|
|
Security: Privacy Key Management (PKM) Protocol
Subscriber Station (SS) make use of the PKM Protocol to gain authorization and traffic keying material from the BS, and to maintain periodic reauthorization and key refresh. The PKM protocol uses X.509 digital certificates, and two-key triple Data Encryption Standard (DES) to secure key exchanges between a given Subscriber Station (SS) and Base Station (BS), following the client-server model. Here, the SS as the client requests keying material while the BS as the server act in response to those requests, ensuring individual SS clients receive only the keying material for which they are authorized. The PKM protocol first creates an Authorization Key (AK), which is a secret symmetric key shared between the SS and BS. The AK is then used to protect subsequent PKM exchanges of Traffic Encryption Keys (TEK). The use of the AK and a symmetric key cryptosystem reduces the overhead due to the computationally expensive public key functions. (Sen Xu, Chin-Tser Huang)
Base Station (BS) authenticates a Subscriber Station (SS) during the primary authorization exchange. The SS device certificate would enclose the RSA public key and other device specific information, such as its MAC address, serial number, and manufacturer ID. Within the authorization exchange, the SS would then send a copy of this device certificate to the BS. The BS must then authenticate the syntax and information in the SS certificate, and possibly carry out certificate path validation checks. If properly verified, the BS as part of its replies to the SS would encrypt the Authorization Key (AK) using the public key of the SS that could be found within the received certificate from the Subscriber station. Since only the SS device contains the matching private key, only the SS device can de-crypt the message and obtain the AK assigned to it. (Sen Xu, Chin-Tser Huang)
It is important to note that the Subscriber Station (SS) device certificate is open to the public or attacker to read; only the SS device has access to the similar private key of the public key in the certificate. As such, to protect a device and its certificate from being duplicated, it is important that the private key be embedded within the device hardware. That is, the cost of an attacker removing the private key from the device must be far higher than the possible value gained from the attacker using the cracked device. (Sen Xu, Chin-Tser Huang)
See Also:Nwtwork Access & Initialization
|
|
||
© Copyright 2008 | Home | Sitemap | References | Privacy Policy | Contact Us | About Us | Webmaster WiMAX News | WiMAX Products Manudacturers | WiMAX Reviews INTRODUCTION | Authentication Problem | Encryption Problem | Availability Problem | Other Threats to WiMAX BACKGROUND | WiMAX Background | WiMAX Overview | Why WiMAX | WiMAX Standards TECHNOLOGY | WiMAX Technology | WiMAX Design | Types Of WiMAX SECURITY | WiMAX Security | WiMAX Security Functions | Security Inside WiMAX | Network Access & Initialization | PKM Protocol ENCRYPTION | Encryption In WiMAX | Advance Encryption Standard | Public Key Infrastructure | Authentication & Access Control | RADIUS THREATS | Rouge Base Stations | DoS Attacks | Data Link Layer Threats | Application Layer Threats | Physical Layer Threats | Privacy Sub-Layer Threats | Mutual Authentication | Key Management Problem | Threat of Identity Theft | Water Torture Threat | Black Hat Threat ENHANCEMENTS | OFDM | WiMAX & IMT Advanced | Power Control & Error Detection | Sub Channelization & Transmission Diversity | Antennas & Adaptive Modulation FUTURE | WiMAX Future | WiMAX Future Threats | 4G |
