Manualshelf

User's Manual

ManualsBrandsSamsung Electronics ManualsElectronicsMobile WiMAX Outdoor RAS
81828384858687888990
Mobile WiMAX RAS SPI-2213 System Description/Ed.02
© SAMSUNG Electronics Co., Ltd. 4-5
Classification Description
(0)~(2) When the ACR receives MS_PreAttachment_Req_Ack for SBC-RSP from the
RAS, the ACR includes the EAP Request/Identity payload in the AuthRelay-EAP-
Transfer message and transmits the message to the RAS to start the EAP
authentication. The RAS relays the received EAP payload to the MS by using the
PKMv2 EAP-Transfer/PKM-RSP message.
(3)~(5) The MS sends the RAS a PKMv2 EAP-Transfer/PKM-REQ message with the
NAI included in the EAP Response/Identity. The RAS relays it to the ACR using
the AuthRelay-EAP-Transfer message. The authenticator of the ACR then
analyzes the NAI and sends the MS the Diameter DEAP Request (DER)
message (when the Diameter protocol is used) or the Access Request message
(when the RADIUS protocol is used).
(6)~(11) The subscriber authentication procedure is performed between the MS and AAA
server using the EAP-method. The authentication procedure is performed using
the Diameter EAP Request (DER)/Diameter EAP Answer (DEA) message (when
the Diameter protocol is used) or the Access-Challenge/Access-Request
message (when the RADIUS protocol is used).
(12)~(16) When the authentication is successfully completed, the ACR receives the Master
Session Key (MSK) that is the upper key to provide security and provisioned
policy information per subscriber from the AAA server using the Diameter EAP
Answer (DEA) message (when the Diameter protocol is used) or the Access-
Accept message (when the RADIUS protocol is used). The ACR generates the
AK from the MSK and sends the RAS a Key_Change_Directive message
including the generated AK Context information and Security Association (SA)
information for the MS. In addition, the RAS relays the EAP Success information
to the MS using the PKMv2-EAP-Transfer message.
(17)~(19) After the EAP authentication, the RAS verifies the AK key value which it has with
MS, and transmits the SA-TEK-Challenge message to the MS to notify the start
of the SA negotiation, and the MS verifies the CMAC of the SA-TEK-Challenge
message, checks the AK key value, and transmits the SA negotiation information
to the RAS by using SA-TEK-Request. The RAS transmits SA-TEK-Response
including the AKID and the SA Descriptor which is the final result of the SA
negotiation to the MS.
(20)~(21) The MS requests the Traffic Encryption Key (TEK) to the RAS by using PKMv2
Key-Request, and the RAS creates the TEK randomly and transmits it to the MS
by using the PKMv2 Key-Reply message. Then, the TEK is transmitted by being
encrypted via the Key Encryption Key (KEK).
Keys and Functions
The functions of the keys are as follows.
- MSK: creates the AK
- AK: creates the CMAC key
- KEK: encrypts the TEK
- CMAC key: provides integrity for the MAC management message
- TEK: encrypts traffics in wireless sections