In a cellular radio communications system, mobile radio stations communicate with one or more base stations over an air or radio interface. The coverage area of a wireless communication system is typically divided into a number of geographic areas that are often referred to as cells. Mobile radio stations located in each cell may access the wireless communications system by establishing a wireless communication link, often referred to as an air interface, with a base station associated with the cell. The mobile radio stations may include devices such as mobile telephones, personal data assistants, smart phones, Global Positioning System devices, wireless network interface cards, desktop or laptop computers, and the like. Communication between the mobile radio station and the base station may be authenticated and/or secured using one or more security-related protocols.
For example, the WiMAX/IEEE 802.16e standard supports mutual device/user authentication along with other security features like flexible key management protocol, traffic encryption, control and management plane message protection and security protocol optimizations for fast handovers. Privacy and Key Management Protocol Version 2 (PKMv2) is the basis of WiMAX security as defined in IEEE 802.16e. This protocol manages the medium access control (MAC) security. Extensible Authentication Protocol (EAP) authentication, Traffic Encryption Control (TEC), Handover Key Exchange and Multicast/Broadcast security messages all are based on this PKM protocol. Advanced encryption standard (AES)-counter mode encryption (CTR) mode with cipher block chaining-authentication code (CBC-MAC), collectively referred to as AES-CCM, is the cipher used for protecting user data, and keys used for driving the cipher are generated from the EAP authentication. A traffic encryption state (TES) machine that has a periodic traffic encryption key (TEK) refresh mechanism enables a sustained transition of keys to improve protection. Control messages between mobile and base stations are integrity-protected using AES-based cipher-Message Authentication Code (CMAC) or MD5-based Hashed Message Authentication Code (HMAC) schemes. Message authentication codes (MACs), e.g., HMAC/CMAC tuples, are generated using secret keys derived from a secret authentication key (AK). A 3-way handshake scheme is supported by Mobile WiMAX to optimize the re-authentication mechanisms for supporting fast handovers and preventing any man-in-the-middle-attacks.
Authentication, encryption, and other security operations that ensure the integrity of the communications process are typically carried out at the medium access layer. A problem with existing security protocols is that when a packet fails an integrity check, it is simply discarded. Consider the example security protocol in 802.16e. FIG. 1 shows the security sub-layer (SS) as specified in 802.16e that sits on the top of the physical PHY layer. It includes traffic data encryption and authentication processing to encrypt or decrypt the traffic data and to execute the authentication function for the traffic data. The message authentication processing element performs control message authentication functions within the control message processing layer and can support HMAC, CMAC, or several short-HMACs. A message authentication code (MAC) is generated for each user data packet by the AES-CCM, and packets found to be not authentic are discarded by the security sublayer. The WiMAX standard does not specify what action should be taken by a mobile station and a base station for the packets that are found to be non-authentic other than just discarding them. A control message contains a control MAC (CMAC) tuple. A control message is not authentic if the length field of the CMAC tuple is incorrect or if a locally-computed value of the digest attribute generated by a digest or encryption algorithm such as MD5 or SHA-1 does not match the digest in the message. “Primary” control messages which are PKM-related (privacy key management), REG (registration)-related, service flow-related (DSx dynamic service allocation/deletion/change) and secondary message TFTP (Trivial File Transfer Protocol)-related are rejected with an authentication failure indication and discarded. The standard does not specify what action should be taken for all other control/management message packets other than discarding them.
There is a need to improve security by authenticating more than just some control messages. For example, basic control messages such as handover indication, handover request, measurement reporting, scanning request, etc. need to be integrity-protected. It would also be desirable to do more than simply discard non-authentic control and data packets. Also, any security breach in the control plane or in the data plane should be detected and addressed. There is also a need to analyze failed packets to determine the reason(s) for and the extent of any security problems, and based on that analysis, to take appropriate action.
Security relates to the integrity of a communication. The integrity of that communication is also affected by other external factors like radio conditions. Accordingly, many wireless communications systems provide error detection and correction mechanisms may also be used on various radio protocol layers such as automatic repeat request (ARQ), hybrid ARQ (HARQ), forward error detection and/or correction, etc. to maintain a certain level of integrity in the communication. But these error correction mechanisms are often optional, which is the case in IEEE 802.16e WiMAX systems. For example, an HARQ scheme is an optional part of the medium access control (MAC) layer, and HARQ may be only supported for the OFDMA physical layer. Today in the WiMAX standard, there is no means to determine whether the data/control packet failed the authenticity check due to radio link conditions or due to a genuine security breach. If error detection and correction mechanisms are implemented then packet integrity checks will probably not fail as a result of poor radio link quality. But if these error detection and correction mechanisms are not used because they are optional, then there is a high probability that packet integrity checks will fail as a result of poor radio link quality and discarded. But rather than simply discarding packets that have failed authentication checking because of poor radio conditions and the lack of error detection and correction mechanisms, it would be better to retransmit those failed packets.