Presentation on theme: "Wireless Data Communication"— Presentation transcript:
1Wireless Data Communication by Tatiana Madsen & Hans-Peter SchwefelMm1 Short range Wireless Communication (TKM)Mm2 IP Mobility Support (HPS)Mm3 Ad hoc Networks (TKM)Mm4 Wireless TCP (HPS)Mm5 Wireless applications and cross-layer aspects (HPS/ TKM)
2Content + Exercises Background Mobile IP (v4) IP, IETF, Mobility & Handover TypesMobile IP (v4)Motivation, Principles, Messages, DHCPMIP Performance aspects & improvementsHMIP, CIPMIP security aspectsAuthentication, Ipsec, Key Management, Firewall TraversalExtensionsMulti-homing/flow mobility, context transferIPv6 and MIPv6Comparison: Mobility support in GPRS/UMTSSummary & Outlook+ ExercisesGoal: Make students familiar withunderlying problemssolution approachesOverview on key technologiesrequired to support mobility in IP-based networks
3Background I: Internet Protocol (IP) ApplicationTCP/UDPIPLink-LayerL5-7L4L3L2Internet Protocol IP, IPv4:Layer 3 Protocol (Network Layer)Packet (IP datagram) transmission between hosts (packet size up to bytes, often restricted by Layer 2 protocols)Routing using 32 bit adresses (v4)Most frequent transport protocols Transmission Control Protocol TCP User Datagram Protocol UDPPopular application layer protocols: HyperText Transfer Protocol HTTP File Transmission Protocol FTP Simple Mail Transfer Protocol SMTP
4Background II : IETF Standardization Internet Engineering Task Force, IETF (seeNo formal membership; very informal processProtocols are developed in Working Groups e.g. IPNG, mobileip, mpls, tewg, diffserv, rohc, seamoby, sipEach WG belongs to one of 8 Areas: Applications, General, Internet, Operations and Management, Routing, Security, Sub-IP, Transport, User ServicesArea Directors form Internet Engineering Steering Group IESGImplementations (running code) required for standardsTested atleast2 timesStandardproposedInternet DraftOK fromIESGAt least 2implementationsOKfrommin. 6 monthsmax. 24 monthsDraftmin. 4 monthsWGBOFSufficientInterestDraft changes in mailing listdiscussions or meetingsDas wichtigste Gremium ist IETF. Daneben gibt es noch Foren die die Arbeit unterstützen wie z.B. MIPv6 Forum etc. In der Abbildung ist der Ablauf bei der Standardisierung von erfassen einer Idee bis zur Festschreibung als Standart dargestellt.Im März 2001 ergab eine Auswertung von IPv6-relevanten Standards folgenden Status:5 im Status Draft Standard (darunter MIPv6)40 im Status Proposed Standard12 im Status Informational4 im Status Experimental1 im Status Historical.
5Background III: Mobility types WLAN APSwitchRouterRouterRouterMobile HostWLAN APDInternetWLAN APRouterRouterWLAN APGPRSNetworkCellular access (GPRS)Assumption in this lecture: Infrastructure networks (only first hop wireless)Different Levels of Mobility:Pico (e.g. within same radio cell)Micro (e.g. within same subnet)Macro (e.g. across subnets but within same administrative domain)Global (e.g. across different administrative domains)’Alternative’ classification:vertical mobility: changing access technology
6Background IV: Handover & more mobility types Hand-over classification:Mobile initiated or network-initiatedBackward or forwardmobile controlled or network controlledMobile-assisted or network assisted or unassistedProactive or reactiveMake-before-break or break-before makeSoft or hardfast (without ‚noticable‘ delay)smooth (no loss of data)seamless = fast + smoothMore mobility types ...Host MobilityUser MobilityApplication MobilityNetwork Mobility... and related identifiersIP address, hostname (DNS)User-name (e.g. SIP URL)---address prefix / subnetmask
7Mobile IP Motivation: Host mobility & Routing Problem: IP address identifies host as well as topological locationReason: IP Routing:Routes selected based on IP destination addressnetwork prefix (e.g ) determines physical subnetchange of physical subnet change of IP address to have a topological correct addressSolution? Host-based routing: Specific routes to each hostHandover change of all routing table entries in each (!) routerScalability & performance problemSolution? Obtain new IP-address at hand-overProblem: how to identify host after handover? DNS update performance/scalability problemHigher protocol layers (TCP/UDP/application) need to ‘handle’ changing IP address Development of mobile IPSubnet AIP networkMobile NodeSubnet B
8Mobile IP: Requirements (RFC 3344) Transparencymobile end-systems keep their IP addresspoint of attachment to the fixed network can be changedcontinuation of communication after handover possible (transparent to transport layer in mobile node as well as to correspondent node)Compatibilitysupport of the same layer 2 protocols as IPno changes to correspondent nodes and routers requiredSecurityauthentication of all registration messagesEfficiency and scalabilityonly small data volume for additional messages to/from the mobile node (connection typically via a low bandwidth radio link)world-wide support of a large number of mobile nodes (via the whole Internet)
9Mobile IP: Principles & Terminology Home networkIP networkHAMobile Node Home Address IP1FAHome Address IP1Care of Address: CoA1Correspondent NodeVisited networkUnderlying Approach: separate host identifier and location identifier maintain multiple IP addresses for mobile hostTerminology:Mobile Node (MN) with fixed IP address IP1 (home address)Home Network: subnet that contains IP1Home Agent (HA): node in home network, responsible for packet forwarding to MNVisited Network: new subnet after roaming / handoverCare-of Address (CoA): temporary IP address within visited networkForeign Agent (FA): node in visited network, responsible for packet forwarding to CoA
10Mobile IP: Tunneling &Triangle Routing FAVisited NetworkHome NetworkCoA1Mobile NodeIP1, CoA1IP2 Home AgentSubnetIP1Source: Mobile IPv4 illustrated CN sends packets to the MN using its Home Address IP1 HA tunnels them to FA, using CoA1; FA forwards them to MN MN sends packets back to the CN using IP2 (without any tunneling) Home Agent needs to contain mapping of care-of address to home address (location register)Correspondent Node (CN)IP2
12Tunneling: IP in IP Encapsulation IP-in-IP-encapsulation (support in MIP mandatory, RFC 2003)tunnel between HA and COAver.IHLDS (TOS)lengthIP identificationflagsfragment offsetTTLIP-in-IPIP checksumIP address of HACare-of address COAver.IHLDS (TOS)lengthIP identificationflagsfragment offsetTTLlay. 4 prot.IP checksumIP address of CNIP address of MNTCP/UDP/ ... payloadDrawback of tunnelingPossibly long routes between CN and MN (many hops)Increase of data volume increase (additional 20 bytes IP header) possibly fragmentation
13Tunneling: Minimal Encapsulation Minimal encapsulation (optional)avoids repetition of identical fields (e.g.TTL, IHL, version, DS/TOS)only applicable for un-fragmented packets (no space left for fragment identification)ver.IHLDS (TOS)lengthIP identificationflagsfragment offsetTTLmin. encap.IP checksumIP address of HAcare-of address COAlay. 4 protoc.SreservedIP checksumIP address of MNoriginal sender IP address (if S=1)TCP/UDP/ ... payload
14Mobile IP: Agent Discovery & Registration [Agent Solicitation] (opt.)HAFAMNAgent AdvertisementObtain c/o addressRegistration RequestRegistration ReplyTimeMobile Node finds out about FA through Agent AdvertisementsFAs broadcast Advertisements in periodic intervalsAdvertisements can be triggered by an Agent Solicitation from the MNCare of Address of the MN is determined, eitherDynamically, e.g. using Dynamic Host Configuration Protocol (DHCP)Or: use IP address of FA as CoAMN registers at FA and HA: Registration Request & ReplyMN signals COA to the HA via the FAHA acknowledges via FA to MNRegistration with old FA simply expires (limited life-time, soft-state)
15MIP messages:Agent advertisement Procedure:HA and FA periodically broadcast advertisement messages into their subnetsMN listens to these messages and detects, if it is in the home or a (new?) foreign networkwhen new foreign network: MN reads a COA from the advertisement (opt.)ICMP Router Discovery extension:781516232431typecodechecksum#addressesaddr. sizelifetimerouter address 1preference level 1router address 2preference level 2. . .type = 16R: registration requiredB: busy, no more registrationsH: home agentF: foreign agentM: minimal encapsulationG: GRE encapsulationr: =0, ignored (former Van Jacobson compression)T: FA supports reverse tunnelingreserved: =0, ignoredtype = 16lengthsequence numberregistration lifetimeRBHFMGrTreservedCOA 1COA 2. . .
16MIP messages: registration request & reply Registration Request (via UDP)781516232431S: simultaneous bindingsB: broadcast datagramsD: decapsulation by MNM mininal encapsulationG: GRE encapsulationr: =0, ignoredT: reverse tunneling requestedx: =0, ignoredtype = 1SBDMGrT xlifetimehome addresshome agentCOAidentificationextensions . . .Registration Reply (UDP)Example codes:registration successful0 registration accepted1 registration accepted, but simultaneous mobility bindings unsupportedregistration denied by FA65 administratively prohibited66 insufficient resources67 mobile node failed authentication68 home agent failed authentication69 requested Lifetime too longregistration denied by HA129 administratively prohibited131 mobile node failed authentication133 registration Identification mismatch135 too many simultaneous mobility bindings78151631type = 3codelifetimehome addresshome agentidentificationextensions . . .
17MIP: Care-of addresses MN obtains local care-of address eitherfrom FA Advertisement (see before)Or via Dynamic Host Configuration Protocol (DHCP)supplies systems with all necessary information, such as IP address, DNS server address, domain name, subnet mask, default router etc.Client/Server-Model: client sends request via L2 broadcastserver(not selected)server(selected)clientinitializationDHCPDISCOVERDHCPDISCOVERdetermine the configurationdetermine the configurationcollection of repliesDHCPOFFERDHCPOFFERselection of configurationtimeDHCPREQUEST (reject)DHCPREQUEST (options)confirmation ofconfigurationDHCPACKinitialization completed
18Content + Exercises Background Mobile IP (v4) IP, IETF, Mobility & Handover TypesMobile IP (v4)Motivation, Principles, Messages, DHCPMIP Performance aspects & improvementsHMIP, HAWAII, CIPMIP security aspectsAuthentication, Ipsec, Key Management, Firewall TraversalExtensionsMulti-homing/flow mobility, context transferIPv6 and MIPv6Comparison: Mobility support in GPRS/UMTSSummary & Outlook+ Exercises
19MIP Performance Aspects: Handover Events during handoverLoss of connectivity to AP (L2)Scan for new APsObtain connectivity to new AP (L2)[send Agent solicitation (L2 trigger)]receive Agent advertisement/obtain new IP addresssend registrationreceive registration replyMN can receive ‚new‘ data packets from CN, when registration request is successfully processed by HA Handover delay, possible loss of data-packets (sent to old ‚FA‘ during handover)Qu.: When can MN send packets again?
20Intermission: Handover classification (Exercise) MIP handover is ...Mobile initiated or network-initiated?backward or forward?mobile controlled or network controlled?Mobile-assisted or network assisted or unassisted?Proactive or reactive?Make-before-break or break-before make?Soft or hard?fast (without ‚noticable‘ delay)?smooth (no loss of data)?
22Hierarchical Approaches Optimization for:long registration delayinefficient routing pathsFrequent re-registration at HA (even though mostly ‘local’ mobilityExample (Hierarchical Mobile IPv4):Hierarchy of Foreign AgentsEvery FA re-tunnels the packets to the next FA until it reaches the MNWhen a handoff occurs, the MN sends a regional registration request to the lowest level FAFAs can also re-direct up-stream packets, if the destination (home-address) is registered within their domainSimilar Approach using ‘local Home Agents’ (called Mobility Anchor Points) in HMIPv6 draft-ietf-mobileip-hmipv6-08.txt (June2003)
23Hybrid Approaches: Cellular IP CIP GatewayInternetBSMN1data/controlpacketsfrom MN 1Mobile IPMN2packets fromMN2 to MN 1Solutions to the local management of micro-mobility eventsMobile IP is used for global mobilityA gateway (GW) acts as foreign agent for each domain (all MNs use GW address as c/o)Within the domain: host-based routingrouting cache entries using soft-staterouting cache updated by upstream packetsseparate paging cache for in-active nodes routers within domain have to be CIP awareSimilar approach: Hand-off Aware Wireless Access Internet Infrastructure (HAWAII)
24Content + Exercises Background Mobile IP (v4) IP, IETF, Mobility & Handover TypesMobile IP (v4)Motivation, Principles, Messages, DHCPMIP Performance aspects & improvementsHMIP, HAWAII, CIPMIP security aspectsAuthentication, Ipsec, Key Management, Firewall TraversalExtensionsMulti-homing/flow mobility, context transferIPv6 and MIPv6Comparison: Mobility support in GPRS/UMTSSummary & Outlook+ Exercises
25Security in Mobile IP: Basics General security requirements (Security Architecture for the Internet Protocol, RFC 1825)Authentication the origin of the data can be determinedIntegrity messages cannot be modified by a third partyConfidentiality only authorized partners (e.g. sender & receiver) can read the dataNon-Repudiation sender cannot deny sending of dataPrevention of Traffic Analysis creation of traffic and user profiles should not be possibleReplay Protection replay of earlier messages by an attacker can be detectedAdditionally: Availability (Prevent Denial of Service Attacks)
26MIP security: Security associations Security Association (SA) for registrationsextended authentication of registrationMH-FA authenticationFA-HA authenticationMH-HA authenticationregistration requestMHFAregistration requestHAregistration replyregistration replySA contains the following parametersDestination IP addressCryptographic method for encryption/authenticationEncryption/authentication keyLifetime of keySpecific parameters depending on cryptographic method
27MIP security: Registration Registration RequestRegistration ReplyIdentification field: protection against replay attackstime stamps: 32 bit time-stamp + 32 bit random numberNonces: 32bit random number (MH) + 32 bit random number (HA)Identification Reg. Request1Identification Reg. ReplyIdentification next Reg. Request64
28MIP security: Authentication extension Part of Registration Messages: MN <->HA, MN<->Fa, FA<->HAComputation of Autenticator: cryptographic keyed Hash function (e.g. HMAC-MD5 Algorithm) coveringUDP payloadAll earlier extensionsType, length and SPI of authentication extensionUsing the shared, secret keySPI (security parameter index)- determines algorithm, mode, and key
29Security for data transfer: IPsec Tunnel ModeOriginal IP packetProtected packet in tunnel modeAlternative: Transport Mode (not shown here)
30IPsec: Encapsulating Security Payload (ESP), RFC 2406 ESP Packet in Tunnel-ModeSPI zwar authentifiziert, aber nicht verschlüsselt!Wird ja benötigt um den Schlüssel festzulegen, mit dem das paket entschlüsselt werden soll… (sonst Henne-Ei-Problem)Monoton steigende Seriennummer MUSS vom Sender eingefügt werden, KANN vom Empfänger ausgewertet werden. Darf nicht wiederverwertet werden (nicht zyklisch!) alle Seriennummern verbraucht neue SA
31Key Management Parameter and key negotiation Problem: Negotiation of authentication/encryption mechanism plus establishment of ’secret’ session key (i.e. set-up of security association)One Solution: Internet Key Exchange (IKE), RFC 2409Phase 1: Establishment of bi-directional IKE SAAuthentication based on asymmetric cryptography or shared secretDiffi-hellman Key ExchangePhase 2: Establishment of (IPsec) SA pairsParameter and key negotiationSuccessor of IKE currently in discussion: draft-ietf-ipsec-ikev2-10.txt
32MIP: Firewall traversal Ingress FilteringProblem: MN sends packets to CN with source address = Home Address (and not c/o address)Firewalls at domain boundaries suspect IP –Spoofing discard packetsSolution: Reverse TunnelingMHFirewallCHHA
33Content + Exercises Background Mobile IP (v4) IP, IETF, Mobility & Handover TypesMobile IP (v4)Motivation, Principles, Messages, DHCPMIP Performance aspects & improvementsHMIP, HAWAII, CIPMIP security aspectsAuthentication, Ipsec, Key Management, Firewall TraversalExtensionsMulti-homing/flow mobility, context transferIPv6 and MIPv6Comparison: Mobility support in GPRS/UMTSSummary & Outlook+ Exercises
34MIP extensions: Multi-homing and flow mobility Multi-homing: Host supports multiple interfaces with potentially different IP addressesE.g. for redundancy purposes (e.g. SCTP)Simultaneous, multiple wireless access techniquesGoal: redirect different data-streams via ‚appropriate‘ interfacesonly one home address (as host identificator)multiple c/o addresses (one per interface)Flow Mobilitye.g. extension of mobile IP (IETF draft):HA contains mapping [home address, flow identifier] c/o addressFlows identified by (ranges of)Source IP addresses (CNs)Protocol type (TCP, UDP, etc.)Port NumbersGPRSNetworkWLAN APIP1 (GPRS)IP2 (WLAN)DiffServ CodePoints...
35MIP extensions: Context Transfer (I) Routing-related service: extension of default ‘routing‘ treatment (e.g. Packet discarding, scheduling, etc.)Context: information on the current state of routing-related serviceConfiguration context: unchanged during sessionState context: changing over timeContext Hierarchy:Context Transfer: re-establish routing related service on a new AP/router
36MIP Extensions: Context Transfer (II) Framework (expired seamoby draft):
37IP Version 6 (IPv6) IPv6 Basic Header 40 Bytes 128-bit Network AddressesFlow label (QoS)No fragmentation in the network‘Built-in’ SecurityNeighbor DiscoveryExtension Headers: Routing, Fragmentation, Authentication, EncryptionIPv4Basic Header 20 Bytes32-bit Network AddressesType of Service fieldRouter may fragment packetsIPsec as an enhancementARP (Address Resolution Protocol)OptionsVersionPriorityFlow LabelPayload LengthType of Next Hdr.Hop LimitSource AddressDestination AddressOffset812162024283236440123Next Header
38IPv6 in mobile settingsLarge number of IP addresses (each device needs at least two addresses!)Stateless autoconfiguration (can replace DHCP)Extension headers (selection)43 Routing Header44 Fragment Header51 Authentication Header50 Encrypted Security Payload60 Destination Options Header0 Hop-by-hop headerAdvantages for MIPv6Route Optimisation (via binding updates) no triangular routingNo foreign agent neededSecurity easier to implementReverse tunneling can be avoided (c/o address as source address, home address in destination header)
39Content + Exercises Background Mobile IP (v4) IP, IETF, Mobility & Handover TypesMobile IP (v4)Motivation, Principles, Messages, DHCPMIP Performance aspects & improvementsHMIP, HAWAII, CIPMIP security aspectsAuthentication, Ipsec, Key Management, Firewall TraversalExtensionsMulti-homing/flow mobility, context transferIPv6 and MIPv6Comparison: Mobility support in GPRS/UMTSSummary & Outlook+ Exercises
40Comparison: Mobility support in cellular networks Example UMTS (Universal Mobile Telecommunication System)Currently standardized by 3rd Generation Partnership Project (3GPP), see [North America: 3GPP2]So far, three releases: R’99, R4, R5; Standardization for Rel 6 has startedModifications as compared to GPRS/GSM:New methods & protocols on radio link increased access bandwidth (theoretically up to 2Mb/s, realistic 384kb/s)Coexistence of two domains: Packet Switched (PS), Circuit Switched (CS)IP Service Infrastructure: IP Based Multimedia Subsystems (IMS)UMTS Packet-switched domain
41Routing in UMTS: Tunneling using GTP! Node BOtherIP NetworkNode BRNCFixed HostMobile HostNode BSGSNIP transport network (Gn interface)GGSNNode BApplicationApplicationIPIPIPIPPPPPPPRelayRelayPDCPPDCPGTP-UGTP-UGTP-UGTP-UL2L2L2RLCRLCUDP/IPUDP/IPUDP/IPUDP/IPMACMACAAL5AAL5L2L2L1L1ATMATML1L1L1L1L1UuIu-PSGnMobile HostUTRAN3G SGSN3G GGSNOther IP NetworkFixed Host
42SummaryApproaches:Separation of host identifier and location identifierTunnellingSoft-statePerformance optimisations: hierarchical/hybrid approachesSecurity requirements and solutions (MACs, encryption, sequence numbers, timestamps, nonces, key exchange)State-full components context transferKey Technologies/Protocols: (see left column)Background: IP, IETF, Mobility & Handover TypesMobile IP (v4): Motivation, Principles, Messages, DHCPMIP Performance aspects & improvements: HMIP, HAWAII, CIPMIP security aspects: Authentication, Ipsec, Key Management, Firewall TraversalExtensions: Multi-homing/flow mobility, context transfer, IPv6 and MIPv6Comparison: GPRS/UMTS
43Outlook: research topics, IP Mobility Services andapplicationsIP based core networkMedia access systemIMT-2000UMTSWLANtypecellularGSMshort rangeconnectivityWirelinexDSLotherentitiesDABDVBreturn channel:e.g. GSMdownload channelNew radiointerfaceNetwork MobilityApplication Mobility (SIP method ‘refer’?)Mobility and QoS (IETF WG NSIS)Cross layer optimization (L2 triggers, …)MIP and NAT/FWLocation-based services and location privacy‘all IP’ mobile networks
44ReferencesC. Perkins: ’Mobile IP: Design Principles and Practices.’ Addison-Wesley, 1998.IETF Working groups (see also for RFCs and drafts):Mobile IP:IPsec:Seamoby:IPv6:Others: nemo, mip4, dhcJ. Schiller: ’Mobile Communications’. Addison-Wesley, 2000.A. Festag, ‘Mobile Internet II, Overview of current mobility approaches’ (lecture material). TU Berlin, 2002.
45AcknowledgementsLecture notes: Mobile Communciations, Jochen Schiller,Student work (all TU Munich)Stefan Rank (Master Thesis)Michael Zech (Seminar)Krasimir Dzhigovechki (Seminar)Wolfgang Thomas (Seminar)Lecture notes: Wireless communication protocols (R. Prasad, TKM)Tutorial: IP Technology in 3rd Generation mobile networks, Siemens AG (J. Kross, L. Smith, H. Schwefel)