IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Performance analysis of authentication signaling schemes for media independent handovers. Date Submitted: November 1, 2007 Presented at IEEE session #23 in Atlanta Authors or Source(s): Antonio Izquierdo, Lily Chen, Katrin Hoeper, Nada Golmie Abstract: In this contribution different authentication signaling schemes including full authentication, re-authentication, and indirect pre-authentication are evaluated for media independent handovers. Simulation results are obtained with IEEE and IEEE handovers.
IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual and in Understanding Patent Issues During IEEE Standards Development Section 6.3 of the IEEE-SA Standards Board Operations Manualhttp://standards.ieee.org/guides/opman/sect6.html#6.3 IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. This is a contribution by the National Institute of Standards and Technology and is not subject to copyright in the US. The contributors do not have the authority to override the NIST policy in favor of the IEEE policy. The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws and in Understanding Patent Issues During IEEE Standards Development Section 6 of the IEEE-SA Standards Board bylawshttp://standards.ieee.org/guides/bylaws/sect6-7.html#6http://standards.ieee.org/board/pat/faq.pdf
Outline Goals and motivation Review of authentication signaling schemes Simulation environment Performance metrics Simulation parameters Performance results Security signaling latency Cryptographic processing time Impact of network topology on indirect pre-authentication Transmission delay Handover latency Summary
Goals and motivation The main goals of this contribution are to analyze the performance of different authentication signaling mechanisms in the context of heterogeneous handovers Simulation models are developed to evaluate the performance of the following three authentication signaling schemes: Full authentication Indirect pre-authentication Re-authentication Heterogeneous handovers are considered in the context of IEEE and IEEE networks.
Full authentication
Indirect pre-authentication
Re-authentication
Used NS-2 with IEEE and module extensions (available from ) Developed extensions to model authentication in IEEE and IEEE networks using EAP: Implemented EAP framework as defined in RFC 3748 including TTLS-MD5 and GPSK methods Developed an IEEE authentication module to support full authentication, re-authentication and Handover Process Optimization as defined in IEEE e Developed an authentication module to support full authentication in RSN and re-authentication in the mobility domain Developed support for pre-authentication using the IEEE extensions Developed a limited RADIUS implementation for Key and EAP message transfers Simulation environment
Authentication
Authentication
Authentication
EAP latency denotes the time elapsed between the sending of the EAP Start message until the receipt of either the EAP SUCCESS / EAP FAILURE message. It is included in the Full authentication signaling latency, but not in the pre-authentication signaling latency. Performance metrics (1)
Security signaling latency is defined as the time elapsed between the sending of the first authentication message until the reception of the ACK for the last message: Performance metrics (2)
Transmission delay is the time it takes a packet to reach its destination. Performance metrics (3)
Handover delay represents the time elapsed between when a decision to handover is executed until the traffic is redirected to the new interface. The decision to perform a handover is made when a new link is detected and if the new link is better than the current link or if the current link is disconnected. The cryptographic processing delay is the time spent by the mobile node to perform different cryptographic operations during the authentication. Note that the results obtained represent mean values averaged over 100 simulations. Performance metrics (4)
Simulation parameters (1) The traffic flows from a corresponding node in the backbone network to the mobile node networks configuration Data rate: 11 Mb/s Coverage area radius: 50 m Coverage area radius: 500 m The mobile node does not use MIH triggers The interface is preferred over the interface.
Simulation parameters (2) Key lifetimes are longer than the simulation time, so the mobile node does not need to refresh them or re-authenticate with the current PoA The authentication lifetime is larger than the simulation time The size of the DH authentication keys is 1024 bits The size of the symmetric authentication keys is 128 bits The size of the IDs is 64 bytes
Network topology 1
In this case full authentication was performed Note that the cryptographic processing (computed as an example on a Palm tungsten) is ms which is equivalent to 9.08 % of the EAP time in or 7.72 % of the EAP time in Open Authentication1.98 ms0.99 %EAP Authentication ms96.16 % Association1.62 ms0.81 %TEK Request9.05 ms5.84 % EAP Authentication ms96.28 % 4-Way Handshake3.84 ms1.92 % Simulation results: Security Signaling Latency using EAP GPSK Authentication time %
In this case full authentication was performed Note that the cryptographic processing (computed as an example on a Palm tungsten) is ms which represents % of the EAP time in or % of the EAP process in Note that DH Agreement takes ms measured on the same platform Open Authentication1.98 ms< 0.01 %EAP Authentication ms99.97 % Association1.62 ms< 0.01 %TEK Request9.05 ms0.03 % EAP Authentication ms99.98 % 4-Way Handshake3.84 ms0.01 % Simulation results: Security Signaling Latency using EAP TTLS-MD5 Authentication time % Authentication time %
Comparing different authentication schemes’ latency EAP GPSK Full Auth Re-Auth Improv. over Full Auth. Indirect Pre-Auth Improv. over Full Auth. Sign. Laten [0.013] [0.001] 70.09% [0.171] 95.57% EAP laten [0.001] [0.001] 72.89% [0.136] % Full AuthRe-Auth Improv. over Full Auth. Indirect Pre-Auth Improv. over Full Auth. Sign. laten [0.672] [0.510] 76.03% 3.01 [0.371] 98.45% EAP laten [0.608] [0.417] 76.59% [0.136] % These are mean values in milliseconds, with the standard deviation in brackets
Full Auth Re-Auth Improv. over Full Auth. Indirect Pre-Auth Improv. over Full Auth. Sign. laten [0.001] [0.014] % [0.171] % EAP laten [0.001] [0.001] % [0.366] % Full AuthRe-Auth Improv. over Full Auth. Indirect Pre-Auth Improv. over Full Auth. Sign. laten [0.751] [0.450] % 3.01 [0.371] % EAP laten [0.705] [0.395] % [0.366] % Comparing different authentication schemes’ latency EAP TTLS-MD5 These are mean values in milliseconds, with the standard deviation in brackets
Transmission delay (Network topology 1)
Transmission delay (Network topology 1)
Observations on the security signaling latency Both re-authentication and indirect pre-authentication schemes reduce the security signaling latency by more than 70% EAP latency in indirect pre-authentication increases as a result of the longer path used by the EAP messages This would force the mobile device to make the handover decision sooner than when performing a normal network entry With re-authentication the EAP latency is reduced
Full AuthRe-Auth EAP latency Cryptographic delay %1.66% Full AuthRe-Auth EAP latency Cryptographic delay %2.26% Impact of cryptographic processing delay EAP GPSK Note that an indirect pre-authentication requires the same cryptographic operations as a full authentication.
Full AuthRe-Auth EAP latency Cryptographic delay %1.66 % Full AuthRe-Auth EAP latency Cryptographic delay %2.26 % Impact of cryptographic processing time EAP TTLS-MD5 Note that an indirect pre-authentication requires the same cryptographic operations as a full authentication.
Observations on the cryptographic processing delay Pre-authentication does not reduce the amount of cryptographic processing delay of a full authentication The cryptographic processing delay may in fact increase due to secure tunnel negotiations Re-authentication reduces the time spent in cryptographic processing since the number of messages exchanged is reduced and cryptographic key material is reused Re-authentication may be alternative to a full authentication when the time to do a full authentication is a cause of concern (other concern considerations include battery life and power consumption)
Handover delay Full Authentication Re-Authentication Indirect Pre-Authentication GPSK TTLS-MD Full Authentication Re-Authentication Indirect Pre-Authentication GPSK TTLS-MD These are mean values in milliseconds
Observations on the handover delay Re-authentication reduces the total handover delay, independently of the EAP used Indirect pre-authentication reduces the handover delay as long as it is possible to fully run the authentication method before the network entry takes place If the pre-authentication is not completed at the time of the network entry, a new full authentication starts. In this case the situation is the same as in a full authentication
Network topology 2
GPSK Full Auth Indirect Pre- Authentication Improv. over Full Auth. Security Signaling Latency [0.013] [0.171] 95.57% EAP Latency [0.001] [0.156] % GPSK Full Auth Indirect Pre- Authentication Improv. over Full Auth. Security Signaling Latency [0.672] 3.01 [0.371] 98.45% EAP Latency [0.608] [0.156] % Indirect pre-authentication (Network topology 2) These are mean values in milliseconds, with the standard deviation in brackets
– TTLS-MD5 Full Auth Indirect Pre- Authentication Improv. over Full Auth. Security Signaling Latency [0.127] [0.171] % EAP Latency [0.126] [0.277] % – TTLS-MD5 Full Auth Indirect Pre- Authentication Improv. over Full Auth. Security Signaling Latency [0.241] 3.01 [0.371] % EAP Latency [0.237] [0.305] % Indirect pre-authentication (Network topology 2) These are mean values in milliseconds, with the standard deviation in brackets
Observations on indirect pre-authentication for network topology 2 EAP latency in indirect pre-authentication depends heavily on the network topology considered The impact is greater for fast authentication methods. Topology information must be available beforehand in order to perform the pre-authentication on time
Summary Re-authentication and indirect pre-authentication reduce the time required for authentication during a handover Indirect pre-authentication allows for a shorter security signaling latency during the network entry, at the expense of requiring more time in advance for handover preparation Re-authentication reduces the cryptographic processing time and its performance does not depend so much on the network topology considered Either the indirect pre-authentication or re-authentication technique can be used. Deciding which technique to use depends on the scenario considered
Backup
Cryptographic processing delay assumptions Examples for cryptographic processing time used are real values in milliseconds obtained from a Palm Tungsten T3: * Value under the precision of the device timer These values are dependent on the platform used and therefore should not be used as absolute values. The intention here is to compare between the different cryptographic methods available on a given platform. Size of the encrypted data 16 bytes128 bytes512 bytes AES 128 (encrypt) AES 128 (decrypt) MD50* SHA10*1.3 Key size512 bits768 bits1024 bits DH Agreement
EAP: Generalized Pre-Shared Key
EAP: TTLS-MD5