Cooperation Between Stations in Wireless Networks Andrea G. Forte Henning Schulzrinne Department of Computer Science Columbia University April 19, 2019

VoIP and IEEE 802.11 Architecture Internet Router Router PBX 160.38.x.x 128.59.x.x AP AP Mobile Node

VoIP and IEEE 802.11 Problems Support for real-time multimedia Handoff L2 handoff Scanning delay Authentication 802.11i, WPA, WEP L3 handoff Subnet change detection IP address acquisition time SIP session update SIP re-INVITE Low capacity Large overhead Limited bandwidth Quality of Service (QoS) Inefficient support at MAC layer

VoIP and IEEE 802.11 Related Work IEEE 802.11k IEEE 802.11f (Neighbor Graph) IEEE 802.11r IEEE 802.11i Requirements Change in the protocol Change in the infrastructure

Cooperative Roaming Goals and Solution Fast handoff for real-time multimedia in any network Different administrative domains Various authentication mechanisms No changes to protocol and infrastructure Fast handoff at all the layers relevant to mobility Link layer Network layer Application layer New protocol  Cooperative Roaming Complete solution to mobility for real-time traffic in wireless networks Working implementation available

Cooperative Roaming Why Cooperation ? Same tasks Layer 2 handoff Layer 3 handoff Authentication Multimedia session update Same information Topology (failover) DNS Geo-Location Services Same goals Low latency QoS Load balancing Admission and congestion control Service discovery

Cooperative Roaming Overview Stations can cooperate and share information about the network (topology, services) Stations can cooperate and help each other in common tasks such as IP address acquisition Stations can help each other during the authentication process without sharing sensitive information, maintaining privacy and security Stations can also cooperate for application-layer mobility and load balancing

Cooperative Roaming Architecture Internet

Cooperative Roaming Mobile Node’s Cache L2 + L3 information Current AP (KEY) Best AP Second best AP MAC A MAC B MAC C Channel 1 Channel 11 Channel 6 Subnet ID 1 Subnet ID 2 Subnet ID 3 + LEASE FILE

Cooperative Roaming Layer 2 Cooperation (1/2) R-MN Stations NET_INFO_REQ NET_INFO_RESP Random waiting time Stations will not send the same information and will not send all at the same time The information exchanged in the NET_INFO multicast frames is: APs {BSSID, Channel} SUBNET IDs

Cooperative Roaming Layer 2 Cooperation (2/2) When a MN either than R-MN receives a NET_INFO_RESP it will perform two tasks: Check if someone is lying (fix it!) Populate a temporary cache structure (cache “chunks” – Bit Torrent)

Cooperative Roaming Layer 3 Cooperation (1/3) Subnet detection Information exchanged in NET_INFO frames (Subnet ID) IP address acquisition time Other stations (STAs) can cooperate with the R-MN and acquire a new IP address for the new subnet on its behalf while the R-MN is still in the OLD subnet  Not delay sensitive!

Cooperative Roaming Layer 3 Cooperation (2/3) R-MN Stations ASTA_DISCOV (m) ASTA_RESP (u) m: multicast u: unicast R-MN has to discover the STAs that can help in this task (A-STA). R-MN builds a list of A-STAs for each possible next subnet.

Cooperative Roaming Layer 3 Cooperation (3/3) R-MN A-STA IP_REQ (Client ID) . DHCP Server DHCP_OFFER (client ID) DHCP_ACK IP_RESP (New IP) R-MN can cooperate with A-STAs to acquire the L3 information it needs. R-MN builds a list of {Subnet ID, IP address} pairs, one per each possible subnet it might move to next.

Cooperative Roaming Cooperative Authentication (1/3) Cooperation in the authentication process itself is not possible as sensitive information such as certificates and keys are exchanged STAs can still cooperate in a mobile scenario to achieve a seamless L2 and L3 handoff regardless of the particular authentication mechanism used In IEEE 802.11 networks the medium is “shared” Each STA can hear the traffic of other STAs if on the same channel Packets sent by the non-authenticated STA will be dropped by the infrastructure but will be heard by the other STAs on the same channel/AP

Cooperative Roaming Cooperative Authentication (2/3) Relayed Data Packets 802.11i authentication packets RN data packets + relayed data packets R-MN RN AP One selected STA (RN) can relay packets to and from the R-MN for the amount of time required by the R-MN to complete the authentication process

Cooperative Roaming Cooperative Authentication (3/3) The R-MN needs to: Discover the available RNs for a given AP (Similar procedure to the one used for A-STAs) Select an RN and start the relaying of packets after the L2 handoff. In order to select an RN the R-MN sends a RELAY_REQ multicast frame RELAY_REQ contains: MAC address of R-MN IP address of CN MAC and IP address of RN

Cooperative Roaming Measurement Results (1/2) Handoff without authentication 343.0 867.0 1210.0 4.2 11.4 15.6 200 400 600 800 1000 1200 1400 CR IEEE 802.11 Handoff ms L2 L3 Total

Cooperative Roaming Measurement Results (2/2)

Cooperative Roaming Security Issues (1/2) A malicious MN might try to re-use the relaying mechanism over and over without ever authenticating Each RELAY_REQ allows an RN to relay packets for a limited amount of time (time required to authenticate) RELAY_REQ frames are multicast. All STAs can help in detecting a bad behavior and only nodes of the multicast group can send such frames RNs can detect if the R-MN is performing the normal authentication or not (Authentication failures can also be detected)

Cooperative Roaming Security Issues (2/2) Countermeasures work only if we can be sure of the identity of a client (MAC spoofing) MAC spoofing is generally not possible if 802.11i or WPA are enabled To increase security, authentication and encryption at the multicast group level can be used Handoff from open to secure network

Cooperative Roaming Application Layer Handoff - Problems SIP handshake INVITE  200 OK  ACK (Few hundred milliseconds) User’s direction (next AP/subnet) Not known before a L2 handoff MN not moving after all

Cooperative Roaming Application Layer Handoff MN builds a list of {RNs, IP addresses}, one per each possible next subnet/AP RFC 3388 Send same media stream to multiple clients All clients have to support the same codec Update multimedia session Before L2 handoff Media stream is sent to all RNs in the list and to MN (at the same time) using a re-INVITE with SDP as in RFC 3388 RNs do not play such streams After L2 handoff Tell CN which RN to use, if any (re-INVITE) After successful L2 authentication tell CN to send directly without any RN (re-INVITE) No buffering necessary Handoff time: 15ms (open), 21ms (802.11i) Packet loss negligible

Cooperative Roaming Load Balancing - Problems Selection of new best AP Used Signal strength and SNR Not used Packet loss Effective throughput Number of collisions and retries Load balancing today Number of users connected (to an AP) Actual available bandwidth not considered

Cooperative Roaming Load Balancing - CR Load balancing with CR MN gathers statistics about neighboring APs “Asks” other MNs to send such statistics Each MN collects statistics for its AP such as available throughput, packet loss, retry rate MNs send statistics to the MN that requested them The MN can now make a handoff to the less congested AP, or AP that can provide a certain QoS Even distribution of traffic flows among neighboring APs Even utilization of APs’ bandwidth

Cooperative Roaming Other Applications In a multi-domain environment Cooperative Roaming (CR) can help with choosing AP/domain according to roaming agreements, billing, etc. CR can help for admission control and load balancing, by redirecting MNs to different APs and/or different networks. (Based on real throughput) CR can help in discovering services (encryption, authentication, bit-rate, Bluetooth, UWB, 3G) CR can provide adaptation to changes in the network topology (common with IEEE 802.11h equipment) CR can help in the interaction between nodes in infrastructure and ad-hoc/mesh networks

Cooperative Roaming Conclusions Cooperation among stations allows seamless L2 and L3 handoffs for real-time applications (15-21 ms HO) Completely independent from the authentication mechanism used It does not require any changes in either the infrastructure or the protocol It does require many STAs supporting the protocol and a sufficient degree of mobility Suitable for indoor and outdoor environments Sharing information  Power efficient

Thank you. Questions? For more information: http://www.cs.columbia.edu/~andreaf andreaf@cs.columbia.edu

Layer 2 Handoff Handoff delays APs available on all channels New AP Probe Delay Open Authentication Delay Open Association Delay Probe Request (broadcast) Probe Response(s) Authentication Request Authentication Response Association Response Association Request Discovery Phase Authentication Phase Mobile Node

Layer 2 Handoff Motivation Handoff latency is too big for VoIP Seamless VoIP requires less than 90ms latency Handoff delay is from 200ms to 400ms Scanning Introduces more than 90% of the total handoff delay (open system) It is the most power consuming part of the handoff process Authentication WEP (broken) 802.11i, WPA

Layer 3 Handoff Subnet Discovery Current solutions Router advertisements Usually with a frequency on the order of several minutes DNA working group (IETF) Detecting network attachments in IPv6 networks only No solution in IPv4 networks for detecting a subnet change in a timely manner

Layer 3 Handoff IP address acquisition MN DHCP DISCOVER DHCP REQUEST DHCP ACK L2 Handoff Complete DHCP Server DHCP OFFER DAD

Layer 3 Handoff Motivation Problem When performing a L3 handoff, acquiring a new IP address using DHCP takes on the order of one second The L3 handoff delay too big for real-time multimedia sessions We optimize the layer 3 handoff time as follows: Subnet discover IP address acquisition