![Page 1: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/1.jpg)
輔大資工所 在職研一
報告人:林煥銘 學號: 492515241
Public Access Mobility LAN:Extending The Wireless Internet into The LA
N Environment
Jun Li, Stephen B. Weinstein, Junbiao Zhang, And Nan Tu NEC USA Inc.
![Page 2: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/2.jpg)
P.2 Presented by Herman Lin
Outline
Introduction Architecture & Protocol Components Security Issues Mobility Management Conclusion
![Page 3: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/3.jpg)
P.3 Presented by Herman Lin
Introduction PamLAN: Public Access Mobility LAN Aim is to meet
Ubiquitous access High data rate Local services demands
Architectural guidelines for WLAN environments Large-scale IP-based Supporting mobile/portable appliances (Simultaneously support different air interfaces)
![Page 4: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/4.jpg)
P.4 Presented by Herman Lin
Introduction (cont’d)
Based on wired LAN environment Wireless access points are imbeded
Multi-segment LAN Supporting handoffs
![Page 5: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/5.jpg)
P.5 Presented by Herman Lin
Introduction (cont’d)
Supports Internet Access via WLANs Multiple air interfaces Multiple virtual operators Location dependent services Local IP mobility QoS (within wired network)
![Page 6: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/6.jpg)
P.6 Presented by Herman Lin
Introduction (cont’d)
The main disadvantage of current WLANs Lack of public access Being tied down to a single access point
(i.e.,restriction to subscribers of the WLAN operator) Single air interface
(reducing the range of appliances) Not a breakthrough in technological capacities
Combination of available technologies
![Page 7: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/7.jpg)
P.7 Presented by Herman Lin
Architecture
PamLAN Multiple virtual operators, each operation a VOLAN, AAA features.
VOLAN Virtual operator LAN, extending VLAN capabilities across subnetworks for each virtual operator.
VLAN Virtual LAN, implementing user group features such as broadcast containment within a physical LAN.
Table 1. PamLAN/VOLAN/VLAN hierarchy.
![Page 8: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/8.jpg)
P.8 Presented by Herman Lin
Architecture (cont’d)
Switched Ethernet LAN Access Points
Supporting IEEE, Bluetooth, Cellular, ... IP-based access router with proxies
Gateway routers Internet access through IP-tunneling
![Page 9: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/9.jpg)
P.9 Presented by Herman Lin
Architecture (cont’d)
![Page 10: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/10.jpg)
P.10 Presented by Herman Lin
Architecture (cont’d)
Integration of Cellular IP & Mobile IP for supporting mobility
MPLS (Multi-Protocol Label Switching) Brings QoS across multiple LAN segments
IEEE VLAN standard 802.1Q IEEE 802.1p header for QoS
![Page 11: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/11.jpg)
P.11 Presented by Herman Lin
Large Scale PamLAN For single VLAN QoS can be easily
supported For large scale WLANs?
Intermediate routers work at layer 3 Source & destination addresses must be used
for VOLAN membershipIntermediate routers must know all IP addresses
for VLAN mapping VLAN for grouping traffic per VOLAN MPLS for whole PamLAN
![Page 12: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/12.jpg)
P.12 Presented by Herman Lin
MPLS (Multi-Protocol Label Switching)
Tunnels traffic between gateways & access points Intermediate routers only examine MPLS
labels, which imposes a path Forwarding Equivalence Class (FEC)
Formed based on VOLAN membership & QoS FEC is inserted in MPLS label
Used for 802.1p priority within VLAN
![Page 13: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/13.jpg)
P.13 Presented by Herman Lin
MPLS (cont’d)
![Page 14: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/14.jpg)
P.14 Presented by Herman Lin
MPLS (cont’d)
Traffic engineered paths can be set up among access points and Internet gateways according to service contracts between PamLan & virtual operators
DiffServ QoS service: IEEE 802.1p & MPLS traffic engineering
![Page 15: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/15.jpg)
P.15 Presented by Herman Lin
Protocol Stack
![Page 16: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/16.jpg)
P.16 Presented by Herman Lin
Security Issues
Four major components: Mutual Authentication Secure Channel Establishement Per packet encryption Filtering function
![Page 17: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/17.jpg)
P.17 Presented by Herman Lin
Security Issues
路由器
路由器路由器
路由器
Internet Geteway
Access Point 1 Access Point 2
RADIUS server
RADIUS clientDHCPFilter
User’s Profile: Public Key Subscription status
![Page 18: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/18.jpg)
P.18 Presented by Herman Lin
Mutual Authentication
RADIUS (Remote Authentication Dial-In User Service) IP-based authentication (~802.11 proposal) Basic Steps:
Obtaining IP (DHCP)Login sessionaccess point: relay agent to virtual operatorChallenge-responce protocol for authenticationSend the user’s profile
![Page 19: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/19.jpg)
P.19 Presented by Herman Lin
Securing Channel Establishment
After authentication User’s profile is transfered to the access point
including his/her public key Access point sends session key encrypted
under the corresponding public key IPSec together with ESP can be used for
security at IP layer depending on user requests
![Page 20: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/20.jpg)
P.20 Presented by Herman Lin
Authorization Control
Based on user credentials, packets can be filtered at the access point Through (authenticated with the session key) Sent to the authentication engine (login in) Blocked (unauthorized traffic)
![Page 21: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/21.jpg)
P.21 Presented by Herman Lin
Mobility Issues
Mobility should be supported at layer 3 Multiple subnetworks within PamLAN
Micromobility Roaming within PamLAN
![Page 22: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/22.jpg)
P.22 Presented by Herman Lin
Mobility Issues (cont’d) Possible approaches
Cellular IP: Routing update message is sent from mobile deviceNew AP, each router along the way, gateway update
their routing tableThe mobile device periodically send paging packetsThe process is burden when a large number of
mobile devices being served MPLS based: only end points have to update
locationOld, new access points and Internet gateway need to
be informed
![Page 23: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/23.jpg)
P.23 Presented by Herman Lin
路由器
路由器路由器
路由器
Internet Geteway
Access Point 1 Access Point 2
Cellular IP
![Page 24: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/24.jpg)
P.24 Presented by Herman Lin
路由器
路由器路由器
路由器
Internet Geteway
Access Point 1 Access Point 2
Cellular IP
Routing update
Routing entries are refreshed periodically
![Page 25: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/25.jpg)
P.25 Presented by Herman Lin
Mobility Issues (cont’d) Fast AAA handoff
No repetative authentication Move user profile from old access point to the
new one(contain public key, old session key, mobile device IP, old session’s access policy)
Old AP signals to the RADIUS server terminate the current accounting session
New AP generates a new session key New AP sends old session key and new
session key encrypted under user’s public key User uses the new session key to establish a
secure connection with the new AP
![Page 26: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/26.jpg)
P.26 Presented by Herman Lin
Fast AAA handoff
路由器
路由器路由器
路由器
Internet Geteway
Access Point 1 Access Point 2
Contains : user’s public key, old session key, mobile device’s IP, access policy….
Fetch the profile
old AP new AP
RADIUS server
![Page 27: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/27.jpg)
P.27 Presented by Herman Lin
路由器
路由器路由器
路由器
Internet Geteway
Access Point 1 Access Point 2
The old AP signals to the RADIUS server the termination of the current accounting session.
old AP new AP
RADIUS server
Fast AAA handoff
![Page 28: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/28.jpg)
P.28 Presented by Herman Lin
路由器
路由器路由器
路由器
Internet Geteway
Access Point 1 Access Point 2
Encrypts new session key and old session key using public key and send the result to the user in a UDP packet
old AP new APNew session key
+Old session key
RADIUS server
Fast AAA handoff
![Page 29: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/29.jpg)
P.29 Presented by Herman Lin
路由器
路由器路由器
路由器
Internet Geteway
Access Point 1 Access Point 2
The mobile deveice decrypts these keys and compares the old session key
old AP new APNew session key
Establish a secure connection
RADIUS server
Fast AAA handoff
![Page 30: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/30.jpg)
P.30 Presented by Herman Lin
Conclusion
Secure Economical Extensible Multiple service providers Multiple air interfaces Variety of services appropriate for coming
generations of Internet appliances.
![Page 31: 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein,](https://reader036.vdocuments.site/reader036/viewer/2022081504/56649f2c5503460f94c47380/html5/thumbnails/31.jpg)
P.31 Presented by Herman Lin
Reference