Wimax standards and Security The Wimax



Download 2,02 Mb.
bet157/186
Sana29.05.2022
Hajmi2,02 Mb.
#619147
1   ...   153   154   155   156   157   158   159   160   ...   186
Bog'liq
CRC - WiMAX.Standards.and.Security

TABLE 11.5
Contents of Authorization SAs
X.509 certificate identifying the subscriber station 160-bit authorization key
4-bit authorization key identifier
Authorization key lifetime. The minimum value is 1 day and the value maximum is 70 days. The default is 7 days
Key encryption key (KEK) for distributing TEKs
Downlink hash function-base message authentication code (HMAC) key Uplink HMAC keys
List of authorized data SAs
to indicate when the AK expires. The default lifetime is 7 days, but it can range from 1 to 70 days.
Key encryption keys (KEKs) are used to encrypt TEKs during the TEK exchange process. Two KEKs are required for the encryption process and are derived from the AK. The KEKs are computed by first concatenating the hex value 0x53 repeated 64 times and the AK. Then the SHA-1 hash of this value is computed, which outputs 160 bits. Finally, the first 128 bits of the output are taken and divided into two 64-bit TEKs. These two TEKs are included in the authorization SA.
Two hashed message authentication code (HMAC) keys, one for uplink and one for downlink, are included to allow for the creation of HMACs during the TEK exchange process. The uplink key is used to create an HMAC of messages to be sent, while the downlink key is used to create an HMAC of messages received, allowing the receiver to authenticate the message. The uplink key is obtained by concatenating the hex value 0x3A repeated 64 times and the AK, then computing the SHA-1 hash of this value, creating a 160-bit HMAC key. The downlink key is computed in the same fashion, but the hex value 0x5C is concatenated with the AK instead.
A list of authorized data SAs is also included in the authorization SA that provides the subscriber station with the knowledge of the data SAs it can request.

      1. Authentication

        1. Hashed Message Authentication Code

HMACs are used to provide message authentication. By using HMACs, the receiver can verify who sent the message. This is possible because the sender creates an HMAC of the message it wishes to send using a key known only by the sender and receiver. When the receiver gets the message, it computes its own HMAC of the message using the same key and compares the one it computed with the one received from the sender. If the HMACs match then the sender is confirmed.


Key ipad

S1

Message








SHA-1

Hash









Key opad

S0

H(S1 I M)









SHA-1

Hash









FIGURE 11.5
HMAC creation.

HMACs are created as a function of a key and the message. Figure 11.5 illustrates the HMAC creation process. First, the hash key, defined in the authorization SA, is exclusive-ored (XORed) with an ipad, which is the byte 0x36 repeated 20 times to match the size of the hash key. This 160-bit value is appended to the beginning of the message, which is then hashed. The IEEE


802.16 standard defines the use of SHA-1 to compute the hash.
The hash key is then XORed with an opad, which is the byte 0x5C repeated 20 times to match the size of the hash key. This 160-bit value is appended to the beginning of the output of the previous hash. These two values are then hashed to produce the HMAC.




        1. Download 2,02 Mb.

          Do'stlaringiz bilan baham:
1   ...   153   154   155   156   157   158   159   160   ...   186




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish