A comparison of wi-fi and wimax with case studies - Florida State ...
A comparison of wi-fi and wimax with case studies - Florida State ...
A comparison of wi-fi and wimax with case studies - Florida State ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Best-effort service (BE)<br />
This scheme is used only for service that does not require strict QoS, such as web browsing.<br />
The MS uses merely contention-based polling opportunities to request b<strong>and</strong><strong>wi</strong>dth <strong>and</strong> sends data<br />
whenever channels are available.<br />
4.3.1.2.4. Security<br />
4.3.1.2.4.1. Overview<br />
The security <strong>of</strong> IEEE 802.16 is called the privacy sublayer at the bottom <strong>of</strong> the MAC layer.<br />
It is mainly used to provide access control <strong>and</strong> con<strong>fi</strong>dentiality <strong>of</strong> the data link. The con<strong>fi</strong>guration<br />
<strong>of</strong> the IEEE 802.16 security has <strong>fi</strong>ve components <strong>and</strong> <strong>wi</strong>ll be introduced in the follo<strong>wi</strong>ng.<br />
[50][52][115] – [119]<br />
Security Associations (SA)<br />
This component is mainly concerned about connection. IEEE 802.16 has two types <strong>of</strong> SA;<br />
data SA <strong>and</strong> authorization SA. Only data SA has a clear de<strong>fi</strong>nition. The data SA is used to<br />
protect transmit connections between SS (Subscriber Station) <strong>and</strong> BS (Base Station).<br />
The authorization SA is a state which is shared between two particular SS <strong>and</strong> BS. The BS<br />
uses authorization SAs to con<strong>fi</strong>gure data SAs on the SS.[52]<br />
For securing a transmit connection, a SS <strong>fi</strong>rst uses a “create-connection” request to initiate a<br />
data SA. The st<strong>and</strong>ard <strong>wi</strong>ll let several connection IPs share a SA to support multicast. On<br />
network entry, the st<strong>and</strong>ard automatically establishes a SA for the secondary management<br />
channel. Thus, a SS may have two or three SAs, one for the secondary management channel,<br />
others for uplink <strong>and</strong> downlink connections. Each multicast group requires a SA to share <strong>wi</strong>th<br />
group members.<br />
X.509 certi<strong>fi</strong>cate pr<strong>of</strong>ile<br />
This is used to identify communication parities <strong>and</strong> 802.16 does not de<strong>fi</strong>ne its extensions.<br />
This st<strong>and</strong>ard de<strong>fi</strong>nes two types: manufacturer certi<strong>fi</strong>cates <strong>and</strong> SS certi<strong>fi</strong>cates. There are no<br />
certi<strong>fi</strong>cates <strong>of</strong> BS. A manufacturer certi<strong>fi</strong>cate is used to identify the manufacturer <strong>of</strong> an IEEE<br />
802.16 device. It can be self-signed or issued by a third party. An SS certi<strong>fi</strong>cate can identify a<br />
particular SS <strong>and</strong> also its MAC address. The SS certi<strong>fi</strong>cates are created <strong>and</strong> signed by<br />
manufacturers.<br />
The BS uses the manufacturer certi<strong>fi</strong>cate’s public key to con<strong>fi</strong>rm the SS certi<strong>fi</strong>cate <strong>and</strong> also<br />
verify the device. The SS must take care <strong>of</strong> the private key corresponding to its public key to<br />
prevent intrusion from attackers.<br />
49