2 2003 a. jamalipour

9
Efficient Management of the Efficient Management of the Traffic Flows in Wireless Internet Traffic Flows in Wireless Internet Abbas Jamalipour The University of Sydney Australia International Workshop on Internet Security and Management [email protected] 28 Jan 2003, Sendai, Japan 2003 2003 A. Jamalipour A. Jamalipour 2 Contents Contents 1. 1. An Introduction to Wireless IP An Introduction to Wireless IP 2. 2. Wireless Internet Security Wireless Internet Security 3. 3. Quality of Service Quality of Service 4. 4. Conclusions Conclusions An Introduction to Wireless IP An Introduction to Wireless IP Abbas Jamalipour 1 1 2003 2003 A. Jamalipour A. Jamalipour 4 ? ? ? ? The mobile Internet The mobile Internet Global Internet IP-based core network IP-based access network To other telecommunication networks Access Node Mobile Node Can “mobile Internet” be defined like this? Location-independent access Wire-free access ISP-independent access Seamless access INTERNET ACCESS 2003 2003 A. Jamalipour A. Jamalipour 5 Evolution in telecom technologies Evolution in telecom technologies Telephony Wired Wireless Cellular Internet Fixed Wireless Mobile Increase in: No of services Accessibility (time/space) No of applications Internet AP Internet ? Available options: Working independently Replacing Complementing Network Traffic: Voice, Text, Data, Image, Video, …, Multimedia 2003 2003 A. Jamalipour A. Jamalipour 6 Trend 1: Fixed to mobile access Trend 1: Fixed to mobile access Saturation of fixed access for voice service in near future 400m mobile subscribers worldwide in 2000 and 1800m in 2010 Similar exponential increase pattern in number of Internet subscribers 0 200 400 600 800 1000 1200 1400 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 Million Users Fixed Lines Mobile Lines Fixed Internet 2003 2003 A. Jamalipour A. Jamalipour 7 Trend 2: Voice to data Trend 2: Voice to data Significant increase in no. of multimedia users compared with voice 3m mobile data users in 1998 to 77m in 2005: 70% increase per year Today’s Internet users: potential users of tomorrow’s mobile Internet 0 20 40 60 80 100 120 140 1997 1998 1999 2000 2001 2002 Data Traffic Volume Voice Traffic Volume Pbit/day 2003 2003 A. Jamalipour A. Jamalipour 8 Get the first 50m users Get the first 50m users 0 20 40 60 80 100 Public Telephony N etwork Radio Broadcasting Television Broadcasting C ellular M obile Com m unications Internet Y e ars 75 35 13 12 4 (years)

Upload: others

Post on 26-Nov-2021

3 views

Category:

Documents


0 download

TRANSCRIPT

Efficient Management of the Efficient Management of the Traffic Flows in Wireless InternetTraffic Flows in Wireless Internet

Abbas Jamalipour

The University of SydneyAustralia

International Workshop on Internet Security and Management

[email protected] Jan 2003, Sendai, Japan

20032003A. JamalipourA. Jamalipour 22

ContentsContents

1.1. An Introduction to Wireless IPAn Introduction to Wireless IP

2.2. Wireless Internet SecurityWireless Internet Security

3.3. Quality of ServiceQuality of Service

4.4. ConclusionsConclusions

An Introduction to Wireless IPAn Introduction to Wireless IP

Abbas Jamalipour11

20032003A. JamalipourA. Jamalipour 44

??

??

The mobile InternetThe mobile Internet

Global Internet

IP-based core network

IP-based access network

To other telecommunication networks

AccessNode

Mobile Node

Can “mobile Internet” be defined like this?

Location-independent access

Wire-free access

ISP-independent access

Seamless access

INTERNET ACCESS

20032003A. JamalipourA. Jamalipour 55

Evolution in telecom technologiesEvolution in telecom technologies

Telephony– Wired– Wireless– Cellular

Internet– Fixed– Wireless– Mobile

Increase in:• No of services• Accessibility (time/space)• No of applications

AP����������

����������

����������

����������

����������

���������

���������

����������

����������

Internet

?APAP

����������

����������

����������

����������

����������

����������

����������

����������

����������

����������

���������

���������

���������

���������

����������

����������

����������

����������

Internet

?

Available options:• Working independently• Replacing• Complementing

Network Traffic: Voice, Text, Data, Image, Video, …, Multimedia

20032003A. JamalipourA. Jamalipour 66

Trend 1: Fixed to mobile accessTrend 1: Fixed to mobile access

Saturation of fixed access for voice service in near future400m mobile subscribers worldwide in 2000 and 1800m in 2010Similar exponential increase pattern in number of Internet subscribers

0

200

400

600

800

1000

1200

1400

1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005

Million Users

Fixed Lines

Mobile Lines

Fixed Internet

20032003A. JamalipourA. Jamalipour 77

Trend 2: Voice to dataTrend 2: Voice to data

Significant increase in no. of multimedia users compared with voice3m mobile data users in 1998 to 77m in 2005: 70% increase per yearToday’s Internet users: potential users of tomorrow’s mobile Internet

0

20

40

60

80

100

120

140

1997 1998 1999 2000 2001 2002

Data Traffic Volume

Voice Traffic Volume

Pbit/day

20032003A. JamalipourA. Jamalipour 88

Get the first 50m usersGet the first 50m users

0

20

40

60

80

100

P ublic TelephonyNetwork

RadioBroadcasting

TelevisionBroadcasting

Cellular M obileCom m unications

Internet

S 1

Y ears

75 35 13 12 4 (years)

20032003A. JamalipourA. Jamalipour 99

The applicationThe application--oriented Internetoriented Internet

Internet to:• connect people• connect devices• connect people/ devices

1980 1985 1990 1995 2000 2005 2010100

1000

10000

100000

1000000

10000000

100000000

1000000000

Number of Internet users

FTPTelnet

Email

WWW

embedded Internet and wireless Internet

Variety Growth of Internet Applications

20032003A. JamalipourA. Jamalipour 1010

Mobile Internet applicationsMobile Internet applications

Information• internet-surfing• intelligent search-

& filtering agents• on-line media• on-line translation• local information• booking & reservation• news

Education

• virtual school• on-line laboratories• on-line library• on-line training• remote consultation

Leisure

• virtual book store• music on demand• games on demand• video-clips• virtual sight seeing• ski net, Disney net• lottery services

• public elections and voting• public information• help• broadcast services• yellow pages

PublicServices

OfficeInformation

• virtual working groups• mobile office• tele-working• schedule synchronisation

SpecialServices

• security services• hotline• tele-medicine

Communication• video telephony• video conferencing• speech• e-mail• announcing services• SMS• electronic postcard

FinancialServices

• on-line banking• universal SIM-

& credit card• home shopping• stock quotes

TelemetricServices

(Machine-Machine Services)

• location basedtracking (GPS)

• navigation assistance• travel information• fleet management• remote diagnostics

???

???

???

20032003A. JamalipourA. Jamalipour 1111

Telecom of the futureTelecom of the future

Horizontal communication between different access technology– cellular, cordless, WLAN, short-range connectivity, wired

On a common platform to complement each other servicesConnected through a common, flexible, seamless IP-based core networkAn advanced media access technology that connects the core network to different access technologiesGlobal roaming and inter-working between different access technologies both horizontal (intra-system) and vertical (inter-system) handoverSeamless service negotiation including mobility, security, QoS

Supporting new and existing applications

20032003A. JamalipourA. Jamalipour 1212

Interoperated telecom architectureInteroperated telecom architecture

3G networksUMTS/cdma2000

indoor high-speed networks

public telephony switched networks

packet data networksother

wireless/wired networks

common core network

20032003A. JamalipourA. Jamalipour 1313

A network architecture of the future mobile networksA network architecture of the future mobile networks

Internetwork Access Technology

IP Core Network

Satellite Backbone

Private IP Network

Global Internet

Wireless LAN

GSM

cdmaOne

DECT

GPRS/UMTS Core

cdma2000 Core

cdma2000 Access Network

UMTS Access Network

PSTN/ISDN

ADSL

20032003A. JamalipourA. Jamalipour 1414

Two Dimensional InternetworkingTwo Dimensional Internetworking

Wired Networks

Personal Networks

Hot Spot Networks

2G Mobile Networks

3G Mobile Networks

Global Networks DAB/DVB

PSTN ADSL Internet

Ad Hoc DECT Bluetooth

Wireless LAN PHS

GSM GPRS cdmaOne PDC

UMTS cdma2000 UWC-136

GEO SAT MEO/LEO SAT

20032003A. JamalipourA. Jamalipour 1515

SummarySummary

Applications were and will be the driving wheels in evolution of all telecommunication networks.Success of the Internet is mainly due to its accessibility and the usage of an open architecture.Mobility is a recognized feature of the future telecommunication networks.Multimedia mobile applications will force the future networks to be united under a common platform and incorporate efficiently to complement services of each other.

But, wouldn’t this integration add new complications to QoS and network security?

20032003A. JamalipourA. Jamalipour 1616

RequirementsRequirements

Efficient homogeneous traffic flow management as well as QoS management techniques are required.

– Capable of delivering QoS and security on an end-to-end basis within the heterogeneous networks (wired/wireless)

Traffic flow volume is needed to be controlled by discriminatory preferences given to individual users and application data.

Wireless Internet SecurityWireless Internet Security

Abbas Jamalipour22

20032003A. JamalipourA. Jamalipour 1818

Why security?Why security?

Original reasons in necessity of Internet security

PLUS

Increase in number of internetworking networksGrowth in number and variety of network hostsIncrease in variety of network applicationsIncrease in amount of data stored in network and their storage locations Increase in volume of data being exchanged

20032003A. JamalipourA. Jamalipour 1919

Internet securityInternet security

Network Security

Privacy Authentication Integrity Non-repudiation

aka secrecy:Only sender and intended receiver shouldunderstand the message

• S: Encryption• R: Decryption

Receiver is confident of the sender’s identity

The content of the received message is exactly same as what was sent by original sender

Receiver must be able to prove that the sender did send the message(sender cannot deny it)

20032003A. JamalipourA. Jamalipour 2020

Internet attacks Internet attacks –– SniffingSniffing

Internet is a broadcasting medium– A third party can intercept a message which is not encrypted– Read, write, or delete the data being transferred

A

B

C

src:B dest:A payload

20032003A. JamalipourA. Jamalipour 2121

Internet attacks Internet attacks –– IP spoofingIP spoofing

Internet is a broadcasting medium– A third party can pretend to be the original sender by putting

the original sender’s IP address in the source IP field

A

B

C

src:B dest:A payload

20032003A. JamalipourA. Jamalipour 2222

Internet attacks Internet attacks –– Denial of serviceDenial of service

Internet is a broadcasting medium– A third party can overloading the receiver by flooding malicious

packets

A

B

C

SYN

SYNSYNSYN

SYNSYN

SYN

Also Distributed DoS: by multiple coordinated sources

20032003A. JamalipourA. Jamalipour 2323

Where to secure?Where to secure?

Application layer– For private, authenticated transactions using certificate

infrastructure; e.g. SET (secure electronic transaction), digital signatures, Pretty Good Privacy (PGP) and Secure Shell

Transport layer– Data encryption using certificate infrastructure; e.g. SSL, TLS

Network layer– Data protection across the network; e.g. IPSec, Firewall, AAA

Link layerPhysical layer

– Encoding the data before sending on air for physical isolation

20032003A. JamalipourA. Jamalipour 2424

Basic security techniquesBasic security techniques

Encryption and decryption– Mainly to create privacy but are also applied in the other three

parts of the network security– Secret key (aka symmetric key)

Using the same key shared between sender and receiver pair and common encryption/decryption algorithmsUse of short keys: ideal for encrypt/decrypt long messagesOne key for each pair: too many keys are needed for all

– Public keyUse of a private key and a public keyPrivate key is kept by receiver, public key is announced to publicLess keys required, but more complex algorithms: good for short messages

20032003A. JamalipourA. Jamalipour 2525

Digital signatureDigital signature

Handles authentication, integrity and non-repudiation – Signing the message using encryption techniques– Sender encrypt the message using his private key– Receiver decrypt the message using sender’s public key

Integrity: If the message is changed by an intruder, there is a high probability that the message is unreadable.Authentication: Using a different private key will result a different message than the one sent by the sender.Non-repudiation: The private key of the sender can be tested on the original plaintext thus the sender cannot deny sending the message.

20032003A. JamalipourA. Jamalipour 2626

IPSecIPSec: Network layer security: Network layer security

Providing a framework and a mechanism only– Encryption/authentication selections are left to the user

Can provide network layer secrecy and authentication– Network layer secrecy: sending host encrypts TCP and UDP

segments, ICMP and SNMP messages in IP datagram– Network layer authentication: destination host can authenticate

the source IP addressDefining two protocols at the network layer

– Authentication header (AH) protocolTo provide integrity and authentication (digital signature)

– Encapsulating Security Payload (ESP) protocolTo provide privacy plus integrity and message authentication

20032003A. JamalipourA. Jamalipour 2727

Service agreement (SA)Service agreement (SA)

A source-destination handshake for AH and ESP protocols

– Creating network-layer logical channel called a service agreement (SA)

Each SA is unidirectional and uniquely determined by:– The security protocol (AH or ESP)– The source IP address– A 32-bit connection ID

20032003A. JamalipourA. Jamalipour 2828

Encapsulating security payload Encapsulating security payload

Provides secrecy, host authentication, data integrityData and ESP trailer are encryptedNext header field is in ESP trailerESP authentication field is similar to AH authentication fieldProtocol = 50

IP Header ESP Header TCP/UDP Segment ESP Trailer ESP Auth

Encrypted

Authenticated

Protocol = 50

20032003A. JamalipourA. Jamalipour 2929

Authentication header protocolAuthentication header protocol

Provides source host authentication, data integrity, but not secrecyAH header inserted between IP header and data fieldProtocol field = 51Intermediate routers process datagrams as usualAH header includes:

– connection ID– authentication data: signed message digest, calculated over original

IP datagram, providing source, authentication, data integrity– Next header field: specifies type of data (TCP, UDP, ICMP, etc.)

IP Header AH Header TCP/UDP Segment

20032003A. JamalipourA. Jamalipour 3030

Security in wireless InternetSecurity in wireless Internet

All issues and techniques explained so far are also applicable to the wireless Internet security, but

– Are they still sufficient?– Are they still efficient?– Are they all supportable in heterogeneous networks?– Are those techniques scalable enough?– Are the security threats limited to those considered?

Security should be considered as an end-to-end issue– So, in order to resolve the above doubts and to implement

security (which would be redefined at a later time), security has to be treated similar to other quality of service themes

Quality of ServiceQuality of Service

Abbas Jamalipour33

20032003A. JamalipourA. Jamalipour 3232

GeneralGeneral QoSQoS requirementsrequirements

Technology-based quality of service requirements– Timeliness

delayresponse timedelay variation

– Bandwidthsystem level data rateapplication level data ratetransaction rate

– Reliabilitymean time to failuremean time to repairmeantime between failuresloss or corruption rate

20032003A. JamalipourA. Jamalipour 3333

QoSQoS requirements, more …requirements, more …

User-level quality of service requirements– critically

perceived QoS based on data transmission application type– picture detail– picture color accuracy– video rate– video smoothness– audio quality– video/audio synchronization

cost– per-use cost– per-unit cost

security– confidentiality (information access only by appropriate users)– integrity (information not to be corrupted)– digital signatures– authentication (verification of a user’s identity and right to access)

20032003A. JamalipourA. Jamalipour 3434

BW vs. coverage in wireless networksBW vs. coverage in wireless networks

Wider coverage and higher mobility equal to higher cost but not necessarily higher data rate

Harmonic QoS adjustment on an end-to-end basis is also challenging when more than one network involved

Wireless network Coverage Data rate Infrared Room 19.2 kbps-4 Mbps IEEE 802.11/b/a 100-500m around each AP 1, 2/11/54 Mbps GSM (HSCSD) Cellular network 9.6 (56) kbps CDPD (for AMPS, IS-95, IS-136) Cellular network 19.2 kbps DECT, PHS Cellular network 32 kbps GPRS (for GSM) Cellular network 155 kbps UMTS/IMT-2000 Cellular network 384 kbps to 2 Mbps Iridium LEO Satellite Global 2.4 kbps Broadband satellites Global/regional 2 Mbps

20032003A. JamalipourA. Jamalipour 3535

Challenging wirelessChallenging wireless QoSQoS managementmanagement

Data applications over wireless channel require sophisticated techniques of quality of service management

– short loss of communications during handover is not desirable, though it is acceptable in voice applications

– similar facilities required in the new point of attachment after any handover

– blind spots are unavoidable in wireless networksEnd-user QoS is also affected by certain specifications of portable terminals– battery limit – screen size– processing power – screen resolution

More importantly, traffic flows are transported by a variety of networks, each with its QoS and security treatment techniques

20032003A. JamalipourA. Jamalipour 3636

ImprovingImproving QoSQoS in IP networksin IP networks

IETF groups are working on proposals to provide better QoS control in IP networks, i.e., going beyond best effort to provide some assurance for QoSWork in Progress includes RSVP, Differentiated Services, and Integrated ServicesSimple model for sharing and congestionstudies:

Looking for an ideal and general network QoS model

20032003A. JamalipourA. Jamalipour 3737

Principles forPrinciples for QoSQoS guaranteesguarantees

Consider a phone application at 1Mbps and an FTP application sharing a 1.5 Mbps link

– bursts of FTP can congest the router and cause audio packets to be dropped

– want to give priority to audio over FTP

PRINCIPLE 1: marking of packets is needed for router to distinguish between different classes; and new router policy to treat packets accordingly

20032003A. JamalipourA. Jamalipour 3838

QoSQoS guarantees, more…guarantees, more…

Applications misbehave (audio sends packets at a rate higher than 1Mbps assumed above) PRINCIPLE 2: provide protection (isolation) for one class from other classes Require policing mechanisms to ensure sources adhere to bandwidth requirements;

– marking and policing need to be done at the edges

20032003A. JamalipourA. Jamalipour 3939

QoSQoS guarantees, more…guarantees, more…

Alternative to marking and policing: allocate a set portion of bandwidth to each application flow

– can lead to inefficient use of bandwidth if one of the flows does not use its allocation

PRINCIPLE 3: while providing isolation, it is desirable to use resources as efficiently as possible

20032003A. JamalipourA. Jamalipour 4040

QoSQoS guarantees, more…guarantees, more…

Cannot support traffic beyond link capacityPRINCIPLE 4: need a “Call Admission Process”

– application flow declares its needs – network may block call if it cannot satisfy the needs

20032003A. JamalipourA. Jamalipour 4141

QoSQoS summarysummary

Now, let’s have some examples from Internet and cellular networks

20032003A. JamalipourA. Jamalipour 4242

IP solutions forIP solutions for QoSQoS supportsupport

Three classes of service– guaranteed-service class

provides for delay-bounded service agreements– controlled-load service class

provides for a form of statistical delay service agreement (nominal mean delay)

– best-effort servicesinteractive burst (e.g. Web), interactive bulk (e.g. FTP), and asynchronous (e.g. Email)

Guaranteed and controlled-load services are based on quantitative service requirements and require signaling and admission control in network nodes

– usually Resource Reservation Protocol (RSVP) is used

Integrated services (IntServ)

20032003A. JamalipourA. Jamalipour 4343

IntServIntServ: Advantages and disadvantages: Advantages and disadvantages

Advantages– provides service classes which closely match different apps– leaves the existing best-effort service unchanged

no change to the existing apps, efficient as current Internet– leaves forwarding mechanism in the network unchanged

non-upgraded networks can receive data from IntServ

Disadvantages– E2E service guarantee requires IntServ support by all nodes– subdivision of best-effort service may cause problems in

commercial networks

20032003A. JamalipourA. Jamalipour 4444

Differentiated services (Differentiated services (DiffServDiffServ))

Aims at providing simple, scalable and flexible service differentiation using a hierarchical model

– interdomain resource managementunidirectional service levels are agreed at each boundary point between a customer and a provider for traffic entering the provider network

– intradomain resource managementprovider is solely responsible for configuration and provisioning of resources within its domain

Provider builds its offered services with a combination of traffic classes, traffic conditioning, and billing

– DiffServ does not impose either the number of traffic classes or their characteristics on a service provider

Based on local service agreements at customer/provider boundariesPer-flow state is avoided within the network since individual flows are aggregated in classes

20032003A. JamalipourA. Jamalipour 4545

DiffServDiffServ, more …, more …

Aggregates the entire customer’s requirements for QoSThe customer must have a service level agreement (SLA) with service provider

– SLA specifies the forwarding service the customer receives– static or dynamic

static SLA: negotiated on a long-term basis (e.g., monthly)dynamic SLA: changes more frequently

For receiving different service levels, the customer must mark its packets by specific values in TOS filed (renamed DS field)

DS field supersedes the existing definition of IPv4 TOS octet and the IPv6 traffic class octet

DSCP (differentiated services codepoint) unused0 6 7

20032003A. JamalipourA. Jamalipour 4646

DiffServDiffServ 33--level routerslevel routersLocal Differentiated

Services Domain

Transit Internet Network

border router

border router

interior router

interior router

interior router

access routers

access routers

access routers

contracted link

20032003A. JamalipourA. Jamalipour 4747

DiffServDiffServ: Advantages and disadvantages: Advantages and disadvantages

Advantages– provides discrimination based on payment for service– traffic classes are accessible without signaling as a traffic class

is predefined aggregate of traffic– classification of the traffic needs not be performed in the end

system (simpler network management)

Disadvantages– DiffServ tries to keep the operating mode of the network

simple by pushing as much complexity as possible onto network provisioning and configuration

– DiffServ does not make providing several services with different qualities within the same network easier

20032003A. JamalipourA. Jamalipour 4848

IntServIntServ andand DiffServDiffServ––A comparisonA comparison

IntServ– Requires flow-specific state for each flow at routers

increase of state information based on number of flowsneed huge storage space and processing power at routermake routers much more complex

DiffServ– Simpler and more scalable– Scalability:

per-flow service replaced with per-aggregate servicecomplex processing is moved from the core of network to the edge

20032003A. JamalipourA. Jamalipour 4949

GPRS example ofGPRS example of QoSQoS supportsupport

QoS profile assigned to every subscriber– traffic precedence class

high, normal, and low priority– delay class

four classes– reliability class

five classes– peak throughput class

8, 16, 32, 64, 128, 256, 512, 1024, 2048 kbps– mean throughput class

19 classes from best-effort to 111 kbpsProfile requested by user or as default

– defined in the home location register (HLR)– SGSN responsible for fulfilling the QoS profile

TE MT BSS SGSN GGSN

EIR

SMS-SC

HLR

SMS-GMSCSMS-IWMSC

E C

DA

Gb

Gd

GrGsMSC/VLR

PDN

GGSN

Other PLMN

Gc

R Um

Gn

Gf

GiTE

SGSNGn

SignalingSignaling & Data

Gp

TE MT BSS SGSN GGSN

EIR

SMS-SC

HLR

SMS-GMSCSMS-IWMSC

E C

DA

Gb

Gd

GrGsMSC/VLR

PDN

GGSN

Other PLMN

Gc

R Um

Gn

Gf

GiTE

SGSNGn

SignalingSignaling & Data

Gp

20032003A. JamalipourA. Jamalipour 5050

UMTS network architectureUMTS network architecture

GSM CircuitSwitched

(Real-Time)

Non-Real-TimeData Services

CS

BTS

ATM

UMTS

Node B

ATM

PSTN

IP Core

IP

SGSN GGSN

FeatureServers

RNC

BSC

MSC

MSCu

20032003A. JamalipourA. Jamalipour 5151

UMTS architectural improvementsUMTS architectural improvements

Wideband access– higher bit rates toward mobile multimedia

applicationsMobile-fixed-Internet convergence– a uniform way to offer cross-domain services to

users– service portability across networks and terminals

Flexible service architecture– enhancing creativity and flexibility for new services

standardizing the blocks that make up services and not services themselves

Compared with GSM

20032003A. JamalipourA. Jamalipour 5252

UMTS and open service architectureUMTS and open service architecture

Providing access of UMTS service architecture via OSA to third party service providers

– To enhance portability of telecommunications services between networks and terminals (Rel-5, TS 22.127)

Virtual Home Environment (VHE)– A system concept for personalized service portability across

networks boundaries and between terminals– Considered by 3GPP (Rel-5, TS 22.121)– Use of services available at home network even after roaming

into another network– e.g., VHE converts a WAP into SMS when WAP is not

available in the visiting network

20032003A. JamalipourA. Jamalipour 5353

VHE for UMTSVHE for UMTS

network layer

standardized service-network UMTS interfaces

service

service layer

SCS 1

SCF

callcontrol servers

SCS 5

SCF

CAMEL servers

SCS 4

SCF

SIM application toolkit servers

SCS 2

SCF

home location register servers

SCS 3

SCFmobile

execution environment

servers

serviceservice

application servers

application servers

application servers

20032003A. JamalipourA. Jamalipour 5454

VHE elementsVHE elements

Enabling development of services independent of the underlying networks

– A layered UMTS service architecture

Service capability servers (SCS): servers that provide functionality used to construct services (e.g. MSC)Service capability features (SCF): the classes of OSA interface

– SCSs are network elements whereas SCFs are only additional software layer of interface classes on top of SCSs

– Examples of SCFs: call control, location/positioning, notifications

20032003A. JamalipourA. Jamalipour 5555

VHE SCS specificationsVHE SCS specifications

Call control (CC) servers: MSC to support circuit-switched telephony using 24.08 CC protocol (R99)Home location register (HLR): database for location and subscriber information using MAP protocolMobile execution environment (MExE) server: for value-added services through WAPSIM application toolkit (SAT) server: to offer additional capabilities to communications protocol between SIM and mobile terminalCustomized application for mobile networks enhanced logic (CAMEL) server: extends the scope of IN service provisioning to the mobile environment and to exchange mobile-specific service information between CAMEL and service switching point (SSP) and service control point (SCP)

20032003A. JamalipourA. Jamalipour 5656

UMTSUMTS QoSQoS supportsupport

Traffic class

Fundamental characteristics

BER

Example of the application

Conversational class

• Preserve time relation between informationentities of the stream• Conversational pattern (stringent and low delay)≤10-3

Voice, videotelephony, video games

Streaming class

• Preserve time relation between informationentities of the stream

≤10-5

Streamingmultimedia

Interactive class

• Request responsepattern• Preserve data integrity

≤10-8

Web browsing, network games

Background class

• Destination is not expectingthe data within a certain time• Preserve data integrity

≤10-8

Backgrounddownload of emails

20032003A. JamalipourA. Jamalipour 5757

E2E quality of service in 3G/UMTSE2E quality of service in 3G/UMTS

TE MS RAN CN TE

local bearer service

3G/UMTS bearer service

external bearer service

terminal-to-terminal QoS

3G/UMTS QoS

MT

20032003A. JamalipourA. Jamalipour 5858

cdma2000cdma2000

cdmaOne

PSTN

BTS

PCFcdma2000

AN

Internet

AN-AAA

PDSN HA

AAA

HLR

PCN

BSC

MSC/VLR

PCF

cdmaOne

PSTN

BTS

PCFcdma2000

AN

Internet

AN-AAA

PDSN HA

AAA

HLR

PCN

BSC

MSC/VLR

PCF

Packet data service reference model

cdma2000 network architecture

Access Layer

Data Link Layer

Network Layer

Higher Layers

Security

Service Access Provider

to other packet data networks

Access Layer

Data Link Layer

Network Layer

Higher Layers

Security

Access Layer

Data Link Layer

Network Layer

Higher Layers

Security

Service Access Provider

to other packet data networks

20032003A. JamalipourA. Jamalipour 5959

Access layerAccess layer

Mobile station supports in regard to provider– radio access technology– signaling standards

supporting only a single packet data service (Simple IP or Mobile IP); differentiation at higher layers

Access network– authenticates and authorizes MS for access service– establishes a connection to IMT-2000 network– initializes a data link layer

After this link layer establishment, network layer protocols are executed to establish the packet data session

20032003A. JamalipourA. Jamalipour 6060

Data link layerData link layer

Support of two types of data link layers by IMT-2000 network

PPP for Version 1 and 2– PPP protocol in compliance with RFC 1661– PPP compression control protocol (RFC 1962) used to

negotiate a PPP payload compression algorithm– In Mobile IP service, higher layers will not be reset when the

mobile re-establishes PPP to a new IMT-2000 serving areaSimple data link-layer protocol for Version 2

20032003A. JamalipourA. Jamalipour 6161

Network layerNetwork layer

Two types of network access methods– Mobile IP

Local and public network access– HA resides in IMT-2000 service provider network (SPN)– Authentication and authorization by SPN or a private network

Private network access– HA resides in a private network– Authentication and authorization by the private network

– Simple IPLocal and public network access

– IP address is dynamically assigned from the serving networkPrivate network access

– Same with addition of VPN software in mobile station

20032003A. JamalipourA. Jamalipour 6262

SecuritySecurity

Three levels of security from mobile station perspective– Radio access security

Authentication of the mobile stationSupport of air interface encryption

– IP network securityFor Mobile IP, use of FA challenge to authenticate mobile stationFor Simple IP, use of CHAP or PAP to authenticate mobile station

– CHAP: Challenge Handshake Authentication Protocol– PAP: Password Authentication Protocol– Both at the data link layer

– User end-to-end security Additional security measures provided by the user (optional)

ConclusionsConclusions

44Abbas Jamalipour

20032003A. JamalipourA. Jamalipour 6464

Application Level

Packet-based Traffic

Non-packet-based Traffic

Encapsulated Data

QoS

Mobility

Traffic

Network Management Level

Security

Physical Level

Wireless CellularWireless LAN

ADSLWired Networks

Application Level

Packet-based Traffic

Non-packet-based Traffic

Encapsulated Data

QoS

Mobility

Traffic

Network Management Level

Security

Physical Level

Wireless CellularWireless LAN

ADSLWired Networks

Layered manageable architectureLayered manageable architecture

A generic architecture that covers all networks under same assumptions and I/O traffic flows

Application level: harmonization of all different data into a unified form, prioritization of data according to the application and service requestedPhysical level: optimization of data transmission based on the unified dataNetwork level: management of the traffic flow transportation by resolving shortfall of the access network in providing requested service to the application; should be open, configurable, and scalableTasks include: traffic management, mobility management, QoS management, security management, and resource management

20032003A. JamalipourA. Jamalipour 6565

MWIF layered functional network architectureMWIF layered functional network architecture

Application

Service

Control

Transport

Security

OA

M&

P

API

Third party applications

Applications/Services Directory Services

Global Name ServersLocation Servers

AuthorizationPolicy Servers

Mobility Management

Communication Session Management

Resource Management

Access Gateway

Access Network Network Gateways

Terminals Other Networks

API

API

Access Specific Core

PSTN/external CS networksExternal IP networksLegacy 2G networksSignaling networks

20032003A. JamalipourA. Jamalipour 6666

ReferencesReferences

A. Jamalipour, The Wireless Mobile Internet – Architectures, Protocols and Services, John Wiley & Sons, Chichester, England, 2003.J. Kurose and K. Ross, Computer Networking – A Top-Down Approach Featuring the Internet, Second Edition, Addison Wesley, Boston, 2002.D. Wisely, P. Eardley, and L. Burness, IP For 3G, John Wiley & Sons, Chichester, England, 2002.http://www.3gpp.orghttp://www.3gpp2.orghttp://www.mwif.org