Wimax standards and Security The Wimax



Download 2,02 Mb.
bet124/186
Sana29.05.2022
Hajmi2,02 Mb.
#619147
1   ...   120   121   122   123   124   125   126   127   ...   186
Bog'liq
CRC - WiMAX.Standards.and.Security

User End-to-End Security

IEEE 802.16 provides a mechanism to encrypt traffic traversing data connec- tions at each hop. However, manufacturing mesh routers that can perform encryption at high speeds, available at the physical layer, may be costly. In this section, we propose an end-to-end encryption in the network layer that takes the encryption out of the mesh backbone. In our scheme, encryption is handled at the edge of the network. WTs establish a VPN tunnel with a VPN server outside of the mesh backbone, so no encryption is required by mesh routers.
We add a VPN server after the POP, but before the traffic goes on the Internet (Figure 8.13). The server is on a special unprotected subnet 10.0.0.0/16. The WTs negotiate IPSec tunnels with the VPN server, and after the VPN tunnel is established, the WTs get an IP address on the protected subnet 10.254.0.0/16. The VPN tunnel may be in any mode, e.g., encryption





Wireless terminal
10.254.0.1
VPN tunnel


VPN server
10.254.254.254

Internet


192.168.2.1
10.1.0.4
10.1.0.254 10.0.0.254

NAT Access
node
Wireless mesh backbone
Base station

FIGURE 8.13
End-to-end VPN tunneling. WTs connect to the VPN server, which is on an unprotected network (10.0.0.0/16). Once a WT establishes a VPN tunnel with the server, it is assigned an IP address on the protected (10.254.0.0/16) subnet.

of the payload or both IP headers and the payload. This means that both the client WT and the authentication server should support IPSec NAT traver- sal (NAT-T), which allows the use of IPSec over NAT [24,25]. This is not a problem since NAT-T is a part of modern operating systems [26]. The QoS is oblivious to IPSec since the type of service field is copied from the header of the inner, plain text IP packet to the header of the outer, encrypted, packet [27].


Although this end-to-end encryption scheme protects WT traffic, it does not protect the 802.16 mesh management traffic. This means that 802.16 nodes should still use the primary security association encryption to communicate with the base station. However, since this presents a small amount of traffic, implementing it in practice may not be hard.







    1. Download 2,02 Mb.

      Do'stlaringiz bilan baham:
1   ...   120   121   122   123   124   125   126   127   ...   186



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish