Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 WiMAX 安全子層於嵌入式系統下之 探討與實現 Speaker: Yen-Jen Chen ( 陳燕仁 ) Advisor: Dr. Kai-Wei Ke ( 柯開維 博士 ) Date: 07/28/2008 The research and implementation of WiMAX.

Published byGeoffrey Wade Modified over 9 years ago

Similar presentations

Presentation on theme: "11 WiMAX 安全子層於嵌入式系統下之 探討與實現 Speaker: Yen-Jen Chen ( 陳燕仁 ) Advisor: Dr. Kai-Wei Ke ( 柯開維 博士 ) Date: 07/28/2008 The research and implementation of WiMAX."— Presentation transcript:

1

2 11 WiMAX 安全子層於嵌入式系統下之 探討與實現 Speaker: Yen-Jen Chen ( 陳燕仁 ) Advisor: Dr. Kai-Wei Ke ( 柯開維 博士 ) Date: 07/28/2008 The research and implementation of WiMAX security subsystem over an embedded system

3 22 Outline Introduction Overview of IEEE 802.16-2004 Security Overview of IEEE 802.16e-2005 Security IEEE 802.16-2004 Security Sublayer Implementation System Architecture Subsystem design System flow System over embedded system System test Conclusion and Future Work

4 33 MAC Privacy Sub-layer ● Provides secure communication Data encrypted with cipher clock chaining mode of DES ● Prevents theft of service SSs authenticated by BS using key management protocol

5 44 Security Architecture

6 Authentication 5

7 Key Derivation 6

8 Data Key Exchange 7

9 Data Encryption 8

10 99 Outline Introduction Overview of IEEE 802.16-2004 Security Overview of IEEE 802.16e-2005 Security IEEE 802.16-2004 Security Sublayer Implementation System Architecture Subsystem design System flow System over embedded system System test Conclusion and Future Work

11 10 Security Architecture

12 11 EAP authentication protocol EAP is a authentication framework not a specially authentication mechanism the four methods in 802.16e RSA based authentication One level EAP based authentication Two level EAP based authentication RSA based authentication followed by EAP authentication

13 12 EAP authentication protocol (Cont.) RSA based authentication One level EAP based authentication

14 13 EAP authentication protocol (Cont.) Two level EAP based authentication RSA based authentication followed by EAP authentication

15 14 Key hierarchy in the 802.16e

16 15

17 16 Outline Introduction Overview of IEEE 802.16-2004 Security Overview of IEEE 802.16e-2005 Security IEEE 802.16-2004 Security Sublayer Implementation System Architecture Subsystem design System flow System over embedded system System test Conclusion and Future Work

18 17 System Architecture Data Privacy subsystem (DPS) Get the data form different system Verify the data if encrypt or decrypt Dispatch the data to the subsystem Authentication subsystem (AS) Verify the certification Add the relative information Generate the AK (New one or Update old) Key Management subsystem (KMS) Save the information of the key (TEK KEK HMAC-keys etc.) Use AK to Generate key (KEK HMAC-key) Generate the TEK (New one or Update old) 17 Data Privacy subsystem (DPS) Get the data form different system Verify the data if encrypt or decrypt Dispatch the data to the subsystem Authentication subsystem (AS) Verify the certification Add the relative information Generate the AK (New one or Update old) Key Management subsystem (KMS) Save the information of the keys (TEK KEK HMAC-key etc.) Use AK to Generate key (KEK HMAC- key) Generate the TEKs (New one or Update old)

19 18 Subsystem design (Data Privacy Subsystem) Data Encryption Function Get key from key management subsystem Get the security algorithm from Security Suit Function Data Decryption Function Get key from key management subsystem Get the security algorithms from Security Suit Function Send the tek relative information to key management subsystem Send the certification to Authentication subsystem Security Suit Function Provide the different encrypt/decrypt algorithms and signature algorithm 18 Data Encryption Function Get key from Key Management subsystem Get the security algorithm from Security Suit Function Data Decryption Function Get key from Key Management subsystem Get the security algorithms from Security Suit Function Send the TEK relative information to key management subsystem Send the certification to Authentication subsystem Security Suit Function Provide the different encrypt/decrypt algorithms and signature algorithm

20 19 Subsystem design (Authentication Subsystem) 19 Content Checker function Send the AK relative information to AK Checker Send the Certification relative information to Certification Checker Get AK back from AK Checker or Certification Checker AK Checker function Get AK relative information from Content Checker Send AK generate message to AK Generator Send AK back to Content Checker Content Checker function Send the AK relative information to AK Checker Send the Certification relative information to Certification Checker Get AK back from AK Checker or Certification Checker AK Checker function Get AK relative information from Content Checker Send AK generate message to AK Generator Send AK back to Content Checker

21 20 Subsystem design (Authentication Subsystem) Certification Checker function Get Certification from Content Checker Send AK generate message to AK Generator Send AK back to Content Checker AK Generator function Get AK generate message from AK Checker or Certification Checker Send new AK to Key management subsystem, AK Checker,Certification Checker Certification Checker function Get Certification from Content Checker Send AK generate message to AK Generator Send AK back to Content Checker AK Generator function Get AK generate message from AK Checker or Certification Checker Send new AK to Key management subsystem, AK Checker,Certification Checker

22 21 Subsystem design (Key management Subsystem) Content Checker Function Get key request or tek relative information from DPS Send key request to Key checker Send tek relative information to TEK Checker Get new TEK or Request key info Key Checker Function Get key request message from Content Checker Get request key from Key Pool Send request key to Content Checker 21 Content Checker Function Get key request or TEK relative information from DPS Send key request to Key checker Send TEK relative information to TEK Checker Get new TEK or Request key info Key Checker Function Get key request message from Content Checker Get request key from Key Pool Send request key to Content Checker

23 22 Subsystem design (Key management Subsystem) TEK Checker Function Get TEK relative information from Content Checker Send key generate message to Key Generator Get new TEK form Key Generator Key Generator Function Get key generator message from TEK Checker Get New AK info from AS Key Pool Function Get new key info form Key Generator Send back the request key info TEK Checker Function Get TEK relative information from Content Checker Send key generate message to Key Generator Get new TEK form Key Generator Key Generator Function Get key generator message from TEK Checker Get New AK info from AS Key Pool Function Get new key info form Key Generator Send back the request key info

24 23 System flow (Uplink) 23

25 24 System flow (Downlink) 24

26 25 System over embedded system 25

27 26 System over embedded system Central Controller Communication Pros. Easy to implement Cons. Need extra effort Every sublayer do not Know the existence of others 26

28 27 System over embedded system Layered Communication Pros. Easy to do cross sublayer information exchange Cons. More complicated implementation 27

29 28 System over embedded system Class Diagram Data Generator Object Application class WiMAX Sublayer Object CSInterface class CommonPart class C_Sec_Core class Layer Controller Object Ctrl_CSInterface class Ctrl_CommonPart class Ctrl_ C_Sec_Core class Ctrl_Interface class Network Object Transmission class 28

30 29 System test 29

31 30 System test 140.124.183.222 is the IP of SS 140.124.183.221 is the IP of BS 140.124.183.230 is the IP of relay node

32 31 System test Test 1 and Test 2 show that the system uses the different encrypt/decrypt algorithm (Exp 1) After the Test 1 and Test 2 the System Starts TEK key Request Procedure (Exp 2)

33 32 Test 3 and Test 4 show that the system uses the second TEK (Exp 3) Test 5 shows that the system uses the new TEK which got at Exp 2 (Exp 5) System test

34 33 Outline Introduction Overview of IEEE 802.16-2004 Security Overview of IEEE 802.16e-2005 Security IEEE 802.16-2004 Security Sublayer Implementation System Architecture Subsystem design System flow System over embedded system System test Conclusion and Future Work

35 Conclusion and future work Authentication X.509 certification exchange and verify Provide AK generator Update the AK before the lifetime end Key Management Manage the keys as KEK,TEK,HMAC keys Provide the Key Generator Keep the key fresh Update the TEK before the lifetime end Data privacy Data encrypt/decrypt algorithms (DES-CBC,AES-CCM) Key encrypt/decrypt algorithms (3DES,AES-ECB) Digest algorithms (HMAC-SHA1,HMAC-RSA) 34

36 35 Conclusion and future work Provide the security sublayer modules of 802.16d and 802.16e and reserve authentication architecture of 802.16e over the embedded system Integrate CS and CPS over embedded system Add the authentication of 802.16e Directly connect

37 Any Question? 36 Questions Any

38 37 Thank You ! Thanks for your listening

39 System test Test1 and Test2 show that the system uses the different encrypt/decrypt algorithm (Step1) Test3 and Test4 show that the system uses the second TEK Test5 shows that the system use the new TEK which got at Step2 38

Download ppt "11 WiMAX 安全子層於嵌入式系統下之 探討與實現 Speaker: Yen-Jen Chen ( 陳燕仁 ) Advisor: Dr. Kai-Wei Ke ( 柯開維 博士 ) Date: 07/28/2008 The research and implementation of WiMAX."

Similar presentations

A Centralized Scheduling Algorithm based on Multi-path Routing in WiMax Mesh Network Yang Cao, Zhimin Liu and Yi Yang International Conference on Wireless.

A Centralized Scheduling Algorithm based on Multi-path Routing in WiMax Mesh Network Yang Cao, Zhimin Liu and Yi Yang International Conference on Wireless.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Security Issues in Mobile WiMAX(IEEE 802.16e) Frank, A Ibikunle Covenant University, Electrical and Information Engineering Department, Ota. 2009 IEEE.

Security Issues in Mobile WiMAX(IEEE e) Frank, A Ibikunle Covenant University, Electrical and Information Engineering Department, Ota IEEE.
P1451.5 Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
Security in 802.16e 1. Outline  802.16e Security Introduction  802.16e Network Architecture  Security Architecture  X.509 cerf.  PKMv1  RSA Authentication.

Security in e 1. Outline  e Security Introduction  e Network Architecture  Security Architecture  X.509 cerf.  PKMv1  RSA Authentication.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Performance Analysis of the IEEE 802.16 Wireless Metropolitan Area Network nmgmt.cs.nchu.edu.tw 系統暨網路管理實驗室 Systems & Network Management Lab Reporter :黃文帥.

Performance Analysis of the IEEE Wireless Metropolitan Area Network nmgmt.cs.nchu.edu.tw 系統暨網路管理實驗室 Systems & Network Management Lab Reporter :黃文帥.
1 IEEE 802.16-based Wireless MAN ( WiMAX )架構下 IPTV Multicasting 系 統之設計與研究 Design and Study of an IPTV multicating system over IEEE 802.16-based Wireless.

1 IEEE based Wireless MAN ( WiMAX )架構下 IPTV Multicasting 系 統之設計與研究 Design and Study of an IPTV multicating system over IEEE based Wireless.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Similar presentations

Ads by Google