Presentation is loading. Please wait.

Presentation is loading. Please wait.

67 th IRTF MOBOPTS – 1 Media Independent Pre-Authentication and Implementation (draft-ohba-mobopts-mpa-framework-03.txt) (draft-ohba-mobopts-mpa-implementation-03.txt)

Similar presentations


Presentation on theme: "67 th IRTF MOBOPTS – 1 Media Independent Pre-Authentication and Implementation (draft-ohba-mobopts-mpa-framework-03.txt) (draft-ohba-mobopts-mpa-implementation-03.txt)"— Presentation transcript:

1 67 th IRTF MOBOPTS – 1 Media Independent Pre-Authentication and Implementation (draft-ohba-mobopts-mpa-framework-03.txt) (draft-ohba-mobopts-mpa-implementation-03.txt) Yoshihiro Ohba, Ashutosh Dutta (Ed.), Victor Fajardo, Kenichi Taniuchi, Rafa Lopez, Henning Schulzrinne Presented by: Ashutosh Dutta 67 th IETF, San Diego

2 67 th IRTF MOBOPTS – 2 Outline  Motivation  Related Work  MPA Framework Overview  Optimization Features  Implementation Results –Intra-technology, Inter-domain –Inter-technology, Inter-domain –Bootstrapping Layer 2  Deployment Considerations  Conclusion & Future Work

3 67 th IRTF MOBOPTS – 3 Motivation  Secured seamless convergence requires that jitter, delay and packet loss are limited for real-time applications without compromising the security –ITU G.114 defines 150 ms end-to-end delay and 3% packet loss for VoIP  Handoff delays exist at several layers – Layer 2 (handoff between AP/BS), Layer 3 (IP address acquisition and other configuration parameters), Binding Update, Authentication, Authorization  The challenge is even greater when moving between heterogeneous networks –Mutiple access characteristics (802.11, CDMA, 802.16, GSM) –Multiple AAA domains –Diverse QoS requirement –Different configuration mechanism (e.g., DHCP, PPP) –Different mobility requirement (802.11, GPRS, 802.16)

4 67 th IRTF MOBOPTS – 4 Mobility Optimization - Related Work  Cellular IP, HAWAII - Micro Mobility  MIP-Regional Registration, Mobile-IP low latency, IDMP  FMIPv6, HMIPv6 (IPv6)  Yokota et al - Link Layer Assisted handoff  Shin et al, Velayos et al - Layer 2 delay reduction  Gwon et al, - Tunneling between FAs, Enhanced Forwarding PAR  SIP-Fast Handoff - Application layer mobility optimization  DHCP Rapid-Commit, Optimized DAD - Faster IP address acquisition

5 67 th IRTF MOBOPTS – 5 Media-independent Pre-Authentication (MPA)  MPA is a mobile-assisted higher-layer authentication, authorization and handover scheme that is performed a-priori to establishing L2 connectivity to a network where mobile may move in near future  Primarily three phases 1)Pre-authentication 2)Pre-configuration 3)Proactive Handover  MPA provides a secure and seamless mobility optimization that works for Inter-subnet handoff, Inter-domain handoff and Inter-technology handoff  MPA works with any mobility management protocol  Works with any network discovery scheme (IEEE 802.21, 802.11u, CARD etc.) Time Conventional Method AP Discovery AP Switching MPA Pre-authentication IP address configuration & IP handover Time Client Authentic ation Packet Loss Period

6 67 th IRTF MOBOPTS – 6 Home Network HA MPA Overview (Inter-domain, Intra-Tech) CN: Correspondent Node MN: Mobile Node AA: Authentication Agent CA: Configuration Agent AR: Access Router BA: Buffering Agent AACA A(X) 2. DATA [CN A(Y)] over proactive handover tunnel [AR A(X)] AR L2 handoff procedure Domain X Domain Y CN Data in new domain 1. DATA[CN A(X)] MN-CA key Pre configuration pre-authentication MN-AR key 3. DATA[CN A(Y)] Data in old domain MN A(Y) BU Proactive handover tunneling end procedure Tunneled Data MN BA

7 67 th IRTF MOBOPTS – 7 MPA-assisted Seamless Handoff (a deployment scenario) AACA MN-CA key AR Network 3 AR AACA MN-CA key Network 2 INTERNET Information Server Mobile Current Network 1 AR AP1 Coverage Area AP 2 & 3 Coverage Area AR Network 4 CN AP3AP2 AP1 CTN TN CTN – Candidate Target Networks TN – Target Network

8 67 th IRTF MOBOPTS – 8 Key Optimization Features for MPA  Pre-authentication –L3, L2 layer pre-authentication  Pre-Configuration –Proactive IP Address Acquisition (Stateful, Stateless) –Proactive Duplicate IP Address Detection –Proactive Address Resolution  Proactive Mobility Binding Update  Security bootstrapping –Link Layer –IP Layer  Layer 2 optimization  Dynamic Buffering Scheme –Buffering and Copy-Forwarding  Tunnel Management

9 67 th IRTF MOBOPTS – 9 Protocol Set for current MPA prototype Mobility Management ProtocolMIPv6SIPM Information Service Scheme (802.21)XML/RDF Pre-authentication protocolPANA Pre-configuration protocolStateless, PANA DHCP Relay, PANA Proactive handover tunneling protocol IPsecIP-in-IP Proactive handover tunnel management protocol PANA Buffer Management ProtocolPANA Link-layer securityNone

10 67 th IRTF MOBOPTS – 10 Comparison - Intra-Technology, Inter-domain Handover (Case- I) Audio output comparison Delay and packet loss statistic

11 67 th IRTF MOBOPTS – 11 Inter Technology, Inter-domain  Scenario 1: If multiple interfaces can be simultaneously used during handover  Scenario 2: If multiple interfaces cannot be simultaneously used during handover, then it is not easy to support seamless handover from one interface to another –This can happen when the old interface suddenly becomes unavailable (this can happen over Wi-Fi link) CN MN Wi-FiEV-DO Application Traffic Handover Signaling CN MN Wi-FiEV-DO During Handover (Packet loss incurred)After Handover Application Traffic Sudden Link down MN: Mobile Node CN: Correspondent Node Scenario 2: Multiple Interfaces cannot be used simultaneously

12 67 th IRTF MOBOPTS – 12 MPA Framework - Inter-domain, Inter-Tech  Demonstration Scenario –Sudden Disconnection from WiFi Network  The handover tunnel server is placed outside the EV-DO network, instead of placing it at the access router of EV-DO  MN: Linux PC  CN: Linux PC or Windows CE cell-phone  Handover tunnel server: Linux PC  Wireless LAN: 802.11b  Handover tunnel encapsulation method: IP-in-IP  Handover tunnel management protocol: PANA  Application: Skype CN (Linux PC or WinCE cell-phone) MN (Linux PC) Wi-Fi (802.11b) EV-DO Handover Tunnel Server (Linux PC) Packet loss = 0 Handoff Delay = 50 – 60 ms Duplicate Packets = 10

13 67 th IRTF MOBOPTS – 13 Typical Roaming architecture

14 67 th IRTF MOBOPTS – 14 Layer 2 Pre-authentication and bootstrapping

15 67 th IRTF MOBOPTS – 15 MPA L2 pre-authentication Types Of Authentication IEEE 802.11i EAP/TLS Post Authentication IEEE 802.11i Pre-authentication Network Layer Assisted layer 2 pre- authentication Operation Non Roaming Non Roaming Non Roaming T auth 61 ms599 ms99 ms638 ms177 ms831 ms T Conf (2 AP) -- 16 ms17 ms Tassoc + 4 Way handshake 18 ms17 ms16 ms17 ms15 ms17 ms Total79 ms616 ms115 ms655 ms208 ms865 ms Time affecting handover 79 ms616 ms16 ms17 ms15 ms17 ms

16 67 th IRTF MOBOPTS – 16 Deployment Considerations  Authentication State Management  Pre-allocation of QoS resources  Scalability and Resource Allocation  Failed Switchover during handover –Ping-Pong Effect  Pre-authentication with multiple CTNs  Multicast Mobility  MPA for IMS Networks  Applicability to other Fast-handoff approaches –L3 and L2 pre-authentication –MPA’s stateful proactive configuration

17 67 th IRTF MOBOPTS – 17 MPA and Multicast Mobility Communicates the group address during pre-authentication phase Provides multicast stream proactively Reduces JOIN latency Applicable to Remote subscription-based and home subscription-based approach Remote subscription-based approach Home subscription-based approach PAR NAR AA

18 67 th IRTF MOBOPTS – 18 P/I-CSCFPDSN PCF P/I-CSCF S/I-CSCF HA Internet PDSN P/I-CSCF AP WiFi Network Home Network PDIF/PDG DHCP AAA/HSS AS SPE Network 1 Network 2 Network 3 MPA for IMS/MMD Network

19 67 th IRTF MOBOPTS – 19 MPA to pre-allocate end-to-end QoS  Use MPA and NSIS to reserve the end-to-end QoS guarantee for the new interface and the target network while using the old interface  Choose the target network based on the available end-to-end QoS

20 67 th IRTF MOBOPTS – 20 Related Drafts  draft-ohba-mobopts-heterogeneous-requirement-01.txt  draft-ohba-pana-preauth-00.txt  draft-ohba-preauth-ps-00.txt  draft-yacine-preauth-ipsec-01.txt

21 67 th IRTF MOBOPTS – 21 Conclusions Future Work  MPA attempts to address the issues of inter-domain handover and heterogeneous handover  MPA framework in conjunction with network discovery provides an optimized handover solution independent of mobility management protocol  Current Implementation results of MPA –Inter-domain, Intra-tech –Inter-domain, Inter-tech –Layer 2 bootstrapping –MIPv6 and SIP-based mobility Protocols  Results of FMIPv6 without pre- authentication support and MPA exhibit comparable performance characteristics and is bound by layer 2 delay  MPA’s pre-authentication part has been adopted by HOKEY WG  Implement other functionalities of MPA –Performance results with multiple pre- authentication in the neighboring networks –Performance of MPA for IMS/MMD network –Performance of MPA for Multicast Mobility  Experiment with MPA’s pre-authentication mechanism to augment FMIPv6


Download ppt "67 th IRTF MOBOPTS – 1 Media Independent Pre-Authentication and Implementation (draft-ohba-mobopts-mpa-framework-03.txt) (draft-ohba-mobopts-mpa-implementation-03.txt)"

Similar presentations


Ads by Google