1. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures Intersystem Handoff and Authentication IS-41 오재준Nclab mega5@kw.ac.kr mega5@kw.ac.kr

2. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.1 IS-41 Intersystem Handoff  Two BSs are connected to different MSCs  Four types of intersystem handoff  Handoff-forward  Handoff-backward  Handoff-to-third  Path minimization

3. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.1.1 Handoff Measurement Step1 - HandoffMeasurementRequest - set 7 second LMMRT Step2 - Performs signal measurement - HandoffMeasurementRequest LMMR (location measurement maximum response timer)

4. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.1.2 Handoff-Forward(1) InterSwitchCount parameter, MAXHANDOFF Step 1 - MSC A initiates the h/o-forward procedure - allocate the trunk - sends a query msg FacilitiesDirective (INVOKE) - set 12 second HOT (handoff order timer) - expired : release trunk FacilitiesReleases with “HandoffAbort not received” 4-15 CTT set -> FacilitiesReleases Step 2 - check if the voice channel is avaible Step 2.1 (no radio channel is available) - FacilitiesDirective (RETURN ERROR) with “Resource Shortage” - stop HOT - exchange FacilitiesReleases msg. - MSCs exit the task

5. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.1.2 Handoff-Forward (2) Step2 Step2.2 (radio channel is available) - FacilitiesDirective (RETURN RESULT) with selected channel number. - excute step3, step4 in parallel Step3 (MSC A) - MSC A stops HOT - set 7 second MHOT (mobile handoff timer) - Handoff execution msg. to the MS Step4 (MSC B) - set 7 second MAT (mobile arrival timer) Step4.1 - MAT expires, MSC B releases the radio channel -MHOT of MSC A expire, trunk is released Step4.2 - MS responds, MSC B stops timer MAT - MobileOnChannel msg. to MSC A - MHOT is stopped

6. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.1.3 Handoff-Backward(1) MS moves from MSC B back to MSC A Step1 - MSC B set HOT - HandoffBack msg. to MSC A Step2 - if receive msg. check the radio channel Step2.1 no channel is available - HandoffBack (RETURN ERROR) with ”ResoureShortage” - HOT timer stop and exit the task Step2.2 channel is available - HandoffBack (RETURN RESULT) msg. with the selected channel number - step3, step4 are executed in parallel Step3 - MSC B receives the HandoffBack response msg - stop HOT, set 7 second MHOT - ask MS to transfer to new radio channel

7. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.1.3 Handoff-Backward (2) Step4 - MSC A set 7 second MAT - expects to hear from the MS Step 4.1 - MAT expires, MSC A releases the radio channel - MHOT timer will expire Step 4.2 - MS responds - MS has handed over to the new voice path - MSC A stops MAT - sends a query msg. FacilitiesRelease to MSC B - MSC B stop MHOT - MSC B sends a response msg.FacilitiesRelease to MSC A - trunk between MSCs is released

8. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.1.4 Handoff-to-Third and Path Minimization MS moves again from MSC B to MSC C Step1 - MSC B sets 18 second HTTT (handoff-to-third timer) - HandoffToThird (INVOKE) to MSC A - if HTTT expired MSC B process Handoff-forward Step2 MSC C is known to MSC A  check Step 2.1 - no trunk connection - HandoffToThird (RETURN ERROR) - HTTT expired MSC B process Handoff- forward Step2.2 - interswitch trunk available - MSC A set HOT - FacilitiesDirective (INVOKE) - if HOT expired MSC B process Handoff- forward

9. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.1.4 Handoff-to-Third and Path Minimization Step3 - MSC C check radio channel available Step3.1 (no radio channel is available) - FacilitiesDirective (RETURN ERROR) to MSC A - MSC A stop HOT and send HandoffToThird (RETURN ERROR) to MSC B - MSC B stop HTTT - step 2.1 process repeat Step3.2 (radio chnnel is available) - FacilitiesDirective (RETURN RESULT) to MSC A Step4 - MSC B set HTTRT - send handoff execution to MS Step5 Step6

10. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.2 IS-41 Authentication  Two authentication schemes  without-sharing (WS) scheme SSD (shared secret data) is shared only between AuC and MS For user high mobility rate  shared (S) scheme SSD is shared with the visited system authenticate the MS at call origination or delivery reducing message flow and call setup time require additional message exchanges during registrations For a user with high call frequency  switch between the two authentication schemes user’s call and move frequencies as the user’s behavior changes

11. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.2.1 Private and Authentication in TSB-51  MIN (mobile identification number)  ex) 011-700-5425  ESN (electronic serial number)  32bit serial number highest order 8bits : manufacturer’s code the remaining bit : unique MS number  AuC (authentication center)  Database connected to the HLR  responsible for maintaining and updating the SSDs  LA (location area)  belonging to one or more PSPs  PSP (PCS service provider)  providing some combination of BSs

12. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.2.2 Without-Sharing (WS) Scheme (1) 6.2.2.1 Registration (Location Update) Step1 - MS execute CAVE algorithm using SSD; its ESN, MIN, RAND - produce AUTHR Step2 - request registration with AUTHR, ESN, MIN, RANDC and COUNT Step3 - PSP forward authentication request to VLR serving the PSP LA Step4 - VLR forward the request to HLR Step5 - HLR forward the request to AuC *CAVE (Cellular Authentication and Voice Encryption)

13. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.2.2 Without-Sharing (WS) Scheme (2) 6.2.2.1 Registration (Location Update) Step6 - AuC retrieve the SSD associated with the MIN from its database - execute CAVE algorithm with retrieved SSD and additional parameters Step7-9 - verifying that result matches the AUTHR value received from MS - check the COUNT value - AuthenticationRequest *RETURN RESULT (success) *RETURN ERROR (fail) Once the MS has been authenticated, the serving PSP system will start the location update procedure

14. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.2.2 Without-Sharing (WS) Scheme (3) 6.2.2.2 Call Origination Step1 - MS execute CAVE algorithm with SSD ESN, MIN, RANDC - to produce AUTHR, VPMASK, SMEKEY Step2-4 - PSP forwards the message to AuC Step5 - AuC performs authetication Step6 - AuC generates VPMASK and SMEKEY and forward them to the serving PSP system

15. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.2.3 Sharing (S) Scheme (1) SSD shared with the visited PSP system Old VLR has the current value of COUNT Once the MS is registered, the new VLR instead of the AuC -> reduced message flow Step1-2 - execute CAVE algorithm using SSD,ESN, MIN and RAND - produces AUTHR Step3-6 - verifying the result - AuC should obtain the current COUNT value from the old VLR Step 7,8 - CountRequest Step9 - countRequest (RETURN RESULT) 6.2.3.1 Registration (Location Update)

16. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures 6.2.3 Sharing (S) Scheme (2) 6.2.3.2 Call Origination Step1 - MS execute CAVE algorithm with SSD ESN, MIN, RANDC - produce AUTHR, VPMASK, SMEKEY - send RANDC, AUTHR, COUNT,ESN and MIN Step2 - AuthenticationRequest (INVOKE) Step3 - VLR execute CAVE algorithm - generate AUTHR, VPMASK, and SMEKEY Step4 - verifying AUTHR and COUNT - AuthenticationRequest (RETURN RESULT)

17. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures Adaptive Algorithm: AA1  The WS scheme  the number of registration operations.  The S scheme  in the opposite situation  adaptive algorithm (AA1)  automatically selects an appropriate authentication scheme for any given user in real time.  Cycle : the period between two consecutive registrations for a user  λ: the call arrival rate  ŋ : the mobility or the rate that a user changes LAs.  Then the expected number of call arrivals in a cycle p is: ρ= λ/ŋ

18. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures Adaptive Algorithm: AA1  In the WS scheme (  In the WS scheme ( C ws = 5 + 5ρ)  registration - five database accesses  a call origination or termination - five database accesses  In the S scheme  In the S scheme (C s = 9 + ρ)  registration - nine database accesses (see Figure 6.7)  a call origination or termination - one database access (see Figure 6.8)   C ws =C s if and on if ρ =1  the S scheme outperforms the WS scheme (i.e., C S 1

19. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures Adaptive Algorithm: AA1  The WS scheme : 0 <i < n - 1.  The S scheme : n < j < 2n - 1.  Let L  the number of call arrivals during the previous cycle.  If the steady state of the algorithm exists, then the transition probabilities for the finite automaton are:  ρ1 = Pr[L = 1], ρ2 = Pr[L = 0], and p3 = Pr[L > 1]  The AuC needs to maintain authentication scheme (AS) bits per user.  The VLR needs to maintain an AS bit per user

20. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures Adaptive Algorithm: AA1  When the AuC is accessed for a registration operati on, the AuC checks the following: Suppose that the algorithm is in state i.  If no call arrived during the previous cycle, the algorithm moves to state i - 1 for i > 0, and remains in the same state i for i = 0.  If exactly one call arrived during the previous cycle, the algorithm remains in the same state i.  If more than one call arrived during the previous cycle, the algorithm moves to state i + 1 for i < 2n - 1, and remains in the same state i for i=2n-1.  from state n -1 to state n  from WS to S  from state n to state n – 1  from S to WS

21. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures Adaptive Algorithm : AA2  requires only an AS bit in the AuC and VLRs to indicate whether the S scheme or the WS scheme is exercised.  At the beginning of a cycle, AA2 always exercises the WS scheme  AS bit is "WS"  After an originating or terminating call arrives, the AS bit is switched to "S," and the S scheme is exercised.  Step 1  When the first call arrives, the authentication message flow follows Figure 6.6  when the AuC receives AuthenticationRequest (INVOKE) AS bit "S" SSD is sent to the VLR in the AuthenticationRequest (RETURN RESULT) message.  When the VLR receives the SSD AS bit is set to "S”  At this moment, the S scheme is exercised.

22. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures Adaptive Algorithm : AA2  Step 2  For subsequent call arrivals in this cycle  the message flow in Figure 6.8 is followed.  Step 3  At the end of the cycle-when the MS moves to a new LA  the authentication/registration occurs, the AuthenticationRequest messages are sent to the AuC.  Step 3a.  If the AS bit at the AuC is "WS," it implies that no call origination/ termination occurs during the cycle  Step 3b.  If the AS bit at the AuC is "S" The AS bit at the AuC is set to "WS." When the VLR receives the AuthenticationRequest (RETURN RESULT) message,  AS bit is set to "WS."  At the end of step 3, the WS scheme is exercised.

23. Kwangwoon Univ. http://netcom.kw.ac.kr Wireless and Mobile Network Architectures