PKM’s authentication protocol establishes a shared secret, called authorisation key, between the subscriber station and base station. The shared secret is then used to secure subsequent PKM exchanges of trafficencryption keys. This two-tiered mechanism for key distribution permits refreshing of trafficencryption keys without incurring the overhead of computation-intensive operations.
The authorisation key is derived by the base station and subscriber station from the pre-authorisation key (in case of RSA-based authorisation procedure) and/or the PMK (in case of extensible authentication protocol-based authorisation procedure). The exclusive-or (XOR) value of primary authorisation key and pairwise master key is mainly used to generate the authorisation key. The Dot16KDF algorithm is used for authorisation key derivation.
The base station authenticates a client subscriber station during the initial authorisation exchange. Each subscriber station presents its credentials, which is a unique X.509 digital certificateissued by the subscriber station’s manufacturer (in case of RSA authentication) or an operator-specified credential (in case o EAP-based authentication).
The base station associates the subscriber station’s authenticated identity to a paying subscriber and hence to the data services that the subscriber is authorised to access. Thus, with the authorisation key exchange, the base station determines the authenticated identity of a client subscriber station and the services (i.e., specifictrafficencryption keys) the subscriber station is authorised to access. Since the base station authenticates the subscriber station, it may protect against an attacker employing a cloned subscriber station masquerading as a legitimate subscriber.
Privacy key management RSA authentication. The PKM RSA authentication protocol uses X.509 digital certifcates—the RSA public key encryption algorithm that binds public RSA encryption keys to MAC addresses of subscriber stations. The digital certificat contains the subscriber station’s public key and MAC address. When requesting an authentication key, a subscriber station presents its digital certificateto the base station. The base station verifies the digital certificateand then uses the verifiedpublic key to encrypt an authentication key, which the base station then sends back to the requesting subscriber station (refer Fig. 3).
All subscriber stations using RSA authentication have factory-installed RSA private/public key pairs or provide an internal algorithm to generate such key pairs dynamically. If a subscriber station relies on an internal algorithm to generate its RSA key pair, it generates the key pair prior to its firstauthorisation key exchange. All subscriber stations with factory-installed RSA key pairs also have factory-installed X.509 certificates.
PKM extensible authentication protocol authentication. This authentication uses extensible authentication protocol (EAP) in conjunction with an operator-selected EAP method (e.g., EAP-transport layer security (TLS) or EAP-tunnelled TLS with Microsoft challenge handshake authentication protocol version 2 (TTLS MS-CHAPv2)). The method uses a particular kind of credential—X.509 certificate in case of EAP-TLS, o a subscriber identity module in case of EAP-SIM (refer Fig. 4).
EAP authentication provides dynamic encryption keys to wireless users. These are more secure than static encryption keys. If an intruder passively receives enough packets encrypted by the same encryption key, he can perform a calculation to learn the key and use it to join a network. Because dynamic encryption keys change frequently, these prevent intruders from performing the calculation and learning the key.
After successful EAP-based authorisation, if the subscriber station or base station negotiates authorisation policy as ‘authenticated EAP after EAP’ mode, the authenticated EAP messages carries the second EAP message. It cryptographically binds previous and following EAP authentication sessions, while protecting second EAP messages. In order to prevent ‘man-in-the-middle attack,’ the firstand second EAP methods should fulfil the mandatory criteria.
During re-authentication, the EAP transfer messages are protected with a hashed message authentication code or cipher message authentication code protocol. The base station and subscriber station discard unprotected EAP transfer messages or EAP transfer messages with invalid hashed message authentication code or cipher message authentication code digests during re-authentication.
Message authentication code keys are used to sign management messages in order to validate the authenticity of these messages. The message authentication code to be used is negotiated at a subscriber station’s basic capabilities negotiation request. There are different keys for uplink and downlink messages. For a multicast message (in down-link only) and for a unicast message, a different message authentication key is generated. In general, message authentication keys used to generate the cipher message authentication code value and the hashed message authentication code-digest are derived from the authorisation key.
Cryptographic method of data encryption
Encryption services are defined as a se of capabilities within the MAC security sub-layer. Encryption information is allocated in the generic MAC header format and applied to the MAC packet data unit payload when required by the selected ciphersuite while the generic MAC header is not encrypted.