WiMAX????????????????? - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

WiMAX?????????????????

Description:

WiMAX The research and implementation of WiMAX security subsystem over an embedded system Speaker: Yen-Jen Chen ... – PowerPoint PPT presentation

Number of Views:234
Avg rating:3.0/5.0
Slides: 38
Provided by: TIG110
Category:
Tags: wimax | sha1

less

Transcript and Presenter's Notes

Title: WiMAX?????????????????


1
WiMAX?????????????????
The research and implementation of WiMAX security
subsystem over an embedded system
  • Speaker Yen-Jen Chen (???)
  • Advisor Dr. Kai-Wei Ke (??? ??)
  • Date 07/28/2008

1
2
Outline
  • Introduction
  • Overview of IEEE 802.16-2004 Security
  • Overview of IEEE 802.16e-2005 Security
  • IEEE 802.16-2004 Security Sublayer Implementation
  • System Architecture
  • Subsystem design
  • System flow
  • System over embedded system
  • System test
  • Conclusion and Future Work

2
3
MAC Privacy Sub-layer
  • Provides secure communication
  • Data encrypted with cipher clock chaining mode of
    DES
  • Prevents theft of service
  • SSs authenticated by BS using key management
    protocol

3
4
Security Architecture
4
5
Authentication
6
Key Derivation
7
Data Key Exchange
8
Data Encryption
9
Outline
  • Introduction
  • Overview of IEEE 802.16-2004 Security
  • Overview of IEEE 802.16e-2005 Security
  • IEEE 802.16-2004 Security Sublayer Implementation
  • System Architecture
  • Subsystem design
  • System flow
  • System over embedded system
  • System test
  • Conclusion and Future Work

9
10
Security Architecture
10
11
EAP authentication protocol
  • EAP is a authentication framework not a specially
    authentication mechanism
  • the four methods in 802.16e
  • RSA based authentication
  • One level EAP based authentication
  • Two level EAP based authentication
  • RSA based authentication followed by EAP
    authentication

11
12
EAP authentication protocol (Cont.)
  • RSA based
  • authentication
  • One level EAP
  • based
    authentication

12
13
EAP authentication protocol (Cont.)
  • Two level EAP
  • based authentication
  • RSA based
    authentication
  • followed by
    EAP

  • authentication

13
14
Key hierarchy in the 802.16e
14
15
Key hierarchy in the 802.16e
16
Outline
  • Introduction
  • Overview of IEEE 802.16-2004 Security
  • Overview of IEEE 802.16e-2005 Security
  • IEEE 802.16-2004 Security Sublayer Implementation
  • System Architecture
  • Subsystem design
  • System flow
  • System over embedded system
  • System test
  • Conclusion and Future Work

16
17
System Architecture
  • Data Privacy subsystem (DPS)
  • Get the data form different system
  • Verify the data if encrypt or decrypt
  • Dispatch the data to the subsystem
  • Authentication subsystem (AS)
  • Verify the certification
  • Add the relative information
  • Generate the AK (New one or Update old)
  • Key Management subsystem (KMS)
  • Save the information of the keys (TEK KEK
    HMAC-key etc.)
  • Use AK to Generate key (KEK HMAC-key)
  • Generate the TEKs (New one or Update old)

17
  • Data Privacy subsystem (DPS)
  • Get the data form different system
  • Verify the data if encrypt or decrypt
  • Dispatch the data to the subsystem
  • Authentication subsystem (AS)
  • Verify the certification
  • Add the relative information
  • Generate the AK (New one or Update old)
  • Key Management subsystem (KMS)
  • Save the information of the key (TEK KEK
    HMAC-keys etc.)
  • Use AK to Generate key (KEK HMAC-key)
  • Generate the TEK (New one or Update old)

18
Subsystem design (Data Privacy Subsystem)
  • Data Encryption Function
  • Get key from Key Management
  • subsystem
  • Get the security algorithm from
  • Security Suit Function
  • Data Decryption Function
  • Get key from Key Management subsystem
  • Get the security algorithms from Security Suit
    Function
  • Send the TEK relative information to key
    management subsystem
  • Send the certification to Authentication
    subsystem
  • Security Suit Function
  • Provide the different encrypt/decrypt algorithms
    and signature algorithm

18
  • Data Encryption Function
  • Get key from key management
  • subsystem
  • Get the security algorithm from
  • Security Suit Function
  • Data Decryption Function
  • Get key from key management subsystem
  • Get the security algorithms from Security Suit
    Function
  • Send the tek relative information to key
    management subsystem
  • Send the certification to Authentication
    subsystem
  • Security Suit Function
  • Provide the different encrypt/decrypt algorithms
    and signature algorithm

19
Subsystem design (Authentication Subsystem)
  • Content Checker function
  • Send the AK relative information to AK Checker
  • Send the Certification relative information to
    Certification Checker
  • Get AK back from AK Checker or Certification
    Checker
  • AK Checker function
  • Get AK relative information from Content Checker
  • Send AK generate message to AK Generator
  • Send AK back to Content Checker

19
  • Content Checker function
  • Send the AK relative information to AK Checker
  • Send the Certification relative information to
    Certification Checker
  • Get AK back from AK Checker or Certification
    Checker
  • AK Checker function
  • Get AK relative information from Content Checker
  • Send AK generate message to AK Generator
  • Send AK back to Content Checker

20
Subsystem design (Authentication Subsystem)
  • Certification Checker function
  • Get Certification from Content Checker
  • Send AK generate message to AK Generator
  • Send AK back to Content Checker
  • AK Generator function
  • Get AK generate message from AK Checker or
    Certification Checker
  • Send new AK to Key management subsystem, AK
    Checker ,Certification Checker
  • Certification Checker function
  • Get Certification from Content Checker
  • Send AK generate message to AK Generator
  • Send AK back to Content Checker
  • AK Generator function
  • Get AK generate message from AK Checker or
    Certification Checker
  • Send new AK to Key management subsystem, AK
    Checker ,Certification Checker

21
Subsystem design(Key management Subsystem)
  • Content Checker Function
  • Get key request or TEK relative information from
    DPS
  • Send key request to Key checker
  • Send TEK relative information to TEK Checker
  • Get new TEK or Request key info
  • Key Checker Function
  • Get key request message from Content Checker
  • Get request key from Key Pool
  • Send request key to Content Checker

21
  • Content Checker Function
  • Get key request or tek relative information from
    DPS
  • Send key request to Key checker
  • Send tek relative information to TEK Checker
  • Get new TEK or Request key info
  • Key Checker Function
  • Get key request message from Content Checker
  • Get request key from Key Pool
  • Send request key to Content Checker

22
Subsystem design(Key management Subsystem)
  • TEK Checker Function
  • Get TEK relative information from Content Checker
  • Send key generate message to Key Generator
  • Get new TEK form Key Generator
  • Key Generator Function
  • Get key generator message from TEK Checker
  • Get New AK info from AS
  • Key Pool Function
  • Get new key info form Key Generator
  • Send back the request key info
  • TEK Checker Function
  • Get TEK relative information from Content Checker
  • Send key generate message to Key Generator
  • Get new TEK form Key Generator
  • Key Generator Function
  • Get key generator message from TEK Checker
  • Get New AK info from AS
  • Key Pool Function
  • Get new key info form Key Generator
  • Send back the request key info

23
System flow (Uplink)
23
24
System flow (Downlink)
24
25
System over embedded system
25
26
System over embedded system
  • Central Controller Communication
  • Pros.
  • Easy to implement
  • Cons.
  • Need extra effort
  • Every sublayer do not
  • Know the existence of
  • others

26
27
System over embedded system
  • Layered Communication
  • Pros.
  • Easy to do cross sublayer
  • information exchange
  • Cons.
  • More complicated implementation

27
28
System over embedded system
  • Class Diagram
  • Data Generator Object
  • Application class
  • WiMAX Sublayer Object
  • CSInterface class
  • CommonPart class
  • C_Sec_Core class
  • Layer Controller Object
  • Ctrl_CSInterface class
  • Ctrl_CommonPart class
  • Ctrl_ C_Sec_Core class
  • Ctrl_Interface class
  • Network Object
  • Transmission class

28
29
System test
29
30
System test
  • 140.124.183.222 is the IP of SS
  • 140.124.183.221 is the IP of BS
  • 140.124.183.230 is the IP of relay node

31
System test
  • Test 1 and Test 2 show that
  • the system uses the different
  • encrypt/decrypt algorithm
  • (Exp 1)
  • After the Test 1 and Test 2 the
  • System Starts TEK key Request Procedure
  • (Exp 2)

32
System test
  • Test 3 and Test 4 show that the
  • system uses the second TEK
  • (Exp 3)
  • Test 5 shows that the system uses
  • the new TEK which got at Exp 2
  • (Exp 5)

33
Outline
  • Introduction
  • Overview of IEEE 802.16-2004 Security
  • Overview of IEEE 802.16e-2005 Security
  • IEEE 802.16-2004 Security Sublayer Implementation
  • System Architecture
  • Subsystem design
  • System flow
  • System over embedded system
  • System test
  • Conclusion and Future Work

33
34
Conclusion and future work
  • Authentication
  • X.509 certification exchange and verify
  • Provide AK generator
  • Update the AK before the lifetime end
  • Key Management
  • Manage the keys as KEK,TEK,HMAC keys
  • Provide the Key Generator
  • Keep the key fresh
  • Update the TEK before the lifetime end
  • Data privacy
  • Data encrypt/decrypt algorithms (DES-CBC
    ,AES-CCM)
  • Key encrypt/decrypt algorithms (3DES,AES-ECB)
  • Digest algorithms (HMAC-SHA1,HMAC-RSA)

35
Conclusion and future work
  • Provide the security sublayer modules of 802.16d
    and 802.16e and reserve authentication
    architecture of 802.16e over the embedded system
  • Integrate CS and CPS over embedded system
  • Add the authentication of 802.16e
  • Directly connect

35
36
Any Question?
Any
Questions
37
Thanks for your listening
You !
Thank
38
System test
  • Test1 and Test2 show that
  • the system uses the different
  • encrypt/decrypt algorithm (Step1)
  • Test3 and Test4 show that the
  • system uses the second TEK
  • Test5 shows that the system
  • use the new TEK which got at Step2
Write a Comment
User Comments (0)
About PowerShow.com