摘要
无线城域网(WMAN)面临着各种安全威胁,其规范IEEE802.16中定义了保密子层实现认证、密钥协商与数据保密。早期规范中的认证与密钥管理协议为保密密钥,管理(PKM),数据保密机制包含基于DES-CBC和AES-CCM的两个解决方案。PKM协议存在单向认证、PKI部署困难、无法实现基于用户的认证、缺乏组播密钥协商等缺陷。DES-CBC加密方案也有算法脆弱性、缺乏完整性保护、无抗重放保护等不足。最新的移动性规范IEEE802.16e中引入了灵活的EAP认证框架,消除旧的PMK协议的缺陷,并可满足移动性带来的新安全需求。
Wireless Metropolitan Area Network (WMAN) is faced with some security risks. Privacy sub-layer is defined in IEEE 802.16 to achieve identity authentication, key management and data protection. In earlier version, authentication and key management protocol is called Privacy Key Management (PKM); and data protection protocols include two solutions based on DES-CBC and AES-CCM. However, there are some flaws in PKM protocol, e.g. one-way authentication, PKI employment difficulty, lack of authentication scheme based on subscriber, having no group key management, etc. DES-CBC based data protection solution also has some drawbacks such as algorithm vulnerability, running short of integrity protection and replay attack prevention. In the updated version 802.16e, EAP (Extensible Authentication Protocol) authentication scheme is introduced for its flexibility. EAP framework can eliminate shortcomings of PKM and meets new requirements of mobility.
出处
《电子科技》
2005年第5期9-12,共4页
Electronic Science and Technology
基金
863计划资助(2002AA121051)
