Optimal Service Delivery in Mobile Networks
Ashutosh Dutta, Ph.D.
Senior Scientist
NIKSUN
Princeton, NJ, USA 08540
Email: [email protected]
WWSMC’11, NJ USA, July 20111
– A name identifies what you want,
– An address identifies where it is,
and
– An route identifies a way to get there
John Shoch, 1978
Talk Outline
Evolution of Mobile Networks
Service Delivery in Mobile Networks
A taxonomy of IP mobility
Handoff optimization – Use case scenarios
Measurement-based mobility model
Conclusions
.3
42 Mb/s (DL),
22 Mb/s (UL)
CDMA2000
NX
TACS
NMT
AMPS
SMR
GPRS EDGEGSM
IS-136
IS-95 (A)
iDEN
PDC
IS-95 (B)CDMA2000
1X
WCDMA
1 G 2 G 2.5 G 3 G 4 G
144 kb/s, 384
kb/s, 2 Mb/s
144 kb/s, 384
kb/s, 2 Mb/s
JTACS
54 kb/s 236 kb/s
144 kb/s
50 UL, 100 DL
9.6 kb/s
9.6 kb/s
48.6 kb/s
42 kb/s
NTT
24 kb/s
IEEE 802.16
802.20
EHSPA
UMB
LTE
80 Mb/s (UL), 360 Mb/s
280 Mb/s
80 Mb/s
115 kb/s
1980 1990 19952000
2008
Evolution of mobility protocols
Mobile Wireless Internet: A Scenario
802.11a/b/g
Bluetooth
IPv6
Network
UMTS/CDMA
Network
InternetDomain1
Domain2
UMTS/
CDMA
PSTN gateway
Hotspot
CHRoaming
UserAd Hoc
Network
PAN
LAN
WAN
WAN
LAN
PSTN
802.11 a/b/g
QoE => Perceived Quality of Service
Network Metrics
• Bit rate, delay, jitter, packet loss rate
• Power consumption
Application Metrics
• Call setup delay
• Failed calls, dropped calls, retransmission
• MOS (Mean Opinion Score) for media
Several standards groups …• ITU-T SG12
• ITU X.902 (IP Telephony)
• IETF – IPPM, DIFFSERV
• 3GPP – 3GPP TS 32.409 (IMS performance)
Service Delivery Metrics
Slide 6
Mobility Taxonomy
IP Mobility
PersonalTerminal Service
Application
Layer
Network
Layer
Session
• Systems
Optimization
MIPv4
Cellular IP
HAWAII
IDMP
MIP-LR
MIPV6
ProxyMIPv6
SIPMM
MIP-LR(M)
Proxy
Transport
Layer
MSOCKS,
Migrate
mSCTP
Shim
Layer
HIP
Issues
• Host controlled
vs.
Network Controlled
• Mobility pattern
Use Case: Cross layer and multiple
interfaces
Ne
tw
or
k
Ty
pe
S
SI
D/
C
ell
ID
B
S
SI
D
Op
er
at
or
Se
cu
rit
y
N
W
C
ha
nn
el
Q
o
S
Ph
ysi
cal
La
yer
Dat
a
Rat
e
GS
M
13
98
9
N/
A
AT
&T
NA NA 1
9
0
0
N
/
A
N/A 9.6
kbps
80
2.1
6d
N
A
N
A
T-
Mo
bile
PK
M
EAP-
PEA
P
1
1
Y
e
s
OF
DM
40
Mbp
s
Wakeup WLAN
Download over WLAN
Shutdown GPS
Café
Airport
Zone 1 Zone 2 Zone 3
Zone 4 Zone 5 Zone 6
Zone 7 Zone 9
Wi-Fi
Wi-MAX
WLAN Link Going Down.
Switch to WiMAX
Download over WiMAX
Shutdown WLAN
Wakeup GPS
Zone 8
Wi-Fi
Connect to WLAN
Battery level low
Shutdown WiMAX
Download over GSM/GPRS
Wakeup WLAN
Wi-MAX
Shutdown GPS
Start Download over
WLAN
Network
Type
SSID/
Cell ID
BSSID Operator Security NW Channel QoS Physical
Layer
Data Rate
GSM 13989 N/A AT&T NA NA 1900 N/A N/A 9.6 kbps
Network
Type
SSID/
Cell ID
BSSID Operator Security NW Channel QoS Physical
Layer
Data Rate
GSM 13989 N/A AT&T NA NA 1900 N/A N/A 9.6 kbps
802.11b Café 00:00:… Café .11i EAP-
PEAP
6 .11e OFDM 11 Mbps
Network
Type
SSID/
Cell ID
BSSID Operator Security EAP
Type
Channel QoS Physical
Layer
Data Rate
GSM 13989 N/A AT&T NA NA 1900 N/A N/A 9.6 Kbps
802.11b Airport 00:00:… Airport .11i EAP-
PEAP
6 .11e OFDM 11 Mbps
Radio State
GSM
WLAN
WiMAX
GPS
Radio State
GSM
WLAN
WiMAX
GPS
Radio State
GSM
WLAN
WiMAX
GPS
Radio State
GSM
WLAN
WiMAX
GPS
Radio State
GSM
WLAN
WiMAX
GPS
Radio State
GSM
WLAN
WiMAX
GPS
Radio State
GSM
WLAN
WiMAX
GPS
Courtesy: IEEE 802.21
Backbone
Administrative
Domain B
L2 PoA
Corresponding
Host
128.59.10.7
IPch
207.3.232.10
210.5.240.10
128.59.11.8
N2
N1N1
N2
N1- Network 1 (802.11)
N2- Network 2 ( CDMA/GPRS)
Configuration
Agent
L3 PoA
207.3.232.10
Mobile
Host
Authentication
Agent
Authorization
AgentRegistration
Agent
Registration
Agent
Administrative
Domain A
Configuration
Agent
Authorization
Agent
Signaling
Proxy
Authentication
Agent
Signaling
Proxy
Layer 3
PoA
L2 PoALayer 2
PoA
Layer 2
PoAL3 PoA
Mobility Illustration in a sample IP-based network
128.59.9.6
L3 PoA
A
B
CD
900 ms
media interruption
802.11 802.11
h/o delay
900 ms
802.11 802.11
4 Seconds media interruption h/o delay 4 s
Handoff Delay
~ 18 s
802.11 CDMA
18 Seconds media interruptionh/o delay
18 s
9
Handover
Event
Network
discovery &
selection
Network
attachment
Configuration Security
association
Binding
update
Media
reroute
Channel
discoveryL2
associatio
n
Router
solicitation
Domain
Advertisement
Identifier
acquisition
Duplicate
Address
Detection
Address
ResolutionAuthentication
(L2 and L3)
Key
derivation
Identifier
update
Identifier
mapping
Binding
cache
Tunneling
Buffering
Forwarding
Bi-casting/
Multicasting
Server
discovery
Identifier
Verification
Subnet
discovery
P1 P2 P3 P4 P5P6
P11
P13
P12
P21
P22
P23
P31
P32
P33P41
P42
P51
P52
P53
P54
P61 P62
P63
P64
System decomposition of handover process
10
How security affect handoff performance
Security protocols have an impact on
the performances of the network
• End-to-end latency
• Throughput
• Handoff delay
• Packet loss
Main components that affect the
performance
• Authentication/authorization,
• Key Derivation
• Encryption
Security related delays may affect
all the layers
– Layer 2 (e.g., 802.11i, WEP)
– Layer 3 (IPSEC/IKE)
– Upper Layers (e.g., TLS,
SRTP)
Security
Association
Key
Distribution Authentication Encryption
Layer 2
Layer 3
Layer 4
ServerMobile Network
MN
MN Server
L3
POA
Security
Association
Key
Distribution Authentication Encryption
Layer 2
Layer 3
Layer 4
ServerMobile Network
MN
MN Server
L3
POA
Key principles for security optimization
Number of round trip signaling for key derivation process
need to be minimized
Avoid the key exchange by maintaining the end-point address identifier (e.g., IP address)
Avoid tear down and re-establishment of Security Association (e.g., IPSec Tunnel)
Proactive authentication
Fast re-authentication
Security context transfer between the base stations
Cross layer assisted authentication
• Layer 3 authentication bootstraps layer 2 authentication process
Anchor-based security association• Clients behind Mobile IP Home Agent are shielded from IP address
change
Media Independent Pre-authentication - a deployment
scenario
AA CA
MN-CA key
AR
Network 3
AR
AA CA
MN-CA key
Network 2
INTERNET
Information
Server
Mobile
Current
Network 1
AR
AP1 Coverage Area AP 2 & 3 Coverage Area
AR
Network 4
CN
AP3AP2AP1 CTN
TN
CTN – Candidate Target Networks
TN – Target Network
Network-Layer Assisted
Pre-Authentication
Supports handover across inter-
technology, inter-subnet and
inter-domain
Independent of link-layer
technology (e.g., 802.11,
CDMA)
No context transfer security
problems (e.g. no domino effect)
Home AAA
Domain
IEEE 802.11i
Pre-authentication
nAR/PAA
AAAv
AAAh
pAR
10.1.10.2/24
10.1.10.1/2410.1.20.2/24
MN
PSK PSK
AP0AP1AP2
Radius/Diameter
PANA pre-auth
Association
&
4-way handshake
Network A Network B
PANA Pre-authentication
Roaming AAA
Domain*
Network Pre-authentication Flows
PANA-Client-Initiation(PCI)
PANA-Start-Request (PSR) [EAP Req/Ident]
PANA-Start-Answer(PSA) [EAP Resp/Ident]
PANA-Auth-Request (PAR) [EAP-TLS/Start]
PANA-Auth-Answer (PAN) [EAP-TLS/Client-Hello]
PANA-Binding-Request[AUTH] (PBR) (EAP-Success)
PANA-Binding-Answer (PBA)
PaC target PAAtarget APx AAAH
SNMPv3-Set(PSK, PaC’s MAC address)
AAA prot-ans (EAP-TLS/Start)
SNMPv3-Ack
PaC’s
Movement
EAPOL Key: Message 1
EAPOL Key: Message 2
EAPOL Key: Message 3
EAPOL Key: Message 4
PSKx PSKx
AAA prot-req (EAP-Resp/Ident)
Network-Layer
Pre-authentication
EAP skipped
1x controlled port enabled & IP traffic
Pre-configuration
PSK
installation
AAAv
AAA prot-ans (EAP-TLS/ServCert)
AAA prot-req (EAP-TLS/Client-Hello)
PANA-Auth-Answer (PAN) [EAP-TLS/ClientCert]
PANA-Auth-Request (PAR) [EAP-TLS/ServCert]
AAA prot-req (EAP-TLS/ClientCert)
AAA prot-ans (EAP-TLS/ChangeSpec)
PANA-Auth-Answer (PAN) [EAP-TLS/Ack]
PANA-Auth-Request (PAR) [EAP-TLS/ChangeSpec]
AAA prot-req (EAP-TLS/Ack)
AAA prot-ans (EAP-Success)
(Re)Association
Associated
current APx
Non-roaming Roaming
4-way hanshake
PANA-Client-Initiation(PCI)
PANA-Start-Request (PSR) [EAP Req/Ident]
PANA-Start-Answer(PSA) [EAP Resp/Ident]
PANA-Auth-Request (PAR) [EAP-TLS/Start]
PANA-Auth-Answer (PAN) [EAP-TLS/Client-Hello]
PANA-Binding-Request[AUTH] (PBR) (EAP-Success)
PANA-Binding-Answer (PBA)
PaC target PAAtarget APx AAAH
SNMPv3-Set(PSK, PaC’s MAC address)
AAA prot-ans (EAP-TLS/Start)
SNMPv3-Ack
PaC’s
Movement
EAPOL Key: Message 1
EAPOL Key: Message 2
EAPOL Key: Message 3
EAPOL Key: Message 4
PSKx PSKx
AAA prot-req (EAP-Resp/Ident)
Network-Layer
Pre-authentication
EAP skippedEAP skipped
1x controlled port enabled & IP traffic
Pre-configuration
PSK
installation
AAAv
AAA prot-ans (EAP-TLS/ServCert)
AAA prot-req (EAP-TLS/Client-Hello)
PANA-Auth-Answer (PAN) [EAP-TLS/ClientCert]
PANA-Auth-Request (PAR) [EAP-TLS/ServCert]
AAA prot-req (EAP-TLS/ClientCert)
AAA prot-ans (EAP-TLS/ChangeSpec)
PANA-Auth-Answer (PAN) [EAP-TLS/Ack]
PANA-Auth-Request (PAR) [EAP-TLS/ChangeSpec]
AAA prot-req (EAP-TLS/Ack)
AAA prot-ans (EAP-Success)
(Re)Association
Associated
current APx
Non-roaming Roaming
4-way hanshake
Performance (MPA-Non-MPA) – Single I/F
MPA
• No packet loss during pre-authentication, pre-configuration and pro-active handoff before L2 handoff
• Only 0 packet loss, 4 ms delay during handoff mostly transient data
– Includes delay due to layer 2, update to delete the tunnel on the router
– We also reduced the layer 2 delay in hostap
Driver
– L2 delay depends upon driver and chipset
non-MPA
• About 200 packets loss, ~ 4 s during handover
– Includes standard delay due to layer 2, IP address acquisition, Re-Invite, Authentication/Authorization
• Could be more if we have firewalls also set up
MPA Approach
Non-MPA Approach
handoff
802.11 802.11
4 s
Handoff Delay
~ 18 s
802.11 CDMA
Handoff Delay
16 s
802.11 CDMA
a. MIP-based Non-optimized handoff
b. SIP-based Non-optimized handoff
c. MPA and 802.21 assisted optimized
handoff
802.11 CDMA
Optimized handoff delay with MPA (Multiple I/F)
Triple Encapsulation for Mobile VPN
DMZ
Internal (protected) External (unprotected)
CN
Internal Home
Network
VPN tunnel x-MIP tunnel
VPN
GW x-HA
Based on its current location, MN dynamically establishes/changes/terminates tunnels
without changing current standards of IPsec VPN or Mobile IP.
Triple encapsulation tunnel is constructed by:
• i-HA (Internal Home Agent): Forwards IP packets to MN’s current internal location
• VPN GW: Protects (encrypts and authenticates) IP packets transmitted in external networks
• x-HA (External Home Agent): Forwards IP packets to MN’s current external location
MN
i-MIP tunnel
Internal Visited
Network
i-HA
MNMN MN
ExternalNetwork 1
ExternalNetwork N
Results: Mobile IP-VPN
Non-M a ke -be fore -bre a k
31500
32000
32500
33000
33500
34000
34500
35000
0 50 100 150 200 250 300
Tim e in S e conds
RT
P S
eq
ue
nc
e
RTP Sequence
802.11
(enterprise )
Cellular
802 .11
(enterprise)
Packet Loss
Due to N on -m ake-before-break
Non -m ake -before-break
Non-M a ke -be fore -bre a k
31500
32000
32500
33000
33500
34000
34500
35000
0 50 100 150 200 250 300
Tim e in S e conds
RT
P S
eq
ue
nc
e
RTP Sequence
802.11
(enterprise )
Cellular
802 .11
(enterprise)
Packet Loss
Due to N on -m ake-before-break
Non -m ake -before-break
802.11-Cellular Secured Handoff
1800
1900
2000
2100
2200
2300
2400
2500
2600
0 20 40 60 80 100 120 140 160 180
Time in Seconds
RT
P P
ac
ke
t
Se
qu
en
ce
RTP sequence during
handoff
Out-of-order-packet802.11(enterprise)
Cellular 802.11(enterprise)
802.11-Cellular Secured Handoff
1800
1900
2000
2100
2200
2300
2400
2500
2600
0 20 40 60 80 100 120 140 160 180
Time in Seconds
RT
P P
ac
ke
t
Se
qu
en
ce
RTP sequence during
handoff
Out-of-order-packet802.11(enterprise)
Cellular 802.11(enterprise)
MNVPN GW
Visited Network 2
(802.11)
Visited Network 1
(Cellular)
CN
Tunnel (RTP)
MOBIKE
MOBIKE
13.377
13.342 ( 802.11 is up)
13.554 (First packet on 802.11)
47.881
51.519
MOBIKE
51.977
Packet
Loss
(No-Break-before-make)
RTP
Visited Network 1
(Cellular)
13.667 (Last packet on cellular)
MOBIKE
43.103 (Last packet on 802.11)
VPN traffic in 802.11
VPN traffic in cellular
Mobike in cellular
Mobike in 802.11
IP0 is primary address
IP1 is primary address
IP0 is primary address
IP0 – address of 802.11 interface
IP1 – address of cellular interface
MNVPN GW
Visited Network 2
(802.11)
Visited Network 1
(Cellular)
CN
Tunnel (RTP)
MOBIKE
MOBIKE
13.377
13.342 ( 802.11 is up)
13.554 (First packet on 802.11)
47.881
51.519
MOBIKE
51.977
Packet
Loss
(No-Break-before-make)
RTP
Visited Network 1
(Cellular)
13.667 (Last packet on cellular)
MOBIKE
43.103 (Last packet on 802.11)
VPN traffic in 802.11
VPN traffic in cellular
Mobike in cellular
Mobike in 802.11
IP0 is primary address
IP1 is primary address
IP0 is primary address
IP0 – address of 802.11 interface
IP1 – address of cellular interface
Hand-off with no-make-before break(internal-external-internal) with make-before-break
Hom e-Cellu lar-Hotspot handoff
500
1500
2500
3500
4500
5500
0 100 200 300 400
Tim e in S e co nd s
RT
P S
eq
ue
nc
e
RTP S equenc e
Home
802.11
Cellular
External
Hotspot
802.11
Hom e-Cellu lar-Hotspot handoff
500
1500
2500
3500
4500
5500
0 100 200 300 400
Tim e in S e co nd s
RT
P S
eq
ue
nc
e
RTP S equenc e
Home
802.11
Cellular
External
Hotspot
802.11
Home-external-external handoff Mobike-based handoff (cellular-hotspot-cellular)
20
PDSN
S-CSCF
PDSN
AP
FTTH
/ADSL
SIP AS
I-CSCF
MN
RAN RAN
IMS/
MMD
cdma2000
HSS
P-CSCF P-CSCF
P-CSCF
non-SIP AS
non SIP
PCRFPCRF
PCRF
Different
DomainDHCP
DHCPDHCP
Handoff Optimization in IMS/MMD Network
cdma200
0
E-CSCF※
Optimized
roaming
architecture
Non-SIP support
AAA/HSS Optimization
AAA
HA
P-CSCF
Fast handoff
MN
IPSec
Tunnel
IPSec
Tunnel
21
P-CSCF Fast-handoff Experimental Results
Figure 1: Levels of MMD Optimization
Components Optimized
0 3000 6000 9000 12000
Proactive
Reactive
Non-Optimized
Typ
es o
f H
an
do
ff
Time in ms
PPP Termination
Layer 2 Delay
PPP Activation
MIP-Solicitation
MIP-Binding Update
DHCP Trigger
DHCP Inform
SIP Trigger
SIP+Security
Media Redirection
Components Optimized
22
Scheduling
of handover
operations
Relevant
optimization
principles
Example experimental mobility optimization Potential
Target
Mobility
System
SIP-based
Fast
handoff
Mobile
VPN
Media
Independent
Pre-authentication
Simultaneous
Mobility
Optimized
handoff
In IMS
Muti-layer
Mobility
Multicast
fast
handoff
Sequential Direct path between
CH and MHX
Limit binding update
between CH and MHX X
Maintain Security
association
between end-points
X
Anchor-based
ForwardingX X
Post-handoff triggers X
Proactive Pre-handoff triggers X X
Proactive network
discoveryX
Proactive
authentication X
Proactive identifier
configurationX
Proactive
binding updateX X
Dynamic Buffering X
Proactive context
transferX
Parallel Discovery of Layer 2
and Layer 3 PoAX
Binding update X
Optimal mobility system design
Measurement assisted mobility model
IP CANCaller
(UE1)
diameter
SIP
GETS Call
HSS
GETS-
Application
Server
P-CSCF
I-CSCF
S-CSCF
PCRFPCRF
P-CSCF
S-CSCF
Invite
OK
ACK
Called
(UE2)
Managed IP
(Multi-Provider Network)
(EPC)
DNS/E
NUM
DNS
RTP
Layer 3 control
Wireless
Access
UMTS
EvDO
WiMAX
LTE
Satellite
Wireline
Access
Cable
DSL
Fiber
Ethernet
Wireline
Access
Cable
DSL
Fiber
Ethernet
Wireless
Access
UMTS
EvDO
WiMAX
LTE
Satellite
IMS
RAN
GW
GW
RAN
RAN IP CAN
23
IMS-layer control
23
Layer 2 control
Monitoring
Agent
Controller
Network/
Application
Feedback
RAN
Resource usage per mobility eventsSub
transitions
Sub-operations Resource Consumption
Bytes
exchanged
CPU
samples
Power due to
transmission
(nano
joules)t00 Layer 2 un-reachability test 43 5 51600
t01 Layer 3 unreachability 86 3 103200
t11 Discover layer 2 channel 109 3 130800
t12 Discover layer 3 subnet 110 4 132000
t13 Discover server 126 5 540000
t21 Layer 2 association 99 2 118800
t22 Router solicitation 70 4 84000
t23 Domain advertisement 226 4 271200
t31 Identifier acquisition 1426 5 1711200
t32 Duplicate address detection 164 6 196800
t33 Address resolution 60 3 72000
t41 Layer 2 open authentication 94 3 112800
t42 Layer 2 EAP 2842 6 3410400
t43 Four-way handshake 504 4 604800
t51 Master key derivation (PMK) 0 10 0
t52 Session key derivation (PTK) 0 6 0
t61 Identifier update 204 4 422400
t62 Identifier verification 148 6 177600
t63 Identifier mapping 0 8 0
t64 Binding cache 0 3 0
t71 Fast binding update 110 3 132000
t72 Local caching 0 6 0
t81 Tunneling 60 2 72000
t82 Forwarding 100 2 120000
t83 Buffering 120 3 144000
t91 Local id mapping 40 4 48000
t92 Multicasting/bicasting 192 2 23040024
Modeling of handoff processes – An example
P00 t01
t11
t41
p11
p41
t13
p13
t42
p42
t21
p21
t22
p22
t12
p12
t23
p23 P52
t52 t51P51
t53 p53
t64p64
t62
p62
t63
p63
t54 p54
p61
t31 t32 t33
p31 p32 p33
t70
Resource
network capacity
Resource Battery
Resource CPU
Potential
Parallel
Operation
Connected
Scheduling of handoff operations
26
Association
Network
discovery
P11
t11
PA2
4-way
Handshake
(SA)
t1
t4 t5
P2 P3
Connected
Dis
connected
Pre-
authentication
Current Network Target Network
PA1
PC
PB1
PD
t12
t13
AP
Key
installation
P12
P1
Resources CPUPC
Resource s BatteryPB
4-way handshakecompletet3
t4 t5
P2
P3
t2
Scanning
Authentication
NetworkDiscovered
4-wayHandshakeOperation
P1
ResourcesNetwork capacity
MobileAuthenticated
Connected
Association
P0
P01
P02
2 2
t1
PA
PC CPU
BatteryPB
t3
t4
t5
P2
t2
Scanning
Authentication
NetworkDiscovered
4-wayHandshake
P1
ResourcesNetwork Capacity
MobileAuthenticated
Connected
P0
P01
P02
2
t1
P03
P3Association
4
PA
C. Proactive operations
B. Parallel operations – Level of concurrency =2
D. Parallel operations – Level of concurrency = 3
A. Sequential operations
Battery
power
scanning Authentication 4-way
Handshake
t2 t3 t4 t5
P2 P3 P4
Association
Connected
Mobile
Disconnected
Network
capacity
CPU
cycles
P1
PA
PB
PC
P0
t1Disconnection
Network
Discovered
Mobile
authenticated
1 token
Conclusions
IP-based mobility in 4G networks involves • movement across access technologies, • movement across administrative domains, • at multiple layers • and involve interaction among multiple protocols
Measurement-based Mobility model • Allows to predict the handoff performance • Provides trade-off performance (e.g., Resources vs. QoS)• Allows to study behavioral characteristics
– deadlock based on mobility patterns
Best current practices to provide optimal service delivery – under different mobility pattern– under different resource environment– For different applications
– Mobile Cloud Computing, Real-time, Non-real-time
27
Burlingame, CA USA
June 2011 28
MH
nPoAoPoABTS A
MSC
BSC 1
Serving
Cell
BSC 2
Target
Cell
VLRAUC
Move
EIR
BSS
nPoA nPoA
HLR
Cellular mobility – GSM
BTS B BTS C
BTS D
Slide 30 NIKSUN Confidential –
Restricted Access See Title
Page for Restrictions
Source
eNB
Target
eNB Candidate
eNB
MME
Serving
Gateway
(S-GW)
PDN-GW
UE UE UE
SGSN
E-UTRAN
IP-based
IMS
network
Enhanced Packet Core (EPC)
UEUE
ePDG
Untrusted
Non-3GPP
Trusted
Non-3GPP
(WiFI, WiMAX)
UTRAN
HSSPCRF
SGiS5
S11
S1-U
S1-MME
S4
S7
S6a
S3
S2a
S2b
AAA
S6c
Wm
Wn
Rx+
Wx
S10
X2
X2 X2
S8
SAE/LTE (4G)
QoE metrics – Driven by measurements
Slide 31
Optimizing authentication
Related Work IEEE Standards
• IEEE 802.11i provides pre-authentication at link-layer in the distribution system (DS)
• IEEE 802.11r improves 11i by introducing a new key hierarchy but it does not work between DSs either.
Context transfer solutions (Bargh et al, Georgiades et al, Duong et al)• Security problems such as “domino effect”
• Assume certain trust relationships which might not be possible in certain scenarios.
• Oriented towards the same technology
Re-authentication
Pre-installation based on movement pattern (Mishra et al, Pack et al )• AAA assisted key installation
• Works within the same administrative domain
MIPv6 and AAA assisted (Ruckforth et al)• Limited to MIPv6 and within the same domain
Cooperative Roaming (Forte et al)• Works within a domain
Key principles for SA optimization
Avoid the key exchange by maintaining the end-point address identifier
Avoid tear down and re-establishment of Security Association
Reduce the number of signaling messages that help rekeying
Anchor-based security association
Clients behind NAT are shielded from IP address change
802.11i – Pre-authentication Flow
1x controlled port enabled & IP traffic
EAPOL Start
EAPOL-Request(EAP-Req/ident)
EAPOL-Response(EAP-Resp/ident)
IEEE 11i
Pre-Authentication
STA Current AP Target AP
EAPOL-Request(EAP-TLS/Start)
EAPOL-Response(EAP-TLS/Client-Hello)
EAPOL-Request(EAP-TLS/ServCert)
EAPOL-Response(EAP-TLS/ClientCert)
EAPOL-Request(EAP-TLS/ChangeSpec)
EAPOL-Response(EAP-TLS/Ack)
EAPOL-Request(EAP-TLS/Sucess)
EAPOL Key: Message 1
EAPOL Key: Message 2
EAPOL Key: Message 3
EAPOL Key: Message 4
Associated
(Re)Association
PMKsta-targetAP
4-way hanshake
AAAHAAAv
AAA prot-ans (EAP-TLS/Start)
AAA prot-req (EAP-Resp/Ident)
AAA prot-ans (EAP-TLS/ServCert)
AAA prot-req (EAP-TLS/Client-Hello)
AAA prot-req (EAP-TLS/ClientCert)
AAA prot-ans (EAP-TLS/ChangeSpec)
AAA prot-ans (EAP-Success)
AAA prot-req (EAP-TLS/Ack)
RoamingNon-roaming
PMKsta-targetAP
1x controlled port enabled & IP traffic
EAPOL Start
EAPOL-Request(EAP-Req/ident)
EAPOL-Response(EAP-Resp/ident)
IEEE 11i
Pre-Authentication
STA Current AP Target AP
EAPOL-Request(EAP-TLS/Start)
EAPOL-Response(EAP-TLS/Client-Hello)
EAPOL-Request(EAP-TLS/ServCert)
EAPOL-Response(EAP-TLS/ClientCert)
EAPOL-Request(EAP-TLS/ChangeSpec)
EAPOL-Response(EAP-TLS/Ack)
EAPOL-Request(EAP-TLS/Sucess)
EAPOL Key: Message 1
EAPOL Key: Message 2
EAPOL Key: Message 3
EAPOL Key: Message 4
Associated
(Re)Association
PMKsta-targetAP
4-way hanshake
AAAHAAAv
AAA prot-ans (EAP-TLS/Start)
AAA prot-req (EAP-Resp/Ident)
AAA prot-ans (EAP-TLS/ServCert)
AAA prot-req (EAP-TLS/Client-Hello)
AAA prot-req (EAP-TLS/ClientCert)
AAA prot-ans (EAP-TLS/ChangeSpec)
AAA prot-ans (EAP-Success)
AAA prot-req (EAP-TLS/Ack)
RoamingNon-roaming
PMKsta-targetAP
Key Derivation Process
AAA
PAA
MN
AAA
MSK
AP
MSK
MSK
PaC-EP-Master-Key
PSK
MNMSK
PaC-EP-Master-Key
PSKPMK
4-way handshake (PTKs) 4-way handshake (PTKs)
PSKap
PSKapPMKMSK PMK
MSK PMK
AP
802.11i
Pre-auth
Network-Layer Preauth
AAA
MN
AP
MSK
4-way handshake (PTKs)
MSK PMK
MSK PMK
AP
Post-auth
AP
Authentication
Server
Authenticator
WPA SupplicantWPA Supplicant
Authenticator
Authentication
Server
Key Functions Characteristics
Handoff • May take place between cell, subnet or domain
• Need to optimize the handoff delay and transient data loss ( e.g., end-to-
delay up to 200 ms, 3%-5% packet loss, jitter, for real-time VoIP traffic)
• May use soft-handoff feature of CDMA, but need fast-handoff mechanisms
for other technologies (e.g., 802.11)
• Need to support session based applications for TCP and RTP traffic
Configuration •Should be configured within few milliseconds
•Configures IP address and other server parameters (e.g, DNS, SIP
server, Gateway)
Registration • Assist pre-session mobility
• Hierarchical nature will make the registration faster
• Helps location management functionality
Quality of
Service
•Need to maintain same QoS during its subnet/domain movement
Location
Management
•Allow user to maintain same URI irrespective of point of attachment
Technical issues for mobility management
Mobility model
Problem: In the absence of any formal mechanism it is difficult to predict or verify the systems performance of un-optimized handover or any specific handoff optimization technique
Proposal
Analyze the basic primitives of a handoff event
Model the handoff-related processes as Discrete Event
Dynamic Systems (DEDS)
Deterministic Timed Transition Petri Net (DTTPN) to build various un-optimized mobility models and their associated optimization techniques
Key advantages :
This model can predict systems performance for optimized handoff operations
This model can design optimal path for sequence of execution of events based on expected performance and resource constraints
This model can verify systems behavior (e.g., deadlocks) during handover
37
Dependency analysis among handover operations
Handoff Process Precedence
Relationship
Data it depends on
P11 – Channel Discovery P00 Signal-to-Noise Ratio value
P12 – Subnet discovery P21,P22 Layer 2 beacon ID
L3 router advertisement
P13 – Server discovery P12 Subnet address
Default router address
P21- Layer 2 association P11 Channel number
MAC address
Authentication key
P22- Router solicitation P21, P12 Layer 2 binding
P23- Domain advertisement P13 Server configuration
Router advertisement
P31 – Identifier acquisition P23,P12 Default gateway
Subnet address
Server address
P32 – Duplicate address
detection
P31 ARP
Router advertisement
P33 – Address resolution P32, P31 New identifier
P41 – Authentication P13 Address of authenticator
P42 – Key Derivation P41 PMK (Pairwise Master Key)
P51 – Identifier update P31,P52 L3 Address
Uniqueness of L3 address
P52 – Identifier verification P31 Completion of COTI
P53 – Identifier mapping P51 Updated MN address
at CN and HA
P54 – Binding cache P53 New Care-of-address mapping
P61 – Tunneling P51 Tunnel end-point address
Identifier address
P62 – Forwarding P51, P53 New address of the mobile
P63 – Buffering P62, P51 New identifier acquisition
P64 – Multicasting/Bicasting P51 New identifier acquisition 38
Backup Slides
Burlingame, CA USA
June 2011 39
Characteristics of Next Generation Networks?
Heterogeneous networks (CDMA, LTE, WiMAX, 802.11)
• Access-independent converged IP network
Order-of-magnitude increases in bandwidth
• MIMO, smart antennas
• Increase in video and other high bandwidth traffic
New services and service enabling platforms (e.g., Web 2.0,
SON)
Large range of cell sizes, coverage areas
• PAN, LAN, WAN
• Pico-cellular, micro-cellular, cellular
Changes in traffic and traffic patterns
• Rise in video on demand? Requires good high-bandwidth
multicast
Results (II)
Cellular Access Characteristics
Generation System Channel
spacing
Access type Uplink data
rate
1G AMPS 30 kHz FDMA N/A
TACS 25 kHz FDMA N/A
NMT 25 kHz FDMA N/A
NTT 25 kHz FDMA N/A
2G GSM 200 kHz TDMA 9.6 kb/s
PDC 30 kHz TDMA 42 kb/s
IS-136 30 kHz F/TDMA 48 kb/s
IS-95 (A) 1.25 MHz F/CDMA 14.4 kb/s
iDEN 25 kHz F/TDMA 24 kb/s
2.5G GPRS 200 kHz TDMA 45 kb/s
EDGE 200 kHZ TDMA 236 kb/s
IS-95 (B) 1.25 MHz F/CDMA 115 kb/s
CDMA2000 1X 1.25 MHz CDMA 144 kb/s
3G UMTS/WCDM
A
5 MHz CDMA/TD
MA
2 Mb/s
CDMA2000
1xEV-DO
1.25 MHz CDMA 2 Mb/s
4G LTE 20 MHz OFDMA 50 Mb/s
WiMAX 2.5 GHz OFDM 40 Mb/s
UMB 5 MHz OFDMA 75 Mb/s
Handover: Distributed operation across multiple layers
Time
L2
PoA
L3
PoA
Discovery Detection Configuration
Security
Association
p11
p12
p21
p31
p32 p42
p41Server
(Proxy,
/HA)
p22
Binding
Update
Media
Rerouting
p51p31
p32
p41 p42
p42p63
p62
p13p23
p31
p33
MN
p11 p12 p21 p22p31 p41
p61p32 p42
p13 p23p33
p51
p51
p52
p52
CN
p42p52
p61
p54
p53 p54
p61
p61p62
p64p51
Layer 2 Handoff Delay (802.11)
Discovery Phase
• Active scanning
– MN probes AP
• Passive scanning
– AP sends beacons
periodically
Authentication Phase
• Open authentication
• Shared authentication
• 802.11i – 4 way handshake
Association Phase
Station performing handoff All APs within
range on all channelsMN
Probe Request
Probe Response
(broadcast)
New
AP
Reassociation
Request
De-authentication
Authentication
Request
Authentication
Response
Re-association
Request
Re-association
Request
Re-association
Response
Probe
Delay
De
-au
then
tication
Dela
y
Authentication
Delay
Re-association
Delay
Chan 1
Chan N
Layer 2 Discovery Optimization
General techniques:
Reduce the scanning time
Caching of ESSID
Use of second interface
802.11 specific discovery
Proactive Discovery • (no scanning)
Proposed Solutions:
Shin et al introduces selective scanning and caching strategy
Montavont et al propose periodic scanning
Velayos et al propose reduction of beacon interval and performs search in parallel with data transmission
Brik et al propose to use a second interface to scan while communicating with the first interface
802.11u, 802.11k
Forte and Schulzrinne
Application Layer proactive discovery (e.g., Dutta et al)
Optimization techniques for
layer 3 configuration
Layer 3 address acquisition
• Proactive caching
Duplicate Address
Detection
• Optimistic DAD,
Proactive DAD, Passive
DAD,
• Router Assisted DAD
NUD (Neighbor
Unreachability Detection)
• Aggressive Router
Selection
Configuration
Identifier
AcquisitionDuplicate
Address
Verification
Identifier
Mapping
Layer 2
Layer 3
Mobile
NodeServer Network
Mobile
Node L3 POA Network
MNServer
L3
PoA
Configuration
Identifier
AcquisitionDuplicate
Address
Verification
Identifier
Mapping
Layer 2
Layer 3
Mobile
NodeServer Network
Mobile
Node L3 POA Network
MNServer
L3
PoA
Security Optimization
Security protocols have an impact
on the performances of the network
• End-to-end latency
• Throughput
• Handoff delay
Main components that affect the
performance
• Authentication/authorization,
Key Derivation, Encryption
Security related delays may
affect all the layers
– Layer 2 (e.g., 802.11i, WEP)
– Layer 3 (IPSEC/IKE)
– Upper Layers (e.g., TLS,
SRTP)
Security
Association
Key
Distribution Authentication Encryption
Layer 2
Layer 3
Layer 4
ServerMobile Network
MN
MN Server
L3
POA
Security
Association
Key
Distribution Authentication Encryption
Layer 2
Layer 3
Layer 4
ServerMobile Network
MN
MN Server
L3
POA
Optimizing Binding Update
Techniques• Reduce the latency due to
longer binding update when the communicating host is far away
• Limit the binding update within a domain
Proposed Solutions• IDMP
• Regional registration-based Mobile IP
• HMIPv6
• Anchor-based Application Layer
– B2BUA
• Proactive Binding Update
Binding
Update
Tunneling Mapping Caching
Mobile Network Anchor Mobile CN
Anchor
PointCN
Binding
Update
Tunneling Mapping Caching
Mobile Network AnchorMobile Network Anchor Mobile CN
Anchor
PointCN
Home Agent
BSC1 BSC2 BSC3 BSC4
PCF1 PCF3 PCF4
PDSN2PDSN1
PCF2
FA1
FA2
MSC
PSTN
GMSC
HLR
AC
A B CD F
BTS1
E
L3 PoA L3 PoA
L2 PoABTS3
L2 PoA
VLR
CDMA2000 – An example
Handoff Delay
~ 18 s
802.11 CDMA
Handoff Delay
16 s
802.11 CDMA
a. MIP-based Non-optimized handoff
b. SIP-based Non-optimized handoff
c. MPA and 802.21 assisted optimized
handoff
802.11 CDMA
Optimized handoff delay with MPA (Multiple I/F)
Several concepts of mobility Terminal mobility, e.g., supported by Mobile IP
IP-based Network
CH
Subnet 1MH
Subnet 2
IP-based
Network
CH
Subnet 1
MH
Subnet 2• Typically, you don’t
just have terminals
– Users/Persons
– Sessions
• Mobility of users,
sessions?
Personal Mobility: Registration
IP-based
Network
CH
Subnet 1
Subnet 2
registrar
IP-based
Network
CH
Subnet 1
Subnet 2
registrar
• When lady in red moves, she
– leaves her laptop behind
– Uses another machine
– Logs in
• User registration performed
Personal Mobility: simultaneous registration of
multiple bindings
IP-based
Network
CH
Subnet 1
Subnet 2
Registrar
& proxy
IP-based
Network
CH
Subnet 1
Subnet 2• When lady in red moves,
she
– leaves her laptop
behind
– Uses another machine
• She can still be located
Registrar
& proxy
Session Mobility
IP-based
Network
CH
Subnet 1
MH
Subnet 2
IP-based
Network
CH
Subnet 1
Subnet 2
INVITE 2
3
1
Mobike-based solution
Service MobilityService Mobility allows a roaming user to get the same
view of the network as when he is at home
At the time of registration
• User’s service profile is retrieved from the home
network
• The service profile is shared with the responsible entity
at home and in the foreign network (wholly or partially)
The foreign network provides some of the service
required
The home network still retains responsibility for other
services
Examples of entries in the profile of interest may be
address book, call handling features, buddy lists, etc.