The MAC Sublayer also contains a separate Security Sublayer (Figure 3.2) providing authentication, secure key exchange, encryption and integrity control across the BWA system. The two main topics of a data network security are data encryption and authentication. Algorithms realising these objectives should prevent all known security attacks whose objectives may be denial of service, theft of service, etc.
In the 802.16 standard, encrypting connections between the SS and the BS is made with a data encryption protocol applied for both ways. This protocol defines a set of supported cryptographic suites, i.e. pairings of data encryption and authentication algorithms. An encapsulation protocol is used for encrypting data packets across the BWA. This protocol defines a set of supported cryptographic suites, i.e. pairings of data encryption and authentication algorithms. The rules for applying those algorithms to an MAC PDU payload are also given.
An authentication protocol, the Privacy Key Management (PKM) protocol is used to provide the secure distribution of keying data from the BS to the SS. Through this secure key exchange, due to the key management protocol the SS and the BS synchronize keying data. The basic privacy mechanisms are strengthened by adding digital-certificate-based SS authentication to the key management protocol. In addition, the BS uses the PKM protocol to guarantee conditional access to network services. The 802.16e amendment defined PKMv2 which has the same framework as PKM, re-entitled PKMvl, with some additions such as new encryption algorithms, mutual authentication between the SS and the BS, support for a handover and a new integrity control algorithm.
WiMAX security procedures are described in Chapter 15.