Communication networks include a plurality of network elements interconnected by links. The nodes use the links to forward data to one another to allow data to travel across the network. The links may be wired links formed using optical fibers or wires, or may be wireless links implemented using an appropriate wireless transmission protocol.
Conventionally, wireless networks include a base station connected to a wired network such as a backbone network. The base station transmits wireless signals to mobile stations within its area of coverage to enable mobile stations to have access to the higher bandwidth communication resources offered by the backbone network. For example, a cellular base station may transmit and receive signals from cellular telephones within a particular geographic area associated with a cellular tower. Many wireless standards have been developed, both for telephony and data, to implement wireless networks of this nature, and it is likely that additional developments will continue to be made in the area of wireless networking.
As wireless networks have developed, the point to point paradigm, in which a base station communicates directly with a set of mobile stations, has been supplemented to enable relay stations to be interposed between the base station and mobile station. In a network of this nature, the base station transmits signals intended to reach the mobile station. Rather than transmitting the signals directly to the mobile station, however, an intervening relay station may intercept the wireless signals and forward them on toward the mobile station. One or more such relay stations may thus help transmit data from the base station to the mobile station and, in the reverse direction, from the mobile station to the base station.
Introducing relay stations into the wireless network not only increases the size of the geographic area but also enhances the capacity throughput that may be serviced by a base station, which is desirable from a network deployment standpoint. However, it also introduces additional security concerns since the signals are now being intercepted and relayed on the network by other network elements. Additionally, since the signals are being transmitted wirelessly, they are subject to interception by rogue network elements. Particularly where the relay stations are deployed in an ad-hoc manner, and may be moving between base stations, security on the network may become an important issue. For example, the introduction of relay nodes makes the network vulnerable to replay attacks and interception attacks.
One emerging wireless communication standard is being defined by the Institute of Electrical and Electronics Engineers (IEEE) as standard 802.16. 802.16 is also commonly referred to as WiMax. The WiMax family of standards provides minimal security for control plane messages. Standard 802.16e-2005 provides security protection on the access link, between the mobile station and the first relay node. While similar link-based security could also be implemented on the relay links, between the relay stations and between the relay station and the base station, the link by link security may not be optimum in satisfying delay sensitive applications, i.e VoIP.
For example, doing so would introduce additional overhead processing for each of the relay stations and the control complexity of key distribution and management for each base station. Specifically, if a separate security association were to be established between each pair of relay stations and between each relay station and base station, a given data traffic/control messages would need to be encrypted and decrypted multiple times (using each security association) as it progressed through the network. In addition to incurring additional overhead, this would make broadcasting and multicasting data traffic/control messages difficult to implement. Specifically, since each link would have a separate security association, the data traffic/control messages would need to be encrypted separately for each link and then unicast over the links rather than broadcast over the links. Thus, to process a given management message, a relay station would need to decrypt the message or otherwise process the data traffic/control messages to determine its authenticity, and then re-encrypt the message multiple times to forward the message to its peer relay stations on the several wireless links. The second example is when base station is responsible for key distribution and refreshment, the processing complexity is a function of total number of the relay links in its authentication domain because of the base station has to distribute the keys for each of peering links (and the adjacent nodes) with different security associations.
From a network management perspective, as relay stations are allowed to move within the network and associate with different base stations, the base stations need to be able to transmit management messages to the relay stations in a secure manner. Since the nodes are moving and the topology is changing, the network is vulnerable to replay attacks and interception attacks. Accordingly, it would be desirable to provide a way to provide security to the management messages, as well as data messages, in a multi-hop relay wireless network, while minimizing the amount of processing overhead and enabling multicast/broadcast messages to be used in the management plane.