How De-authentication attack is prevented in IEEE 802.16 Standard
There are some MAC messages in IEEE 802.16 which are analogous to the deauthentication message found in IEEE 802.11. One of those messages is the Reset Command (RES-CMD) message. The base station (BS) sends this message to a particular subscriber station (SS) to completely reset itself. The subscriber who will receive this valid RES-CMD message will reinitialize its MAC and try to repeat initial system access. BS is allowed to send this message to reset unresponsive or malfunctioning SS. Another similar type of message is De/RE-register Command (DREG-CMD) message. The BS forced an SS to change its access state by sending this message. One of the purposes of sending this message includes forcing an SS to leave the transmission channel completely.
Unlike IEEE 802.11, IEEE 802.16 has significant protection against the misuse of those commands. The first protection mechanism is the use of Hashed Message Authentication Code (HMAC) digest with SHA-1 hash for message authentication. In this mechanism, a 160 bit value is generated as HMAC digest by using the original message and the shared secret key. The HMAC digest is sent to the receiver with the original message. After getting the message the receiver now calculates the HMAC digest by using the message and the known secret key. This calculated value is compared with the receive HMAC value. To get the same hash, the message and the shared key must be exactly same. Otherwise it will not be accepted.
