Praise for Fundamentals of WiMAX

10.6 Authentication and Security Architecture 345ble, and mobile access dynamic allocation from either the home or the visited CSN is allowed,depending on roaming agreements and the user subscription profile and policy.To support IPv6, the ASN includes an IPv6 access router (AR) functionality, and the MSobtains a globally routable IP address from the AR. When using mobile IPv6, the MS obtainsthe care-of address (CoA) from the ASN, and a home address (HoA) from the home CSN. TheMS may use either the CoA or the HoA as its PoA address, depending on whether it routes packetsdirectly to correspondent nodes (CNs) or via the home agent (HA) in the CSN. When usingIPv6, static IP address, stateful autoconfiguration based on DHCPv6 (RFC 3315), or statelessaddress autoconfiguration (RFC 2462) is allowed. When Mobile IPv6 is used, the HoA isassigned via stateless DHCP. For stateful configuration, the DHCP server is in the serving CSN,and a DHCP relay may exist in the network path to the CSN. For stateless configuration, the MSwill use neighbor discovery or DHCP to receive network configuration information.One known issue with the use of IPv6 in WiMAX stems from the lack of link-local multicastsupport in IEEE 802.16e air-interface. IPv6 has several multicast packets, such as neighborsolicitation, neight advertisement, router solicitation and router advertisement, that have a linklocalscope. Since, packet transmission in IEEE 802.16e is based on a connection identifier(CID) as opposed to the 48-bit hardware MAC address as is assumed by conventional IPv6 andRFC 2464, there is a need to define new mechanisms to share multicast CIDs among multicastgroup members in a WiMAX network.10.6 Authentication and Security ArchitectureThe WiMAX authentication and security architecture is designed to support all the IEEE802.16e security services, using an IETF EAP-based AAA framework. In addition to authentication,the AAA framework is used for service flow authorization, QoS policy control, and securemobility management. Some of the WiMAX Forum specified requirements that the AAA frameworkshould meet are as follows:• Support for device, user, and mutual authentication between MS/SS and the NSP, based onPrivacy Key Management Version 2 (PKMv2) as defined in IEEE 820.16e-2005.• Support for authentication mechanisms, using a variety of credentials, including sharedsecrets, subscriber identity module (SIM) cards, universal SIM (USIM), universal integratedcircuit card (UICC), removable user identity module (RUIM), and X.509 certificates,as long as they are suitable for EAP methods satisfying RFC 4017.• Support for global roaming between home and visited NSPs in a mobile scenario, includingsupport for credential reuse and consistent use of authorization and accountingthrough the use of RADIUS in the ASN and the CSN. The AAA framework shall alsoallow the home CSN to obtain information, such as visited network identity, from the ASNor the visited CSN that may be needed during AAA.• Accommodation of mobile IPv4 and IPv6 security associations (SA) management.