Wimax standards and Security The Wimax



Download 2,02 Mb.
bet122/186
Sana29.05.2022
Hajmi2,02 Mb.
#619147
1   ...   118   119   120   121   122   123   124   125   ...   186
Bog'liq
CRC - WiMAX.Standards.and.Security

FIGURE 8.12
Mesh node authorization.

server sends back a PKM-RSP message containing an operator-shared secret, the list of security associations, identified with their security associated identi- fiers (SAIDs), and authorization keys (AKs), one for each SAID, all encrypted with the candidate’s public RSA key.


The operator-shared secret is used to validate nodes during the link estab- lishment process; it is used to calculate the HMACs for the link establishment messages. Security associations are used to manage encryption information for connections and to assign AKs to connections. AKs are used to derive key encryption keys (KEKs) for subsequent PKM communications, as well as to validate PKM communications within the security association with HMACs. The security associations have a limited lifetime, so the PKM protocol requires the nodes to periodically reauthorize and get new AKs.
The base station always sends a primary security association and it may optionally send other static security associations. The primary security asso- ciation is used for communications with the base station. Static security associations are used for data traffic. If the base station does not send any static traffic security association, the nodes use the primary security associa- tion. With our QoS scheme, there could be two security associations. The first one can be used for connections in the high QoS subnet and the other can be used for connections in the low QoS subnet.
Network authorization is vulnerable to “man-in-the-middle’’ attack. Specifically, since the X.509 certificate sent by the entering node contains the public key of the new node, a malicious node can masquarade itself as the authentication node and give the false security settings [22]. The reason this type of attack is possible is that there is no mutual trust between the new node and the authentication node. The new node must assume that the authenti- cation response is indeed from the authorization node. A modification to the PKM protocol that removes these types of attacks from 802.16 mesh networks is proposed in Ref. 22. In this version of the PKM protocol, the authentication server sends its certification to the candidate node, allowing the new node to authenticate the authenticator and thus establish mutual trust.


      1. Download 2,02 Mb.

        Do'stlaringiz bilan baham:
1   ...   118   119   120   121   122   123   124   125   ...   186




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish