The wireless metropolitan area networks (WMANs) based on the 802.16 technology have recently gained a lot of interest among vendors and ISPs as the possible next development in wireless IP offering and a possible solution for the last mile Access problem. With the theoretical speed of up to 75 Mbps and with a range of several miles, 802.16 broadband wireless offers an alternative to cable modem and DSL, possibly displacing these technologies in the future. We discuss implementing security in wireless MANs with the PKM protocol that is used in 802.16 for key management and security associations management. Since device certificates are defined by the IEEE 802.16 standard, we briefly cover the issue of certificates and certificate hierarchies.
TopBackground On 802.16 Mans
The basic arrangement of an 802.16 network or cell consists of one (or more) base stations (BSs) and multiple subscriber stations (SSs) (Hardjono, et al, 2005). Depending on the frequency of transmission, the SS may or may not need to be in the line-of-sight of the BS antenna. In addition to base stations and subscriber stations, there might also be other entities within the network, such as repeater stations (RSs) and routers, which provide connectivity of the network to one or more core or backbone networks. The BS has a number of tasks within the cell, including management of medium access by the SS, resource allocation, key management and other security-related functions (Figure 1).
Figure 1. The 802.16 WiMAX network technology
An implementation of an 802.16 network will typically deploy a fixed antenna for the SS, with the BS using either a sectored antenna or omnidirectional antenna. The BS would be installed in a location that can provide the best coverage, which would usually be the rooftops of buildings and other geographically high locations. Although a fixed SS would use a fixed antenna, with the future development of the mobile subscriber station (MSS), it is possible that an SS could be using an omnidirectional antenna. In practice, the cell size would be about 5 miles or less in radius. However, given suitable environmental conditions and the use of orthogonal frequency division multiplexing (OFDM), the cell radius can reach 20 or even 30 miles. In order to increase the range of a given implementation, a mesh topology can also be used instead of the point-to-point topology.
The 802.16 standard release in December 2001 defines the MAC and PHY layers for 802.16 WMANs. Within the MAC layer, the 802.16 standard specifies the support for multiple physical layer specifications, in answer to the broad frequency range of 802.16 (namely, the 2- GHz to 66-GHz band). Since the electromagnetic propagation in this broad range is not uniform all over, the 802.16 standard splits the range into three different frequency bands, each to be used with a different physical layer implementation as necessary. The three frequency bands are as follows:
- •
10 to 66 GHz (Licensed Bands): Transmission in this band requires line-of- sight between a BS and SS. This is due to the fact that within this frequency range the wavelength is very short, and thus fairly susceptible to attenuation (e.g., due the physical geography of the environment or interference). However, the advantage of operating in this frequency band is that higher data rates can be achieved.
- •
2 to 11 GHz (Licensed Bands): Transmission in this band does not require line-of-sight. However, if line-of-sight is not available, the signal power may vary significantly between the BS and SS. As such, retransmissions may be necessary to compensate.
- •
2 to 11 GHz (Unlicensed Bands): Here, the physical characteristics of the 2 to 11 GHz unlicensed bands are similar to the licensed bands. However, since they are unlicensed there are no guarantees that interference may not occur due to other systems or persons using the same bands.