Re: [STDS-802-16] Question on security sublayer
It is possible to sniff the management messages, since they are
authenticated, but not encrypted.
It should not be possible to spoof management messages that are
authenticated (I.E. include the HMAC/OMAC tuple). There are a number of
messages that are may not be authenticated, principally because they
operate before the security protocol has started. E.G. initial ranging.
Thus you could spoof initial ranging, but this should not get you as far
as being able to send transport data.
The BS is authenticated as a function of a mutual authentication EAP
method. Also the cert exchange based authorization protocol provides an
802.16 MAC level method of authenticating the BS. However this mechanism
requires the SS to possess prior knowledge of a CAs public key and the
method is largely redundant, given that EAP is supported.
DJ
-----Original Message-----
From: Ali Abdolrahmani [mailto:aabdolrahmani@GMAIL.COM]
Sent: Saturday, April 29, 2006 11:35 PM
To: STDS-802-16@listserv.ieee.org
Subject: [STDS-802-16] Question on security sublayer
Hello:
Would you kindly please help me by answering the following questions. I
need
it for my MS thesis:
1. is it possible to snif and spoof management messages exchanged
between a
BS and an SS?
2. How is a BS authenticated in an SS? In other words, how does an SS
become
sure that it is communicating with the right BS that it should?
I do thank you in advance
Ali Abdolrahmani