PKMv1协议研究

Research on PKMv1 Protocol

IEEE 802.16的安全子层采用了认证客户端/服务器密钥管理协议,在该协议中基站(即服务器)能够对分发给客户端SS的密钥进行控制。IEEE 802.16系列标准的安全性主要基于PKM协议。在初始授权密钥交换期间,BS使用基于数字证书的SS认证,来对客户端SS进行认证。PKM协议使用公钥密码技术来建立SS与BS之间的共享密钥,SS也使用PKM协议来支持周期性重认证和密钥更新。本文首先分析了PKMv1中安全子层的协议栈,然后给出了WiMAX安全关联的种类与内容,研究了WiMAX安全流程以及安全认证、密钥交换和数据加密等方案。最后,对PKMv1可能存在的安全威胁进行了详细的介绍。

The security sub-layer of IEEE 802.16 employs an authenticated client/server key management protocol in which the BS, the server, controls the distribufon of keying material to the client SS. Security is then based on the PKM protocol. The BS authenticates a client SS during the initial authorization exchange using digital certificate based SS authentication. The PKM protocol uses public key cryptography to establish a shared secret between the SS and the BS. The SS also uses the PKM protocol to support periodic reanthorization and key refi＇esh. This paper analyzes the protocol stack of the security sublayer in PKMvl, gives the category and content of WiMAX security association, researches on WiMAX security procedure and the scheme of security authentication, key exchange, data encryption. In conclusion, we describe the possible threats in PKMvl protocol in detail.