Table of Contents
Advertisement
Enter the EAP-TLTS authentication method. This technique allows both the subscriber and
the base station to authenticate each other using an X.509 method for both, in addition to a
subscriber authentication which is based on well-known subscriber authentication techniques
such PAP and MS -CHAP. MAC control headers are never encrypted in WiMAX, however
with EAP carriers can choose to authenticate them (but they don't necessarily have to). This
capability adds an additional layer of a uthentication confirmation. It's an operator specific
guideline decision and is tunable in the Win-Max™ system.
2.4.2.3
Clearly the first layer of defense for WiMAX operators is to authenticate a legitimate user on
its network. However, WiMAX, with its 802.16e ratification, offers top line tools for
encryption of data. Older wireless iterations used the data encryption standard (DES) which
relied on a 56-bit key for encryption. This is largely considered obsolete. WiMAX 802.16e
certainly supports DES (3DES) but it also adds support for the Advanced Encryption
Standard (AES) which supports, 128-bit, 192-bit or 256-bit encryption keys. Also AES meets
the Federal Information Processing Standard (FIPS) 140-2 specification, required by
numerous governmental branches. This technology, which requires dedicated processors on
board base stations, is robust and highly effective.
Traffic encryption may be employed per 802.16 Service Flow and is subject to operator policy.
The relevance of encryption to the network operator deployment is questionable. In the past,
for example, many cellular carriers focused on authentication and mostly ignored encryption.
Whether that will change as mobile service providers ramp up more broadband applications
is an open question.
The downside to these heavy computing tasks (i.e. authentication and encryption) is that all
of this requires processor cycles, which may affect the performance of the system.
Nevertheless, the Win-Max™ system and especially, the SS and BST, which are the entities
that take active role in heavy security-related computations, were built bottom to top with a
design goal of offloading heavily computing tasks from the host processor to a specific circuit.
Consequently, no performance degradation is neglected.
2.4.2.4
We examined WiMAX authentication schemes, which are a major component of a secure
network. And we also spoke of data encryption. Clearly, WiMAX possesses solid tools
already built in. But there are considerations beyond just good security that can drive a
migration to third party intrusion detection and protection tools ---namely business case
elements. Intrusion protection is however, not data protection. These are two different classes
of solution. Certainly, a good third party intrusion protection can monitor and secure a
network's authentication. However, many solutions also offer worm protection, Trojan horse
WiN5200
Encryption
Third Party Intrusion Protection
Product Description | 19
Advertisement
Table of Contents
