英语论文网

quest (BR) field shows the number of uplink bytes of bandwidth being requested. The CID field shows the connection for which the bandwidth request is being made. The HCS field is used to identify the errors in the header field (first 5 bytes).

2.9.2 Privacy sub-layer
The entire security of 802.16 lies in the privacy sub-layer. It provides access control and confidentiality of the data link. Following components are involved in the security of 802.16: Security Associations (SA), X.509 certificates, Privacy Key Management authorization protocol (PKM authorization), Privacy and Key Management (PKM).

Security Associations (SA)
Itmaintains the security state of every connection. 802.16 uses two SA, Data SA and Authorization SA. The data SA protects the communication among SSs and BS. When a new transport connection is created, SS begins a data SA with a create connectionrequest. Multiple CIDs may be served by a single data SA. When the SS joins the network, automatically a SA is assigned to it for the secondary management channel. Then each SS has either one SA for uplink and downlink transport connections together, or one SA for uplink transport connections and one for downlink transport connections. Also if there is a multicast group it requires a SA to share among group members.

The authorization SA is shared among a BS and a SS. The Authorization Key (AK) should be treated by BS and SS as a secret. BS uses the authorization SAs to configure the data SAs on the SS.

The X.509 Certificates
The X.509 Certificates are used to recognize the communicating parties. It comprises of the following fields:

X.509 certificate format version
Certificate serial number.
Certificate issuer's signature algorithm Public Key.
Cryptography Standard 1-that is, RSA encryption with SHA1 hashing.
Certificate issuer.
Certificate validity period.
Certificate subject or certificate holder's identity, (station's MAC address).
Subject's public key or certificate holder's public key.
Signature algorithm identifier
Issuer's signature
The standard operates with two certificate types: manufacturer certificates and SS certificates. The manufacturer of an 802.16 device is identified by Manufacturer certificates. It could either be issued by a third party or be self-signed. Single SS is identified by SS certificates and subject field contains MAC address of the SS. SS certificates are usually issued and signed by manufacturers. BS verifies the SS certificate by using manufacturer's public key.

The PKM Authorization Protocol
This protocol makes the BS to recognize SS. There are three steps in authorization protocol: two messages are sent from SS to BS and after that one message is sent from BS to SS.

Step 1: A message is sent by SS to BS, that includes a X.509 certificate recognizing SS's manufacturer. BS uses this message so as to make a decision if the particular SS is a trusted device.
Step 2: A second message is sent by SS without waiting for an answer from BS. The SS's X.509 certificate and its public key, the SSs security capabilities and its SAID (unique SA identifier) are contained in this second message. BS make use of X.509 certificates to know if the SS is authorized, and to reconstruct the replying message BS make use of SS's public key.
Step 3: Third