Optimal Service Delivery in Mobile Networks

Ashutosh Dutta, Ph.D.

Senior Scientist

NIKSUN

Princeton, NJ, USA 08540

Email: adutta@niksun.com

WWSMC’11, NJ USA, July 20111

– A name identifies what you want,

– An address identifies where it is,

and

– An route identifies a way to get there

John Shoch, 1978

Talk Outline

Evolution of Mobile Networks

Service Delivery in Mobile Networks

A taxonomy of IP mobility

Handoff optimization – Use case scenarios

Measurement-based mobility model

Conclusions

.3

42 Mb/s (DL),

22 Mb/s (UL)

CDMA2000

NX

TACS

NMT

AMPS

SMR

GPRS EDGEGSM

IS-136

IS-95 (A)

iDEN

PDC

IS-95 (B)CDMA2000

1X

WCDMA

1 G 2 G 2.5 G 3 G 4 G

144 kb/s, 384

kb/s, 2 Mb/s

144 kb/s, 384

kb/s, 2 Mb/s

JTACS

54 kb/s 236 kb/s

144 kb/s

50 UL, 100 DL

9.6 kb/s

9.6 kb/s

48.6 kb/s

42 kb/s

NTT

24 kb/s

IEEE 802.16

802.20

EHSPA

UMB

LTE

80 Mb/s (UL), 360 Mb/s

280 Mb/s

80 Mb/s

115 kb/s

1980 1990 19952000

2008

Evolution of mobility protocols

Mobile Wireless Internet: A Scenario

802.11a/b/g

Bluetooth

IPv6

Network

UMTS/CDMA

Network

InternetDomain1

Domain2

UMTS/

CDMA

PSTN gateway

Hotspot

CHRoaming

UserAd Hoc

Network

PAN

LAN

WAN

WAN

LAN

PSTN

802.11 a/b/g

QoE => Perceived Quality of Service

Network Metrics

• Bit rate, delay, jitter, packet loss rate

• Power consumption

Application Metrics

• Call setup delay

• Failed calls, dropped calls, retransmission

• MOS (Mean Opinion Score) for media

Several standards groups …• ITU-T SG12

• ITU X.902 (IP Telephony)

• IETF – IPPM, DIFFSERV

• 3GPP – 3GPP TS 32.409 (IMS performance)

Service Delivery Metrics

Slide 6

Mobility Taxonomy

IP Mobility

PersonalTerminal Service

Application

Layer

Network

Layer

Session

• Systems

Optimization

MIPv4

Cellular IP

HAWAII

IDMP

MIP-LR

MIPV6

ProxyMIPv6

SIPMM

MIP-LR(M)

Proxy

Transport

Layer

MSOCKS,

Migrate

mSCTP

Shim

Layer

HIP

Issues

• Host controlled

vs.

Network Controlled

• Mobility pattern

Use Case: Cross layer and multiple

interfaces

Ne

tw

or

k

Ty

pe

S

SI

D/

C

ell

ID

B

S

SI

D

Op

er

at

or

Se

cu

rit

y

N

W

C

ha

nn

el

Q

o

S

Ph

ysi

cal

La

yer

Dat

a

Rat

e

GS

M

13

98

9

N/

A

AT

&T

NA NA 1

9

0

0

N

/

A

N/A 9.6

kbps

80

2.1

6d

N

A

N

A

T-

Mo

bile

PK

M

EAP-

PEA

P

1

1

Y

e

s

OF

DM

40

Mbp

s

Wakeup WLAN

Download over WLAN

Shutdown GPS

Café

Airport

Zone 1 Zone 2 Zone 3

Zone 4 Zone 5 Zone 6

Zone 7 Zone 9

Wi-Fi

Wi-MAX

WLAN Link Going Down.

Switch to WiMAX

Download over WiMAX

Shutdown WLAN

Wakeup GPS

Zone 8

Wi-Fi

Connect to WLAN

Battery level low

Shutdown WiMAX

Download over GSM/GPRS

Wakeup WLAN

Wi-MAX

Shutdown GPS

Start Download over

WLAN

Network

Type

SSID/

Cell ID

BSSID Operator Security NW Channel QoS Physical

Layer

Data Rate

GSM 13989 N/A AT&T NA NA 1900 N/A N/A 9.6 kbps

Network

Type

SSID/

Cell ID

BSSID Operator Security NW Channel QoS Physical

Layer

Data Rate

GSM 13989 N/A AT&T NA NA 1900 N/A N/A 9.6 kbps

802.11b Café 00:00:… Café .11i EAP-

PEAP

6 .11e OFDM 11 Mbps

Network

Type

SSID/

Cell ID

BSSID Operator Security EAP

Type

Channel QoS Physical

Layer

Data Rate

GSM 13989 N/A AT&T NA NA 1900 N/A N/A 9.6 Kbps

802.11b Airport 00:00:… Airport .11i EAP-

PEAP

6 .11e OFDM 11 Mbps

Radio State

GSM

WLAN

WiMAX

GPS

Radio State

GSM

WLAN

WiMAX

GPS

Radio State

GSM

WLAN

WiMAX

GPS

Radio State

GSM

WLAN

WiMAX

GPS

Radio State

GSM

WLAN

WiMAX

GPS

Radio State

GSM

WLAN

WiMAX

GPS

Radio State

GSM

WLAN

WiMAX

GPS

Courtesy: IEEE 802.21

Backbone

Administrative

Domain B

L2 PoA

Corresponding

Host

128.59.10.7

IPch

207.3.232.10

210.5.240.10

128.59.11.8

N2

N1N1

N2

N1- Network 1 (802.11)

N2- Network 2 ( CDMA/GPRS)

Configuration

Agent

L3 PoA

207.3.232.10

Mobile

Host

Authentication

Agent

Authorization

AgentRegistration

Agent

Registration

Agent

Administrative

Domain A

Configuration

Agent

Authorization

Agent

Signaling

Proxy

Authentication

Agent

Signaling

Proxy

Layer 3

PoA

L2 PoALayer 2

PoA

Layer 2

PoAL3 PoA

Mobility Illustration in a sample IP-based network

128.59.9.6

L3 PoA

A

B

CD

900 ms

media interruption

802.11 802.11

h/o delay

900 ms

802.11 802.11

4 Seconds media interruption h/o delay 4 s

Handoff Delay

~ 18 s

802.11 CDMA

18 Seconds media interruptionh/o delay

18 s

9

Handover

Event

Network

discovery &

selection

Network

attachment

Configuration Security

association

Binding

update

Media

reroute

Channel

discoveryL2

associatio

n

Router

solicitation

Domain

Advertisement

Identifier

acquisition

Duplicate

Address

Detection

Address

ResolutionAuthentication

(L2 and L3)

Key

derivation

Identifier

update

Identifier

mapping

Binding

cache

Tunneling

Buffering

Forwarding

Bi-casting/

Multicasting

Server

discovery

Identifier

Verification

Subnet

discovery

P1 P2 P3 P4 P5P6

P11

P13

P12

P21

P22

P23

P31

P32

P33P41

P42

P51

P52

P53

P54

P61 P62

P63

P64

System decomposition of handover process

10

How security affect handoff performance

Security protocols have an impact on

the performances of the network

• End-to-end latency

• Throughput

• Handoff delay

• Packet loss

Main components that affect the

performance

• Authentication/authorization,

• Key Derivation

• Encryption

Security related delays may affect

all the layers

– Layer 2 (e.g., 802.11i, WEP)

– Layer 3 (IPSEC/IKE)

– Upper Layers (e.g., TLS,

SRTP)

Security

Association

Key

Distribution Authentication Encryption

Layer 2

Layer 3

Layer 4

ServerMobile Network

MN

MN Server

L3

POA

Security

Association

Key

Distribution Authentication Encryption

Layer 2

Layer 3

Layer 4

ServerMobile Network

MN

MN Server

L3

POA

Key principles for security optimization

Number of round trip signaling for key derivation process

need to be minimized

Avoid the key exchange by maintaining the end-point address identifier (e.g., IP address)

Avoid tear down and re-establishment of Security Association (e.g., IPSec Tunnel)

Proactive authentication

Fast re-authentication

Security context transfer between the base stations

Cross layer assisted authentication

• Layer 3 authentication bootstraps layer 2 authentication process

Anchor-based security association• Clients behind Mobile IP Home Agent are shielded from IP address

change

Media Independent Pre-authentication - a deployment

scenario

AA CA

MN-CA key

AR

Network 3

AR

AA CA

MN-CA key

Network 2

INTERNET

Information

Server

Mobile

Current

Network 1

AR

AP1 Coverage Area AP 2 & 3 Coverage Area

AR

Network 4

CN

AP3AP2AP1 CTN

TN

CTN – Candidate Target Networks

TN – Target Network

Network-Layer Assisted

Pre-Authentication

Supports handover across inter-

technology, inter-subnet and

inter-domain

Independent of link-layer

technology (e.g., 802.11,

CDMA)

No context transfer security

problems (e.g. no domino effect)

Home AAA

Domain

IEEE 802.11i

Pre-authentication

nAR/PAA

AAAv

AAAh

pAR

10.1.10.2/24

10.1.10.1/2410.1.20.2/24

MN

PSK PSK

AP0AP1AP2

Radius/Diameter

PANA pre-auth

Association

&

4-way handshake

Network A Network B

PANA Pre-authentication

Roaming AAA

Domain*

Network Pre-authentication Flows

PANA-Client-Initiation(PCI)

PANA-Start-Request (PSR) [EAP Req/Ident]

PANA-Start-Answer(PSA) [EAP Resp/Ident]

PANA-Auth-Request (PAR) [EAP-TLS/Start]

PANA-Auth-Answer (PAN) [EAP-TLS/Client-Hello]

PANA-Binding-Request[AUTH] (PBR) (EAP-Success)

PANA-Binding-Answer (PBA)

PaC target PAAtarget APx AAAH

SNMPv3-Set(PSK, PaC’s MAC address)

AAA prot-ans (EAP-TLS/Start)

SNMPv3-Ack

PaC’s

Movement

EAPOL Key: Message 1

EAPOL Key: Message 2

EAPOL Key: Message 3

EAPOL Key: Message 4

PSKx PSKx

AAA prot-req (EAP-Resp/Ident)

Network-Layer

Pre-authentication

EAP skipped

1x controlled port enabled & IP traffic

Pre-configuration

PSK

installation

AAAv

AAA prot-ans (EAP-TLS/ServCert)

AAA prot-req (EAP-TLS/Client-Hello)

PANA-Auth-Answer (PAN) [EAP-TLS/ClientCert]

PANA-Auth-Request (PAR) [EAP-TLS/ServCert]

AAA prot-req (EAP-TLS/ClientCert)

AAA prot-ans (EAP-TLS/ChangeSpec)

PANA-Auth-Answer (PAN) [EAP-TLS/Ack]

PANA-Auth-Request (PAR) [EAP-TLS/ChangeSpec]

AAA prot-req (EAP-TLS/Ack)

AAA prot-ans (EAP-Success)

(Re)Association

Associated

current APx

Non-roaming Roaming

4-way hanshake

PANA-Client-Initiation(PCI)

PANA-Start-Request (PSR) [EAP Req/Ident]

PANA-Start-Answer(PSA) [EAP Resp/Ident]

PANA-Auth-Request (PAR) [EAP-TLS/Start]

PANA-Auth-Answer (PAN) [EAP-TLS/Client-Hello]

PANA-Binding-Request[AUTH] (PBR) (EAP-Success)

PANA-Binding-Answer (PBA)

PaC target PAAtarget APx AAAH

SNMPv3-Set(PSK, PaC’s MAC address)

AAA prot-ans (EAP-TLS/Start)

SNMPv3-Ack

PaC’s

Movement

EAPOL Key: Message 1

EAPOL Key: Message 2

EAPOL Key: Message 3

EAPOL Key: Message 4

PSKx PSKx

AAA prot-req (EAP-Resp/Ident)

Network-Layer

Pre-authentication

EAP skippedEAP skipped

1x controlled port enabled & IP traffic

Pre-configuration

PSK

installation

AAAv

AAA prot-ans (EAP-TLS/ServCert)

AAA prot-req (EAP-TLS/Client-Hello)

PANA-Auth-Answer (PAN) [EAP-TLS/ClientCert]

PANA-Auth-Request (PAR) [EAP-TLS/ServCert]

AAA prot-req (EAP-TLS/ClientCert)

AAA prot-ans (EAP-TLS/ChangeSpec)

PANA-Auth-Answer (PAN) [EAP-TLS/Ack]

PANA-Auth-Request (PAR) [EAP-TLS/ChangeSpec]

AAA prot-req (EAP-TLS/Ack)

AAA prot-ans (EAP-Success)

(Re)Association

Associated

current APx

Non-roaming Roaming

4-way hanshake

Performance (MPA-Non-MPA) – Single I/F

MPA

• No packet loss during pre-authentication, pre-configuration and pro-active handoff before L2 handoff

• Only 0 packet loss, 4 ms delay during handoff mostly transient data

– Includes delay due to layer 2, update to delete the tunnel on the router

– We also reduced the layer 2 delay in hostap

Driver

– L2 delay depends upon driver and chipset

non-MPA

• About 200 packets loss, ~ 4 s during handover

– Includes standard delay due to layer 2, IP address acquisition, Re-Invite, Authentication/Authorization

• Could be more if we have firewalls also set up

MPA Approach

Non-MPA Approach

handoff

802.11 802.11

4 s

Handoff Delay

~ 18 s

802.11 CDMA

Handoff Delay

16 s

802.11 CDMA

a. MIP-based Non-optimized handoff

b. SIP-based Non-optimized handoff

c. MPA and 802.21 assisted optimized

handoff

802.11 CDMA

Optimized handoff delay with MPA (Multiple I/F)

Triple Encapsulation for Mobile VPN

DMZ

Internal (protected) External (unprotected)

CN

Internal Home

Network

VPN tunnel x-MIP tunnel

VPN

GW x-HA

Based on its current location, MN dynamically establishes/changes/terminates tunnels

without changing current standards of IPsec VPN or Mobile IP.

Triple encapsulation tunnel is constructed by:

• i-HA (Internal Home Agent): Forwards IP packets to MN’s current internal location

• VPN GW: Protects (encrypts and authenticates) IP packets transmitted in external networks

• x-HA (External Home Agent): Forwards IP packets to MN’s current external location

MN

i-MIP tunnel

Internal Visited

Network

i-HA

MNMN MN

ExternalNetwork 1

ExternalNetwork N

Results: Mobile IP-VPN

Non-M a ke -be fore -bre a k

31500

32000

32500

33000

33500

34000

34500

35000

0 50 100 150 200 250 300

Tim e in S e conds

RT

P S

eq

ue

nc

e

RTP Sequence

802.11

(enterprise )

Cellular

802 .11

(enterprise)

Packet Loss

Due to N on -m ake-before-break

Non -m ake -before-break

Non-M a ke -be fore -bre a k

31500

32000

32500

33000

33500

34000

34500

35000

0 50 100 150 200 250 300

Tim e in S e conds

RT

P S

eq

ue

nc

e

RTP Sequence

802.11

(enterprise )

Cellular

802 .11

(enterprise)

Packet Loss

Due to N on -m ake-before-break

Non -m ake -before-break

802.11-Cellular Secured Handoff

1800

1900

2000

2100

2200

2300

2400

2500

2600

0 20 40 60 80 100 120 140 160 180

Time in Seconds

RT

P P

ac

ke

t

Se

qu

en

ce

RTP sequence during

handoff

Out-of-order-packet802.11(enterprise)

Cellular 802.11(enterprise)

802.11-Cellular Secured Handoff

1800

1900

2000

2100

2200

2300

2400

2500

2600

0 20 40 60 80 100 120 140 160 180

Time in Seconds

RT

P P

ac

ke

t

Se

qu

en

ce

RTP sequence during

handoff

Out-of-order-packet802.11(enterprise)

Cellular 802.11(enterprise)

MNVPN GW

Visited Network 2

(802.11)

Visited Network 1

(Cellular)

CN

Tunnel (RTP)

MOBIKE

MOBIKE

13.377

13.342 ( 802.11 is up)

13.554 (First packet on 802.11)

47.881

51.519

MOBIKE

51.977

Packet

Loss

(No-Break-before-make)

RTP

Visited Network 1

(Cellular)

13.667 (Last packet on cellular)

MOBIKE

43.103 (Last packet on 802.11)

VPN traffic in 802.11

VPN traffic in cellular

Mobike in cellular

Mobike in 802.11

IP0 is primary address

IP1 is primary address

IP0 is primary address

IP0 – address of 802.11 interface

IP1 – address of cellular interface

MNVPN GW

Visited Network 2

(802.11)

Visited Network 1

(Cellular)

CN

Tunnel (RTP)

MOBIKE

MOBIKE

13.377

13.342 ( 802.11 is up)

13.554 (First packet on 802.11)

47.881

51.519

MOBIKE

51.977

Packet

Loss

(No-Break-before-make)

RTP

Visited Network 1

(Cellular)

13.667 (Last packet on cellular)

MOBIKE

43.103 (Last packet on 802.11)

VPN traffic in 802.11

VPN traffic in cellular

Mobike in cellular

Mobike in 802.11

IP0 is primary address

IP1 is primary address

IP0 is primary address

IP0 – address of 802.11 interface

IP1 – address of cellular interface

Hand-off with no-make-before break(internal-external-internal) with make-before-break

Hom e-Cellu lar-Hotspot handoff

500

1500

2500

3500

4500

5500

0 100 200 300 400

Tim e in S e co nd s

RT

P S

eq

ue

nc

e

RTP S equenc e

Home

802.11

Cellular

External

Hotspot

802.11

Hom e-Cellu lar-Hotspot handoff

500

1500

2500

3500

4500

5500

0 100 200 300 400

Tim e in S e co nd s

RT

P S

eq

ue

nc

e

RTP S equenc e

Home

802.11

Cellular

External

Hotspot

802.11

Home-external-external handoff Mobike-based handoff (cellular-hotspot-cellular)

20

PDSN

S-CSCF

PDSN

AP

FTTH

/ADSL

SIP AS

I-CSCF

MN

RAN RAN

IMS/

MMD

cdma2000

HSS

P-CSCF P-CSCF

P-CSCF

non-SIP AS

non SIP

PCRFPCRF

PCRF

Different

DomainDHCP

DHCPDHCP

Handoff Optimization in IMS/MMD Network

cdma200

0

E-CSCF※

Optimized

roaming

architecture

Non-SIP support

AAA/HSS Optimization

AAA

HA

P-CSCF

Fast handoff

MN

IPSec

Tunnel

IPSec

Tunnel

21

P-CSCF Fast-handoff Experimental Results

Figure 1: Levels of MMD Optimization

Components Optimized

0 3000 6000 9000 12000

Proactive

Reactive

Non-Optimized

Typ

es o

f H

an

do

ff

Time in ms

PPP Termination

Layer 2 Delay

PPP Activation

MIP-Solicitation

MIP-Binding Update

DHCP Trigger

DHCP Inform

SIP Trigger

SIP+Security

Media Redirection

Components Optimized

22

Scheduling

of handover

operations

Relevant

optimization

principles

Example experimental mobility optimization Potential

Target

Mobility

System

SIP-based

Fast

handoff

Mobile

VPN

Media

Independent

Pre-authentication

Simultaneous

Mobility

Optimized

handoff

In IMS

Muti-layer

Mobility

Multicast

fast

handoff

Sequential Direct path between

CH and MHX

Limit binding update

between CH and MHX X

Maintain Security

association

between end-points

X

Anchor-based

ForwardingX X

Post-handoff triggers X

Proactive Pre-handoff triggers X X

Proactive network

discoveryX

Proactive

authentication X

Proactive identifier

configurationX

Proactive

binding updateX X

Dynamic Buffering X

Proactive context

transferX

Parallel Discovery of Layer 2

and Layer 3 PoAX

Binding update X

Optimal mobility system design

Measurement assisted mobility model

IP CANCaller

(UE1)

diameter

SIP

GETS Call

HSS

GETS-

Application

Server

P-CSCF

I-CSCF

S-CSCF

PCRFPCRF

P-CSCF

S-CSCF

Invite

OK

ACK

Called

(UE2)

Managed IP

(Multi-Provider Network)

(EPC)

DNS/E

NUM

DNS

RTP

Layer 3 control

Wireless

Access

UMTS

EvDO

WiMAX

LTE

Satellite

Wireline

Access

Cable

DSL

Fiber

Ethernet

Wireline

Access

Cable

DSL

Fiber

Ethernet

Wireless

Access

UMTS

EvDO

WiMAX

LTE

Satellite

IMS

RAN

GW

GW

RAN

RAN IP CAN

23

IMS-layer control

23

Layer 2 control

Monitoring

Agent

Controller

Network/

Application

Feedback

RAN

Resource usage per mobility eventsSub

transitions

Sub-operations Resource Consumption

Bytes

exchanged

CPU

samples

Power due to

transmission

(nano

joules)t00 Layer 2 un-reachability test 43 5 51600

t01 Layer 3 unreachability 86 3 103200

t11 Discover layer 2 channel 109 3 130800

t12 Discover layer 3 subnet 110 4 132000

t13 Discover server 126 5 540000

t21 Layer 2 association 99 2 118800

t22 Router solicitation 70 4 84000

t23 Domain advertisement 226 4 271200

t31 Identifier acquisition 1426 5 1711200

t32 Duplicate address detection 164 6 196800

t33 Address resolution 60 3 72000

t41 Layer 2 open authentication 94 3 112800

t42 Layer 2 EAP 2842 6 3410400

t43 Four-way handshake 504 4 604800

t51 Master key derivation (PMK) 0 10 0

t52 Session key derivation (PTK) 0 6 0

t61 Identifier update 204 4 422400

t62 Identifier verification 148 6 177600

t63 Identifier mapping 0 8 0

t64 Binding cache 0 3 0

t71 Fast binding update 110 3 132000

t72 Local caching 0 6 0

t81 Tunneling 60 2 72000

t82 Forwarding 100 2 120000

t83 Buffering 120 3 144000

t91 Local id mapping 40 4 48000

t92 Multicasting/bicasting 192 2 23040024

Modeling of handoff processes – An example

P00 t01

t11

t41

p11

p41

t13

p13

t42

p42

t21

p21

t22

p22

t12

p12

t23

p23 P52

t52 t51P51

t53 p53

t64p64

t62

p62

t63

p63

t54 p54

p61

t31 t32 t33

p31 p32 p33

t70

Resource

network capacity

Resource Battery

Resource CPU

Potential

Parallel

Operation

Connected

Scheduling of handoff operations

26

Association

Network

discovery

P11

t11

PA2

4-way

Handshake

(SA)

t1

t4 t5

P2 P3

Connected

Dis

connected

Pre-

authentication

Current Network Target Network

PA1

PC

PB1

PD

t12

t13

AP

Key

installation

P12

P1

Resources CPUPC

Resource s BatteryPB

4-way handshakecompletet3

t4 t5

P2

P3

t2

Scanning

Authentication

NetworkDiscovered

4-wayHandshakeOperation

P1

ResourcesNetwork capacity

MobileAuthenticated

Connected

Association

P0

P01

P02

2 2

t1

PA

PC CPU

BatteryPB

t3

t4

t5

P2

t2

Scanning

Authentication

NetworkDiscovered

4-wayHandshake

P1

ResourcesNetwork Capacity

MobileAuthenticated

Connected

P0

P01

P02

2

t1

P03

P3Association

4

PA

C. Proactive operations

B. Parallel operations – Level of concurrency =2

D. Parallel operations – Level of concurrency = 3

A. Sequential operations

Battery

power

scanning Authentication 4-way

Handshake

t2 t3 t4 t5

P2 P3 P4

Association

Connected

Mobile

Disconnected

Network

capacity

CPU

cycles

P1

PA

PB

PC

P0

t1Disconnection

Network

Discovered

Mobile

authenticated

1 token

Conclusions

IP-based mobility in 4G networks involves • movement across access technologies, • movement across administrative domains, • at multiple layers • and involve interaction among multiple protocols

Measurement-based Mobility model • Allows to predict the handoff performance • Provides trade-off performance (e.g., Resources vs. QoS)• Allows to study behavioral characteristics

– deadlock based on mobility patterns

Best current practices to provide optimal service delivery – under different mobility pattern– under different resource environment– For different applications

– Mobile Cloud Computing, Real-time, Non-real-time

27

Burlingame, CA USA

June 2011 28

MH

nPoAoPoABTS A

MSC

BSC 1

Serving

Cell

BSC 2

Target

Cell

VLRAUC

Move

EIR

BSS

nPoA nPoA

HLR

Cellular mobility – GSM

BTS B BTS C

BTS D

Slide 30 NIKSUN Confidential –

Restricted Access See Title

Page for Restrictions

Source

eNB

Target

eNB Candidate

eNB

MME

Serving

Gateway

(S-GW)

PDN-GW

UE UE UE

SGSN

E-UTRAN

IP-based

IMS

network

Enhanced Packet Core (EPC)

UEUE

ePDG

Untrusted

Non-3GPP

Trusted

Non-3GPP

(WiFI, WiMAX)

UTRAN

HSSPCRF

SGiS5

S11

S1-U

S1-MME

S4

S7

S6a

S3

S2a

S2b

AAA

S6c

Wm

Wn

Rx+

Wx

S10

X2

X2 X2

S8

SAE/LTE (4G)

QoE metrics – Driven by measurements

Slide 31

Optimizing authentication

Related Work IEEE Standards

• IEEE 802.11i provides pre-authentication at link-layer in the distribution system (DS)

• IEEE 802.11r improves 11i by introducing a new key hierarchy but it does not work between DSs either.

Context transfer solutions (Bargh et al, Georgiades et al, Duong et al)• Security problems such as “domino effect”

• Assume certain trust relationships which might not be possible in certain scenarios.

• Oriented towards the same technology

Re-authentication

Pre-installation based on movement pattern (Mishra et al, Pack et al )• AAA assisted key installation

• Works within the same administrative domain

MIPv6 and AAA assisted (Ruckforth et al)• Limited to MIPv6 and within the same domain

Cooperative Roaming (Forte et al)• Works within a domain

Key principles for SA optimization

Avoid the key exchange by maintaining the end-point address identifier

Avoid tear down and re-establishment of Security Association

Reduce the number of signaling messages that help rekeying

Anchor-based security association

Clients behind NAT are shielded from IP address change

802.11i – Pre-authentication Flow

1x controlled port enabled & IP traffic

EAPOL Start

EAPOL-Request(EAP-Req/ident)

EAPOL-Response(EAP-Resp/ident)

IEEE 11i

Pre-Authentication

STA Current AP Target AP

EAPOL-Request(EAP-TLS/Start)

EAPOL-Response(EAP-TLS/Client-Hello)

EAPOL-Request(EAP-TLS/ServCert)

EAPOL-Response(EAP-TLS/ClientCert)

EAPOL-Request(EAP-TLS/ChangeSpec)

EAPOL-Response(EAP-TLS/Ack)

EAPOL-Request(EAP-TLS/Sucess)

EAPOL Key: Message 1

EAPOL Key: Message 2

EAPOL Key: Message 3

EAPOL Key: Message 4

Associated

(Re)Association

PMKsta-targetAP

4-way hanshake

AAAHAAAv

AAA prot-ans (EAP-TLS/Start)

AAA prot-req (EAP-Resp/Ident)

AAA prot-ans (EAP-TLS/ServCert)

AAA prot-req (EAP-TLS/Client-Hello)

AAA prot-req (EAP-TLS/ClientCert)

AAA prot-ans (EAP-TLS/ChangeSpec)

AAA prot-ans (EAP-Success)

AAA prot-req (EAP-TLS/Ack)

RoamingNon-roaming

PMKsta-targetAP

1x controlled port enabled & IP traffic

EAPOL Start

EAPOL-Request(EAP-Req/ident)

EAPOL-Response(EAP-Resp/ident)

IEEE 11i

Pre-Authentication

STA Current AP Target AP

EAPOL-Request(EAP-TLS/Start)

EAPOL-Response(EAP-TLS/Client-Hello)

EAPOL-Request(EAP-TLS/ServCert)

EAPOL-Response(EAP-TLS/ClientCert)

EAPOL-Request(EAP-TLS/ChangeSpec)

EAPOL-Response(EAP-TLS/Ack)

EAPOL-Request(EAP-TLS/Sucess)

EAPOL Key: Message 1

EAPOL Key: Message 2

EAPOL Key: Message 3

EAPOL Key: Message 4

Associated

(Re)Association

PMKsta-targetAP

4-way hanshake

AAAHAAAv

AAA prot-ans (EAP-TLS/Start)

AAA prot-req (EAP-Resp/Ident)

AAA prot-ans (EAP-TLS/ServCert)

AAA prot-req (EAP-TLS/Client-Hello)

AAA prot-req (EAP-TLS/ClientCert)

AAA prot-ans (EAP-TLS/ChangeSpec)

AAA prot-ans (EAP-Success)

AAA prot-req (EAP-TLS/Ack)

RoamingNon-roaming

PMKsta-targetAP

Key Derivation Process

AAA

PAA

MN

AAA

MSK

AP

MSK

MSK

PaC-EP-Master-Key

PSK

MNMSK

PaC-EP-Master-Key

PSKPMK

4-way handshake (PTKs) 4-way handshake (PTKs)

PSKap

PSKapPMKMSK PMK

MSK PMK

AP

802.11i

Pre-auth

Network-Layer Preauth

AAA

MN

AP

MSK

4-way handshake (PTKs)

MSK PMK

MSK PMK

AP

Post-auth

AP

Authentication

Server

Authenticator

WPA SupplicantWPA Supplicant

Authenticator

Authentication

Server

Key Functions Characteristics

Handoff • May take place between cell, subnet or domain

• Need to optimize the handoff delay and transient data loss ( e.g., end-to-

delay up to 200 ms, 3%-5% packet loss, jitter, for real-time VoIP traffic)

• May use soft-handoff feature of CDMA, but need fast-handoff mechanisms

for other technologies (e.g., 802.11)

• Need to support session based applications for TCP and RTP traffic

Configuration •Should be configured within few milliseconds

•Configures IP address and other server parameters (e.g, DNS, SIP

server, Gateway)

Registration • Assist pre-session mobility

• Hierarchical nature will make the registration faster

• Helps location management functionality

Quality of

Service

•Need to maintain same QoS during its subnet/domain movement

Location

Management

•Allow user to maintain same URI irrespective of point of attachment

Technical issues for mobility management

Mobility model

Problem: In the absence of any formal mechanism it is difficult to predict or verify the systems performance of un-optimized handover or any specific handoff optimization technique

Proposal

Analyze the basic primitives of a handoff event

Model the handoff-related processes as Discrete Event

Dynamic Systems (DEDS)

Deterministic Timed Transition Petri Net (DTTPN) to build various un-optimized mobility models and their associated optimization techniques

Key advantages :

This model can predict systems performance for optimized handoff operations

This model can design optimal path for sequence of execution of events based on expected performance and resource constraints

This model can verify systems behavior (e.g., deadlocks) during handover

37

Dependency analysis among handover operations

Handoff Process Precedence

Relationship

Data it depends on

P11 – Channel Discovery P00 Signal-to-Noise Ratio value

P12 – Subnet discovery P21,P22 Layer 2 beacon ID

L3 router advertisement

P13 – Server discovery P12 Subnet address

Default router address

P21- Layer 2 association P11 Channel number

MAC address

Authentication key

P22- Router solicitation P21, P12 Layer 2 binding

P23- Domain advertisement P13 Server configuration

Router advertisement

P31 – Identifier acquisition P23,P12 Default gateway

Subnet address

Server address

P32 – Duplicate address

detection

P31 ARP

Router advertisement

P33 – Address resolution P32, P31 New identifier

P41 – Authentication P13 Address of authenticator

P42 – Key Derivation P41 PMK (Pairwise Master Key)

P51 – Identifier update P31,P52 L3 Address

Uniqueness of L3 address

P52 – Identifier verification P31 Completion of COTI

P53 – Identifier mapping P51 Updated MN address

at CN and HA

P54 – Binding cache P53 New Care-of-address mapping

P61 – Tunneling P51 Tunnel end-point address

Identifier address

P62 – Forwarding P51, P53 New address of the mobile

P63 – Buffering P62, P51 New identifier acquisition

P64 – Multicasting/Bicasting P51 New identifier acquisition 38

Backup Slides

Burlingame, CA USA

June 2011 39

Characteristics of Next Generation Networks?

Heterogeneous networks (CDMA, LTE, WiMAX, 802.11)

• Access-independent converged IP network

Order-of-magnitude increases in bandwidth

• MIMO, smart antennas

• Increase in video and other high bandwidth traffic

New services and service enabling platforms (e.g., Web 2.0,

SON)

Large range of cell sizes, coverage areas

• PAN, LAN, WAN

• Pico-cellular, micro-cellular, cellular

Changes in traffic and traffic patterns

• Rise in video on demand? Requires good high-bandwidth

multicast

Results (II)

Cellular Access Characteristics

Generation System Channel

spacing

Access type Uplink data

rate

1G AMPS 30 kHz FDMA N/A

TACS 25 kHz FDMA N/A

NMT 25 kHz FDMA N/A

NTT 25 kHz FDMA N/A

2G GSM 200 kHz TDMA 9.6 kb/s

PDC 30 kHz TDMA 42 kb/s

IS-136 30 kHz F/TDMA 48 kb/s

IS-95 (A) 1.25 MHz F/CDMA 14.4 kb/s

iDEN 25 kHz F/TDMA 24 kb/s

2.5G GPRS 200 kHz TDMA 45 kb/s

EDGE 200 kHZ TDMA 236 kb/s

IS-95 (B) 1.25 MHz F/CDMA 115 kb/s

CDMA2000 1X 1.25 MHz CDMA 144 kb/s

3G UMTS/WCDM

A

5 MHz CDMA/TD

MA

2 Mb/s

CDMA2000

1xEV-DO

1.25 MHz CDMA 2 Mb/s

4G LTE 20 MHz OFDMA 50 Mb/s

WiMAX 2.5 GHz OFDM 40 Mb/s

UMB 5 MHz OFDMA 75 Mb/s

Handover: Distributed operation across multiple layers

Time

L2

PoA

L3

PoA

Discovery Detection Configuration

Security

Association

p11

p12

p21

p31

p32 p42

p41Server

(Proxy,

/HA)

p22

Binding

Update

Media

Rerouting

p51p31

p32

p41 p42

p42p63

p62

p13p23

p31

p33

MN

p11 p12 p21 p22p31 p41

p61p32 p42

p13 p23p33

p51

p51

p52

p52

CN

p42p52

p61

p54

p53 p54

p61

p61p62

p64p51

Layer 2 Handoff Delay (802.11)

Discovery Phase

• Active scanning

– MN probes AP

• Passive scanning

– AP sends beacons

periodically

Authentication Phase

• Open authentication

• Shared authentication

• 802.11i – 4 way handshake

Association Phase

Station performing handoff All APs within

range on all channelsMN

Probe Request

Probe Response

(broadcast)

New

AP

Reassociation

Request

De-authentication

Authentication

Request

Authentication

Response

Re-association

Request

Re-association

Request

Re-association

Response

Probe

Delay

De

-au

then

tication

Dela

y

Authentication

Delay

Re-association

Delay

Chan 1

Chan N

Layer 2 Discovery Optimization

General techniques:

Reduce the scanning time

Caching of ESSID

Use of second interface

802.11 specific discovery

Proactive Discovery • (no scanning)

Proposed Solutions:

Shin et al introduces selective scanning and caching strategy

Montavont et al propose periodic scanning

Velayos et al propose reduction of beacon interval and performs search in parallel with data transmission

Brik et al propose to use a second interface to scan while communicating with the first interface

802.11u, 802.11k

Forte and Schulzrinne

Application Layer proactive discovery (e.g., Dutta et al)

Optimization techniques for

layer 3 configuration

Layer 3 address acquisition

• Proactive caching

Duplicate Address

Detection

• Optimistic DAD,

Proactive DAD, Passive

DAD,

• Router Assisted DAD

NUD (Neighbor

Unreachability Detection)

• Aggressive Router

Selection

Configuration

Identifier

AcquisitionDuplicate

Address

Verification

Identifier

Mapping

Layer 2

Layer 3

Mobile

NodeServer Network

Mobile

Node L3 POA Network

MNServer

L3

PoA

Configuration

Identifier

AcquisitionDuplicate

Address

Verification

Identifier

Mapping

Layer 2

Layer 3

Mobile

NodeServer Network

Mobile

Node L3 POA Network

MNServer

L3

PoA

Security Optimization

Security protocols have an impact

on the performances of the network

• End-to-end latency

• Throughput

• Handoff delay

Main components that affect the

performance

• Authentication/authorization,

Key Derivation, Encryption

Security related delays may

affect all the layers

– Layer 2 (e.g., 802.11i, WEP)

– Layer 3 (IPSEC/IKE)

– Upper Layers (e.g., TLS,

SRTP)

Security

Association

Key

Distribution Authentication Encryption

Layer 2

Layer 3

Layer 4

ServerMobile Network

MN

MN Server

L3

POA

Security

Association

Key

Distribution Authentication Encryption

Layer 2

Layer 3

Layer 4

ServerMobile Network

MN

MN Server

L3

POA

Optimizing Binding Update

Techniques• Reduce the latency due to

longer binding update when the communicating host is far away

• Limit the binding update within a domain

Proposed Solutions• IDMP

• Regional registration-based Mobile IP

• HMIPv6

• Anchor-based Application Layer

– B2BUA

• Proactive Binding Update

Binding

Update

Tunneling Mapping Caching

Mobile Network Anchor Mobile CN

Anchor

PointCN

Binding

Update

Tunneling Mapping Caching

Mobile Network AnchorMobile Network Anchor Mobile CN

Anchor

PointCN

Home Agent

BSC1 BSC2 BSC3 BSC4

PCF1 PCF3 PCF4

PDSN2PDSN1

PCF2

FA1

FA2

MSC

PSTN

GMSC

HLR

AC

A B CD F

BTS1

E

L3 PoA L3 PoA

L2 PoABTS3

L2 PoA

VLR

CDMA2000 – An example

Handoff Delay

~ 18 s

802.11 CDMA

Handoff Delay

16 s

802.11 CDMA

a. MIP-based Non-optimized handoff

b. SIP-based Non-optimized handoff

c. MPA and 802.21 assisted optimized

handoff

802.11 CDMA

Optimized handoff delay with MPA (Multiple I/F)

Several concepts of mobility Terminal mobility, e.g., supported by Mobile IP

IP-based Network

CH

Subnet 1MH

Subnet 2

IP-based

Network

CH

Subnet 1

MH

Subnet 2• Typically, you don’t

just have terminals

– Users/Persons

– Sessions

• Mobility of users,

sessions?

Personal Mobility: Registration

IP-based

Network

CH

Subnet 1

Subnet 2

registrar

IP-based

Network

CH

Subnet 1

Subnet 2

registrar

• When lady in red moves, she

– leaves her laptop behind

– Uses another machine

– Logs in

• User registration performed

person@subnet1.org

person@subnet2.org

Personal Mobility: simultaneous registration of

multiple bindings

IP-based

Network

CH

Subnet 1

Subnet 2

Registrar

& proxy

IP-based

Network

CH

Subnet 1

Subnet 2• When lady in red moves,

she

– leaves her laptop

behind

– Uses another machine

• She can still be located

person@subnet1.org

person@subnet2.org

Registrar

& proxy

person@subnet1.org

person@subnet2.org

Session Mobility

IP-based

Network

CH

Subnet 1

MH

Subnet 2

IP-based

Network

CH

Subnet 1

Subnet 2

INVITE 2

3

1

Mobike-based solution

Service MobilityService Mobility allows a roaming user to get the same

view of the network as when he is at home

At the time of registration

• User’s service profile is retrieved from the home

network

• The service profile is shared with the responsible entity

at home and in the foreign network (wholly or partially)

The foreign network provides some of the service

required

The home network still retains responsibility for other

services

Examples of entries in the profile of interest may be

address book, call handling features, buddy lists, etc.