Presentation is loading. Please wait.

Presentation is loading. Please wait.

Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-00.txt) Ashutosh Dutta, Telcordia Technologies Yoshihiro Ohba (Ed.), Kenichi Taniuchi.

Published byEileen Lewis Modified over 8 years ago

Similar presentations

Presentation on theme: "Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-00.txt) Ashutosh Dutta, Telcordia Technologies Yoshihiro Ohba (Ed.), Kenichi Taniuchi."— Presentation transcript:

1 Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-00.txt) Ashutosh Dutta, Telcordia Technologies Yoshihiro Ohba (Ed.), Kenichi Taniuchi Toshiba America Research Inc. Henning Schulzrinne, Columbia University Prepared for IRTF MOBOPTS WG March 8 th, 62 nd IETF, Minneapolis

2 IRTF – 2 Outline  Motivation  Handoff Delay during Wireless Internet Roaming  Fast Handoff Related Work  Proposed Method: Media-independent Pre-Authentication  Demonstration and Results  Conclusions/Future Work

3 IRTF – 3 Motivation  It is desirable to limit the jitter, delay and packet loss for real- time and non-real-time traffic –e.g.,150 ms end-to-end delay for interactive traffic such as VoIP, 2% packet loss is allowed  Delay due to handoff takes place at several layers –Layer 2 (handoff between AP) –Layer 3 (IP address acquisition, Configuration, Authentication, Authorization) –Binding Update, Media Redirection  Rapid handoff will contribute to overall delay and packet loss  Thus it is essential to reduce the handoff delay introduced at different layers  We propose a fast-handoff mechanism to reduce the handoff- delay and packet loss

4 IRTF – 4  1- L2 Hand-over Latency Delay  2 – Delay due to IP Address Acquisition and Configuration, authentication, authorization  3 – Binding update and Media Redirection delay Handoff Latency AP1AP2 Next Access Router ICMP Router Discovery/Router Advertisement DHCP server/ PPP /FA DHCP/ MIP CoA/PPP HA/SIP Server MIP BU/SIP Re-Invite CN Media New Media Binds to AP1 Binds to AP2 MN 11 22 33  Stateless Auto-configuration AAA IGMP DAD/ARP  11 22 33 AA Server 802.11i

5 IRTF – 5 Problem in Mobility Management Protocols  Problem 1 (performance): Operations for updating higher-layer context (i.e., IP address acquisition, mobility binding update, authentication etc.) occur after link-layer handover –Processing and/or signaling delay for each operation accumulates –Longer packet loss period due to handoff delay –No solutions exist for single-interface host  Problem 2 (security): Existing mobility optimization mechanisms do not provide secure handover signaling especially for roaming cases –A secure mobility optimization mechanism that is tied with AAA (Authentication, Authorization and Accounting) and can deal with inter- subnet and inter-domain handover is needed  Problem 3 (applicability): Existing mobility optimization mechanisms are tightly coupled with particular mobility management protocols –FMIPv6 and HMIP are defined for Mobile IPv6 only –A mobility optimization mechanism that is applicable to any mobility management protocol is needed

6 IRTF – 6 Mobility Optimization - Related Work  Cellular IP, HAWAII - Micro Mobility  MIP-Regional Registration, Mobile-IP low latency, IDMP  HMIPv6, FMIPv6 (IPv6)  Yokota et al - Link Layer Assisted handoff  Shin et al, Velayos et al - Layer 2 delay reduction  Gwon et al, - Tunneling between FAs, Enhanced Forwarding PAR  SIP-Fast Handoff - Application layer mobility optimization  DHCP Rapid-Commit, Optimized DAD - Faster IP address acquisition

7 IRTF – 7 Media-independent Pre-Authentication (MPA)  MPA is: –a mobile-assisted higher-layer authentication, authorization and handover scheme that is performed prior to establishing L2 connectivity to a network where mobile may move in near future  MPA provides a secure and seamless mobility optimization that works for –Inter-subnet handoff –Inter-domain handoff –Inter-technology handoff  Use of multiple interfaces  MPA works with any mobility management protocol –MIP(v4,v6), SIPMM etc.

8 IRTF – 8 Functional Components of MPA 1)Pre-authentication/authorization –Used for establishing a security association (SA) between the mobile and a network to which the mobile may move –L2 pre-authentication can also be enabled based on the established SA 2)Pre-configuration –Used for establishing contexts specific to the network to which the mobile may move (e.g., nCoA) –The SA created in (1) are used to perform secured configuration procedure 3)Secured Proactive Handover –Used for sending/receiving IP packets based on the pre-authorized contexts by using the contexts of the current network

9 IRTF – 9 Expected Result during handoff Time Conventional Method Discover new AP in the neighboring subnet L2 handoff starts L3 handoff starts MPA Discover New AP In the neighboring subnet Pre-auth/ Pre-config Completes (L2 SAs can be, completed here.) L2 handoff starts L3 handoff completes L2 handoff completes L3 handoff starts L2 handoff completes Critical period (communication interruption can occur) L3 auth/config starts L3 auth/authz completes Time Pre-auth/ Pre-config starts L2 auth/authz, starts L3 handoff completes

10 IRTF – 10 Pre-Authentication Subnet X Subnet Y CN: Correspondent Node MN: Mobile Node AA: Authentication Agent CA: Configuration Agent AR: Access Router AACAAR MN pre-authentication CN DATA[CN A(X)] SIP mobility is just an example mobility protocol. MPA works for any mobility management protocol

11 IRTF – 11 Pre-configuration CN AACAAR MN IP address: A(X) Current subnet: X Status: Pre-authentication done Action: pre-configuration DATA[CN A(X)] MN-CA key pre-configuration Subnet X Subnet Y CN: Correspondent Node MN: Mobile Node AA: Authentication Agent CA: Configuration Agent AR: Access Router

12 IRTF – 12 Pre-Configuration (Cont.) CN: Correspondent Node MN: Mobile Node AA: Authentication Agent CA: Configuration Agent AR: Access Router AACAAR MN IP address: A(X), A(Y) Current subnet: X Status: Pre-configuration done Action: SPH Initiation MN-AR key Secure Proactive Handover tunnel establishment procedure CN DATA[CN A(X)] Subnet X Subnet Y

13 IRTF – 13 Secured Proactive Handover: Main Phase CN: Correspondent Node MN: Mobile Node AA: Authentication Agent CA: Configuration Agent AR: Access Router AACA MN IP address: A(X), A(Y) Current subnet: X Status: PH tunnel established Action: SIP Re-Invite MN-AR key SIP Re-Invite over proactive hanodver tunnel [AR A(X)] CN DATA[CN A(X)] AR Subnet X Subnet Y Re-Invite[CN A(Y)]

14 IRTF – 14 Secured Proactive Handover: Completion CN: Correspondent Node MN: Mobile Node AA: Authentication Agent CA: Configuration Agent AR: Access Router AACA IP address: A(X), A(Y) Current subnet: X Status: SIP Re-Invite done Action: PH Completion DATA [CN A(Y)] over proactive hanover tunnel [AR A(X)] AR Proactive handover stop procedure MN L2 handoff procedure Subnet X Subnet Y CN Data in new domain

15 IRTF – 15 Mobile-assisted Seamless Handoff (a scenario) AR AP1 Mobile AP2 AP3 AP0 AACA MN-CA key AACA MN-CA key AACA MN-CA key CN AR Network 1 Network 2 Network 3 Current Network TN Information Service (e.g.,802.21) mechanism can help locate the neighboring network elements in the candidate target networks (CTN) CTN CTN – Candidate Target Networks TN – Target Network

16 IRTF – 16 MPA Communication Flow MNoPoA nPoAAA CAAR 1. Found CTN Candidate Target Network Pre-authentication [Authentication Protocol] MN-CA Key MN-AR Key 2. High probability to switch to the CTN Pre-configuration [Configuration Protocol to get nCoA] Pre-configuration [tunnel management protocol to establish PHT 3. Determined to switch to The CTN Secure Proactive Update Phase Binding Update + data Transmission over PHT using nCoA 4. BU completion and Ready to switch Secure proactive handover pre-switching phase [tunnel management protocol to delete PHT] CN 5. Switching Post Switching Phase: Reassignment of nCoA to its physical Interface Existing session using oCoA New Data using nCoA

17 IRTF – 17 MPA Optimization Issues  Network Discovery –Discover the neighboring network elements (e.g., Routers, APs, Authentication Agents) –802.21 (Information Service), 802.11u, WIEN SG, CARD, DNS/SLP  Proactive IP Address Acquisition  Proactive Duplicate IP address Detection  Proactive Address Resolution  Proactive Tunnel Management  Proactive Mobility Binding Update  Bootstrap Link-layer Security in CTN using L3 Pre- authentication

18 IRTF – 18 Protocol Set for the MPA demonstration Pre-authentication protocolPANA Pre-configuration protocolPANA, DHCP Relay Proactive handover tunneling protocolIP-in-IP Proactive handover tunnel management protocolPANA Mobility management protocolSIP Mobility Link-layer securityNone

19 IRTF – 19 Experimental Network in the Lab. IP0: 10.10.40.20 IP1: 10.10.10.223 AP1, AP2: Access Point R1, R2: Access Router MN: Mobile Node CN: Correspondent Node IP0, IP1: IP address of MN R2 R1 10.10.20.52/24 10.10.40.52/24 10.10.10/24 10.10.10.51 eth0 eth2 SIP with VIC/RAT Application DHCP Server Relay/ Client Proxy PANA Agent 10.10.30.25 Network 1 Network 2 IP2 AP1(Channel 6) AP2(Channel 9) ITSUMO network DHCP Server Move AA CA AR CN MN 10.10.30/24 Network 3 AR

20 IRTF – 20 Protocol flow for MPA MN AP1 AP2 R2 DHCP MN Network 1 (802.11 ) Network 2 (802.11) Assign IP0 to Physical I/F PANA (Pre-Authentication and pre-configuration to obtain IP1) CNCN Data Tunnel (IP0-IP1) - - SIP Re-invite with IP1 Data Address acquisition Using DHCP relay R1 Network 3 - - Deletes Tunnel with PANA Update Assign IP1 to Physical I/F Assign IP1 to Tunnel I/F L2 handover Packet loss period DHCP

21 IRTF – 21 Protocol Flow for Non-MPA MN AP1 AP2 R2 DHCP Network 1 (802.11 ) Network 2 (802.11) Assign IP0 to Physical I/F CNCN Data - SIP Re-invite with IP1 Data R1 Network 3 - PANA Assign IP1 to Physical I/F DHCP MN L2 handover Packet loss period

22 IRTF – 22 Performance (MPA-Non-MPA)  MPA –No packet loss during pre-authentication, pre-configuration and pro-active handoff before L2 handoff –Only 1 packet loss, 14 ms delay during handoff mostly transient data  Includes delay due to layer 2, update to delete the tunnel on the router  We also reduced the layer 2 delay in hostap Driver  L2 delay depends upon driver and chipset  non-MPA –About 200 packets loss, ~ 4 s during handover  Includes standard delay due to layer 2, IP address acquisition, Re-Invite, Authentication/Authorization –Could be more if we have firewalls also set up MPA Approach Non-MPA Approach handoff 802.11 4 s

23 IRTF – 23 Conclusions/Future Work  MPA framework provides an optimized mobility management solution independent of mobility protocol used  We demonstrated an initial prototype implementation and results  MPA works over single interface and multiple interfaces (e.g., 802.11, CDMA)  Define a more integrated architecture that works in conjunction information discovery scheme (e.g.,802.21, 802.11u)  Comments/Suggestions/Questions  Next steps?

24 IRTF – 24 Thank you!

25 IRTF – 25 Comments from the group  This framework is dependent upon a good network discovery scheme –We may need to set up temporary tunnels with more than one network temporarily –Need a smarter algorithm to decide the exact network the mobile may move  Binding Update ( Is it necessary to do it beforehand) –In MIPv6 we may need to do next-hop care of address check –What do we gain by doing binding update ahead of time  Need for pre-configuration ?  How much time it takes to do the pre-configuration  Pre-configuration usually does not affect the handoff delay or packet loss  Layer 2 delay reduction  How can it work with other mobility management techniques (e.g.. MIPv6)

26 IRTF – 26 Backup Slides

27 IRTF – 27 MPA Experimental Flow (proactive handoff) (possible backup) R2 MN CN DHCP RTP PANA DHCP PANA (BIND) SIP Re_INVITE (IP1) 8.913 9.030 9.136 RTP (39835) OK ACK 9.267 19.283 19.285 19.291 Handoff Decision PANA Trigger to delete tunnel RTP (40335) RTP (40336) 19.298 19.315 19.379 RTP (40340) IWCONFIG (IOCTL) RTP (40341) 19.393 19.394JOIN 19.408JOIN (ACK) (Auth/Assoc, ifconfig, route,) L2 handoff + local L3 Configuration PANA Response RTP (40342) BU 19.411 MN Network 1 Network 2 Network 3 First packet in new network (non-tunneled) 19.395 Lost packet (non-tunnel) DHCP(IP1) RTP Tunnel deleted RTP X Tunneled Data No Packets lost During BU Tunnel Setup Signal RTP Data Lost RTP Data Tunneled packet RTP (40337) OK (tunneled) RTP packets Spaced ~16 ms IP0 IP1

28 IRTF – 28 Bootstrapping Link-layer security using L3-Preauth Current Network CTN MN AP2AP3 AA AP1 MN 1. Pre-authentication 2. Keys (TSK) 3. Secure Association 4. Secure Association

29 IRTF – 29 Mobile Wireless Internet: A Scenario (possible backup) 802.11a/b/g Bluetooth IPv6 Network UMTS/CDMA Network Internet Domain1 Domain2 UMTS/ CDMA PSTN gateway Hotspot CH Roaming User Ad Hoc Network PAN LAN WAN LAN PSTN 802.11 a/b/g

30 IRTF – 30 Single Radio Interface Roaming Scenario (possible backup) Provider B Provider A IEEE 802.11 LAN Subnet A1(or ESS A1) Subnet A2(or ESS A2)Subnet B1 (or ESS B1) IEEE 802.11LAN Intra-domain Inter-subnet MIH Inter-domain Inter-subnet MIH

31 IRTF – 31 Multiple Radio Interface Roaming Scenario (possible backup) IEEE 802.11 LAN 3GPP Cellular Network WLAN: deactivated Cellular: activated The mobile finds WLAN AP through information discovery over the activated I/F The mobile quickly activates the WLAN I/F and switch to it. The mobile may deactivate the cellular I/F

Download ppt "Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-00.txt) Ashutosh Dutta, Telcordia Technologies Yoshihiro Ohba (Ed.), Kenichi Taniuchi."

Similar presentations

IPv6 Mobility Support Henrik Petander

IPv6 Mobility Support Henrik Petander
IDMP-based Fast Handoffs and Paging in IP-based Cellular Networks IEEE 3G Wireless Conference, 2001 李威廷 11/22/2001 Telcordia.

IDMP-based Fast Handoffs and Paging in IP-based Cellular Networks IEEE 3G Wireless Conference, 2001 李威廷 11/22/2001 Telcordia.
Fast L3 Handoff in 802.11 Wireless LANs Andrea G. Forte Sangho Shin Henning Schulzrinne.

Fast L3 Handoff in Wireless LANs Andrea G. Forte Sangho Shin Henning Schulzrinne.
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
1 Mobility Management for All-IP Mobile Networks: Mobile IPv6 vs. Proxy Mobile IPv6 Ki-Sik Kong; Wonjun Lee; Korea University Youn-Hee Han; Korea university.

1 Mobility Management for All-IP Mobile Networks: Mobile IPv6 vs. Proxy Mobile IPv6 Ki-Sik Kong; Wonjun Lee; Korea University Youn-Hee Han; Korea university.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI

Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI
IDMP: AN INTRADOMAIN MOBILITY MANAGEMENT PROTOCOL FOR NEXT-GENERATION WIRELESS NETWORK SUBIR DAS, ANTHONY MCAULEY AND ASHUTOSH DUTTA, TELCORDIA TECHNOLOGIES.

IDMP: AN INTRADOMAIN MOBILITY MANAGEMENT PROTOCOL FOR NEXT-GENERATION WIRELESS NETWORK SUBIR DAS, ANTHONY MCAULEY AND ASHUTOSH DUTTA, TELCORDIA TECHNOLOGIES.
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
Inter-Subnet Mobile IP Handoffs in 802.11b Wireless LANs Albert Hasson.

Inter-Subnet Mobile IP Handoffs in b Wireless LANs Albert Hasson.
1 DHCP-based Fast Handover protocol NTT Network service systems laboratories 2005. 3. 10 Takeshi Ogawa draft-ogawa-fhopt-00.txt 62nd IETF - Minneapolis.

1 DHCP-based Fast Handover protocol NTT Network service systems laboratories Takeshi Ogawa draft-ogawa-fhopt-00.txt 62nd IETF - Minneapolis.
Doc.: IEEE 802.11-11/1183r0 Submission September 2011 Masataka Ohta, Tokyo Institute of TechnologySlide 1 IP over Congested WLAN Date: 2011-09-19 Authors:

Doc.: IEEE /1183r0 Submission September 2011 Masataka Ohta, Tokyo Institute of TechnologySlide 1 IP over Congested WLAN Date: Authors:
Secure Universal Mobility for Wireless Internet Authors: A. Dutta, T. Zhang, S. Madhani Telcordia Technologies K. Taniuchi, K. Fujimoto, Y. Katsube, Y.Ohba.

Secure Universal Mobility for Wireless Internet Authors: A. Dutta, T. Zhang, S. Madhani Telcordia Technologies K. Taniuchi, K. Fujimoto, Y. Katsube, Y.Ohba.
Mobile IP.

Mobile IP.
Formal Approach to Mobility Modeling IETF 78 – IRTF MOBOPTS Ashutosh Dutta Bryan Lyles Henning Schulzrinne 1.

Formal Approach to Mobility Modeling IETF 78 – IRTF MOBOPTS Ashutosh Dutta Bryan Lyles Henning Schulzrinne 1.
Performance Validation of Mobile IP Wireless Networks Syed Shahzad Ali Muhammad Saqib Ilyas Advisor: Dr. Ravi Pendse.

Performance Validation of Mobile IP Wireless Networks Syed Shahzad Ali Muhammad Saqib Ilyas Advisor: Dr. Ravi Pendse.
67 th IRTF MOBOPTS – 1 Media Independent Pre-Authentication and Implementation (draft-ohba-mobopts-mpa-framework-03.txt) (draft-ohba-mobopts-mpa-implementation-03.txt)

67 th IRTF MOBOPTS – 1 Media Independent Pre-Authentication and Implementation (draft-ohba-mobopts-mpa-framework-03.txt) (draft-ohba-mobopts-mpa-implementation-03.txt)
Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.

Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia.

Similar presentations

Ads by Google