doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 1 Toward Mobile IEEE (a.k.a. IEEE for High Speed Mobility) Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE Working Group. If you have questions, contact the IEEE Patent Committee Administrator at. Date: Authors: NameCompanyAddressPhone Hiroki NAKANOTrans New Technology, Inc. Sumitomo-Seimei Kyoto Bldg. 8F, 62 Tukiboko-cho Shimogyo-ku, Kyoto JAPAN Hitoshi MORIOKAROOT Inc.#33 Ito Bldg Tenjin, Chuo-ku, Fukuoka JAPAN Hiroshi MANOROOT Inc.8F TOC2 Bldg Nishi- Gotanda, Shinagawa-ku, Tokyo JAPAN

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 2 Abstract We told about IEEE enhancement for high speed mobility support in the previous session in Hawaii. –Mobile vs. Nomadic –Limitation of Market –Connectivity Lost –How to solve the issue Today, we talk about our exprimental protocol for high speed mobility support. –2 Straw Polls

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 3Hitoshi MORIOKA, ROOT Inc.Slide 3 Mobile vs. Nomadic Let’s quote definitions from RECOMMENDATION ITU-R F “Vocabulary of terms for wireless access” Mobile wireless access (MWA) –Wireless access application in which the location of the end-user termination is mobile. Nomadic wireless access (NWA) –Wireless access application in which the location of the end-user termination may be in different places but it must be stationary while in use.

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 4 Limit of market growth in the existing Bandwidth? –No! We are getting wide bandwidth day by day 11b, g, a, n, ac, ad Securities? –No! incorporates new security system too. WEP, i… Propagation range? –No! it is true, but it is not limit of technologies. –It’s depends on regulatory. –And it’s good for avoiding congestion. Service model? –Yes! we are still in nomadic services.

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 5 Beyond “Nomadic” If we got actual mobility on We will get Wi-Fi IP mobile phone (not only in-house phone) Wi-Fi on a car (high context navigation) Wi-Fi on a train (passenger services) Wi-Fi real-time audio (anywhere anytime) Wi-Fi real-time video (anywhere anytime) skype, etc.,

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 6 Existing Wi-Fi Service Area Huge number of APs were deployed by different owners. –APs owned by one owner can be operated by r technology to provide fast roaming inside one ESS. An STA is always receiving at least one or more signals from someone's APs continuously. However, we have to spend a couple of seconds to connect to another ESS every time. –In other words, we lost connectivity at every border of ESS. This fact is not suitable for mobile communication.

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 7 Reasons of Connectivity Loss Waste much time to … 1.Discover a new AP. Latency can be reduced by 11k or background scan. 2.Make association with a new AP. (includes authentication/key exchange…) 11i authentication is NOT fast. –It needs many packet exchanges. 3.Upper layer setup. (Out of Scope) 4.Upper layer handover. (Out of Scope) Fast authentication and key management (AKM) can reduce connectivity loss.

doc.: IEEE /1000r2 Submission Nov 2009 Time for handover IEEE802.16e ms IEEE802.16m -- 30ms? IEEE802.11i +.1X -- ?? while G.711 sends a packet every 20ms. Another VoIP implementation sends every 50ms. Hiroki NAKANO, Trans New Technology, Inc.Slide 8

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 9 Protocol Sequence of IEEE802.11i (EAP-TLS) STA AP RADIUS Server Beacon Probe Request Probe Response Authentication Request Authentication Reply Association Request Association Accept EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/TLS-Start RADIUS-Access-Request/Identity RADIUS-Access-Challenge/TLS-Start EAP-Response/TLS-client Hello EAP-Success RADIUS-Access-Request/Pass Through RADIUS-Access-Challenge/ Server Certificate EAP-Key EAP-Request/Pass Through EAP-Response/Client Certificate RADIUS-Access-Request/Pass Through RADIUS-Access-Challenge/Encryption Type EAP-Request/Pass Through EAP-Response RADIUS-Access-Request RADIUS-Access-Accept Roundtrip: 2ms to 5ms Roundtrip: 1ms to 20ms

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 10 An Example of Faster Key Exchange Utilize Pre-RSNA Security Framework –Authentication and PTK exchange can be done in pre-RSNA security framework. –After PTK setup, GTK can be securely delivered. STA AP Authentication Server Beacon (Probe Request) (Probe Response) Authentication Request Authentication Reply Access Request Access Response (Association Request) (Association Accept) Roundtrip: 2ms to 5msRoundtrip: 1ms to 20ms

doc.: IEEE /1000r2 Submission Nov 2009 Time for handover (review) IEEE802.16e ms IEEE802.16m -- 30ms? IEEE802.11i +.1X -- >150ms New Fast AKM ms (target) Hiroki NAKANO, Trans New Technology, Inc.Slide 11

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 12 An Example: Pre-shared Secret Key Access Point (AP) Authentication Server (AS) Station (non-AP STA) No pre-shared information between mobile STA and AP –AP and AS function can be equipped in a box for a small system. Share an identifier and a secret key (MN-key) Each mobile STA has a different key Identified by NAI (account name) Share a secret key (AP-key) Each AP has a different key Identified by IP/MAC address

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 13 An Example: PTK delivery Access Point (AP) Authentication Server (AS) Station (non-AP STA) AP-key shared STA-key shared PTK is delivered via AS between mobile STA and AP PTK delivery without STA-AP mutual secrets

doc.: IEEE /1000r2 Submission Nov 2009 An Example: Authentication Procedure Access Point (AP) Authentication Server (AS) Station (Non-AP STA) Authentication Request Frame Authentication Data (16byte) ICV (16byte) MD5 HMAC-MD5 (STA-key) Authentication Request Frame Authentication Data (16byte) Access Request Message ICV (16byte) Extract Authenticator (16byte) MD5 HMAC-MD5 (AP-key) Access Request Message Authenticator (16byte) Authentication Data (16byte) ICV (16byte) Authenticator (16byte) ICV (16byte) Extract HMAC-MD5 (AP-key) HMAC-MD5 (STA-key) Compare Beacon Nonce NAI… Check Timestamp Transmit Broadcast Slide 14Hiroki NAKANO, Trans New Technology, Inc.

doc.: IEEE /1000r2 Submission Nov 2009 An Example: Authentication Procedure (Cont.) Access Point (AP) Authentication Server (AS) Station (Non-AP STA) Authentication Success Frame Authentication Data (16byte) ICV (16byte) MD5 HMAC-MD5 Authenticator (16byte) Access Request Message Nonce (16byte) PTK (16byte) ICV (16byte) Extract HMAC-MD5 (STA-key) Extract HMAC-MD5 (AP-key) Hashed ICV (16byte) Session Key DD (16byte) XOR Access Approval Message Authenticator (16byte) HMAC-MD5 (AP-key) Access Approval Message Authenticator (16byte) Compare Extract HMAC-MD5 (AP-key) ICV (16byte) Hashed ICV (16byte) Extract HMAC-MD5 (AP-key) Session Key DD (16byte) PTK (16byte) Extract XOR Authentication Success Frame Authentication Data (16byte) ICV (16byte) MD5 HMAC-MD5 ICV (16byte) Nonce (16byte) PTK (16byte) HMAC-MD5 (STA-key) Compare Extract Network Info (IP address…) Transmit Slide 15Hiroki NAKANO, Trans New Technology, Inc.

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 16 Conclusion Limitation of IEEE is “NOMADIC” use only. Mobile communication will expand IEEE market. Long AKM time is not suitable for mobile use. We have to reduce AKM time toward mobile. We show an example of fast AKM method. Further study in SC/WG is required for better AKM method.

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 17 Questions & Comments

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 18 Straw Poll 1 “IEEE should proceed to mobile communication.” Yes: No: Need More Discussion: Don’t Care:

doc.: IEEE /1000r2 Submission Nov 2009 Hiroki NAKANO, Trans New Technology, Inc.Slide 19 Straw Poll 2 “A Study Group to develop a PAR and 5C for Fast Authentication and Key Exchange Method should be created” Yes: No: Need More Discussion: Don’t Care: