Filter
Top Products
Appendix A WiMAX Security
WiMAX Device Configuration User’s Guide
209
• Authorization request and reply
The MS/SS presents its public certificate to the base station. The base station verifies the
certificate and sends an authentication key (AK) to the MS/SS.
• Key request and reply
The MS/SS requests a transport encryption key (TEK) which the base station generates and
encrypts using the authentication key.
•Encrypted traffic
The MS/SS decrypts the TEK (using the authentication key). Both stations can now securely
encrypt and decrypt the data flow.
CCMP
All traffic in a WiMAX network is encrypted using CCMP (Counter Mode with Cipher Block Chaining
Message Authentication Protocol). CCMP is based on the 128-bit Advanced Encryption Standard
(AES) algorithm.
‘Counter mode’ refers to the encryption of each block of plain text with an arbitrary number, known
as the counter. This number changes each time a block of plain text is encrypted. Counter mode
avoids the security weakness of repeated identical blocks of encrypted text that makes encrypted
data vulnerable to pattern-spotting.
‘Cipher Block Chaining Message Authentication’ (also known as CBC-MAC) ensures message
integrity by encrypting each block of plain text in such a way that its encryption is dependent on the
block before it. This series of ‘chained’ blocks creates a message authentication code (MAC or
CMAC) that ensures the encrypted data has not been tampered with.
Authentication
The WiMAX Device supports EAP-TTLS authentication.
EAP-TTLS (Tunneled Transport Layer Service)
EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-
side authentications to establish a secure connection (with EAP-TLS digital certifications are needed
by both the server and the wireless clients for mutual authentication). Client authentication is then
done by sending username and password through the secure connection, thus client identity is
protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication
methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.