS and SS Authentication Key (AK) exchange AK serves as authorization token AK is encrypted using public key cryptography Authentication is done when both SS and BS possess AK

9 9 IEEE 802.16 Security Process

10 10 Authentication SS →BS: Cert(Manufacturer(SS)) SS →BS: Cert(SS) | Capabilities | SAID BS →SS: RSA-Encrypt(PubKey(SS), AK) | Lifetime | SeqNo | SAIDList Key lifetime: 1 to 70 days, usually 7days

11 11 Data Key Exchange

12 12 Data Encryption

13 13 Key Derivation KEK = Truncate-128(SHA1(((AK| 0 44 ) xor 53 64 ) Downlink HMAC key = SHA1((AK|0 44 ) xor 3A 64 ) Uplink HMAC key = SHA1((AK|0 44 ) xor 5C 64 )

14 14 IEEE 802.16d Security Flaws Lack of Explicit Definitions Lack of the mutual authentication Limited authentication method – SS certification Authentication Key (AK) generation

15 15 Security Architecture in the 802.16e

16 16 Simple 802.16e Network topology

17 17 802.16e network reference model

18 18 The reference model of ASN

19 19 802.16e Network topology

20 20 Security Architecture Encapsulation protocol A set of cryptographic suites The rules for applying those algorithm Key management protocol PKM for distributing key data AK 160 bits share key for ss and bs TEK 128bits PKM exchange key Authentication (PKMv2 protocol) To get AK (Authorization key) RSA authentication EAP authentication

21 21 Security Architecture (Cont.)

22 22 Authentication in the 802.16e

23 23 RSA authentication protocol 802.16d uses this one BS uses the PKI mechanism to verify the CertificatePKI mechanism BS uses the CTL (Certificate trust list)

24 24 RSA authentication protocol (Cont.)

25 25 EAP authentication protocol EAP is a authentication framework not a specially authentication mechanism the four methods in 802.16e RSA based authentication One level EAP based authentication Two level EAP based authentication RSA based authentication followed by EAP authentication

26 26 EAP authentication protocol

27 27 EAP authentication protocol

28 28 EAP authentication protocol RSA based authentication Use the PKMv2 RSA-Request 、 PKMv2 RSA-Reply 、 PKMv2 RSA-Reject 、 PKMv2 RSA- acknowledgement messages to get pre-PAK Using the public key of SS to encrypt the pre-PAK and send back to SS pre-PAK generates the PAK (Primary Authorization key) and EIK(EAP integrity Key) PAK generates the AK

29 29 EAP authentication protocol (Cont.) RSA based authentication EIK|PAK <= Dot16KDF (pre-PAK,SS MAC address | BSID | ” EIK+PAK ”, 320)Dot16KDF AK<= Dot16KDF (PAK,SS MAC address | BSID | PAK| ” AK ”, 160)

30 30 EAP authentication protocol (Cont.) One level EAP based authentication Using the authentication exchange message to get MSK (Master session key) PMK<= truncate(MSK,160) AK<=Dot16KDF(PMK,SS MAC Address | BSID | “ AK ”,160)

31 31 EAP authentication protocol (Cont.) Two level EAP based authentication SS sent the PKEv2 EAP Start to BS The first EAP negotiation will begin between BS and SS included the message of PKMv2 Transfer2(MSK) After that BS will send the EAP-Success or EAP-failure. If BS sent the EAP-Success then BS will send the PKMv2_EAP_Complete encrypted by EIK immediate If SS gets the EIK and PMK successful then SS can verify the message Otherwise the SS might get the EAP-failure or get no respond to show that BS is failure to authentication

32 32 EAP authentication protocol (Cont.) Two level EAP based authentication After SS finished the first EAP negotiation successful,the SS will send “ PKMv2 Authenticated EAP Start ” to start the second EAP negotiation When BS got this message, BS will check the message by EIK. If BS check ok then BS will start the second EAP negotiation, otherwise BS will think the Authenticated failure. The related messages of PKM is protected by EIK in the second EAP negotiation If BS and SS competed second EAP negotiation, then BS and SS can get the AK form PMK( pairwise authorization key) and PMK2

33 33 EAP authentication protocol (Cont.) Two level EAP based authentication EIK|PMK <= truncate (MSK,320) PMK2 <= truncate(MSK,160) AK <= Dot 16KDF(PMK + PMK2, SS MAC Address| BSID| ” AK ”, 160)

34 34 EAP authentication protocol (Cont.) RSA based authentication followed by EAP authentication First execute RSA-based authorization and execute the second round of Double EAP mode EIK|PAK <= Dot16KDF(pre-PAK, SS MAC Address | BSID | “ EIK+PAK ”,320) AK <= Dot16KDF(PAK ⊕ PMK, SS MAC Address| BSID |PAK “ AK ” 160)

35 35 Key hierarchy in the 802.16e

36 36 Key hierarchy in the 802.16e AK (Authorization Key) KEK (Key Encryption Key) KEK is generated by AK Using it to encrypt the TEK or GKEK etc

37 37 Key hierarchy in the 802.16e GKEK (group KEK) One GSA has one GKEK GKEK is generated by random number of BS BS uses the KEK to encrypt GKEK and send to SS GKEK encrypted the GTEK when GTEK updated and send it to all SS in the group

38 38 Key hierarchy in the 802.16e TEK (Traffic Encryption Key) TEK is generated by random number of BS BS use the KEK to encrypt the TEK and send to SS TEK is used to encrypt the message or data between BS and SS

39 39 Key hierarchy in the 802.16e GTEK (Group TEK) TEK is generated by random number of BS or some nodes in the group GTEK is used to encrypt the broadcast messages Using the KEK as the encryption key When request the GTEK Using the GKEK as the encryption key When update the GTEK

40 40 Key hierarchy in the 802.16e MTK (MBS traffic Key) It comes from MAK(MBS AK) but do not have any generate method in 802.16e MTK = Dot16KDF (MAK,MGTEK| ” MTK ”,128)

41 41 Key hierarchy in the 802.16e HMAC (HMAC Digests) Using the AK as the material HMAC_KEY_U | HMAC_KEY_D | KEK <=Dot16KDF(AK, SS MAC Address | BSID | “ HMAC_KEYS+KEK ”,448) HMAC_KEY_GD <= Dot16KDF (GKEK, ” GROUP HMAC KEY ”,160)

42 42 Key hierarchy in the 802.16e HMAC (HMAC Digests) Using the EIK as the material HMAC_KEY_U | HMAC_KEY_D | KEK <=Dot16KDF(EIK, SS MAC Address | BSID | “ HMAC_KEYS+KEK ”,320)

43 43 Key hierarchy in the 802.16e CMAC (Cipher-based MAC) Using the AK as the material CMAC_KEY_U | CMAC_KEY_D | KEK <=Dot16KDF(AK, SS MAC Address | BSID | “ CMAC_KEYS+KEK ”,384) CMAC_KEY_GD <= Dot16KDF (GKEK, ” GROUP CMAC KEY ”,128)

44 44 Key hierarchy in the 802.16e CMAC (Cipher-based MAC) Using the EIK as the material CMAC_KEY_U | CMAC_KEY_D | KEK<=Dot16KDF(EIK, SS MAC Address | BSID | “ CMAC_KEYS + KEK ”, 256)

45 45 Key hierarchy in the 802.16e

46 46 Key hierarchy in the 802.16e

47 47 Conclusion

48 48 WiMAX PKM Protocol SS BS 認證資訊 (authentication information) X.509 certificate 授權請求 (authorization request) X.509 certificate, capability, Basic CID 1. 確認 SS 身分 2. 產生 AK, 並用憑證中 的 public key 將之加密 授權答覆 (authorization reply) encrypted AK, SAIDs, SQN AK,… AK exchange 密鑰請求 (key request) SAID, HMAC-Digest,… 密鑰答覆 (key reply) encrypted TEK, CBC IV, HMAC-Digest,… 將 AK 解開 1. 利用 SHA 演算法驗證 HMAC-Digest 2. 產生 TEK 3. 由 AK 產生 KEK 用以 加密 TEK 1. 利用 SHA 驗證 HMAC-Digest 2. 由 AK 計算出 KEK 以解開 TEK 資料交換 ( 利用 TEK 加密 ) TEK exchange ( 每一個資料傳輸連 線都必須先做此動作 ) HMAC-Digest :用以驗證資料的完整性

49 49 WiMAX PKMv2 Protocol

50 50 Conclusion Authentication & Authorization more robust Using the bidirectional Authentication to avoid the rude base station and support the different Authentication policy 。 Data Privacy 802.16e add more encryption algorithm (Advanced Encryption Standard, AES) to enhance the security Key ’ s generation Using the robust solution to generate the AK

51 51 References IEEE Std 802.16-2001 standard for the local and metropolitan Area Networks,part 16 “ ZAir interface for Fixed BroadBand Wireless Access Systems, ” IEEE Press, 2001 IEEE Std 802.16-2004(Revision of IEEE Std 802.16-2001) Johnson, David and Walker, Jesse of Intel (2004), “ Overview of IEEE 802.16 Security ”,published by the IEEE computer society http://www.seas.gwu.edu/~cheng/388/LecNotes2006/ IEEE Std 802.16e WiMAX 安全問題之研究 IEEE 802.16e-2005 WiMAX 安全子層初探

52 52 Public Key Infrastructure (PKI) It is a security mechanism which uses the public and private keys The five components of PKI Security Policy Certificate Authority ; CA Registration Authority ; RA Certificate Revocation List ; CRL Directory Service; DS

53 53 Public Key Infrastructure (Cont.) Send the request to RA / cancel the request of certification DS CA Publish the certification / Certificate Revocation List RA Check the certification/ Certificate Revocation List Security channel Usual channel applicant

54 54 Public Key Infrastructure (Cont.) Signal root CA CA AB

55 55 Public Key Infrastructure (Cont.) Simple Trust List The CA of A TomJohn The CA of B CherryChris B D …… John’s Trust List

56 56 Dot16KDF algorithm CRT (counter mode encryption) uses the input material to generate the designed length key input material (key,astring,keylength) Output key length is keylength*2

57 57 Dot16KDF algorithm (Cont.) CMAC Kin = Truncate (key,128)  get the leftmost 128 bits of key as the Kin Output key = (CMAC(Kin,0| astring | keylength) || CMAC(Kin,1| astring | keylength) || CMAC(Kin,2| astring | keylength) ………… )

58 58 Dot16KDF algorithm (Cont.) HMAC Kin = Truncate (key,160)  get the leftmost 160 bits of key as the Kin Output key = SHA-1(Kin, i | astring | keylength)

Download ppt "1 Security in 802.16d and 802.16e Advisor: Dr. Kai-Wei Ke Speaker: Yen-Jen Chen Date: 03/04/2008."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Security Issues in Mobile WiMAX(IEEE 802.16e) Frank, A Ibikunle Covenant University, Electrical and Information Engineering Department, Ota. 2009 IEEE.

Security Issues in Mobile WiMAX(IEEE e) Frank, A Ibikunle Covenant University, Electrical and Information Engineering Department, Ota IEEE.
P1451.5 Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
Security in 802.16e 1. Outline  802.16e Security Introduction  802.16e Network Architecture  Security Architecture  X.509 cerf.  PKMv1  RSA Authentication.

Security in e 1. Outline  e Security Introduction  e Network Architecture  Security Architecture  X.509 cerf.  PKMv1  RSA Authentication.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 90321019 王怡君.

Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 王怡君.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Lecture 13 Message Signing

Lecture 13 Message Signing

Similar presentations

Ads by Google