IEEE 802.16-2012 pdf download IEEE Standard for Air Interface for Broadband Wireless Access Systems
7.4.2 SS key usage
In PKMvl or PKMv2 RSA-based authentication, the SS is responsible for sustaining authorization with itsBS and maintaining an active AK. In PKMv2 EAP-based authentication, reauthorization can be initiated byeither BS or SS to refresh the AK. An SS shall be prepared to use its two most recently obtained AKsaccording to the manner described in 7.4.2.1 through 7.4.2.3.
7.4.21 SS reauthorization
AKs have a limited lifetime and shall be periodically refreshed. In PKMvl, an SS refreshes its AK byreissuing an Auth Request to the BS. The Authorization State Machine (7.2.1.5) manages the scheduling olAuth Requests for refreshing AKs. In PKMv2 RSA-based authentication, the SS refreshes its AK by issuinga PKMv2 RSA-Request essage. In PKMv2 EAP-based authentication. reauthorization can be initiated byeither BS or SS to refresh the AK. The SS initiates reauthorization by issuing PKMv2 EAP-Start message tothe BS. The BS initiates reauthorization by issuing PKMv2 EAP-Transfer message encapsulating EAPrequest/identity to the SS. The authorization state machine for PKMv2 EAP-based authentication jsdescribed in 7.2.2.8
In PKMvl, an SS’s Authorization state machine schedules the beginning of reauthorization a configurableduration of time, the Authorization Grace Time, (see points (x) and (y) in Figure 7-]2), before the SS’s latestAK is scheduled to expire. The Authorization Grace Time is configured to provide an SS with anauthorization retry period that is suliciently long to allow for system delays and provide adequate time fothe SS to successfully complete an Authorization exchange before the expiration of its ost current AK
In PKMv2 EAP-based authentication, reauthorization is triggered when any of the following conditions aremet: l) Authorization Grace Timer expires, 2) CMAC KEY COUNT or CMAC PN * approaches themaximum number, 3) PKMv2 EAP-Start message is sent by the SS,4) PKMy2 EAP-Transfer messageencapsulating EAP request/identity is sent by the BS.
Note that the BS does not require knowledge of the Authorization (race Time. The BS, however, shall trackthe lifetimes of its AKs and shall deactivate a key once it has expired.
7.4.2.2 SS usage of AK
An SS shall use the HMAC/CMAC KEY U derived from the newer of its two most recent AKs whencalculating the CMAC/HMAC Digests it attaches to Key Request or PKMv2-Key-Request messages
The SS shall be able to use the HMAC/CMAC KEY D derived from either of its two most recent AKs toauthenticate Key Reply, Key Reject, and TEK Invalid messages for PKMvl,or PKMv2-Key-ReplyPKMv2-Key-Reject, and PKMv2-TEK-Invalid messages for PKMv2. The SS shall be able to decrypt anencrypted TEK in a Key Reply or PKMv2-Key-Reply message with the KEK derived from either of its twomost recent AKs. The SS shall use the accompanying AK Key Sequence Number to determine which set ofkeying material to use.
The left-hand side of Figure 7-]2 illustrates an SS’s maintenance and usage of its AKs in PKMvl, where theshaded portion of an AK’s lifetime indicates the time period during which that AK shall be used to decryptTEKs. Even though it is not part of the message exchange, Figure 7-]2 also shows the implicitacknowledgment of the reception of a new AK via the transission of a Key Request message using the kesequence of the new AK.
An SS shall use the HMAC/CMAC KEY U derived from the newer of its two most recent AKs whencalculating the CMAC/HMAC Digests of the CMAC/HMAC Tuple attribute.