Presentation is loading. Please wait.

Presentation is loading. Please wait.

輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.

Published byMarianna Gordon Modified over 9 years ago

Similar presentations

Presentation on theme: "輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao."— Presentation transcript:

1 輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao Zhang, And Nan Tu NEC USA Inc.

2 P.2 Presented by Herman Lin Outline Introduction Architecture & Protocol Components Security Issues Mobility Management Conclusion

3 P.3 Presented by Herman Lin Introduction PamLAN: Public Access Mobility LAN Aim is to meet Ubiquitous access High data rate Local services demands Architectural guidelines for WLAN environments Large-scale IP-based Supporting mobile/portable appliances (Simultaneously support different air interfaces)

4 P.4 Presented by Herman Lin Introduction (cont’d) Based on wired LAN environment Wireless access points are imbeded Multi-segment LAN Supporting handoffs

5 P.5 Presented by Herman Lin Introduction (cont’d) Supports Internet Access via WLANs Multiple air interfaces Multiple virtual operators Location dependent services Local IP mobility QoS (within wired network)

6 P.6 Presented by Herman Lin Introduction (cont’d) The main disadvantage of current WLANs Lack of public access Being tied down to a single access point (i.e.,restriction to subscribers of the WLAN operator) Single air interface (reducing the range of appliances) Not a breakthrough in technological capacities Combination of available technologies

7 P.7 Presented by Herman Lin Architecture PamLANMultiple virtual operators, each operation a VOLAN, AAA features. VOLANVirtual operator LAN, extending VLAN capabilities across subnetworks for each virtual operator. VLANVirtual LAN, implementing user group features such as broadcast containment within a physical LAN. Table 1. PamLAN/VOLAN/VLAN hierarchy.

8 P.8 Presented by Herman Lin Architecture (cont’d) Switched Ethernet LAN Access Points Supporting IEEE, Bluetooth, Cellular,... IP-based access router with proxies Gateway routers Internet access through IP-tunneling

9 P.9 Presented by Herman Lin Architecture (cont’d)

10 P.10 Presented by Herman Lin Architecture (cont’d) Integration of Cellular IP & Mobile IP for supporting mobility MPLS (Multi-Protocol Label Switching) Brings QoS across multiple LAN segments IEEE VLAN standard 802.1Q IEEE 802.1p header for QoS

11 P.11 Presented by Herman Lin Large Scale PamLAN For single VLAN QoS can be easily supported For large scale WLANs? Intermediate routers work at layer 3 Source & destination addresses must be used for VOLAN membership Intermediate routers must know all IP addresses for VLAN mapping VLAN for grouping traffic per VOLAN MPLS for whole PamLAN

12 P.12 Presented by Herman Lin MPLS (Multi-Protocol Label Switching) Tunnels traffic between gateways & access points Intermediate routers only examine MPLS labels, which imposes a path Forwarding Equivalence Class (FEC) Formed based on VOLAN membership & QoS FEC is inserted in MPLS label Used for 802.1p priority within VLAN

13 P.13 Presented by Herman Lin MPLS (cont’d)

14 P.14 Presented by Herman Lin MPLS (cont’d) Traffic engineered paths can be set up among access points and Internet gateways according to service contracts between PamLan & virtual operators DiffServ QoS service: IEEE 802.1p & MPLS traffic engineering

15 P.15 Presented by Herman Lin Protocol Stack

16 P.16 Presented by Herman Lin Security Issues Four major components: Mutual Authentication Secure Channel Establishement Per packet encryption Filtering function

17 P.17 Presented by Herman Lin Security Issues RADIUS client DHCP Filter User’s Profile : Public Key Subscription status

18 P.18 Presented by Herman Lin Mutual Authentication RADIUS (Remote Authentication Dial-In User Service) IP-based authentication (~802.11 proposal) Basic Steps: Obtaining IP (DHCP) Login session access point: relay agent to virtual operator Challenge-responce protocol for authentication Send the user’s profile

19 P.19 Presented by Herman Lin Securing Channel Establishment After authentication User’s profile is transfered to the access point including his/her public key Access point sends session key encrypted under the corresponding public key IPSec together with ESP can be used for security at IP layer depending on user requests

20 P.20 Presented by Herman Lin Authorization Control Based on user credentials, packets can be filtered at the access point Through (authenticated with the session key) Sent to the authentication engine (login in) Blocked (unauthorized traffic)

21 P.21 Presented by Herman Lin Mobility Issues Mobility should be supported at layer 3 Multiple subnetworks within PamLAN Micromobility Roaming within PamLAN

22 P.22 Presented by Herman Lin Mobility Issues (cont’d) Possible approaches Cellular IP: Routing update message is sent from mobile device New AP, each router along the way, gateway update their routing table The mobile device periodically send paging packets The process is burden when a large number of mobile devices being served MPLS based: only end points have to update location Old, new access points and Internet gateway need to be informed

23 P.23 Presented by Herman Lin Cellular IP

24 P.24 Presented by Herman Lin Cellular IP Routing update Routing entries are refreshed periodically

25 P.25 Presented by Herman Lin Mobility Issues (cont’d) Fast AAA handoff No repetative authentication Move user profile from old access point to the new one(contain public key, old session key, mobile device IP, old session’s access policy) Old AP signals to the RADIUS server terminate the current accounting session New AP generates a new session key New AP sends old session key and new session key encrypted under user’s public key User uses the new session key to establish a secure connection with the new AP

26 P.26 Presented by Herman Lin Fast AAA handoff Contains : user’s public key, old session key, mobile device’s IP, access policy…. Fetch the profile old APnew AP

27 P.27 Presented by Herman Lin The old AP signals to the RADIUS server the termination of the current accounting session. old APnew AP Fast AAA handoff

28 P.28 Presented by Herman Lin Encrypts new session key and old session key using public key and send the result to the user in a UDP packet old APnew AP New session key + Old session key Fast AAA handoff

29 P.29 Presented by Herman Lin The mobile deveice decrypts these keys and compares the old session key old APnew AP New session key Establish a secure connection Fast AAA handoff

30 P.30 Presented by Herman Lin Conclusion Secure Economical Extensible Multiple service providers Multiple air interfaces Variety of services appropriate for coming generations of Internet appliances.

31 P.31 Presented by Herman Lin Reference

Download ppt "輔大資工所 在職研一 報告人:林煥銘 學號: 492515241 Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao."

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Identifying MPLS Applications

Identifying MPLS Applications
Always Best Connected Architecture and Design Rajesh Mishra Ericsson Berkeley Wireless Center.

Always Best Connected Architecture and Design Rajesh Mishra Ericsson Berkeley Wireless Center.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Omniran-13-0040-00-0000 1 3GPP Trusted WLAN Access to EPC Use Case Analysis Date: 2013-05-15 Authors: NameAffiliationPhoneEmail Max RiegelNSN+49 173 293.

Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Rev A8/8/021 ABC Networks

Rev A8/8/021 ABC Networks
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Presented by Hasan SÖZER1 PUBLIC ACCESS MOBILITY LAN: EXTENDING THE WIRELESS INTERNET INTO THE LAN ENVIRONMENT JUN LI STEPHEN B.WEINSTEIN JUNBIAO ZHANG.

Presented by Hasan SÖZER1 PUBLIC ACCESS MOBILITY LAN: EXTENDING THE WIRELESS INTERNET INTO THE LAN ENVIRONMENT JUN LI STEPHEN B.WEINSTEIN JUNBIAO ZHANG.
A Guide to major network components

A Guide to major network components
Www.planet.com.tw Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design 2006.9.28 Copyright © PLANET Technology.

Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design Copyright © PLANET Technology.
Computer Networking Devices Seven Different Networking Components.

Computer Networking Devices Seven Different Networking Components.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.

VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,

Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,

Similar presentations

Ads by Google