802.16: A Look Under the Hood - Page 2
August 26, 2003
Security and More Security
Authentication and registration are part of the 802.16 MAC common part sublayer. Authentication is based on the use of PKI technology-based X.509 digital certificates. Just as every Ethernet interface comes with its own unique Ethernet MAC address, every 802.16 customer transceiver will include one built-in certificate for itself and another for its manufacturer.
These certificates allow the customer transceiver to uniquely authenticate itself back to the base station. The base station can then check to see if the customer transceiver is authorized to receive service. If the database lookup succeeds, the base station sends the customer transceiver an encrypted authorization key, using the customer transceiver’s public key. This authorization key is used to encrypt and protect any transmissions that follow.
Link privacy is implemented as part of another MAC sublayer, called the Privacy sublayer. It operates below the common part sublayer. It is based on the Privacy Key Management protocol that is part of the DOCSIS BPI+ specification. The changes to the DOCSIS design are aimed at integration with the 802.16 MAC. They also enable 802.16 to take advantage of recent advances in cryptographic techniques.
Features and Goodies
802.16 supports a wide variety of QoS (Quality of Service) options, based on mechanisms used in DOCSIS. Bandwidth can be allocated to a customer transceiver and managed on that basis, or it can be allocated to individual connections between the base station and the customer transceiver. Some customer transceivers will manage their own allocations, even to the extent of stealing bandwidth from one connection to help another. Customer transceivers are permitted to negotiate with the base station for changes in allocations.
These design choices enable services as diverse as connection-oriented, constant-bandwidth ATM and connectionless, bursty IP traffic to co-exist in the same box. 802.16 is flexible enough to permit a single customer transceiver to simultaneously employ one set of 802.16 MAC connections for individual ATM connections and another set for sharing among numerous IP end users.
802.16 uses scheduling services to implement bandwidth allocation and QoS. Unsolicited grant services provide a fixed, regular allocation. This mechanism is well suited for ATM or T1/E1 over ATM. There is relatively low overhead because there is no need to support requests for changes to the allocation. At the same time, delivery delay and jitter are minimized.
For flexibility, 802.16 also specifies a wide variety of mechanisms to request bandwidth allocation changes, including MAC protocol requests and various types of polling. The same mechanisms also can be applied to deliver best effort service, which makes no guarantees for throughput or delay.
In addition to extending 802.16 operations to the 2-11 GHz range, 802.16a also extends the reach of 802.16 beyond the limits of communication between a base station and a customer transceiver. It does this by enhancing the base standard to support mesh deployment. In mesh deployments, a customer transceiver can act as an intermediary between another customer transceiver and the base station. In other words, the customer transceiver is acting as a switch between locations.