new technologies for integrated public wireless networks

New Technologies for Integrated Public Wireless Networks

Milind M. Buddhikothttp://www.bell-labs.com/user/mbuddhikot/

[email protected]

Center for Networking Research

Lucent Bell Labs Research

joint work with Scott Miller, Girish Chandranmenon, Clement Lee,

SJ Han, Luca Salgarelli

(Bell Labs)

Stelios Sidiroglou-Douskas, Kundan Singh

(Columbia)

04/19/23 Milind Buddhikot (Opensig03) 2

Outline

Integrated Public Wireless Networks • Current Trends and Rationale for Integration

Architectural approaches• Tight

• Loose

IOTA: Implementation for 802.11/CDMA2000 integration• IOTA Gateway

• Multi-interface client

MobileIOTA: Portable and transient hotspots SKE: Authentication and Key Exchange in Integrated

Networks IOTAClusters: Managed ad-hoc infrastructure Conclusions


Evolving Picture

Roaming or evenSeamless Handoff in Multiple Networks

One bill fromOne provider (3G carrier?)

Uninterrupted Applications:Streaming, Email, Corporate VPN, WebSubscriber

Service

TerminalPossibilities

Laptop PDA w/ WiFi & 3GLaptop with

Built-in WiFi & 3G3G card

3G cardWiFi card

Laptop withBuilt-in WiFi

2.5G/3GAccess of CWiFi

Access of B

WiFiAccess of A

WirelessAccessNetworks

Customers with multi-radio capable end devices

3G1X, 3G1XEVDO, UMTS, 802.11a/b access operated by different providers

Multitudes of applications, seamless roaming, preserve sessions, single bill


Evolving Picture

HandoffPossibilities Intertech

InternetwkHandoff

IntratechInternetwk

Handoff




Service




3G cardWiFi card



Access of B

WiFiAccess of A


Seamless roaming: • Efficient authentication• inter and intra-tech handoffs via

Interoperation of mobility mechanisms

Billing info across access networks and providers

Uniform service mapping Roaming Agreements!


HandoffPossibilities Intertech

InternetwkHandoff

IntratechInternetwk

Handoff




Service




3G cardWiFi card



Access of BWiFi

Access of A


Complete Picture

Roamingagreement

Roamingagreement

Wireless ISPA

CorporateNetwork

DVPNNetworkOwners

Wireless ISP B

Cellular CarrierC

Internet

Integration Architectures- Tight and Loose


802.11b Network

Infrastructure mode:• MNs communicate via base

stations Access Points (AP)

• AP s together with Ethernet characterized by ESSID

• 11-54 Mbps, Range limited 300-500m

MN-AP communication encrypted using • WEP

• WEP with MICHAEL in WPA1

• AES in WPA-2 Encryption keys may be

established• Statically

• Dynamically using 802.1x With TKIP in WPA

Layer-2 mobility via inter-AP protocols

MN

AP

STA

MN

RouterTo Internet

Encrypted

MN

AP

MN

MN

MN: Mobile Node STA: StationAP: Access Point


Representative 3G Network: CDMA2000 1X-RTT

144 Kbps per carrier MN maintains

• RLP connection to RNC

• PPP connection to PDSN

PDSN supports Mobile-IP and Simple-IP mode• FA functions in MIP mode

HLR : Home Location RegisterVLR : Visited Location RegisterF-AAA : Foreign AAAH-AAA : Home AAAHA : Home AgentFA : Foreign AgentPDSN : Packet Data Serving NodePCF : Packet Control FunctionRNC : Radio Network Control

Base Station

Base Station

Point-to-Point Protocol

F-AAA

PDSNPCFRNC

Radio Access Network

Radio Link Protocol

HLR

MSC/VLR

SS7Network

Web server

Internet

H-AAA

HA


Tight Integration

802.11 gateway uplink connects to the to 3G core network• Connect to GGSN in

UMTS or PDSN in 3GPP2

• Uplink is ATM over T1, T3, or SONET

• Ethernet, POS with IP Release 6 of UMTS.

Gateway appears as a new SGSN or PCF

BillingServers

HomeAAA

“Home” network(3G carrier)

GGSN/

PDSN

3G WirelessAccess

BS

BS

RNC

SGSN

Or PCF

Local AAA

Internet3G CoreNetwork

802.11Access Points

802.11Access

802.11 Gateway

WISP 1: Tightintegration

MN


Tight Integration (contd.)

Goal: Use the 3G protocol stack on the MN to sign on and use 802.11 networks• 802.11 RADIO is yet another 3G radio

Advantages: • Requires minimal changes to the client (in theory)

• Use same authentication infrastructure and profile

• Easy to generate one common billing statement

• Easy to view 802.11 network from the network management point

Disadvantages far outweigh the above


Disadvantages of Tight Integration Traffic engineering:

• 802.11 traffic over the 3G core network increases traffic load on well-engineered 3G core by ~25 to 100 times

• Core network must be re-engineered else QoS for regular 3G traffic severely affected

Client software • Include 3G stack even for 802.11 only users

• New 802.1x signaling to transport 3G specific signaling traffic Involves client changes , definition of new EAP types. 3G software not

usable transparently

Authentication overhead • Use of 3G authentication scheme requires gateway interface to a

VLR and/or implement VLR functions

• Ciphering, Integrity keys in 3G may not be usable in a 802.11 encryption procedure


Provider Nightmare

802.11 infrastructure must be owned by 3G provider• 3G provider burdened with rollout of 3G and 802.11!

Else, if 802.11 network operated by other provider• Alternate internet uplink for non-3G roaming customers

If 802.11 provider wants roaming agreement with multiple 3G providers it must have at least one uplink or tunnel per provider!• Provider cores are non-overlapping

Wireless carrier cannot benefit from 802.11 Wireless ISP deployments

• 802.11 networks not deployed independently of 3G

Gateway complicated for co-existing non-3G and 3G-roaming customers• QoS mapping from UMTS to 802.11e for roaming 3G customers

• SS7 awareness for authentication


Loose Integration Architecture

802.11 gateway connected to the internet via uplink• Layer-2 or layer-3

connection

• No direct connectivity to 3G core network

Loose: Data paths for two networks completely separated

802.11 network can be owned by different provider• Roaming contract with

3G provider

BillingServers

PDSN or

GGSN

3G WirelessAccess

BS

BS

RNC

PCFor

SGSN

Local AAA

802.11Access Points

802.11Access

802.11 Gateway

WISP 1: Looseintegration

HomeAAA

Internet3G CoreNetwork“Home” network

(3G carrier)


Loose Integration

802.11 provider authenticates the 3G roaming customer using 3G credentials• Roaming agreement with 3G provider which allows authentication

traffic to be directed to 3G AAA/HLR

• 3G provider may have to support new authentntication schemes as a part of roaming agreement E.g.: SKE, AKA, SIM

802.11/802.1x keys can be derived as an outcome of authentication protocol

Billing records generated by the gateway shipped to 3G HLR/H-AAA• Revenue settlement at a later date

IOTA: A Prototype Implementation


The IOTA prototype

IOTA=Integration Of Two Access technologies• 802.11b and 1XRTT, 1XEV-DO networks

Research prototype that implements the loosely-coupled architecture

Highly modularized IOTA gateway• Runs on off-shelf hardware (single/dual processor 750 MHz, Linux

OS)

Multi-interface mobility client software,• Management of mobility across multiple network interfaces and

multiple wireless/wireline technologies


Architecture of the IOTA gateway

User space

Kernel spaceDatapath

IP Forwarding

Packet-Mangle

QoSFirewall

NAT

UplinkInterface

DownlinkInterface

Active Session State

Database

IPC Service

DHCP Server

IOTAPktFilte

r

QoS Modul

e

IP components

Web Server

Web Cache

Local Portal

Web Services

MIP Foreign Agent

MIP Home Agent

Mobility management

Accounting Daemon

RADIUS Server/Prox

y

Authentication and Accounting


QoS Features for 802.11

802.11 QoSover air

Gold Service User

Silver Service User

Bronze Service User

10 Mbps

HomeAAA

HomeAgent

IOTA Gateway

IP QoS onaccess bottleneck

Edge Router

Access Router

10 Mbps 10 Mbps

Internet

QoS in two spots of congestion• IP QoS on oversubscribed access• QoS on 802.11 air interface (layer-2)

Layer-7/4/3 mechanisms for IP level QoS that complements 802.11e

Class based QoS• Gold, Silver, Bronze with minimum rate

guarantee• No special client software needed.

Per user service level policy obtained from H-AAA in AAA exchange

Map user population in 802.11 cells to achieve fairness and QoS guarantees

• SNMP queries to 802.11 APs DiffServ packet marking and traffic

policing• Gateway can mark packets even with Mobile IP

tunnels


Software architecture of the IOTA gateway

IPC Service

IP Forwarding

Packet-Mangle

QoSFirewall

NAT

Active Session State

Database

DHCP Server

IPFQoS

Module

IP components

Web Server

Web Cache

Local Portal

Web Services

MIP Foreign Agent

MIP Home Agent

Mobility management

Accounting Daemon

RADIUS Server/Prox

y

Authentication and Accounting

User space Kernel space

UplinkInterface

DownlinkInterface

The Web Cache is a proprietary, high-performance caching web-proxy. It is especially useful with the Mobile-IP

service.


Benefits of Integrated Web Cache

Reduces congestion on access lines to 802.11 network Provides performance optimization for web traffic by not routing

packets back to Mobile IP home agent from cache; can only be done if cache is integrated with foreign agent in same box

HomeAAA

HomeAgent

Edge Router

Access Routerw/ Foreign Agent

InternetWebSite

HomeAAA

HomeAgent

802.11 Gateway

Edge Router

Access Router

10 Mbps

Internet WebSite

WebCache

Layer-4switch

43 2

1 Webrequest

5 Webresponse

4 1

2

3

Integratedsmall-scaleweb cache

IOTA Multi-interface Mobility Client


IOTA Client - Features

Supports mobility across several kinds of physical interfaces• List of physical interfaces configured with associated priorities

Seamless : A user process doesn’t see any change in its connections.

Selection of the interface to use dependent on the user preference, signal strength, availability of a mobility agent in the network.

Bounce protection algorithm that uses hysteresis to minimize the switching• between the interfaces,

• between access points on the same interface

Allow IPSec tunneling independent of mobility.


IOTA client architecture

IPSec Client

Client GUI

User spaceKernel space

TCP/IP Stack

IPSec Client Driver

Multi-interface mobility driver

Ethernet driver

802.11 driver

PPP driver

3G-1x driver

Multi-interfaceMobility Client

Driver API


IOTA Client Architecture

Software runs on Windows 2000/XP operating system Approximately 45,000 lines of code, 13,000 of which

are Windows NDIS kernel networking code

New code developed,

Specifically for3G-802.11 integration

VPN/IPSec integration(e.g. Lucent IPSecClient)

Interaction withExisting WindowsOS modules

TCP/IP Protocol Stack

Virtual MobileIPAdaptor

VPN/IPSecControl

OS

PP

P S

upport

Graphical User Interface & Monitoring

Ethernet

Mobile IP State Machine

Interface Abstraction Layer/API

Network Detection

Network Selection

MobileNATClient

802.11 PPPCDMA2000

Sierra 3G1xRTT

VPN/IPSec Client Driver

Multi-interface Mobility Client Driver

EthernetInterface

802.11Interface

PPP Interface

IS-835 Shim

Serial D

riverA

T C

omm

and Set

Us

er L

ev

el

OS

Ke

rne

l Le

ve

l


Client GUI

A simple and effective GUI that reports the most current status of the networks and the mobility manager. It also allows users to

edit the configuration information.

Shared Key Exchange (SKE)


Integrating 802.11 and 3G: Service Provider Wish List Subscriber Ownership

• Offer 802.11 hot spot access to a 3G wireless subscriber as a value added service

• Potentially better performance and QoS• Volume subscribers (by millions) for 802.11 operators

Transparent handoff and roaming• Allow customers with dual radio modem to transparently handoff

from a 3G wireless infrastructure to a 802.11 network • Roaming agreement between 3G operator and 802.11 operator

Use one common AAA and billing infrastructure for integrated access• Avoid creating duplicate and disparate authentication mechanisms• Use of one common shared secret

How to achieve this ? Our SKE protocol is a part of the solution


Basic Authentication Model

KMN-H-AAA : Security association between MN and H-AAA

• Pre-established at service initiation or derived from a <UserID, PassWd>

KMN-SMS: 802.11 Layer-2 encryption key

• Per session, per MN dynamic key for encryption

KMN-FA , KMN-HA: Layer-3 Mobile IP (MIP) registration keys

• Per MIP session

KMN-H-AAA

MN AP F-AAA H-AAAkMN-SMS

FA HAkMN-FA

kMN-HA


SKE Design Requirements

Fraud protection:• Prevent unauthorized users from receiving service from visited

networks without paying for it

Prevent session hijacking (RFC2828):• Prevent users from seizing control of a ongoing communication

association previously established by another user

Authenticate MN:• Allow H-AAA to authenticate and authorize that the MN has rights

receive service from a foreign domain with which the home domain has a roaming agreement.

Allow MN to authenticate H-AAA: • Allow the MN to establish that it is authenticating to a trusted H-AAA

that is in possession of KMN, H-AAA


SKE Design Requirements

Session Key Establishment: • Establish per session dynamic shared secret key KMN, AP . Guarantee both

MN supplicant and H-AAA that this key is fresh, random and unique.

Guarantee Forward Secrecy: • compromise of a session key permits access to data protected by

that key

Path Authentication by MN and H-AAA• Allow MN and H-AAA to verify the path between MN and H-AAA

Efficiency:• Minimal message exchange


Complete EKP-SKE Message Flow

KMN-H-AAA

kMN-AP

MN AP F-AAA H-AAA

1EAP-Req (Identity Req)

0 EAPOL-START

2EAP-Resp(NAI,SID)

5EAP-Req (Challenge N_1)

ComputeAuth1using kMN-H3A

6EAP-Resp (Auth1, N_2)

Attr: NAI, SID, AUTH1,[ASID]

7 RADIUS/EAP-Resp

Verify Auth2 Compute kMN,SMS

11EAP –Req (Auth2,N_3 )

12EAP-Resp (SKE-Success)

3RADIUS/EAP-Resp(NAI,SID)

4RADIUS/EAP-Req(N1)

13RADIUS/EAP-Resp

14RADIUS/EAP-Success

9 Radius Resp

- Authenticate Auth1 Compute kMN-SMS

8RadiusAccessReqN1, N2, AUTH1, UID, SIDASID

8

Attr: AUTH2,N_3, KSMS

15EAP (Success)

10RADIUS/EAP-Req

Attr: AUTH2, N_3, KSMS


SKE Computations

Message 4:• (a) MN generates its own challenge N2

• (b) MN computes a MAC code Auth1

-- Auth1 = MAC (KMN-HAA, N1 | N2 | NAI|SID|ASID)

Sends the (Auth1, N2) to APF-AAA


What is the computation in Step 7?

Compute AUTH1’=MAC (KMN-HAA, N1 | N2 | NAI|SID|ASID) Is AUTH1’ == AUTH1? If yes, H-AAA concludes MN is authenticated and does

following Generates N3

• (a) a random number, (b) a monotonically increasing integer or (c) a pre-configured constant.

Compute Authenticator for MN to validate H-AAA• AUTH2 = MAC(KMN-H-AAA, N2 | N1 | NAI|SID|ASID)• Note change in the order of arguments with respect to AUTH1.

Compute dynamic session key• KMN-SMS= PRF(KMN-H-AAA, N3 | AUTH2)

When N3 new for every request, it guarantees key freshness


Discussion

KMN-H-AAA can be segmented into hierarchy of multiple keys much like EAP-ARCHIE• One of the keys used to cipher the challenge N1, N2 and AUTH

responses


Comparison with other Approaches:Architecture and Networking Properties

Scheme Architecture Networking Requirements

RTT to F-AAA/H-AA

Statelessness

EAP-SKE Shared key with H-AAA 1 Yes

EAP-SIM Subscribe Identity Module (SIM) card

3 Yes

EAP-AKA Universal SIM (U-SIM) card

2+ Yes

EAP-TLS Public-Private Key based Certificate

3 Yes

EAP-TTLS Public-Private Key based certificate and other

4+ Yes

EAP-SRP Password 4 Yes


Comparison with other Approaches:Security Properties

Scheme Session Key Establishment

Security Properties

RTT to F-AAA/H-AA

Path authentication

Statelessness

EAP-SKE

Yes Yes Yes Amenable to proof

EAP-SIM Yes Yes No No

EAP-AKA

Yes Yes No Yes

EAP-TLS Yes Yes No No

EAP-TTLS

Depends on tunneled method

Depends on Tunneled method

No No

EAP-SRP

Yes Yes No No


Conclusions

Opportunity for carriers to strengthen 3G offerings with 802.11 integration

• using IETF standards (security, accounting, mobility) in 802.11 networks

802.11 integration with CDMA 2000, GPRS/UMTS via loosely coupled approach

• Benefits of simplicity, network efficiency, cost

• ability to partner with 802.11 Wireless ISPs Can be extended to support

• Location services• Network based VPNs

More details athttp://www.bell-labs.com/user/mbuddhikot/IOTAProject/IOTA.htm

new technologies for integrated public wireless networks

Documents

g network

g traffic

g software

g stack

g radioadvantages

g authentication scheme

g core networkconnect

g protocol stack