Praise for Fundamentals of WiMAX

10.7 Quality-of-Service Architecture 349fer between the BS and the MS is done via a three-way handshake. First, the BS transmitsthe SA-TEK Challenge message, which identifies an AK to be used for the SA, andincludes a unique challenge. In the second step, the MS transmits an SA-TEK Requestmessage after receipt and successful HMAC/CMAC verification of an SA challenge fromthe BS. The SA-TEK-Request message is a request for SA descriptors identifying the SAsthe requesting MS is authorized to access and their particular properties. In the third step,the BS transmits the SA-TEK Response message identifying and describing the primaryand static SAs the requesting MS is authorized to access.7. Generation and transfer of traffic encryption keys: Following the three-way handshake,the MS requests the BS for two TEKs each for every SA. The BS randomly generatesa TEK, encrypts it using the secret symmetric key encryption key (KEK), and transfersit to the MS.8. Service flow creation: Once the TEKs are established between the MS and the BS, serviceflows are created, using another three-way handshake. Each service flow is thenmapped onto an SA, thereby associating a TEK with it.10.6.3 ASN Security ArchitectureWithin the ASN, the security architecture consists of four functional entities: (1) authenticator,which is the authenticator defined in the EAP specifications (RFC 4017); (2) authenticationrelay, which is the functional entity in a BS that relays EAP packets to the authenticator via anauthentication relay protocol; (3) key distributor, which is the functional entity that holds thekeys (both MSK and PSK 6 ) generated during the EAP exchange; and (4) key receiver, whichholds the authentication key and generates the rest of the IEEE 802.16e keys. Figure 10.8 showsthe two deployment models for these security-related functional blocks within the ASN. One isthe integrated model, whereby all the blocks are within the BS, as in ASN profile B. The alternativemodel has the authenticator and the key distributor in a separate stand-alone entity or in theASN-GW (as in ASN Profile A and C). For the integrated model, the Authentication Relay Protocoland the AK Transfer Protocol (see Section 7.4.5 of [3]) are internal to the BS. For thestand-alone model, they are exposed and must comply with the standards.10.7 Quality-of-Service ArchitectureThe QoS architecture framework developed by the WiMAX Forum extends the IEEE 802.16eQoS model by defining the various QoS-related functional entities in the WiMAX network andthe mechanisms for provisioning and managing the various service flows and their associatedpolicies. The WiMAX QoS framework supports simultaneous use of a diverse set of IP services,such as differentiated levels of QoS on a per user and per service flow basis, admission control,and bandwidth management. The QoS framework calls for the use of standard IETF mechanismsfor managing policy decisions and policy enforcement between operators.6. MSK is delivered by the AAA Server, and the PSK is generated locally.