**2.1. Protocol stack**

The protocol stack of IEEE 802.16 standard consists of two main layers: Medium Access Control (MAC) layer and Physical (PHY) layer [2]. The MAC layer is subdivided into three sub-layers [7], namely it (CS), Common Part Sub-layer (CPS) and Security Sub-layer (SS) as shown in Figure 1.

**2.2. Security sub-layer**

**Figure 2.** Security sub-layer architecture [3]

Key (KEK) are obtained from the MSK.

version of PKMv1.

The architecture of security sub-layer is shown in Figure 2. As mentioned previously, the security sub-layer provides security services for the standard, and it has been made based on two main components; an encapsulation protocol and a key management protocol [3]. The encapsulation protocol introduces the encryption and authentication methods as cryptograph‐

> Authorisation/SA control

PKM control Management

Initially, WiMAX security was introduced in the security sub-layer of IEEE 802.16 standard [1]. After releasing the initial versions of the IEEE 802.16 standard, a number of articles such as in [8-10] criticized the security weaknesses of the standard, after which some security improve‐ ments were added in IEEE 802.16e [3] and IEEE 802.16m [11]. The security functions regarding key managements have been addressed by PKM protocol. In IEEE 802.16d [4], the key management is based on PKMv1 while IEEE 802.16e uses PKMv2, which is an enhanced

Generally, PKM protocol is responsible for authorization, authentication, key exchange and data encryption in the networks between the MSs and BS. In the subsequent sections, we focus our attention on PKMv2, because it is stronger than PKMv1 in terms of security. Recently, the PKMv3 [11] was launched with IEEE 802.16m standard, however, since this protocol is still new and only a few works are being done on it, it is not discussed further in this chapter.

The PKMv2 is used by MSs to get authorization and security keys from the BS, and also to guarantee continuous and uninterrupted re-authorization/re-authentication and refreshing of the security keys. The PKMv2 applies EAP protocol together with RSA algorithm or a mixed function starting with RSA followed by EAP. As shown in Figure 3, in EAP of PKMv2, the root of the security keys is Master Session Key (MSK), and the other keys such as Key Encryption

The procedure of security keys generation using the EAP method is shown in Figure 3. In this Figure, the result of EAP authentication protocol is MSK. Then both the MS and BS make a Pairwise Master Key (PMK) by removing some bits of the MSK using a number of functions such as Dot16KDF [12], and also they generate an Authorization Key (AK) from the PMK. After making the AK, the BS and MS will establish the Key Encryption Key (KEK) from the AK. The BS and MS use a 3-way handshake to drive Traffic Encryption Key (TEK) which is used to encrypt data in the network between the BS and MSs. The Multicast Broadcast Service (MBS)

Control message

 processing Message authentication processing PHY SAP

EAP encapsulation/ decapsulation

Key Management in Mobile WiMAX Networks

http://dx.doi.org/10.5772/56154

131

ic suites which is a pair of encryption and authentication algorithms.

Traffic data encryption/ authentication

processing

RSA-based authentication

The service specific convergence sub-layer communicates with higher layers and receives packets from them and then do some specific functions like packet/frame classification and header suppression. Next, it encapsulates these packets into MAC Service Data Unit (MAC SDU) format, and then distributes MAC SDUs to common part sub-layer. Asynchronous Transfer Mode (ATM) convergence and packet convergence sub-layers are two types of service specific convergence sub-layer. The ATM convergence sub-layer is used for ATM networks, and the packet convergence sub-layer is used for packet services like Ethernet, IPv4 and IPv6.

**Figure 1.** Protocol stack of IEEE 802.16 [2]

The main part of the IEEE 802.16 standard is common part sub-layer which is responsible for bandwidth allocation, connection management, scheduling, connection control, automatic repeat request and QoS enforcement.

The security sub-layer is responsible for providing authentication, authorization and secured key exchange. It is also used for encryption and decryption of data from the MAC layer to PHY layer and vice versa. Two main protocols of security sub-layer are [3]:


The PHY layer receives MAC frames and then transmits them through coding and modulation of radio frequency signals. It supports Frequency Division Duplexing (FDD) and Time Division Multiplexing (TDM).
