IEEE802.11 for High Speed Mobility November 2005 doc.: IEEE 802.11-05/1859r0 IEEE802.11 for High Speed Mobility Date: 2010-01-19 Authors: Name Company Address Phone email Hiroshi MANO ROOT Inc. 8F TOC2 Bldg. 7-21-11 Nishi-Gotanda, Shinagawa-ku, Tokyo 141-0031 JAPAN +81-3-5719-7630 hmano@root-hq.com Hitoshi MORIOKA #33 Ito Bldg. 2-14-38 Tenjin, Chuo-ku, Fukuoka 810-0001 JAPAN +81-92-771-7630 hmorioka@root-hq.com Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <stuart.kerry@philips.com> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>. Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

November 2005 doc.: IEEE 802.11-05/1859r0 Abstract We told about IEEE802.11 enhancement for high speed mobility support in the previous session in Atlanta. Mobile vs. Nomadic Limitation of Market Connectivity Lost How to solve the issue Example implementation Today, we talk about our experimental protocol and another profit Scalability for simultaneous access from large number of mobile devices . Straw Polls for tutorial session Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

November 2005 doc.: IEEE 802.11-05/1859r0 Mobile vs. Nomadic Let’s quote definitions from RECOMMENDATION ITU-R F.1399-1 “Vocabulary of terms for wireless access” Mobile wireless access (MWA) Wireless access application in which the location of the end-user termination is mobile. Nomadic wireless access (NWA) Wireless access application in which the location of the end-user termination may be in different places but it must be stationary while in use. Slide 3 Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

Limitation of market growth in the existing 802.11 November 2005 doc.: IEEE 802.11-05/1859r0 Limitation of market growth in the existing 802.11 Bandwidth? No! We are getting wide bandwidth day by day 11b, g, a, n, ac, ad Securities? No! 802.11 incorporates new security system too. WEP, 802.11i… Propagation range? No! it is true, but it is not limit of technologies. It’s depends on regulatory. And it’s good for avoiding congestion. Service devices? No! now we have several type of devices such as cell-phone, game and digital camera. Service model? Yes! we are still in nomadic services. Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

If we got actual mobility on 802.11 We will get November 2005 doc.: IEEE 802.11-05/1859r0 Beyond “Nomadic” If we got actual mobility on 802.11 We will get Wi-Fi IP mobile phone (not only in-house phone) Wi-Fi on a car (high context navigation) Wi-Fi on a train (passenger services) Wi-Fi real-time audio (anywhere anytime) Wi-Fi real-time video (anywhere anytime) skype, etc., Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

Existing Wi-Fi Service Area November 2005 doc.: IEEE 802.11-05/1859r0 Existing Wi-Fi Service Area Huge number of APs were deployed by different owners. (autonomously deployment) APs owned by one owner can be operated by 802.11r technology to provide fast roaming inside one ESS. An STA is always receiving at least one or more signals from someone's APs continuously. However, we have to spend a couple of seconds to connect to another ESS every time. In other words, we lost connectivity at every border of ESS. This fact is not suitable for mobile communication. Hiroshi Mano Root, Inc. 6 Hitoshi MORIOKA, ROOT Inc.

Nomadic Vs Mobile ESS 1 ESS 2 ESS 3 ESS 1 ESS 2 ESS 3 Hiroshi Mano Root, Inc.

Reasons of Connectivity Loss November 2005 doc.: IEEE 802.11-05/1859r0 Reasons of Connectivity Loss Waste much time to … Discover a new AP. Latency can be reduced by 11k or background scan. Make association with a new AP. (includes authentication/key exchange…) 11i authentication is not so fast. It needs many packet exchanges. Upper layer setup. (Out of Scope) Upper layer handover. (Out of Scope) Fast authentication and key management (AKM) can reduce connectivity loss. Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

Time for handover IEEE802.16e -- 35-50ms IEEE802.16m -- 30ms? November 2005 doc.: IEEE 802.11-05/1859r0 Time for handover IEEE802.16e -- 35-50ms IEEE802.16m -- 30ms? IEEE802.11i + .1X -- >100ms while G.711 sends a packet every 20ms. Another VoIP implementation sends every 50ms. Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

Protocol Sequence of IEEE802.11i (EAP-TLS) November 2005 doc.: IEEE 802.11-05/1859r0 Protocol Sequence of IEEE802.11i (EAP-TLS) STA Roundtrip: 2ms to 5ms AP RADIUS Server Beacon Probe Request Probe Response Authentication Request Authentication Reply Association Request Association Accept EAPOL-Start Roundtrip: 1ms to 20ms EAP-Request/Identity EAP-Response/Identity RADIUS-Access-Request/Identity RADIUS-Access-Challenge/TLS-Start EAP-Request/TLS-Start EAP-Response/TLS-client Hello RADIUS-Access-Request/Pass Through RADIUS-Access-Challenge/ Server Certificate EAP-Request/Pass Through EAP-Response/Client Certificate RADIUS-Access-Request/Pass Through RADIUS-Access-Challenge/Encryption Type EAP-Request/Pass Through EAP-Response RADIUS-Access-Request RADIUS-Access-Accept EAP-Success EAP-Key Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

An Example of Faster AKM November 2005 doc.: IEEE 802.11-05/1859r0 An Example of Faster AKM Utilize Pre-RSNA Security Framework Authentication and PTK exchange can be done in pre-RSNA security framework. After PTK setup, GTK can be securely delivered. STA AP Authentication Server Beacon (Probe Request) (Probe Response) Authentication Request Access Request Access Response Authentication Reply (Association Request) (Association Accept) Roundtrip: 2ms to 5ms Roundtrip: 1ms to 20ms Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

Time for handover (review) November 2005 doc.: IEEE 802.11-05/1859r0 Time for handover (review) IEEE802.16e -- 35-50ms IEEE802.16m -- 30ms? IEEE802.11i + .1X -- >100ms New Fast AKM -- 25-30ms (target) Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

IS IT POSSIBLE TO IMPLEMENT WHAT YOU PROPOSE TODAY WITH CURRENT MECHANISMS? USE AN INDUSTRY GROUP RATHER THAN A CHANGE TO THE STANDARD. Hiroshi Mano Root, Inc.

An Example: Pre-shared Secret Key November 2005 doc.: IEEE 802.11-05/1859r0 An Example: Pre-shared Secret Key Station (non-AP STA) Access Point (AP) Authentication Server (AS) Share a secret key (AP-key) Each AP has a different key Identified by IP/MAC address Share an identifier and a secret key (MN-key) Each mobile STA has a different key Identified by NAI (account name) No pre-shared information between mobile STA and AP AP and AS function can be equipped in a box for a small system. Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

An Example: PTK delivery November 2005 doc.: IEEE 802.11-05/1859r0 An Example: PTK delivery Station (non-AP STA) Access Point (AP) Authentication Server (AS) AP-key shared PTK delivery without STA-AP mutual secrets STA-key shared PTK is delivered via AS between mobile STA and AP Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

An Example: Authentication Procedure November 2005 doc.: IEEE 802.11-05/1859r0 An Example: Authentication Procedure Station (Non-AP STA) Access Point (AP) Authentication Server (AS) Broadcast Nonce Beacon/ Probe resp Beacon/ Probe resp NAI… Check Timestamp Transmit Authentication Request Frame Transmit Authentication Request Frame Access Request Message Access Request Message HMAC-MD5 (AP-key) Extract HMAC-MD5 (AP-key) Extract MD5 MD5 Authenticator (16byte) Authenticator (16byte) Authenticator (16byte) Extract Compare Authentication Data (16byte) Authentication Data (16byte) Authentication Data (16byte) HMAC-MD5 (STA-key) HMAC-MD5 (STA-key) ICV (16byte) ICV (16byte) ICV (16byte) ICV (16byte) Compare Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

An Example: Authentication Procedure (Cont.) November 2005 doc.: IEEE 802.11-05/1859r0 An Example: Authentication Procedure (Cont.) Station (Non-AP STA) Access Point (AP) Authentication Server (AS) Extract Network Info (IP address…) Authentication Success Frame Access Request Message Nonce (16byte) PTK (16byte) Transmit Authentication Success Frame HMAC-MD5 (STA-key) Extract XOR Hashed ICV (16byte) PTK (16byte) ICV (16byte) MD5 Session Key DD (16byte) HMAC-MD5 (AP-key) HMAC-MD5 (AP-key) MD5 Authentication Data (16byte) Extract XOR HMAC-MD5 Authentication Data (16byte) ICV (16byte) Hashed ICV (16byte) HMAC-MD5 Extract ICV (16byte) ICV (16byte) Session Key DD (16byte) Transmit Access Approval Message Access Approval Message Compare ICV (16byte) Extract PTK (16byte) HMAC-MD5 (AP-key) Extract HMAC-MD5 (AP-key) HMAC-MD5 (STA-key) Authenticator (16byte) Authenticator (16byte) Authenticator (16byte) Nonce (16byte) Compare Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

November 2005 doc.: IEEE 802.11-05/1859r0 Protocol Sequence between AP and STA on IEEE802.11i ( PEAP/EAP-MSCHAPv2) STA AP Probe (1 round trip) Authentication (1 round trip) Association (1 round trip) EAPOL-Start EAP-Identity (1 round trip) Establishing TLS tunnel for PEAP (3 round trip) PEAP EAP-MSCHAPv2 (4 round trip) EAP-Success Total: 14 round trip EAPOL-Key (2 round trip) Slide 18 Hiroshi Mano Root, Inc. Page 18 Hitoshi MORIOKA, ROOT Inc.

Airtime consumption for every single authentication process We observed an STA connecting to an AP with PEAP/MS-CHAPv2 by IEEE802.11g. All management frames were transmitted in 1Mbps mode. Required airtime for one unicast frame is defined as described below. Occupied Time Frame ACK DIFS CW TXTIME TXTIME SIFS aSlotTime: 20us aSIFSTime: 10us aPreambleLength: 144us aPLCPHeaderLength: 48bits aCWmin: 31 aCWmax: 1023 DIFS: 50us CW: 620us ACKRate: 1Mbps ACKLength: 14Bytes PEAP/EAP-MSCHAPv2 needs 14 round trip frame exchanges. From our observation result, total frame length without PLCP header is 4390 byte. An STA needs 48.4ms airtime connecting to an AP.

Simulation AKM should be shortened. Assumption Place: Train Station Time: Rush Hour Walking Speed: 4.8km/h=80m/min AP cover area: 80m*80m square Occupied Space by 1 Person: 2m*2m square All persons have a cellular phone which supports WLAN. All persons are walking same direction. 1,600 STAs are passing through the AP’s cover area in 1 minutes. this means 1,600 authentication process should be proceeded during every 1 minutes. Every authentication process needs 48.4ms airtime to connect to the AP. Only 1,238 authentication process can be proceeded . There is no time space to data communication. Furthermore, AP transmits beacons, STA needs DHCP… AKM should be shortened. Hiroshi Mano Root, Inc.

Conclusion Limitation of IEEE802.11 is “NOMADIC” use only. November 2005 doc.: IEEE 802.11-05/1859r0 Conclusion Limitation of IEEE802.11 is “NOMADIC” use only. Mobile communication will expand IEEE802.11 market. Long AKM time is not suitable for mobile use. We have to reduce AKM time toward mobile. We show an example of new fast AKM method. AKM should be shortened to support simultaneous access from large number of portable devices . Further study in SG/WG is required for better AKM method. Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

Questions & Comments November 2005 doc.: IEEE 802.11-05/1859r0 Hiroshi Mano Root, Inc. Hitoshi MORIOKA, ROOT Inc.

Straw Poll “Does WNG think that we need tutorial session exploring the need for support for mobile communication ?” Yes: 18 No: 1 Abstain : 7 Hiroshi Mano Root, Inc.