Security in IEEE 802.16-2009
The IEEE 802.16-2009 security sublayer is shown in Figure 8.1. In essence, the security sublayer provides for two functionalities: encapsulation and key management. Encapsulation is achieved through a set of defined cryptographic suites that match data encryption techniques to authentication algorithms. Key management refers to how encryption and authentication keys are exchanged and updated during a connection's lifetime.
The standard describes the components of the security sublayer as follows:
- PKM Control Management: Controls all security components.
- Traffic Data Encryption/Authentication Processing: Encrypts/Decrypts traffic and relevant authentication functions.
- Control Message Processing: Process various PKM-related MAC messages.
- Message Authentication Process: Executes message authentication function.
- RSA-based Authentication: Performs RSA-based authentication function using the SS's X.509 digital certification and the BS's X.509 digital certification. This stack is only engaged when RSA is selected as the authorization policy between an SS and a BS.
- EAP Encapsulation/Decapsulation: Provides interface with the EAP layer, when EAP-based authorization or the authentication EAP-based authorization is selected as an authorization policy between an SS and a BS.
- Authorization/SA Control: This stack controls the authorization state machine and the traffic encryption key state machine.
- EAP and EAP Method Protocol: Dependant on the usage of the upper ...