輔大資工所在職研一報告人：林煥銘學號： 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.

Slides:

Advertisements

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Advertisements

Encrypting Wireless Data with VPN Techniques

Identifying MPLS Applications

Always Best Connected Architecture and Design Rajesh Mishra Ericsson Berkeley Wireless Center.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Rev A8/8/021 ABC Networks

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Presented by Hasan SÖZER1 PUBLIC ACCESS MOBILITY LAN: EXTENDING THE WIRELESS INTERNET INTO THE LAN ENVIRONMENT JUN LI STEPHEN B.WEINSTEIN JUNBIAO ZHANG.

A Guide to major network components

Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design Copyright © PLANET Technology.

Computer Networking Devices Seven Different Networking Components.

VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.

Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Networking Components Chad Benedict – LTEC

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

NETWORKING COMPONENTS Zach Avis. Hub A hub is a low cost way to connect two computers. A hub can also act as a repeater. When a signal comes from one.

Basic Networking Components

Networking Components By: Michael J. Hardrick. HUB  A low cost device that sends data from one computer to all others usually operating on Layer 1 of.

Networking Components

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a "mobile node" (MN) to change its point.

Configuring Routing and Remote Access(RRAS) and Wireless Networking

LTEC 4560 Summer 2012 Justin Kappel Networking Components.

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

Network Components: Assignment Three

Common Devices Used In Computer Networks

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Module 4: Designing Routing and Switching Requirements.

An Integrated QoS, Security and Mobility Framework for Delivering Ubiquitous Services Across All IP-based Networks Haitham Cruickshank University of Surrey.

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

Communication Networks Fourth Meeting. Types of Networks  What is a circuit network?  Two people are connected and allocated them their own physical.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

SHAWN CROWE LTEC /026 ASSIGNMENT #3 Networking Components.

Terminal Independent Mobility for IP (TIMIP) António Grilo, Pedro Estrela, Mário Nunes, INESCIST, PORTUGAL IEEE Communication Magazine - December 2001.

5: Link Layer Part Link Layer r 5.1 Introduction and services r 5.2 Error detection and correction r 5.3Multiple access protocols r 5.4 Link-Layer.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

MOBILE IP GROUP NAME: CLUSTER SEMINAR PRESENTED BY : SEMINAR PRESENTED BY : SANTOSH THOMAS SANTOSH THOMAS STUDENT NO: STUDENT NO:

15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Chapter 7 Backbone Network. Announcements and Outline Announcements Outline Backbone Network Components  Switches, Routers, Gateways Backbone Network.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Chapter 17 Connecting Devices And Virtual LANs 17.# 1

A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.

A seamless handover between cdma2000 and WLAN for 3G-WLAN interworking service continuity 指導教授：黃培壝學生：陳鵬宇.

Network Components David Blakeley LTEC HUB A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN.

NETWORK COMPONENTS BY REYNALDO ZAMORA. HUB Hubs are devices that serve as the central connection for a network. Its job is to send data from one computer.

Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.

Networking Components WILLIAM NELSON LTEC HUB  Device that operated on Layer 1 of the OSI stack.  All I/O flows out all other ports besides the.

Networking Components William Isakson LTEC 4550 October 7, 2012 Module 3.

Networking Components Quick Guide. Hubs Device that splits a network connection into multiple computers Data is transmitted to all devices attached Computers.

NETWORKING COMPONENTS Jeffery Rice LTEC Assignment 3.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Instructor Materials Chapter 6 Building a Home Network

Integration of and Third-Generation Wireless Data Networks

Planning and Troubleshooting Routing and Switching

OSI Protocol Stack Given the post man exemple.

Firewalls Routers, Switches, Hubs VPNs

Computer Networking A computer network, often simply referred to as a network, is a collection of computers and devices connected by communications channels.

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

輔大資工所在職研一報告人：林煥銘學號： Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao Zhang, And Nan Tu NEC USA Inc.

P.2 Presented by Herman Lin Outline Introduction Architecture & Protocol Components Security Issues Mobility Management Conclusion

P.3 Presented by Herman Lin Introduction PamLAN: Public Access Mobility LAN Aim is to meet Ubiquitous access High data rate Local services demands Architectural guidelines for WLAN environments Large-scale IP-based Supporting mobile/portable appliances (Simultaneously support different air interfaces)

P.4 Presented by Herman Lin Introduction (cont’d) Based on wired LAN environment Wireless access points are imbeded Multi-segment LAN Supporting handoffs

P.5 Presented by Herman Lin Introduction (cont’d) Supports Internet Access via WLANs Multiple air interfaces Multiple virtual operators Location dependent services Local IP mobility QoS (within wired network)

P.6 Presented by Herman Lin Introduction (cont’d) The main disadvantage of current WLANs Lack of public access Being tied down to a single access point (i.e.,restriction to subscribers of the WLAN operator) Single air interface (reducing the range of appliances) Not a breakthrough in technological capacities Combination of available technologies

P.7 Presented by Herman Lin Architecture PamLANMultiple virtual operators, each operation a VOLAN, AAA features. VOLANVirtual operator LAN, extending VLAN capabilities across subnetworks for each virtual operator. VLANVirtual LAN, implementing user group features such as broadcast containment within a physical LAN. Table 1. PamLAN/VOLAN/VLAN hierarchy.

P.8 Presented by Herman Lin Architecture (cont’d) Switched Ethernet LAN Access Points Supporting IEEE, Bluetooth, Cellular,... IP-based access router with proxies Gateway routers Internet access through IP-tunneling

P.9 Presented by Herman Lin Architecture (cont’d)

P.10 Presented by Herman Lin Architecture (cont’d) Integration of Cellular IP & Mobile IP for supporting mobility MPLS (Multi-Protocol Label Switching) Brings QoS across multiple LAN segments IEEE VLAN standard 802.1Q IEEE 802.1p header for QoS

P.11 Presented by Herman Lin Large Scale PamLAN For single VLAN QoS can be easily supported For large scale WLANs? Intermediate routers work at layer 3 Source & destination addresses must be used for VOLAN membership Intermediate routers must know all IP addresses for VLAN mapping VLAN for grouping traffic per VOLAN MPLS for whole PamLAN

P.12 Presented by Herman Lin MPLS (Multi-Protocol Label Switching) Tunnels traffic between gateways & access points Intermediate routers only examine MPLS labels, which imposes a path Forwarding Equivalence Class (FEC) Formed based on VOLAN membership & QoS FEC is inserted in MPLS label Used for 802.1p priority within VLAN

P.13 Presented by Herman Lin MPLS (cont’d)

P.14 Presented by Herman Lin MPLS (cont’d) Traffic engineered paths can be set up among access points and Internet gateways according to service contracts between PamLan & virtual operators DiffServ QoS service: IEEE 802.1p & MPLS traffic engineering

P.15 Presented by Herman Lin Protocol Stack

P.16 Presented by Herman Lin Security Issues Four major components: Mutual Authentication Secure Channel Establishement Per packet encryption Filtering function

P.17 Presented by Herman Lin Security Issues RADIUS client DHCP Filter User’s Profile ： Public Key Subscription status

P.18 Presented by Herman Lin Mutual Authentication RADIUS (Remote Authentication Dial-In User Service) IP-based authentication (~ proposal) Basic Steps: Obtaining IP (DHCP) Login session access point: relay agent to virtual operator Challenge-responce protocol for authentication Send the user’s profile

P.19 Presented by Herman Lin Securing Channel Establishment After authentication User’s profile is transfered to the access point including his/her public key Access point sends session key encrypted under the corresponding public key IPSec together with ESP can be used for security at IP layer depending on user requests

P.20 Presented by Herman Lin Authorization Control Based on user credentials, packets can be filtered at the access point Through (authenticated with the session key) Sent to the authentication engine (login in) Blocked (unauthorized traffic)

P.21 Presented by Herman Lin Mobility Issues Mobility should be supported at layer 3 Multiple subnetworks within PamLAN Micromobility Roaming within PamLAN

P.22 Presented by Herman Lin Mobility Issues (cont’d) Possible approaches Cellular IP: Routing update message is sent from mobile device New AP, each router along the way, gateway update their routing table The mobile device periodically send paging packets The process is burden when a large number of mobile devices being served MPLS based: only end points have to update location Old, new access points and Internet gateway need to be informed

P.23 Presented by Herman Lin Cellular IP

P.24 Presented by Herman Lin Cellular IP Routing update Routing entries are refreshed periodically

P.25 Presented by Herman Lin Mobility Issues (cont’d) Fast AAA handoff No repetative authentication Move user profile from old access point to the new one(contain public key, old session key, mobile device IP, old session’s access policy) Old AP signals to the RADIUS server terminate the current accounting session New AP generates a new session key New AP sends old session key and new session key encrypted under user’s public key User uses the new session key to establish a secure connection with the new AP

P.26 Presented by Herman Lin Fast AAA handoff Contains : user’s public key, old session key, mobile device’s IP, access policy…. Fetch the profile old APnew AP

P.27 Presented by Herman Lin The old AP signals to the RADIUS server the termination of the current accounting session. old APnew AP Fast AAA handoff

P.28 Presented by Herman Lin Encrypts new session key and old session key using public key and send the result to the user in a UDP packet old APnew AP New session key + Old session key Fast AAA handoff

P.29 Presented by Herman Lin The mobile deveice decrypts these keys and compares the old session key old APnew AP New session key Establish a secure connection Fast AAA handoff

P.30 Presented by Herman Lin Conclusion Secure Economical Extensible Multiple service providers Multiple air interfaces Variety of services appropriate for coming generations of Internet appliances.

P.31 Presented by Herman Lin Reference