Presentation on theme: "Ubiquitous System Technology"— Presentation transcript:
1Ubiquitous System Technology APNOMS2003 TutorialUbiquitous System TechnologyOct.1, 2003Shiro Sakata, Ph. D.NEC Laboratories
2Ⅰ Ubiquitous System Technology Trend (1) What is Ubiquitous System?(2) Key Technologies for Ubiquitous System(3) Towards Ubiquitous System EraⅡ Security Technology for UbiquitousSystem(1) Security Technology Overview(2) Security Technology for Wireless LAN(3) Mobility Control and Security(4) Utilization and Protection of Privacy Information(5) Interworking of IMT2000(3G) and WirelessLAN based on Security
3Ⅰ Ubiquitous System Technology Trend (1) What is Ubiquitous System? ① Origin of Ubiquitous Computing ② Internet Evolution③ Ubiquitous System Definition(2) Key Technologies for Ubiquitous System① Network ② Terminal③ Platform (Middleware)(3) Towards Ubiquitous System Era
5① Origin of Ubiquitous Computing Mark Weiser ( , Xerox PARC) “Ubiquitous computing is the method of enhancing computer use by making many computers available throughout the physical environment, but makingthem effectively invisible to the user.”(1) Mark Weiser, ”The Computer for the 21st Century,”Scientific American, Sept(2) Mark Weiser, “Some Computer Science Issues inUbiquitous Computing,” Commun. ACM, July 1993.Commun. ACM, July 1993.
6② Internet Evolution 3rd Wave 2nd Wave Waves toward Ubiquitous Information SocietyMarket Size3rd Wave(Internet Era)UbiquitousSecure &Robust2nd WaveBroadband& Mobile(PC Era)1st Wave(Mainframe Era)ECITSDigital broadcastEthernetWWWMobile InternetARPANET19701980199020002010Computer and Communication Integration and Device Tech. Growth
7Discussions for INET 2000 1st Gen. 2nd Gen. 3rd Gen. QoL: Quality of LifeNetwork for professionals (researchers and computerengineers)1stGen.Early1970s～1995- Defense (ARPANET, ～ late 70s) →Academia (CSNET/NSFNET , ～late 80s) →Commercial(ReasearchNetwork)2ndGen.Information infrastructure for general individuals1995～2005Technical issues:(WWW& QoS)・QoS control ・Multicast・Mobility control ・Security・Photonic Internet ・Tera-bit router3rdGen.Ultra broadband2005～Ubiquitous computingRobust and secure(QoL)
8Technology Issues of Current Internet BroadbandPhotonic network, IP over WDMHigh-performance RouterTera-bit routerDiffServ, MPLS, Traffic engineering,Queue management, Bandwidth controlQoS ControlMulticastQoS IP Multicast, Reliable multicast→ Multicast using AP layerAddress-space ExtensionIPv6 incl. security and QoS ControlMobility ControlMobile IP + Service continuity/Media handoverEncryption, AAA (Authentication,Authorization and Accounting), SecurityProtocol (IPsec, SSL, PKI, S-MIME)Security
93rd Generation Internet Ultra broadband・Peta-bit routerUbiquitous computing・PAN(Personal Area Network)/HAN(Home Area Network)・Seamless connectivity between heterogeneous networksand terminals・Adaptively-customized/personalized services→ Context awarenessRobust and secure・Autonomous network management at fault occurrence(Self-recovery, -resource alloc., -reconfiguration/plug&play)・Protection against cyber attacks
10③ Ubiquitous System Definition ・Computers extremely more than persons ---- Pervasive Computing・Not Aware of Computers---- Calm, Invisible, Implicit, Proactive Computing・Sensing---- Sentient, Perceptual, Ambient Computing・Mobility Support---- Mobile, Nomadic Computing
11Personal Area & Ad hoc Network Ubiquitous ComputingDigitalBroadcastOn the TravelOn the Street（Convenience store, Station, Gas Station）Discount info.Sightseeing spotmap/info.HMDKiosk serversTraffic conditioninfo.Time tableOn the Car(ITS)On the TrainPersonal Area & Ad hoc Network
12Ubiquitous Computing- Mobile commerce driven by mobile internet (e.g. i-mode) has been expected to integrateTV commerce (e.g. digital broadcast) and convenience store commerce into channel-mixcommerce in a ubiquitous computing environment.200020054GIMT-2000（10Mbps～）（384kbps）NetworksAd hoc NetworｋHome Networｋ(802.11a/g)（Bluetooth，802.11a/b） BSDigital Broadcast CSDigital Broadcast TerrestrialDigital BroadcastC （Conven.Store）UbiquitousComputingEnvironmentECM （Mobile）Channel-mixi-modeWAP 2.0T （TV）CellularPhoneWearableTerminalsPDATerminalsITSHomeServer
13Ubiquitous Network defined by Japan’s MPMHAPT(*) ・‘Ubiquitous network’ consists of innumerable number of- computing devices embedded in almost everythingaround us- platforms and networks that interconnect them- user devices that make use of and act on the availableinformation・When fully implemented around 2010, ‘Ubiquitousnetwork’ will change our daily life by providing us withthe information and services we need less efforts.(*) Ministry of Public Management, Home Affairs, Posts and Telecommunications, or Sohmusho
14Future Life with Ubiquitous Networks Urban areas- Routing support to permit seamlessroaming among networks and media typesby maintaining active TCP/UDP connections.- Provide location-aware and personalizedadvice for vehicle driversOffice- Collaboration with other group within acompany and with suppliers and customerscan reduce cost from fluctuating supplyand demand.- Create new business from real-time andlocation-based commerce.Location-awarePersonalized adviceUbiquitousNetworkMultimedia conferenceAutomatic meeting minutesSearchable notesFood recipe managementOn-line orderingKitchen monitoringHome- The home is constantly monitored usingaudio and video observation methods, andeven monitors its inhabitants’ medicalconditions.- Support social connections of elderly peoplepromoting peace of mind for the family.Public facilities- Real-time congestion and weatherinformation-based traffic management canincrease road capacity.- Monitoring secular change of road andbuilding could prevent accidents caused byincidents and natural disasters.
15RFID (Radio Frequency IDentification) Tags RFID tags will play a vital role in ubiquitous networks- Being very small, they can be embedded in numerous householdgoods around us, and can make them part of the network.- Their communications capacity allow them to be managed andcontrolled from the network, thereby supporting human life.Core NetworkContent serverContent serverAccess pointGroceryParcelsHomeelectronicsappliancesBooksClothsCellularphoneDocumentsBagsPDA/PC
16Ubiquitous System Image User profile server(incl. authenticationand accounting)AP serverContentserverMultimediacommunicationserverMusic contentdownloadInternetLow-powermanagementHotspot info. delivery（Local content, streaming)Communication withdoctors and familyHome appliancesremote controlSecurityDoctors in hospitalOn the moveMultimedia communication(Emergency aid)Home network(Home security, Communicationwith appliances)Mobile EC(Authentication,Transaction）
17Bidirectional Communication (*) Ubiquitous Services over Diverse Networks & TerminalsElectronic TicketingLocation/Presence Info. ServiceUbiquitousServicesContent DeliveryBidirectional Communication (*)Home Control and Security (*)‥‥Storage ServiceDiverse networksServersTerminalsCellular phonePDANote PCWearable TerminalHome applianceDigital TVHome serverSensorsCar terminal:FTTHWiredLANCoreNetworkADSLIMT‐2000MAN (Wide area Ether)WirelessLANWirelessLAN
18Bidirectional Communication On the movePublicWireless LANOfficeOffice UserHome User
19Home Control and Security LightHDTV and HDVideo recorderDoor lock anddoor phoneFeedingWarming bathInternetMaid robotRobot-type Home serverUser controls robot from outside through theInternetThe robot controls home appliances withIrDA, RFID, etc.The robot automatically acts in accordancewith user’s presenceExample:Outside home, e.g., on the way back home- Confirmation of door locking- Monitoring and taking care of pets,gardens, etc.- Automatic video recording- Warming bath when approaching thehome- Automatic light switch-on of whenapproaching the home
21Key Technologies for Ubiquitous System ① Network・Wide-area cellular network (2/2.5G, 3G → 4G)・Wireless LAN (IEEE802.11a/b/g → 11n)・Home network・Short range/ad hoc network (Bluetooth, IR, DSRC → UWB)・Sensor network② Terminal・Note PC/PDA・Cellular phone・Home server and terminal/appliances・Robot・Wearable terminal with various sensors・Car terminal③ Server-terminal Middleware
22① Network 1) Sensor Network ・Many kinds of sensors capture information somewhatin cooperation with each other through short rangecommunication, and report the captured information toremote sites through the Internet.・Interconnectivity between sensor network and IP routing(Internet) is a key issue.Sensed information:location, speed/acceleration, pressure, direction, vibration,light, heat, sound, wind, bio (temperature, blood pressure, pulse stroke, ---), etc.
23Current Sensor Application Examples ・Remote monitoring and control- Car theft detection using speed/acceleration sensors- Vegetables and fruits cultivation in green houses usingtemperature, humidity and heat sensors- Environment measurement of forests, urban areas, etc.- Earthquake detection using vibration sensors- Durability measurement of buildings- Diagnose and health care using bio sensors・Some sort of games
24IPv6 Sensor Network Image Internet Forest Green house Urban SNSNServerGWGWInternetGWGWSNSNUrbanenvironmentIPv6SN: Sensor NetworkGW: Gateway
25Technical Issues for Sensor Networks ・Scalable Network Architecture and Protocol Stack・Low-power Media Access, Traffic Management and Error Control・Robust/Reliable Algorithm for Collaboration・Secure Communication and Authentication・Naming, Attribute-based Addressing, Location Management,Routing・Data Compression, Retrieval, Discovery, Delivery・Sensor-to-sensor Association, Synchronization, Aggregation, Fusion・New Applications
262) Ad hoc NetworkSensor networks convey only captured data by sensors, and no mobility is assumed.Ad hoc networks:・No fixed network infrastructure・Frequent and dynamic network topology change→ Wireless and mobile environment・Multi-hop networkInternet and cellular networks are not ad hoc networks,because they have fixed infrastructures.
27Ad hoc Network Applications Personal Area Network (PAN) based inter-terminal communication,information delivery from local servers, etc.Rescue operation support in emergency : earthquake, flood,tornado, etc.Military useResearch on Ad hoc NetworkDARPA (US)・Packet Radio Networks (PRNET):・Survivable Adaptive Networks (SURAN):・Global Mobile Information Systems （GLOMO):IETF Mobile Ad hoc NETworks (MANET) WG since1997 (RFC 2501).
28Routing Protocols discussed in IETF MANET WG 4 protocols (DSR, AODV, OLSR, TBRPF) were selected asExperimental RFCs in 2003.Reactive・DSR (Dynamic Source Routing)・AODV (Ad hoc On-demand Distance Vector algorithm)・IERP (IntErzone Routing Protocol)Routing table is createdwhen transmission isrequested.・OLSR (Optimized Link State Routing protocol)・TBRPF (Topology Broadcast based on Reverse PathForwarding routing protocol)・FSR (Fisheye State routing protocol)・LAMAR (LANd MARk routing protocol)・IARP (IntrAzone Routing Protocol)ProactiveRouting table is createdprior to transmissionrequest.・ZRP (Zone Routing Protocol)・BRP (Bordercast Resolution Protocol)Hybrid and others
29Flooding plays a vital role in routing control Flooding: Each intermediate node broadcasts a packet to allneighboring nodes except a node from which the packetwas received.source12SEIJ12122ACGK222FHB・Advantages Simple mechanism, only data packet is transmitted and reliable・Disadvantages --- Heavy transmission overhead, low scalability and possiblepacket loss due to collision (e.g., ○ in 2)F
30Examples of Reactive Protocols: DSR and AODV Source node identifies the route to destination by floodingRoute information is inserted in packet header(between IP and TCP/UDP)Transmission efficiency is lowEffective when network topology change is not frequentDSREach intermediate node keeps the routing table(correspondence between destination and the next hopnode)- Effective when network topology change is frequentAODV
313) Mobile Internet Service Middleware Infrastructure Location-baseinformation serviceServiceAV streaming,AV phone/conf.Mobile EC-----Info. representation(incl. .HTML, XML)MiddlewareCompression(MPEG4, etc)Recognition/conversion(text voice)User profileUser agentService platformLocation(GPS) NMS Security Accounting Data sync. …End-to-endtransmissioncontrolWireless profiled TCP (QoS control (Diffserv, MPLS, TE, …)Mobile IP IPv6 IP Multicast（Anywhere） （Any terminal） （Any No. of terminals ） Routing controlLow-speed and unstableInfrastructure2GPDC, PHS,GSM3GIMT-20004GMore than 10 timeshigh-speed packet trans.Wireless LAN
32Protocol Stack for FOMA － The World’s First Mobile Internet －Mobile terminalWeb serverCompactHTMLCompactHTMLLanguageHTTP ＋Push deliveryHTTP ＋Push deliveryApplicationLayerTLS (SSL)TLS (SSL)Mobile gatewayTransportLayerWireless ProfiledTCPWireless ProfiledTCPTCPTCPNetworkLayerIPIPIPIPWireless access network (IMT-2000)Internet
334) Wireless LAN DS-SS CSMA/CA IEEE802.11b 11Mbps 30-100m Maximumdata rateTransmissiondistanceModulation/access methodFrequency, standardization,etc.DS-SSCSMA/CAIEEE802.11b11Mbps30-100m1999.9, 2.4GHzLANOFDMCSMA/CAIEEE802.11a54Mbps30-100m1999.9, 5.2GHzIEEE802.11g30-100mOFDMCSMA/CA54Mbps2003.5, 2.4GHzCSMA/CAIEEE802.11nMbps30-100m2006, 5.2GHz?Zigbee(IEEE )Derived fromHomeRF2.4GHz, 2003Home remote controller250kbps10～75mPAN(V1.1), 2.4GHzBluetooth(IEEE802.15)FH-SSTDD1Mbps10mWireless equivalent toUSBUWB(IEEE802.15)more than100Mbps2003?, GHz10mWireless equivalent toUSB 2.0UWB: Ultra Wide Band USB: Universal Serial Bus
34Wireless LAN Standardization ・[Standardization in US]1990： IEEE started wireless LAN standardization in US1997： IEEE wireless LAN with 2.4GHz, max. 1～2Mbps1999： IEEE802.11b wireless LAN with 2.4GHz, DH-SS, max. 11Mbps IEEE802.11a wireless LAN with 5 GHz, OFDM, max. 54Mbps2003： IEEE802.11g wireless LAN with 2.4GHz, OFDM, max. 54Mbps・[Standardization and development in Europe and Japan in mid 90s -late 90s in Europe] Europe - HIPERLAN/HIPERLAN2 Japan - HiSWAN(AWA/MMAC)・Market has been growing from IEEE802.11b, 11a to 11g, and 11nin the future.・In the investigation of interworking of 3G(IMT-2000) and wirelessLAN which started in late 2001, target LANs are IEEE802.11b, a, g.
37Wireless LAN Standardization in IEEE802.11○ bcdefghiWireless LAN (OFDM, 5GHz, Max. 54Mbps)Wireless LAN (DS-SS, 2.4GHz、Max. 11Mbps)Addition of wireless LAN’s MAC specification to MAC Bridge (802.1d)MAC and physical layer spec. for areas where 2.4 or 5GHz cannot be usedQoS control(Quality assurance and priority control for AV streaming, etc.)RoamingWireless LAN (OFDM, 2.4GHz, Max. 54Mbps)Security enhancementAddition of power-saving management and dynamic channel to a (Europe spec.): Wireless LAN physical media: Middleware
38Wireless LAN Standardization in IEEE802.11○ jkmSpecifications for 4.9 – 5GHz utilization in JapanResearch on radio resource measurementSpecification revision of a and bn- Next Generation wireless LAN ( Mbps, standardizationtarget is 2006, and lower compatibility with a/b/g.)- Has been discussed in HT SG (High Throughput Study Group).: Wireless LAN physical media: Middleware
39Wireless LAN Hotspot System Image Service Providerwith RADIUSauthentication serverPDA/NotePC/UbiquitousequipmentAccesspointContentserverﾞWireless LANAPserverﾞMobileterminalLocalserverﾞ Internet(Station, Airport, Train,Restaurant, Café, etc.)incl.localcontent：‘Hotspot’ISPserver
40Market Size and No. of Hotspots in US □●No. ofHotspots$B100●●30,000□80●60□20,000●40□●10,00020200120022003200420052006Year
41Major Issues for Wireless LAN Solutions High-speed Internet access ⇒Value-added services supported by wireless ISP, ASP, Content providers(a) Security [→Ⅱ](b) Service Roaming (c) Business Method(d) Killer Applications
42(b) Roaming ・In using multiple wireless LANs as a virtual wide-area network, service level roaming as well as connection levelroaming is highly important, e.g., seamless telephoning,video streaming, interactive games, etc.・Technology standardization:- Mobile IP provides key function for handover.- Technology standardization in terms of bothconnection level and service level has been conductedin f.
43・De facto or industry standardization： Brokerage for service level roaming such as wireless LAN-to-wireless LAN intermediation of user authentication and accountingin US.- WISPr (Wireless ISP Roaming):・Affiliated organization of Wi-Fi Alliance・Roaming or interconnectivity authorization is named WiFi zone for b wireless LAN.- Pass-One- iPass
44(c) Business Method - Access point (AP) installation cost - Communication cost for access networks (e.g., ADSL)- Network management cost- Customer management and support costCosts- Wireless LAN operator- Local service provider (e.g., shop-owner)- Wide area service providerPlayers(e.g., ISP, ASP, content provider )Questionnaire on requested area for hotspot services in Japan:1. Bullet train (Shin-kansen) Cafe3. Train Airplane5. Railway station Airport
45(d) Killer Applications ・Multimedia services using broadband communication- IP phone to IP TV phone and high-quality video streaming・Local positioning service- Push-type personalized information services and advertising,etc. with highly accurate positioningIssues in IP phone:・Limited communication area・Real-time/low delay handover・Power consumption of a terminal・Transmission quality・Terminal interconnectivity (G.711，G.729 for voice compression, and H.323，SIP，MGCP/MEGACO(＝H.248) for signaling)・Infringement of Symbol Technologies’ patents?
46Mobile Internet and Services 2001200220032004Location-base serviceServiceConvergencewith broadcastContent delivery (AV streaming, TV phone)Mobile EC (SSL, IC card, PKI, Cash card, …)▲3G(IMT-2000)▲WirelessLANAll IPInfrastructure4G▲Bluetooth▲E911(Location function(GPS))Related functionsDigitalbroadcast△BS▲CS▲Terrestrial
47QoS Control for Wireless LAN 802.11e ・Two modes of QoS control, quality assurance and prioritycontrol, are available through HCF（Hybrid Coordination Function）.(These modes correspond to RSVP and Diffserv, respectively. Though RSVP isnot used due to poor scalability, no scalability issue occurs in wireless LAN.) Quality Assurance using Parameterized QoSPriority Control using Prioritized QoS
48HCF （Hybrid Coordination Function） CFPCPFrameStart of CFPEnd of CFPAcceessPointPollingData TransmissionData TransmissionContentionTerminalQuality assurance throughtransmission tokenPriority controlthrough EDCFEDCF: Enhanced Distributed Coordination FunctionCFP: Contention Free Period CP: Contention Period
49Priority Control using Prioritized QoS Mechanism of EDCFBack-offSchedulerContention withother terminalsPriority Queue(8 levels)Parameters:Queue lengthTransmission intervalContention window,etc.
50② Terminal → IPv6 will be essential － Note PC/PDA － Cellular phone (2G, 2.5G, 3G → 4G)－ Note PC/PDA－ Home appliances and terminals including AV equipment－ Home server with HDD storage, gateway and IP routingfunctions－ Car terminal for ITS (Intelligent Transport System)－ Robot－ Wearable terminal with various sensors → IPv6 will be essential
51・ Ultimate Natural Human Interface Wearable Computing- Mobile computing terminalin a ubiquitous information environment -・ Ultimate Natural Human Interface・ Super-distributed Computing・ Pervasive Internet
52Wearable Terminal 1） Ultimate Natural Human Interface Collaboration between sensor-embedded physical agents and intelligent software agents- Terminal design with multi-modal natural user interface (NUI)2） Super-distributed Computing- Terminal-to-terminal real-time info. exchange and sharingDynamic forming and dissolving of ad hoc communities (community computing)Seamless connectivity between wired-to-wireless, tightly-to-loosely- coupled networks3） Pervasive InternetQoS control adapted to ‘context’ - Personal profile and directory management - Information security and privacy protection
54Wearable Computing Head-Mount Display (HMD) for a single eye Single-handkeyboardWearablecomputerPositions where wearable computers canbe attachedBy courtesy of Nikkei BP Inc.
55Wearable Computing System Architecture Ultimate Natural Human InterfaceInfo.processing,humaninterfaceIntelligence（Info. capture, filtering, summarization, learning, context awareness）MultimediaMultimodalSuper-distributed ComputingNetworkLocation- basedad hoc networkTightly-coupleddistributed computingQoS control overmobile network
56Wearable Human Interface ・Portability： small size and light weight・User friendly： ease of use, less stress info. I/O, long-life battery・High-responsiveness： real-time and on-demand interactionInterface examplesText/commandinput・New command input scheme for small panel, e.g., using a gradient of a terminalwith acceleration sensors.・Non-voice input and operation from a tiny microphone, e.g., automaticinterpretation of intention through moving of user’s mouth.Voice input・Automatic understanding of external view and situation through a combined useof a tiny camera, transparent HMD, sensors and augmented reality.Image/video input・Creating a 3D sound space with a stereo speaker surrounding a user and adding ameaning for each different sound source.Sound output・HMD and VRD （Virtual Retinal Display, direct projection of external view toretina)Image/video outputFeeler output・A vest which enables to recognize simple figures
60③ Server-Terminal Middleware － Autonomous service discovery and information sharing ⇒ P2P Computing－ Service binding and generation－ Context awareness (adaptation to location, preference,environment, situation, etc.)⇒ SIMPLE, Semantic Web－ Mobility support (terminal, user, service) ⇒－ Security (authentication, accounting, privacy protection, DRM)Mobile IP⇒ IEEE802.11i/1x, AAA, P3P, OMA－ Plug & play ⇒ UPnPSIMPLE: SIP for Instant Messaging and Presence Leveraging
61Context Awareness Context: Context is the information about the situation or circumstancesof a user.To provide the user with a service of his or her needs in theubiquitous network, it is essential that the network has theknowledge of his or her context.Location, time and presence (on telephone connection or not,in PC use or not, etc.) are simple examples of context.Context includes user’s preferences, and various ambient orcircumstantial information.
62Context AwarenessUser needs: Applications that are context aware and allowpersonalization based on his or her interest.Context aware can capture the context,Applications: assign meaning to it, and- change behavior accordingly.Business opportunities:- Billing by location, time and user’s age- Delivery of information on local restaurants,hotels, stations, etc. with a city map- Geo-dependent advertising- Multimedia navigation or tracking services
64Conditions for Ubiquitous System Penetration ・Prediction- 2007: 25% in mobile data communication will be over wirelessLAN- 2010: More than 35% in mobile data communication will be overwireless LAN・Conditions - Interworking of cellular network (beyond 3G) and high-speedwireless LANs, and then covering the world ⇒ 4G - Applications of RFID tag and sensor network to consumer market- Seamless interconnection between wired broadband (FTTH,metro Ether) and wireless LAN- Penetration of non-PC terminals- Ultra high-speed hotspot service using UWB
65Wireless LAN and UWB Application HD-TV Large volume file transfer Datarate(bps)ApplicationHD-TV5GHz802.11a20MUWBLarge volume filetransfer(music 60min.= 360MbTV 30min.= 691Mb)2.4GHz（QPSK）2.4GHz ｇ10MSD-TV・DVD(4Mbps ～ 9Mbps)2.4GHzBluetoothMedium/High Rate2.4GHz b 1MMPEG4/H.264 Video(384Kbps ～)Dotted line: under technologyassessment2.4GHzBluetooth1.1AAC, MP3 Audio(nearly 100Kbps)ECHONET: Energy Conservation andHomecare network64kRemote controlECHONET100mW1WConsumption power
67Ⅱ Security Technology for Ubiquitous System (1) Security Technology Overview(2) Security Technology for Wireless LAN(3) Mobility Control and Security(4) Utilization and Protection of Privacy Information(5) Interworking of IMT2000(3G) and WirelessLAN based on Security
69Wide area cellular network Mobile network ArchitectureOMAApplication layerCompactHTML,HDML/WAP2.0.MMLDisplayWAP1.1/1.2 (WML)xHTML BasicxHTML等・Security （802.11i）・QoS Control （802.11e）MiddlewareProprietaryWAP1.1/1.2 (WTP, WSP, WAE)Under standardizationIn OMA・TCP/UDP・Authentication (802.1x)BasicallyWireless-profiledTCPTransport layerProprietaryWAP1.1/1.2 (WTLS)TCP/UDP・IP (＋MobileIP、IPv6)・Roaming （802.11f）IP(+Mobile IP, IPv6)Network layerWAP1.1/1.2 (WDP)BasicallyIPProprietary・DS-SS(802.11b(2.4GHz))・OFDM(802.11g(2.4GHz), Bluetooth, IrDA,UWB. etc.PDC, PHSGSM, GPRSIMT-2000(W-CDMA、cdma2000）Physical layer→802.11a(5.2GHz))2G/2.5G3G・Upper layers: IETF・Physical layer:IEEE802.15Major standardizationorganization・Upper layers: OMA・Physical layer: 3GPP/3GPP2, ITU-R・IEEE802.11Wide area cellular networkWireless LANAd hoc network
70Security Technology for Ubiquitous System FunctionNetworkTechnology & StandardizationAAA (Authentication, Authorization & Accounting) wasdiscussed in IETF considering mobility support in late 1990s.3GPP started discussion on 3G-wireless LAN interworkingin terms of authentication and accounting management in 2002.In actual communication, IPsec and SSL have begun to be used.- Secrecy has been assured using UIM/SIM in Europe.CellularNetwork(2G→3G)Encryption,AuthenticationIEEE has been intensively discussing IEEE802.11i,802.1x since 2001.IEEE802.11i (overall security) finalization of standardization isscheduled for the end of 2003.WirelessLANAfter transferring AAA to IRTF in 2000, IETF started todiscuss PANA (Protocol for carrying Authentication forNetwork Access) which enables client authentication by IP layerin 2001.Internet- W3C (World Wide Web Consortium) has been standardizing P3P (Platform for Privacy Preferences) which specifies framework, privacyinformation description and protocols independent from network infra-structure since late 1990.Privacyprotection
71Security Technology for Ubiquitous System ( ): Standardization organization2000200120022003AAA(IETF→IRTF)Cellular Network(2G→3G)3G-wireless LAN interworking(3GPP)Encryption,AuthenticationIEEE802.11i(IEEE802.11)- Wireless LANIEEE802.1x(IEEE802/802.11)AAA(IETF→IRTF)PANA(IETF)- InternetPrivacyprotectionP3P(W3C)
73Security Technology for Wireless LAN - Basic security functions for wireless LAN:・Encryption・Authentication- Technology assessment and standardization:・Overall security issues → IEEE802.11i- standardized at the end of 2003・Authentication → IEEE802.1x- originally port-based access control for wired network in 1990s- standardized at the end of 2001 for wireless LAN
74History ・IEEE802.11i had discussed security scheme called WEP (Wired Equivalent Privacy) which mainly targetedencryption scheme from 1998 to 2001.・WEP, however, was proven vulnerable in early 2001 andIEEE802.11i started to investigate a new highly-secureversion.Full standardization of IEEE802.11i will be finalized at theend of 2003.[WEP’s bottlenecks]Encryption key length is 40 or 104 bits.- Encryption algorithm adopted in WEP is RC4 which is not so strong.All terminals in wireless LAN have the same encryption key.Check sum is CRC32 with no signature,etc.
75・802.11i’s major specifications were released in 2002 (draft v3). WPA (Wi-Fi Protected Access. industrial standard) wasreleased by Wi-Fi Alliance for promoting i.1) EncryptionProtocol： TKIP (Temporal Key Integrity Protocol)- Key change of each packet or constant time interval, and preventionof message tampering are available.Algorithm： AES(*) (Advanced Encryption Standard)- US decided to adopt as a standard replacing DES (Data EncryptionStandard) in 2000.2) Authentication ← xProtocol: EAP (Extensible Authentication Protocol)- Several authentication schemes have been proposed, each of whichuses different protocols, such as EAP-MD5，EAP-TLS, EAP-TTLS,EAP-PEAP，EAP-LEAP, etc.AES (*) : called Rijndael algorithm which is a 128-bit block encryption scheme and was proposed byBelgian researchers, Joan Daemen and Vincent Rijmen.
76EAP Client authentication based on user ID and password EAP-MD5 RecommendedClient and server authentication based on PKICA distributes certificate to clients and a clientauthentication server (RADIUS, etc.) prior todata transmissionEAP-TLS(IETF RFC2716)EAP-TTLSEAP-PEAPEAP-LEAPSimplified protocol compared with EAP-TLSClient and server authenticationOptionalEAP-AKAEAP-SIMUMTS AKA and key distribution scheme areused. AKA has the compatibility with GSM.Cellular phoneuseSIM card-used authentication and key distributionMD5: Message Digest algorithm TLS: Transport Layer Security TTLS: Tunneled TLSLEAP- Lightweight EAP PEAP: Protected EAP AKA: Authentication and key AgreementSIM: Subscriber Identification Module PKI: Public Key InfrastructureCA: Certificate Authority RADIUS: Remote Authentication Dial In User Service
77Authentication server Authentication Process using 802.1xAccess pointAuthentication server(RADIUS server, etc.)Client（1） Access to networkBlocking（2） Request user authenticationAuthentication using EAP(EAP-MD5，EAP-TLS, EAP-TTLS, EAP-PEAP，EAP-LEAP等)（3） Authentication result notificationBlocking liftedMessages・Packets communicated by EAP - Request Response- Success Failure
78WPA and WPA v2 ( = Full IEEE802.11i) Certification by Wi-FiAllianceAug. 2002 ～Feb ～SpecificationsPart of IEEE802.11i draft v3IEEE802.11i full specificationEncryptionTKIPTKIP, CCMP, WRAPUser authenticationIEEE802.1x/EAPGovernment, enterprise divisions whichrequire particularly strong securityTargeted userEnterprises, consumersVersion-up fromexisting systemHardware replacement is necessary foracquiring sufficient performanceVersion-up by softwareNot supportedusage modeAd hoc mode, handoverNone・Lower compatibility with WEP・Home mode in which IEEE802.1x isnot used is available・AES is used as an encryption algorithmfor CCMP and WRAPOther itemsCCMP: Counter mode with Cipher block chaining Message authentication code ProtocolWRAP: Wireless Robust Authenticated Protocol
80① AAA： Authentication, Authorization and Accounting Mobility Control and Security① AAA： Authentication, Authorization and Accounting1) StandardizationIETF AAA WG started in DecDiscussions were transferred to IRTF AAA Architecture ResearchGroup in 2000 (http://aaaarch.org)3GPP2 adopts AAA in combination with Mobile IP2) References 4 RFCs were released in DecRFC2903 : Generic AAA ArchitectureRFC2904 : AAA Authorization FrameworkRFC2905 : AAA Authorization Application ExamplesRFC2906 : AAA Authorization RequirementsRFC3334 : Policy based accounting1 RFC was added in DecIRTF: Internet Research Task force
813) Standard protocol 4) Basic model TACACS (Terminal Access Controller Access Control System) (*1)RADIUS （Remote Authentication Dial In User Service)DIAMETER (next generation AAA protocol)（*1） TACACS+ is an extension by CISCO4) Basic modelAAA server calls and processes Application Specific Module (ASM) based onthe policy in response to request.requestAAA serverGeneric AAA ServerRule based enginePolicyApplicationSpecific Module (ASM)Events
82DIAMETER・Though DIAMETER protocol uses different data unit from RADIUSprotocol, it has a lower compatibility with RADIUS protocol.・DIAMETER’s Advantages- Compatibility with current firewall: support for Keep/Alive messages- Scalability: support for processing of many pending AAA requests- Bidirectional architecture: support for both push and pull applications(RADIUS is unidirectional)
83② PANA： (Protocol for carrying Authentication for Network Access) ・Client authentication mechanism in IP layer in multi-networkenvironment, such as 3G cellular network, Bluetooth, wired LAN,wireless LAN, etc.・ BOF started in 50th IETF, Mar WG started in 52nd IETF, Dec ・ Advantages - A client can be authenticated if layer 2 is connected regardless of thephysical network, 802 or not (cellular network, etc.).- Only a PAA(PANA Authentication Agent) is needed in a subnetwork.The PAA communicates with a remote authentication server (RADIUS, etc.).c.f, in IEEE802.1x, all access points and switches in a subnetwork mustcomply with IEEE802.1x.
84PANA Authentication Model server②InquiryInternet③ConnectionResponse⑤Wireless LAN⑤Accesspoint⑤RouterDirect port-open①①Authenticationrequest④②PANAclient（Note PC）③①HubBasestationPAA(PANAAuthenticationAgent)PANAclient（PDA）PANAclient（Cellularphone）
85(4) Utilization and Protection of Privacy Information
86P3P (Platform for Privacy Preferences) Standardization Utilization and Protection of Privacy InformationP3P (Platform for Privacy Preferences) StandardizationInternational standard for Web information utilization forpersonalized services and its privacy protectionLed by W3C (World Wide Web Consortium) .Started in June 1997 and released official recommendation (= standard) inDecMajor vendors have already supported.Government organizations in EU and Japan have already supported.NEC, Netscape, AOL, Microsoft, AT&T, IBM, HP, American Express,DoubleClick, Engage, etc.W3C: Standardization organization for XML, HTML, HTTP related specifications
87Web access is permitted. P3P applied Web Access0. Private information including itsusage purpose is described in XML and is stored as P3P policy.User1. User accesses Web page2. Web browser automatically accesses P3P policyP3P Web serverP3P Webbrowser3. Web browser compares user preferences with P3P policy.No differenceDifference existsWeb access is permitted.Web browser warns user, and the user decideswhether the private information is transferred ornot.
88P3P Web Browser ‘s Display Examole P3P compliance may influence the total number of Web access.Icon changes and warns user in case of NGDisplay the difference portionbetween user preferences andP3P policyIn this prototype P3P user agent (developed by AT&T and Microsoft) users can click on a “privacy” button to pull up privacy-related information about the web site. This user agent automatically compares a site’s policy with a user’s preferences and lets the user know about any conflicts.
89How to make Web Server Comply with P3P? P3P policy creation from Web pages to which private information is collected.Create XML using P3P policy editorMake a link from these Web pages to P3P policy fileInstallation of necessary files at Web siteInstall P3P policy and its link information into Web serverIn this prototype P3P user agent (developed by AT&T and Microsoft) users can click on a “privacy” button to pull up privacy-related information about the web site. This user agent automatically compares a site’s policy with a user’s preferences and lets the user know about any conflicts.Only file creation and its installation are necessary.No special program and CGI are necessary.
90(5) Interworking of IMT2000(3G) and Wireless LAN based on Security
91Interworking Image of 3G and Wireless LAN Communication area,Mobility, PortabilityHigh speed,High quality3GWireless LANContentProviderISPASPsInternetAccessContentDeliveryUser info.,Authentication,AccountingEnterpriseNetworkVPNInternet3GService areaHotelCafeStationPublicSpaceAirport：Hotspot
92Integration Scenarios discussed in 3GPP Key factors- Authentication and Charging- QoS- Seamless ConnctivityFeasible solutions in a few years・Scenario 1： Common Billing and Customer Care・Scenario 2： 3GPP system based Access Control and Charging・Scenario 3： Access to 3GPP system PS based services・Scenario 4： Service Continuity・Scenario 5： Seamless Services・Scenario 6： Access to 3GPP CS Services
933G - Wireless LAN Interworking Scenarios 1- Security level of 3G and wireless LAN are independent.- No new requirements on 3G specifications.2AAA is provided by 3G system, e.g. EAP (EAP-AKA for GPRS/USIM andEAP-SIM for GSM/SIM) is used for authenticating user by 3G server.Reuse 3G access control and charging principles (HSS/HLR, etc.) for thebenefit of 3G system operators and users.3Operators grants access to 3G PS based services through wireless LAN.Service continuity between 3G and wireless LAN is not required.IMS based/location based/instant messaging/presence based services.4Handover for specific servicesChange of service quality in mobility across 3G and wireless LANService continuities between 3G & wireless LAN and between differentwireless LANs5Seamless service continuity and handoverNon-real-time services: Mobile IPReal-time services: fast Mobile IP protocols, Context Transfer protocol,access router discovery schemes6Grant access to 3G CS based services through CSed wireless LAN access