IEEE 802.16 WiMax Security Dr. Kitti Wongthavarawat Thai Computer - - PDF document
IEEE 802.16 WiMax Security Dr. Kitti Wongthavarawat Thai Computer Emergency Response Team (ThaiCERT) National Electronics and Computer Technology Center Thailand Presented at 17 th Annual FIRST Conference, Singapore July 1, 2005 Agenda
Presented at 17th Annual FIRST Conference, Singapore July 1, 2005
Authentication Date Key Exchange Data Privacy
Base Station Base Station Residential Industrial SOHO, Enterprise Mobile User Point-to-point backhaul Point-to-multipoint last mile
SS BS WirelessMAN-SC WirelessMAN-SCa WirelessMAN-OFDM WirelessMAN-OFDMA WirelessHUMAN PHY MAC
SS BS PHY MAC
SS BS MAC PHY
Data plane Management plane Data plane Management plane
MAC PHY
CIDs CIDs CIDs CIDs Management connection Transport connection
SS BS
Data plane Management plane Data Privacy
MAC PHY
Data plane Management plane
MAC PHY
CIDs CIDs CIDs Data Privacy CIDs Header Encrypted payload Encryption (some)
SS BS
Data plane Management plane Data Privacy
MAC PHY
Data plane Management plane
MAC PHY
CIDs CIDs CIDs Data Privacy Authen. Authen. Key Management Key Management CIDs “Security Association (SA)” SAID SAID SAID SAID
Data plane Management plane Data Privacy
MAC PHY
CIDs CIDs Authen. Key Management SAID SAID
Cryptographic suite (i.e.,
Security Info (i.e., key, IV) Identified by SAID
Data plane Management plane Data Privacy
MAC PHY
CIDs CIDs Authen. Key Management SAID SAID
1 1
2
3 2 3
AK serves as authorization token AK is encrypted using public key cryptography
SS BS [SS Certificate, Security Capabilities, SAID] Authorization Request
Verify SS Certificate AK (128 bits) Generation
Authorization Reply [AK (encrypted with RSA-1024 SS’s public key),
Key lifetime, Selected Security Suite, AK sequence number] AK (128bits) AK (128bits) Key lifetime = 1 day to 70 days
Man-in-the-middle attack
Data plane Management plane Data Privacy MAC PHY CIDs CIDs Authen. Key Management SAID SAID
EAP-based Authentication Authentication methods (i.e.,
Extend the authentication to
Proposed in draft IEEE
Data plane Management plane Data Privacy MAC PHY CIDs CIDs Authen. Key Management SAID SAID EAP Authen. Method
Data plane Management plane Data Privacy
MAC PHY
CIDs CIDs Authen. Key Management SAID SAID
1 1
2
3 2 3
3DES (use 112 bits KEK) RSA (use SS’s public key) AES (use 128 bits KEK)
SS BS
HMAC-Key (160bits) HMAC-Key (160bits) KEK (128bits) KEK (128bits) AK (128bits) AK (128bits)
[AK Sequence Number, SAID, HMAC-SHA1] TEK Key Request TEK Key Reply
TEK key lifetime, IV, HMAC-SHA1 ] TEK (128bits) Generation TEK (128bits) TEK (128bits)
KEK = Truncate( SHA(AK|5364), 128) HMAC-up = SHA((AK|5C64) HMAC-down = SHA((AK|3A64)
Key lifetime = 30 mins to 7 days
Data plane Management plane Data Privacy
MAC PHY
CIDs CIDs Authen. Key Management SAID SAID
1 1
2
3 2 3
DES in CBC mode
56 bit DES key (TEK) CBC-IV = [IV Parameter from TEK exchange]
CBC-IV Plain block 1
DES-CBC (56 bit key) Cipher block 1 Plain block 2
DES-CBC (56 bit key) Cipher block 2 Plain block 3
DES-CBC (56 bit key) Cipher block 3
CBC-IV = [IV Parameter from TEK exchange]
Chosen Plaintext Attack to recover the original plaintext
Active attack
128 bit key (TEK) Message Integrity Check Replay Protection using Packet Number
SS BS
Data plane Management plane Authen. Key Management Data Privacy
MAC PHY
Data plane Management plane
MAC PHY
CIDs CIDs CIDs Data Privacy Authen. Key Management CIDs
EAP Authentication
Include the system identity (i.e., SSID) Key freshness – include random number from both