Security access method for wireless metropolitan area network

Abstract

The invention discloses a security access method for a wireless metropolitan area network. The method comprises the following steps of: establishing a security channel between a base station (BS) and a gateway (GW) and negotiating to acquire a channel encryption key (CEK) and a channel integrity key (CIK); performing security capability negotiation by using the GW and a subscriber station (SS); performing first configuration on BS by using the GW and closing a controlled port corresponding to the SS by using the BS; finishing a wireless metropolitan area network-security access (WMAN-SA)-based identity authentication protocol by using the GW, the SS and an authentication server (AS); negotiating a traffic encryption key (TEK) by using the GW and the SS; performing second configuration on the BS by using the GW, transmitting TEK to the BS through a second BS configuration request message, and opening the controlled port corresponding to the SS by using the BS; and encrypting and decrypting service data by using the BS through the TEK. In the method, WMAN-SA of the BS is controlled and managed by using an access gateway (GW), so large-scale allocation requirement of the WMAN-SA can be met.

Description

technical field [0001] The invention relates to the field of wireless communication systems, in particular to a secure access method for a wireless metropolitan area network. Background technique [0002] As an important development direction of future wireless access technology, IEEE 802.16 wireless metropolitan area network has attracted widespread attention from all walks of life. However, safety issues have always restricted its further promotion and development. IEEE 802.16d defines an authentication protocol based on public key encryption algorithm (RSA) and digital certificates, which can realize the authentication of the base station BS to the user station SS. The main disadvantage of IEEE 802.16d is: it only provides one-way authentication of base station BS to user station SS, but does not provide authentication of SS to BS, so it is very easy for counterfeit BS to deceive SS. In addition, both the authorization key (AK) and the session key (TEK) are generated by...

AI Technical Summary

Problems solved by technology

However, safety issues have always restricted its further promotion and development.

The main disadvantage of IEEE 802.16d is that it only provides one-way authentication of base station BS to user station SS, but does not provide authentication of SS to BS. It is very easy for fake BS to deceive SS

[0004] When WMAN-SA is deployed on a large scale in the future, in addition to authenticating and communicating with SS, the BS also needs a gateway (GW) to configure and manage the WMAN-SA module of the BS itself. At this time, it must be introduced in the network for base station management. However, the existing solutions only define functions such as identity authentication, key management, data encryption, data authentication, and replay protection, and do not fully explain the specific method of applying WMAN-SA after the introduction of gateway devices, and cannot realize WMAN - SA large-scale deployment

Images