Security in IEEE 802.16m
Several changes and enhancements are introduced in the amendment for IEEE 802.16m. Figure 8.2 shows the counterpart for the security sublayer in .16m, called the Security Architecture.
Within the AMS and the ABS security architecture, there are two logical entites: the security management entity and the encryption and integrity entity.
The security management entity functions include:
- Overall security management and control;
- EAP encapsulation/decapsulation for authentication;
- Privacy Key Management (PKM) control (e.g., key generation/derviation/distribution, key state management);
- Authentication and Security Association (SA) control; and
- Location Privacy.
Figure 8.2 Security Architecture in 16m. Reproduced by permission of © 2009 IEEE.
The encryption and integrity protection entity functions include:
- Transport data encryption/authentication processing;
- Management message authentication processing; and
- Management message confidentiality protection.
However, certain noteworthy changes and enhancements are described below.
- All authentications between AMS and ABS take place in EAP;
- Only unicast static SAs are supported;
- Station IDs are introduced whereby a station's MAC can be made private;
- The introduction of Null SAIDs to accommodate mixed (secure/nonsecure) flow mixes;
- Mapping multiplexed payloads onto SAs;
- The possibility of encrypting MAC control message ...