Wimax standards and Security The Wimax



Download 2,02 Mb.
bet177/186
Sana29.05.2022
Hajmi2,02 Mb.
#619147
1   ...   173   174   175   176   177   178   179   180   ...   186
Bog'liq
CRC - WiMAX.Standards.and.Security

Authorization Key Derivation

The PKMv2 key hierarchy defines the key category and the algorithms used to generate keys. The authentication and authorization processes generate source key materials. These keys form the roots of the key hierarchy and will be used to derive other keys to ensure management message integrity and to








FIGURE 12.11
AK derivation in EAP authorization.

transport the traffic encryption keys. All PKMv2 key derivations are based on the Dot16KDF algorithm as outlined in Appendix IV.


PKMv2 supports two authorization schemes with mutual authentica- tion: the RSA-based authorization process and the EAP-based authentication process. The AK will be derived by the BS and the SS from the PAK via the RSA-based authorization procedure and the PMK via the EAP-based autho- rization procedure.
Figure 12.10 shows the RSA-based authorization. Upon the completion of mutual authentication, a pre primary authorization key (ple-PAK) is encrypted with the public key of the SS certificate and sent to the SS from the BS. This pre-PAK is used with the SS’s MAC address and the base station identifier (BSID) to generate a 160-bit PAK, which will be used to generate the AK.
In the EAP authentication mode, a 160-bit long EAP integrity key (EIK) derived from pre-PAK is used to protect the first group of EAP exchange messages. The master session key (MSK), which is 512-bit long, is the key produced from the EAP exchange. This key is known to the authentication, authorization, and accounting (AAA) server, the authenticator (BS), and the SS. Both the SS and BS derive the pairwise master key (PMK) by truncating the MSK to 160 bits at each side. This procedure is illustrated in Figure 12.11.

After EAP-based authorization is successfully performed, if the SS or BS negotiates for an authorization policy as the “authenticated EAP after EAP’’ mode, the SS and BS perform two rounds of EAP. After the successful first round of EAP, the SS initiates the second round EAP conversation. Once the second round of EAP succeeds, both the SS and the BS generate AK.







    1. Download 2,02 Mb.

      Do'stlaringiz bilan baham:
1   ...   173   174   175   176   177   178   179   180   ...   186



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish