Title: WiMAX?????????????????
1WiMAX?????????????????
The research and implementation of WiMAX security
subsystem over an embedded system
- Advisor Dr. Kai-Wei Ke
- Speaker Yen-Jen Chen
- Date 06/24/2008
2Outline
- Introduction
- Overview of 802.16d Security
- Overview of 802.16e Security
- IEEE 802.16-2004 Security Sublayer Implementation
- System Architecture
- Subsystem design
- System flow
- System over embedded system
- System test
- Conclusion and Future Work
- References
3Outline
- Introduction
- Overview of 802.16d Security
- Overview of 802.16e Security
- IEEE 802.16-2004 Security Sublayer Implementation
- System Architecture
- Subsystem design
- System flow
- System over embedded system
- System test
- Conclusion and Future Work
- References
4MAC Privacy Sub-layer
- Provides secure communication
- Data encrypted with cipher clock chaining mode of
DES - Prevents theft of service
- SSs authenticated by BS using key management
protocol
5IEEE 802.16 Security Architecture
6IEEE 802.16 Security Process
7Authentication
Key lifetime 1 to 70 days , usually 7days
SS ?BS Cert(Manufacturer(SS)) SS ?BS Cert(SS)
Capabilities SAID BS ?SS RSA-Encrypt(PubKey(SS)
, AK) Lifetime SeqNo SAIDList
8Key Derivation
- KEK Truncate-128(SHA1(((AK 044) xor 5364)
- Downlink HMAC key SHA1((AK044) xor 3A64)
- Uplink HMAC key SHA1((AK044) xor 5C64)
9Data Key Exchange
10Data Encryption
11IEEE 802.16 Security Process
BS
SS
1.??SS?? 2.??AK, ??????public key????
?AK??
1.??SHA?????HMAC-Digest 2.??TEK 3.?AK??KEK????TEK
1.??SHA??HMAC-Digest 2.?AK???KEK???TEK
HMAC-Digest??????????
12Outline
- Introduction
- Overview of 802.16d Security
- Overview of 802.16e Security
- IEEE 802.16-2004 Security Sublayer Implementation
- System Architecture
- Subsystem design
- System flow
- System over embedded system
- System test
- Conclusion and Future Work
- References
13Security Architecture
14WiMAX PKMv2 Protocol
15EAP authentication protocol
- EAP is a authentication framework not a specially
authentication mechanism - the four methods in 802.16e
- RSA based authentication
- One level EAP based authentication
- Two level EAP based authentication
- RSA based authentication followed by EAP
authentication
16EAP authentication protocol
- RSA based authentication
- Use the PKMv2 RSA-Request?PKMv2 RSA-Reply?PKMv2
RSA-Reject?PKMv2 RSA-acknowledgement messages to
get pre-PAK - Using the public key of SS to encrypt the pre-PAK
and send back to SS - pre-PAK generates the PAK (Primary Authorization
key) and EIK(EAP integrity Key) - PAK generates the AK
17EAP authentication protocol (Cont.)
- RSA based authentication
- EIKPAK lt Dot16KDF (pre-PAK,SS MAC address
BSID EIKPAK , 320) - AKlt Dot16KDF (PAK,SS MAC address BSID
PAKAK , 160)
18EAP authentication protocol (Cont.)
- One level EAP based authentication
- Using the authentication exchange message to get
MSK (Master session key) - PMKlt truncate(MSK,160)
- AKltDot16KDF(PMK,SS MAC Address BSID
AK,160)
19EAP authentication protocol (Cont.)
- Two level EAP based authentication
- SS sent the PKEv2 EAP Start to BS
- The first EAP negotiation will begin between BS
and SS included the message of PKMv2
Transfer2(MSK) - After that BS will send the EAP-Success or
EAP-failure. - If BS sent the EAP-Success then BS will send the
PKMv2_EAP_Complete encrypted by EIK immediate - If SS gets the EIK and PMK successful then SS can
verify the message - Otherwise the SS might get the EAP-failure or get
no respond to show that BS is failure to
authentication
20EAP authentication protocol (Cont.)
- Two level EAP based authentication
- After SS finished the first EAP negotiation
successful ,the SS will send PKMv2 Authenticated
EAP Start to start the second EAP negotiation - When BS got this message, BS will check the
message by EIK. - If BS check ok then BS will start the second EAP
negotiation, otherwise BS will think the
Authenticated failure. - The related messages of PKM is protected by EIK
in the second EAP negotiation - If BS and SS competed second EAP negotiation,
then BS and SS can get the AK form PMK( pairwise
authorization key) and PMK2
21EAP authentication protocol (Cont.)
- Two level EAP based authentication
- EIKPMK lt truncate (MSK,320)
- PMK2 lt truncate(MSK,160)
- AK lt Dot 16KDF(PMK PMK2, SS MAC Address
BSID AK , 160)
22EAP authentication protocol (Cont.)
- RSA based authentication followed by EAP
authentication - First execute RSA-based authorization and execute
the second round of Double EAP mode - EIKPAK lt Dot16KDF(pre-PAK, SS MAC Address
BSID EIKPAK,320) - AK lt Dot16KDF(PAK?PMK, SS MAC Address BSID PAK
AK 160)
23Key hierarchy in the 802.16e
- TEK (Traffic Encryption Key)
- TEK is generated by random number of BS
- BS use the KEK to encrypt the TEK and send to SS
- TEK is used to encrypt the message or data
between BS and SS
24Key hierarchy in the 802.16e
25Key hierarchy in the 802.16e
26Outline
- Introduction
- Overview of 802.16d Security
- Overview of 802.16e Security
- IEEE 802.16-2004 Security Sublayer Implementation
- System Architecture
- Subsystem design
- System flow
- System over embedded system
- System test
- Conclusion and Future Work
- References
27System Architecture
28System Architecture
- Data Privacy subsystem
- Get the data form different system
- Verify the data if encrypt or decrypt
- Dispatch the data to the subsystem
- Authentication subsystem
- Verify the certification
- Add the relative information
- Generate the AK (New one or Update old)
- Key Management subsystem
- Save the information of the key (TEK KEK HMAC
etc.) - Use AK to Generate key (KEK HMAC)
- Generate the TEK (New one or Update old)
29Outline
- Introduction
- Overview of 802.16d Security
- Overview of 802.16e Security
- IEEE 802.16-2004 Security Sublayer Implementation
- System Architecture
- Subsystem design
- System flow
- System over embedded system
- System test
- Conclusion and Future Work
- References
30Subsystem design
31Subsystem design
32Subsystem design
33Outline
- Introduction
- Overview of 802.16d Security
- Overview of 802.16e Security
- IEEE 802.16-2004 Security Sublayer Implementation
- System Architecture
- Subsystem design
- System flow
- System over embedded system
- System test
- Conclusion and Future Work
- References
34System flow
35System flow
36System flow
37Outline
- Introduction
- Overview of 802.16d Security
- Overview of 802.16e Security
- IEEE 802.16-2004 Security Sublayer Implementation
- System Architecture
- Subsystem design
- System flow
- System over embedded system
- System test
- Conclusion and Future Work
- References
38System over embedded system
39System over embedded system
- Central Controller Communication
- Layered Communication
40System over embedded system
41Outline
- Introduction
- Overview of 802.16d Security
- Overview of 802.16e Security
- IEEE 802.16-2004 Security Sublayer Implementation
- System Architecture
- Subsystem design
- System flow
- System over embedded system
- System test
- Conclusion and Future Work
- References
42System test
43System test
44System test
- Note 140.124.183.50?SS?IP,140.124.183.220?BS?IP,1
40.124.183.230?relay node IP - Number 1047 and 1054,show that SS send the first
cert to BS - Number 1060 and 1092,show that BS send the ACK to
BS - Number 1259 and 1260,show that SS send the second
cert to BS - Number 1454 and 1455,show that BS send the ACK to
BS - Number 1998 and 1999,show that SS send the
TEK-REQ to BS - Number 2458 and 2459,show that BS send the TEK to
SS
45Outline
- Introduction
- Overview of 802.16d Security
- Overview of 802.16e Security
- IEEE 802.16-2004 Security Sublayer Implementation
- System Architecture
- Subsystem design
- System flow
- System over embedded system
- System test
- Conclusion and Future Work
- References
46Conclusion and future work
- The System success porting over embedded system
- Provide the security sublayer module of
802.16d and part of 802.16e - Porting the CPS of MAC over embedded system
- Add the authentication of 802.16e
47Outline
- Introduction
- Overview of 802.16d Security
- Overview of 802.16e Security
- IEEE 802.16-2004 Security Sublayer Implementation
System - System Architecture
- Subsystem design
- System flow
- System over embedded system
- System test
- Conclusion and Future Work
- References
48References
- IEEE Standard for Local and metropolitan area
networks Part 16Air Interface for Fixed
Broadband Wireless Access Systems,IEEE Std
802.16-2004 - IEEE Standard for Local and metropolitan area
networks Part 16Air Interface for Fixed and
Mobile Broadband Wireless Access Systems,IEEE Std
802.16e-2005 - Johnson, David and Walker, Jesse of Intel (2004),
Overview of IEEE 802.16 Security ,published by
the IEEE computer society - http//www.seas.gwu.edu/cheng/388/LecNotes2006/
- WiMAX ??????? ,??????????? ,?????? T96006
- IEEE 802.16e-2005 WiMAX??????, ????????????,
?????, 119?, 2007/03