Filter
Top Products
WiMAX Device Configuration User’s Guide 207
APPENDIX A
WiMAX Security
Wireless security is vital to protect your wireless communications. Without it, information
transmitted over the wireless network would be accessible to any networking device within range.
User Authentication and Data Encryption
The WiMAX (IEEE 802.16) standard employs user authentication and encryption to ensure secured
communication at all times.
User authentication is the process of confirming a user’s identity and level of authorization. Data
encryption is the process of encoding information so that it cannot be read by anyone who does not
know the code.
WiMAX uses PKMv2 (Privacy Key Management version 2) for authentication, and CCMP (Counter
Mode with Cipher Block Chaining Message Authentication Protocol) for data encryption.
WiMAX supports EAP (Extensible Authentication Protocol, RFC 2486) which allows additional
authentication methods to be deployed with no changes to the base station or the mobile or
subscriber stations.
PKMv2
PKMv2 is a procedure that allows authentication of a mobile or subscriber station and negotiation of
a public key to encrypt traffic between the MS/SS and the base station. PKMv2 uses standard EAP
methods such as Transport Layer Security (EAP-TLS) or Tunneled TLS (EAP-TTLS) for secure
communication.
In cryptography, a ‘key’ is a piece of information, typically a string of random numbers and letters,
that can be used to ‘lock’ (encrypt) or ‘unlock’ (decrypt) a message. Public key encryption uses key
pairs, which consist of a public (freely available) key and a private (secret) key. The public key is
used for encryption and the private key is used for decryption. You can decrypt a message only if
you have the private key. Public key certificates (or ‘digital IDs’) allow users to verify each other’s
identity.
RADIUS
RADIUS is based on a client-server model that supports authentication, authorization and
accounting. The base station is the client and the server is the RADIUS server. The RADIUS server
handles the following tasks:
• Authentication
Determines the identity of the users.