26
802.16 PKM 協協 • PKM 協協協協協協協協 協協協 協協協協協 、、 ( 協協 協協協 協協協協協協 、、 協) , MS/SS 協協 PKM 協協協協 BS 協協協 協協協 , BS 協協協協協協協協協 協協。 MS/SS 協 BS 協協協 PKM 協協協協協協協協協協協協協協協協協協協協。 • PKM 協協協協 協協協協協協 協協協協協 : (Authorization state machine) 協協協協協協: TEK 協協協 (TEK state machine) • 協協協協協協 TEK 協協協協協協協協協協 TEK 協協協協協協協協協協協協 協協協協協 協 協協協協協協 協協協 。一()( TEK 協協協), 協協協協協協協協協協協協協 TEK 協協 協協協協協協協協協協 , AK 協 協協 , TEK 協 協協協協協協協協協 協協協協協協協 ,。
802.16 PKM 協定
-
Upload
bruno
-
View
41
-
Download
5
Embed Size (px)
DESCRIPTION
802.16 PKM 協定. PKM 協定提供憑證交換、認證、密鑰的管理 ( 產生、傳遞、生命週期參數等 ) , MS/SS 透過 PKM 協定通過 BS 的授權,同時從 BS 取得密鑰和加密相關資料。 MS/SS 和 BS 也利用 PKM 協定進行週期性重新授權以及密鑰更新的動作。 PKM 協定包含 授權訊息交換:授權狀態機 (Authorization state machine) 金鑰訊息交換: TEK 狀態機 (TEK state machine) 授權狀態機與 TEK 狀態機之間有主從關係 - PowerPoint PPT Presentation
Citation preview
-
802.16 PKMPKM()MS/SSPKMBSBSMS/SSBSPKMPKM (Authorization state
machine) TEK(TEK state machine)TEKTEKTEKTEKAKTEK
-
802.16
PKM802.16dPKMv1RSA(BS)(SS)802.16ePKMv2RSAEAP(BS)(MS)(Mutual
Authenication)
-
802.16 PKMPKMv1(BS)(SS) PKMv2Single EAP Double EAP EAPEAP
EAP-TLSEAP-TTLSEAP-SIMEAP-AKA..(AK-transfer)
-
PKM RSA/EAP PKMv1RSAPKMv2RSAEAPPKM RSA/EAP PKM
RSAX.509X.509(Public Key)MAC()RSA
-
PKM RSA/EAP PKM EAP PKM EAPIETF RFC
3748(ExtensibleAuthentication Protocol
)EAP()802.16eEAPEAPEAPEAP-TLSX.509
-
PKMv1 :1. AKKEKHMAC-digest2. KEK()BSSSTEKTEK3.
HMAC-digest()SHABSSSAKSSBS
-
PKMv1 PKMv1:1. SSBSSS2. SSBSBSSS3. BSAKSSAKSS4.
SSAKSAIDTEKTEKTEK5. BSBSTEK(TEKTEK1TEK)KEKTEKAKSAIDTEKDES CBC
mode64bits CBC-IV(Key Reply)SS
-
a.AKAK b.SS(SAID) c.PKM(TimerKey)KeyP.S.
SSBSAKAKSSSAIDTEKBSTEKSSTEKBSTEK
-
AKAKSSAK(Grace Time)BSAKSSAKBSSSKey RequestAKSSAKHMAC-digest1
:SSAKKey RequestHMAC-digestBSAKKey RequestAKKEKKEY
ReplyHMAC-digest2:SSAKKey RequestHMAC-digestBSSSAKBSAKKey
RequestAKKEKKEY ReplyHMAC-digest
-
BSSSAK
-
TEKTEK3012BSTEK 1. BSTEKGeneric MAC Headerencryption key
sequenceSSTEK 2. BSTEKTEKSSTEK1. SSTEKGenericMAC Headerencryption
key sequenceBSTEK2. SSTEKTEK
-
BSSSAK
-
SAID : SSBSID ,SAIDBSTEKTEKTEK1TEKPKMv1(Authorization
KeyAK)PKMv2 pre-PAK(Primary Authorization Key)
-
PKMv2 PMKv2RSAEAPPKMv1BSSSPKMv2PKMv2
RSASSBS802.16e(Device)(Subscriber)PKMv2 EAPAAAPKMv2PKMv2TEK
-
RSASSBSEAPPKMv21. BSSS2. SSBS3. BSAKAKSSAK(Key Encryption
KeyKEK)(HMAC-digest)4. BSSASAIDSS
-
RSASigSS(SigBS)SS(BS)RSA
-
RSA1. SSBS(SSX.509)2. SSPKMv2
RSA-RequestBSSS(MS_Random)SSX.509SSPrimary SAID3. BSPKMv2
RSA-RequestSSPKMv2 RSA-Request(SigSS)PKMv2
RSA-ReplySSMS_RandomPKMv2
RSA-RequestMS_RandomBS(BS_Random)SSpre-PAK(Primary Authorization
Key) PAKPAKpre-PAKAKKEKMACEIKBSX.509BSSigBS4. SSPKMv2
RSA-ReplyBSPKMv2
RSA-Reply(SigBS)BS3SA-TEKAK3SA-TEKSSBSpre-PAKAKKEKHMACCMAC5.
TEK
-
EAP EAPMS(Supplicant)BSEAP(Authenticator) AAA clientEAPRADIUSAAA
EAPMSAAA IEEEMSBSPKMBSAuthenticatorAuthenticatorAAAWiMAX
EAPEAP(CSN)EAP(Double EAP)Authenticated-EAPafter-EAP
-
EAPMS(Supplicant)BSEAP(Authenticator)AAA
clientEAPRADIUSAAAEAPMSAAAIEEEMSBSPKMBSAuthenticatorAuthenticatorAAAWiMAXEAPEAP(CSN)EAP(Double
EAP)Authenticated-EAPafter-EAP
-
EAP1. MSBSSBCPKMv1PKMv2MACPKMv2EAPEAP2. MSPKMv2 EAP startBSEAP3.
MSAAAEAPBSMSBSEAPPKMv2 EAP TransferAKPKMv2 EAP TransferCMAC
digest
-
EAP4. 3 EAPBSEAP-SuccessPKMv2 EAP CompleteMSMSPKMv2
Authenticated EAPstart5. MSPKMv2 EAP CompleteMSAAAEAPMSK
EAPAAAMSK(BS) MSMSKPMKEAP Integrity Key(EIK)
-
EAP6. MSPKMv2 EAP CompletePKMv2 Authenticated EAPstartEAP CMAC
digest CMAC_KEY_*EAPEIK BSPKMv2 Authenticated EAP
startCMAC_KEY_*BSEAP
-
EAP7. MSAAAEAPBSMSBSEAPPKMv2 Authenticated EAP TransferCMAC8. 7
EAPBSEAP-SuccessPKMv2 Authenticated EAP CompleteMSEAP9.
EAPMSAAAEAPMSK2AAAMSK2(BS)MS(BS)MSK2PMK2MS(BS)PMKPMK2AK
-
EAP10. ~12.MSBS3SA-TEKAK13. ~14.MSBSTEK
MSBSPMKPMK2EAPPKMv2EAPAK
