1. Field of the Invention
The present invention relates to a method of encrypting data when transmitting and receiving the data in a wireless access system, and more particularly, to a method of generating an efficient traffic encryption key for encryption.
2. Discussion of the Related Art
Hereinafter, a security sublayer used for data communication will be described in brief.
A security sublayer provides a mobile station (MS) and/or a base station (BS) with security, authentication and confidentiality in a broadband wireless network. To support these functions, an encryption function can be applied to the security sublayer, wherein the encryption function is for a medium access control protocol data unit (MAC PDU) transferred between the mobile station and the base station. Therefore, the base station or the mobile station can provide a powerful defense capability against a service theft attack of an illegal user. The base station performs encryption on a service flow (SF) across a network to prevent an illegal user from accessing a data transfer service without any authority. The security sublayer adds a digital certificate based mobile station device authentication to a key management protocol of an authenticated client/server structure, thereby reinforcing a function of a basic security mechanism.
While a basic function negotiation of the mobile station is in progress between the base station and the mobile station, if the mobile station does not support a security function, authentication and key exchange procedures are skipped. Moreover, even if a specific mobile station is registered as a mobile station incapable of supporting an authentication function, a base station can regard that authority of the mobile station is verified. If the specific mobile station does not support a security function, no service is provided to the corresponding mobile station, whereby a key exchange or a data encryption function is not performed.
A protocol structure of the security sublayer includes an encapsulation protocol and a privacy key management (PKM) protocol.
The encapsulation protocol is the protocol for security of packet data in a broadband wireless network. The encapsulation protocol defines a set of cryptographic suites such as data encryption and data authentication algorithms and a method of applying such algorithms to a MAC PDU payload. The cryptographic suites mean a set of security associations (SA) representing algorithms for data encryption, data authentication and traffic encryption key exchange.
The privacy key management protocol (PKM) is the protocol providing a method of safely distributing key relevant data from a base station to a mobile station. If the PKM protocol is used, key relevant data can be shared between the mobile station and the base station. And, the base station can control a network access of the mobile station.
Protection of a unicast data service defined in the IEEE 802.16 standard which is one of wireless access systems means cryptological conversion of MAC protocol data units (MPDUs) transmitted and received between the mobile station and the base station. Encryption which is one of functions of security sublayers for MAC layer is performed by a traffic data encryption layer.
Encryption is applied to the MAC PDU payload requested by a selected ciphersuite. Generally, the mobile station and the base station need a key to perform encryption. Accordingly, in the IEEE 802.16 standard, a traffic encryption key (TEK) is defined. The TEK is generated as a random number by the base station. The base station can transfer an encrypted TEK to the mobile station through a corresponding TEK encryption algorithm.