METHODS AND DEVICES FOR ESTABLISHING SECURITY ASSOCIATIONS IN COMMUNICATIONS SYSTEMS
A method of providing secure communications between a base station, a relay station, and a mobile station in a communication network includes authenticating the mobile station over the communication network; generating, by the base station, security material, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK); transmitting, by the base station, the security material to the mobile station; and transmitting, by the base station, the security material to the relay station.
Latest Patents:
This application claims the benefit of priority of U.S. Provisional Application No. 60/969,773, filed Sep. 4, 2007; U.S. Provisional Application No. 60/981,767, filed Oct. 22, 2007; and U.S. Provisional Application No. 60/985,538, filed Nov. 5, 2007, all of which are incorporated by reference herein in their entirety for any purpose.
TECHNICAL FIELDThe present disclosure relates to the field of communications and, more particularly, to systems and methods for establishing security associations in a communication system.
BACKGROUNDConventional wireless network environments connect mobile electronic devices to a service provider. More specifically, WiMAX (Worldwide Interoperability for Microwave Access) network environments connect a client device, through intermediate connections, to, for example, the Internet. WiMAX is a wireless networking technology that provides communication to wireless devices over significant distances. Authentication and reauthentication delays, however, can slow communication with the client device and decrease the efficiency of a WiMAX environment.
In
In the conventional WiMAX environment, such as that shown in
Authentication protocol standards have been created to standardize advance authentication techniques. These standardized protocols may include, for example, IEEE 802.1X authentication, extensible authentication protocol (EAP) method for global system for mobile communications (GSM) subscriber identity (EAP-SIM) and extensible authentication protocol method for universal mobile telecommunications systems (UMTS) authentication and key agreement (EAP-AKA) and/or a combination of the extensible authentication protocol (EAP) and the remote authentication dial in user service (RADIUS) protocol. In addition, standardized handshake protocols, such as security association signaling protocols, e.g., security association and traffic encryption key (SA-TEK) 3-way handshakes, and traffic encryption key (TEK) 3-way handshakes may be used to establish security associations over a communication link.
In IEEE 802.16d/802.16e WiMAX wireless communication systems, these standardized techniques are performed between a base station and a mobile station. Each standardized authentication technique requires multiple transmissions, which consume authentication time and processing overhead.
In the first step of initialization process 200, mobile station 120 is wirelessly connected to base station 111 through the link up process 202 which includes, for example, a ranging request and a ranging response. Mobile station 120 must then go through a multi-step process of authentication such as IEEE 802.1X full authentication 206 with AAA server 104 through gateway 106. Then AAA server 104 computes a master session key (MSK) 208 for mobile station 120 and transfers MSK 208 to gateway 106, which stores MSK 208 in its cache. The product of authentication through, for example, the EAP method or other authentication method is the transfer of MSK 208, which is known to AAA server 104, gateway 106, and mobile station 120. Gateway 106 will generate a pairwise master key (PMK) 210 and an authentication key (AK) 212 for mobile station 120, and transfer AK 212 to base station 111.
Mobile station 120 may also independently hold and store MSK 208 in its memory and may generate AK 212. Then base station 111 may perform the SA-TEK 3-way handshake procedure 214 to confirm that the AK held by mobile station 120 is the same AK 212 held by base station 111. Using AK 212, commonly held by base station 111 and mobile station 120, base station 111 and mobile station 120 may both respectively calculate a common message authentication code key (MACK) 224 and a common key encryption key (KEK) 220. MACK 224 may identify an authenticated message generated by mobile station 120 and base station 111. KEK 220 may protect transmission of traffic encryption keys from base station 120 to mobile station 111. Base station 110 and mobile station 120 may perform SA-TEK 3 way handshake procedure 214 using MACK 224 to authenticate each other. When SA-TEK 3-way handshake procedure 214 has been successfully completed, the base station 110 may generate a traffic encryption key (TEK) 222 and then carry out a TEK 3-way handshake procedure 216 with KEK 220 to establish security association with the mobile station 120. TEK 222 is typically randomly generated by the base station 111 and is used to encrypt data transmitted between mobile station 120 and base station 111 after mobile station 120 has been authenticated and authorized to access the network. SA-TEK 3-way handshake 214 and TEK 3-way handshake 216 are well-known in the art and will not be discussed further.
In initialization process 200 for use in IEEE 802.16d and 802.16e WiMAX wireless communication systems as shown in
Referring again to
One solution to avoid or reduce coverage gaps is to provide more base stations, but this solution can be costly. Alternatively, a network may avoid or reduce coverage gaps and/or extend its network coverage by using relay stations (RSs), such as those implementing the concept of multi-hop relaying (MR) as set forth in IEEE 802.16j. Base stations communicate with these relay stations, which boost and relay signals to and from mobile stations and base stations, but otherwise are not involved in authentication and/or establishing security associations.
Four base stations 310-313 are shown in
In some applications, the use of relay stations may increase the need for station-to-station (base/relay) handoffs and may require increased processing overhead for such handoffs due to the limited coverage areas of each relay station (including mobile relay stations). In addition, when secure communications are involved, the handoff process from one base/relay station to another base/relay station may require additional overhead and reduce efficiency, bandwidth, or quality of the communication connection.
The disclosed embodiments are directed to overcoming one or more of the problems set forth above.
SUMMARY OF THE INVENTIONIn one aspect, the present disclosure is directed to a method of providing secure communications between a base station, a relay station, and a mobile station in a communication network. The method authenticates the mobile station over the communication network, and generates, by the base station, security material, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK). The method also transmits, by the base station, the security material to the mobile station. In addition, the method transmits, by the base station, the security material to the relay station.
In another aspect, the present disclosure is directed to a base station for providing secure communications in a communication network. The base station includes at least one memory to store data and instructions, and at least one processor configured to access the memory. The at least one processor is configured to, when executing the instructions, authenticate a mobile station over the communication network, and generate security material, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK). The at least one processor is further configured to cause transmission of the security material to the mobile station, and cause transmission of the security material to a relay station.
In another aspect, the present disclosure is directed to a relay station for providing secure communications in a communication network. The relay station includes at least one memory to store data and instructions, and at least one processor configured to access the memory. The at least one processor is configured to, when executing the instructions, cause transmission of a mobile station verification request to a base station in response to a ranging request from at least one mobile station and perform secure data transmission with the at least one mobile station using security material received from the base station, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK).
In yet another aspect, the present disclosure is directed to a system for providing secure communications. They system includes a base station configured to provide access to a communication network, authenticate at least one mobile station over the network, generate security material and transmit the security material. The system also includes a relay station in communication with the base station for receiving the security material and for providing secure data transmissions to the at least one mobile station using the security material. The security material includes at least one of a traffic encryption key (TEK) and a message authentication code key (MACK).
Embodiments of the disclosure can provide such security associations in IEEE 802.16j WiMAX wireless communication systems or other wireless communication networking systems that employ relay stations. By providing a relay station with the ability to establish a secure connection with mobile stations and provide mobile stations with access to network 300, processing overhead can be significantly reduced. Specifically, by providing a relay station with traffic encryption key and/or a message authentication key corresponding to a mobile station seeking access to the network 300, the relay station can establish a security association with the mobile station and perform mobile station authentication and authorization.
Each time mobile station 414 is initially served by base station 400, it is necessary to establish a security association with network 300. So long as mobile station 414 moves within SRZ 412, it may be possible to bypass further security association establishment and authentication. However, if mobile station 414 moves to an area served by a different base station, mobile station 414 is handed over to the different base station, so that it may be necessary for that different base station to establish another security association with mobile station 414, and, depending upon whether the different base station is connected through gateway 106, authenticate mobile station 414 as part of the handoff processing. Such reauthentication and/or security association establishment introduces delay in providing service to mobile station 414.
At an initial link up 602, mobile station 414 sends a ranging request to AR-RS 406 indicating the presence of mobile station 414 in the area of coverage for AR-RS 406. AR-RS 406 responds by sending a ranging response to mobile station 414 to recognize the presence of mobile station 414 in its coverage area. AR-RS 406 sends an Authentication Request 604, protected by relay key 410, to base station 400. Authentication Request 604 informs base station 400 of the identification information of mobile station 414 that is served by AR-RS 406. Because mobile station 414 has not previously or recently been connected to network 300 through base station 400 and gateway 106, mobile station 414 authenticates with AAA server 104 using IEEE 802.1X full authentication protocol 206. AAA server 104 and mobile station 414 will each calculate a master session key (MSK) 606 when IEEE 802.1X full authentication 206 has been successfully completed. Then AAA server 104 transfers MSK 606 to gateway 106. Upon receiving MSK 606, gateway 106 calculates PMK 608 using MSK 606 and stores PMK 608 in its cache. Gateway 106 then computes AK 610 from PMK 608, and sends AK 610 to base station 400. Upon obtaining AK 610, base station 400 derives security material, such as KEK 612 and MACK 616 from AK 610. The MSK 606 is known to the AAA server 104, the gateway 106, and a client device such as mobile station 414. Mobile station 414 therefore independently hold MSK 606 and may derive PMK 608 and AK 610 and also derive the same MACK 616 and KEK 612. A client device such as mobile station 414 caches PMK 608 in its memory upon successful authentication using, for example, the EAP method. At this point, base station 400 and mobile station 414 perform SA-TEK 3-way handshake procedure 214 with MACK 616 to authenticate each other. When SA-TEK 3-way handshake procedure 214 is successfully completed, base station 400 will generate security material, including traffic encryption key (TEK) 614, first and then send the security material (e.g. TEK 614), protected by KEK 612, to mobile station 414. In one embodiment, TEK 614 is randomly generated by base station 400 and is used to provide data confidentiality between base station 400 and AR-RS 406. At the same time, base station 400 also delivers security material, which may include TEK 614 and MACK 616, protected by relay key 410, to AR-RS 406. Relay station 406 may receive MACK 616 to authenticate mobile station 414 directly and receive TEK 614 to encrypt/decrypt encrypted messages transmitted to and/or from mobile station 414. One or more security keys, such as MK, MSK 606, PMK 608, AK 610, KEK 612, TEK 614, MACK 616 may be referred to as security material.
AR-RS 406 may switch the communication channel between mobile station 414 and AR-RS 406 to an authorized state to provide mobile station 414 with access to network 300. Moreover, because mobile station 414 and AR-RS 406 have TEK 614, they may exchange encrypted data transmissions. Specifically, TEK 614 may then be used to encrypt the data transmitted between AR-RS 406 and mobile station 414 after mobile station 414 has been authenticated. If multicast service, where a base station may send messages to multiple client devices simultaneously, is available, BS 400 will also distribute a multicast key, which protects such multicast transmissions, to AR-RS 406 to enable MS 414 to receive transmissions intended for multiple mobile stations.
At this point, both base station 400 and mobile station 414 may hold the same security material such as AK 610. Mobile station 414 and base station 400 may each derive MACK 616 from AK 610. Mobile station 414 and base station 400 may hold previously calculated TEK 614 and/or previously generated KEK 612 and may perform SA-TEK 3-way handshake 214 to authenticate each other directly. Alternatively, as described above in connection with
Base station 400 immediately sends security material such as TEK 714 (or 614) and MACK 616, protected using relay key 410, to AR-RS 407. After AR-RS 407 obtains TEK 714 (or 614) and MACK 616, AR-RS 407 may switch the communication channel between mobile station 414 and AR-RS 407 to an authorized state to provide mobile station 414 with access to network 300. Moreover, because mobile station 414 and AR-RS 407 then each have TEK 714 (or 614) and MACK 616, they may send encrypted data transmissions.
When both target base station 804 and mobile station 414 have new AK 814, they will derive MACK 820 and KEK 816 from AK 814 and perform SA-TEK 3-way handshake procedure 214 to authenticate each other. When SA-TEK 3-way handshake procedure 214 is successfully completed, the base station 804 may generate a new TEK 818 and transmit new TEK 818 or old TEK 712, protected by KEK 816 to mobile station 414 for data confidentiality between mobile station 414 and relay station 407.
Target base station 804 will also send the TEK 818 and MACK 820, protected by new relay key 816, to target AR-RS 802. After target AR-RS 802 obtains TEK 818 and MACK 820, it may switch the communication channel between mobile station 414 and target AR-RS 802 to the authorized state to provide mobile station 414 with access to the network 300. Moreover, because mobile station 414 and target AR-RS 802 then each have TEK 816 and MACK 802, they may communicate using encrypted data transmissions.
Although the processes described above for initialization and handoffs apply to mobile relay stations as well, mobile relay stations and the mobile stations accessing the network from within mobile relay stations must also be prepared for a change in base station where the AR-RS (specifically, the mobile relay station) does not change.
AR-RS 408 transmits a re-authentication trigger message, or security material update message, 906 to mobile stations 416 and 418. The re-authentication trigger message 906 may be sent in a multicast transmission to mobile stations 416 and 418. Upon receipt of the re-authentication trigger message 906, the mobile stations 416 and 418 perform IEEE 802.1X full authentication 206 with gateway 106 and AAA server 104. Gateway 106 may calculate a new AK obtained from the existing PMK in the gateway for target base station 900. Gateway 106 and/or AAA server 104 may transfer all of the security material, such as AKs, for the mobile stations associated with AR-RS 408 to target base station 900 at an AK Transfer 908, and may do so in a tunnel mode, in which all of the parameters (e.g., AKs) of all mobile stations connecting to AR-RS 408 are transmitted at one time. In tunnel mode, the logical connection between two nodes, e.g., AR-RS 408 and gateway 106 is dedicated, and intermediate nodes do not process the tunnel packets but rather only forward them on. Mobile stations 416 and 418 then undergo SA-TEK 3-way handshake 214 with target base station 900. Target base station 900 will provide security material such as TEKs and MACKs for each of the mobile stations to AR-RS 408 at a TEK Transfer 910, and may do so using tunnel mode. In one embodiment, target base station 900 will aggregate security material and send security material for each of the mobile stations to AR-RS 408 at TEK Transfer 910 in a message aggregation mode. In one embodiment, the TEKs and MACKS are received at base station 900 and mobile stations 416 and 418 prior to the inter-base station handoff to avoid a disconnect in service to mobile stations 416 and 418. AR-RS 408 may then provide secure data transmission to the mobile stations 416 and 418 and may do so without performing an authentication procedure with mobile stations 416 and/or 418. In addition, AR-RS 408 may update only authentication data within the mobile stations 416 and 418 and, in some embodiments, may not change the traffic encryption key (TEK) held by the mobile stations 416 and/or 418.
One of skill in the art will appreciate that although
Systems and methods disclosed herein may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them. Apparatus embodying the invention can be implemented in a computer program product tangibly embodied in a machine-readable storage device for execution by a programmable processor. Method steps consistent with the invention can be performed by a programmable processor executing a program of instructions to perform functions of the invention by operating on the basis of input data, and by generating output data. Embodiments consistent with the invention may be implemented in one or several computer programs that are executable in a programmable system, which includes at least one programmable processor coupled to receive data from, and transmit data to, a storage system, at least one input device, and at least one output device, respectively. Computer programs may be implemented in a high-level or object-oriented programming language, and/or in assembly or machine code. The language or code can be a compiled or interpreted language or code. Processors may include general and special purpose microprocessors. A processor receives instructions and data from memories. Storage devices suitable for tangibly embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, such as EPROM, EEPROM, and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROM disks. Any of the foregoing can be supplemented by or incorporated in ASICs (application-specific integrated circuits).
It will be apparent to those skilled in the art that various modifications and variations can be made in the system and method for establishing security associations in wireless communications systems. For example, one of skill in the art will appreciate that ranging requests and responses are a type of signaling message and that other signaling messages may be used. In addition, one of skill in the art will appreciate that traffic encryption keys are a type of traffic key and that other traffic keys may be used, and that MACKs are a type of verification key and that other verification keys may be used. One of skill in the art will also appreciate that communication between base stations and relay stations can be wireless or wired. It is intended that the standard and examples be considered as exemplary only, with a true scope of the disclosed embodiments being indicated by the following claims and their equivalents.
Claims
1. A method of providing secure communications between a base station, a relay station, and a mobile station in a communication network, the method comprising:
- authenticating the mobile station over the communication network;
- generating, by the base station, security material, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK);
- transmitting, by the base station, the security material to the mobile station; and
- transmitting, by the base station, the security material to the relay station.
2. The method of claim 1, further comprising transmitting, by the base station, secured communications to the mobile station using the security material.
3. The method of claim 1, wherein the authenticating includes performing secure authentication.
4. The method of claim 3, wherein the authenticating includes performing IEEE 802.1X authentication.
5. The method of claim 1, wherein the authenticating comprises receiving, at the base station, an authentication key (AK) from a communication network authenticator, wherein the security material is generated using the AK, and wherein the security material does not include the AK.
6. The method of claim 1, wherein the authenticating comprises receiving, at the base station, a security material identification from the mobile station, the security material identification corresponding to an authentication key (AK) stored in the mobile station, transmitting, by the base station, a verification success message to the mobile station if the base station recognizes the AK, and requiring the mobile station to perform IEEE 802.1X full authentication if the base station does not recognize the AK.
7. The method of claim 1, further comprising establishing a secure communication path between the base station and the relay station, wherein the base station transmits the at least one security material to the relay station over the secure communication path.
8. The method of claim 1, wherein communication between the base station and the relay station is wireless.
9. A base station for providing secure communications in a communication network, the base station comprising:
- at least one memory to store data and instructions; and
- at least one processor configured to access the memory and configured to, when executing the instructions: authenticate a mobile station over the communication network; generate security material, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK); cause transmission of the security material to the mobile station; and cause transmission of the security material to a relay station.
10. The base station of claim 9, wherein executing the instruction to authenticate includes performing secure authentication.
11. The base station of claim 10, wherein executing the instruction to authenticate includes performing IEEE 802.1X authentication.
12. The base station of claim 9, wherein executing the instruction to authenticate includes receiving, at the base station, an authentication key (AK) from a communication network authenticator, wherein the security material is generated using the AK, and wherein the security material does not include the AK.
13. The base station of claim 9, wherein executing the instruction to authenticate includes receiving, at the base station, a security material identification from a mobile station, the security material identification corresponding to an authentication key (AK) stored in the mobile station, transmitting, by the base station, a verification success message to the mobile station if the base station recognizes the AK, and requiring the mobile station to perform IEEE 802.1X full authentication if the base station does not recognize the AK.
14. The base station of claim 9, wherein the at least one processor is further configured to establish a secure communication path between the base station and the relay station, and to transmit the security material to the relay station over the secure communication path.
15. The base station of claim 9, wherein communication between the base station and the relay station is wireless.
16. A relay station for providing secure communications in a communication network, the relay station comprising:
- at least one memory to store data and instructions; and
- at least one processor configured to access the memory and configured to, when executing the instructions: cause transmission of a mobile station verification request to a base station in response to a ranging request from at least one mobile station; and perform secure data transmission with the at least one mobile station using security material received from the base station, wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK).
17. The relay station of claim 16, wherein the at least one processor is further configured to establish a secure communication path between the base station and the relay station, and wherein the relay station transmits the verification request to the base station over the secure communication path.
18. The relay station of claim 16, wherein the relay station is a mobile relay station.
19. The relay station of claim 18, wherein the at least one processor is further configured to cause transmission of a security material update message to the at least one mobile station to alert the at least one mobile station to update its security material.
20. The relay station of claim 19, wherein the transmission of the security material update message to the at least one mobile station is a multicast transmission.
21. The relay station of claim 16, wherein communication between the relay station and the base station is wireless.
22. A system for providing secure communications, the system comprising:
- a base station configured to provide access to a communication network, authenticate at least one mobile station over the network, generate security material and transmit the security material; and
- a relay station in communication with the base station for receiving the security material and for providing secure data transmissions to the at least one mobile station using the security material,
- wherein the security material comprises at least one of a traffic encryption key (TEK) and a message authentication code key (MACK).
23. The system of claim 22, wherein the relay station is a mobile relay station.
24. The system of claim 23, wherein the base station aggregates the security material and transmits the aggregated security material to the relay station.
25. The system of claim 23, wherein the relay station provides the secure data transmissions to the at least one mobile station using the security material without performing an authentication procedure with the at least one mobile station.
26. The system of claim 23, wherein the relay station provides the secure data transmissions to the at least one mobile station using the security material but without changing the traffic encryption key (TEK) held by the at least one mobile station.
27. The system of claim 22, wherein communication between the base station and the relay station is wireless.
Type: Application
Filed: Sep 3, 2008
Publication Date: Oct 29, 2009
Applicant:
Inventor: Jui-Tang WANG (Hsinchu)
Application Number: 12/203,652
International Classification: H04L 9/32 (20060101); H04K 1/00 (20060101);