1. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Hiroshi Mano, Root, Inc.Slide 1 Fast Initial Authentication Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at.http:// ieee802.org/guides/bylaws/sb-bylaws.pdfstuart.kerry@philips.compatcom@ieee.org Date: 2010-03-17 Authors: NameCompanyAddressPhoneemail Hiroshi MANOROOT Inc.8F TOC2 Bldg. 7-21-11 Nishi- Gotanda, Shinagawa-ku, Tokyo 141-0031 JAPAN +81-3-5719-7630hmano@root-hq.com Hitoshi MORIOKAROOT Inc.#33 Ito Bldg. 2-14-38 Tenjin, Chuo-ku, Fukuoka 810-0001 JAPAN +81-92-771-7630hmorioka@root-hq.com Marcus Sonnemann TU BerlinEinsteinufer 25 10587 Berlin Germany sonnemann@tkn.tu- berlin.de Mineo Takai Space Time Engineering

2. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Hiroshi Mano, Root, Inc.Slide 2 Agenda Motivation and background of proposal Limitation of coexisted standard –Long time initial authentication –Scalability of simultaneous access for initial authentication –Operator oriented roaming support Example idea of Fast secured Initial Authentication –Implementation of fast secured initial authentication Time Analysis Security Analysis –Example idea of supporting contentious IP connection Straw Poll/Motion

3. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Limitation of market growth in the existing 802.11 IEEE802.11 evolved greatly for the past ten years and got big success in a market –Bandwidth : 11/2Mbps →11b/11Mbps→11g/54Mbps →11n/300Mbps –Securities : WEP->WPA->WPA2 –Service device Desktop PC → Note Book → PDA → Portable game, Digital Camera → Hybrid cell phone. However –We are still in nomadic services. Hiroshi Mano, Root, Inc.Slide 3

4. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Nomadic Vs Mobile Nomadic STA must be stationary while in use. Mobile STA do not need stop while in use. Hiroshi Mano, Root, Inc.Slide 4 Reference :RECOMMENDATION ITU-R F.1399-1 “Vocabulary of terms for wireless access” MWA & NWA

5. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Today’s market back ground –Growth of portable device Number of portable device which incorporate Wi-Fi is more than PC’s Low power consumption device realized the use of the always-on connection type service. –New application’s request (Twitter, Face book…) Push Notification Service Quick update –Only cell phone provide these service –Highly bandwidth Very SMALL CELL of each AP Hiroshi Mano, Root, Inc.Slide 5

6. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Prospect of use case 1 Quick update contents and push service. –You can update new messages and location data while just passing an AP's coverage. –So you do not have to stop many times like serious landing operation. –Service provider can distribute the handbill without stopping the foot of the customer. Location Pop E-mail Twitter Hiroshi Mano, Root, Inc.Slide 6Hiroshi Mano, Root, Inc.Slide 6 LocationMessagesHandbill New location and presence Updated new twitters and messages Get new handbills No need stop! Just pass through!

7. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Prospect use case 2 Hiroshi Mano, Root, Inc.Slide 7Hiroshi Mano, Root, Inc.Slide 7Hiroshi Mano, Root, Inc.Slide 7 No need stop! Just pass through! Automatic Electrical Cash Register Security Gate ID Exchange

8. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Prospect use case 3 Automatic metering –Power electric –Walter meter –etc.. Hiroshi Mano, Root, Inc.Slide 8

9. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Limitation of coexisted standard Long Authentication and Key Management time loosing scalability Limited number of simultaneous access of initial authentications Limited speed of moving devices Hiroshi Mano, Root, Inc.Slide 9

10. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Scope of.11r and.11i IEEE802.11r support high speed mobility within the same ESSID Hiroshi Mano, Root, Inc.Slide 10 Network A AP ESSID 1 AP ESSID 2 AP ESSID.11i is used for Initial authentication Operator II Operator I Intra-Network Fast Handover is supported by.11r

11. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Hiroshi Mano, Root, Inc.Slide 11 Time consumption for initial authentication Waste much time to … 1.Discover a new AP. Latency can be reduced by 11k or background scan. 2.Make association with a new AP. (includes authentication/key exchange…) 11i authentication is not so fast. –It needs many packet exchanges. 3.Upper layer setup. (Out of Scope) 4.Upper layer handover. (Out of Scope) Most of time consumption in initial authentication process is used for AKM. Therefore Fast S ecure initial authentication is key solution for high speed mobility.

12. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Handover Taxonomy Handover Phases Network Discovery Handover Decision Link layer (re-) establishment = Scanning and other means Goal: Find other BSSs in reach Active / passive scanning  not mandatory for network discovery but only for synchronizing TSF timer Implicit knowledge (neighborhood reports) in combination with localization Existing approaches e.g. background scanning can reduce the delay to tens of ms [1--4]  Associated delay theoretically not noticeable if we can avoid requiring synchronization of TSF timer during the handover process = when to leave old BSS and connect to new one Decision based on (vendor specific) algorithm  not the concern of the standard Several approaches potentially resulting in zero delay handover possible Location based in combination with estimation of AP’s coverage area RSS-based [1,5--7] = Authentication, Association (+ security) No Security: Open Authentication & Association @ 1 Mbps = 2.8 ms mean value + time for required synchronization of TSF (2 ms mean)  Total of 4.8 ms [1] Adding Security: IEEE802.11i ( PEAP/EAP-MSCHAPv2) increases delay to at least 48ms, large number of simultaneous handover cause a tremendous network load due to the large number of message exchanges  does not scale Optimized: IEEE802.11r can reduce delay to up to XXXXX but can be only applied within a single ESS Currently, we do not have a fast handover including security that a) is suitable for frequent handover scenarios due to highly mobile users b) scales for large number of simultaneously occurring handovers

13. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Slide 13 Protocol Sequence between AP and STA on IEEE802.11i ( PEAP/EAP-MSCHAPv2) STA AP EAPOL-Start EAP-Success PEAP EAP-MSCHAPv2 (4 round trip) Establishing TLS tunnel for PEAP (3 round trip) EAP-Identity (1 round trip) Association (1 round trip) Authentication (1 round trip) EAPOL-Key (2 round trip) Total: 14 round trip Probe (1 round trip) Slide 13Hiroshi Mano, Root, Inc.

14. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Airtime consumption for every single authentication process We observed an STA connecting to an AP with PEAP/MS-CHAPv2 by IEEE802.11g. All management frames were transmitted in 1Mbps mode. Required airtime for one unicast frame is defined as described below. Frame Occupied Time DIFSCW ACK aSlotTime:20us aSIFSTime:10us aPreambleLength:144us aPLCPHeaderLength:48bits aCWmin:31 aCWmax:1023 DIFS:50us CW:620us ACKRate:1Mbps ACKLength:14Bytes TXTIME SIFS TXTIME PEAP/EAP-MSCHAPv2 needs 14 round trip frame exchanges. From our observation result, total frame length without PLCP header is 4390 byte. An STA needs 48.4ms airtime connecting to an AP. Slide 14Hiroshi Mano, Root, Inc.

15. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Simulation Assumption –Place: Train Station –Time: Rush Hour –Walking Speed: 4.8km/h=80m/min –AP cover area: 80m*80m square –Occupied Space by 1 Person: 2m*2m square –All persons have a cellular phone which supports WLAN. –All persons are walking same direction. 1,600 STAs are passing through the AP’s cover area in 1 minutes. this means 1,600 authentication process should be proceeded during every 1 minutes. Every authentication process needs 48.4ms airtime to connect to the AP. Only 1,238 authentication process can be proceeded. There is no time space to data communication. Furthermore, AP transmits beacons, STA needs DHCP… exiting initial authentication is not scale for mobility Slide 15Hiroshi Mano, Root, Inc.

16. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 References [1]M. Emmelmann. System Design and Proof-of-Concept Implementation of Seamless Handover Support for Communication-Based Train Control. In M. Emmelmann, B. Bochow, and C. Kellum, editors, Vehicular Networking -- Automotive Applications and Beyond. John Wiley & Sons, 2010, ISBN: 9780470741542. [2]M. Emmelmann, S. Wiethölter, and H.-T. Lim. Continuous network discovery using Opportunistic Scanning. 802.11 WNG SC Wireless Next Generation Standing Committee. Doc. 09/1207r1. IEEE 802.11 Plenary, Atlanta, GA, USA, November 16 -- 20, 2009. [3] M. Emmelmann and H.-T. Lim. Empirical Evaluation of Overlap Requirements of Adjacent Radio Cells for Zero Delay Handover. In Proc. of Vehicular Technology Conference (VTC) Fall 2009, Anchorage, Alaska, USA, Sep 20-23, 2009. [4] M. Emmelmann, S. Wiethölter, and H.-T. Lim. Opportunistic Scanning: Interruption-Free Network Topology Discovery for Wireless Mesh Networks. In Porc. of International Symposium on a World of Wireless, Mobile and Multimedia Networks (IEEE WoWMoM), Kos, Greece, June 15-19, 2009. [5] M. Emmelmann. Velocity Effects on RSM-based Handover Decision. 802.11 TGt Wireless Performance Prediction Task Group Doc. 05/0233r1. IEEE 802.11 Plenary, Atlanta, USA, March 13 -- 18, 2005. [6] Marc Emmelmann. "Influence of Velocity on the Handover Delay associated with a Radio-Signal- Measurement-based Handover Decision". In Proc. of IEEE Vehicular Technology Conference (VTC 2005 Fall), Dallas, TX, USA, September 2005. Digital Object Identifier 10.1109/VETECF.2005.1558955. [7] M. Emmelmann and H.-T. Lim. Empirical Evaluation of Overlap Requirements of Adjacent Radio Cells for Zero Delay Handover. In Proc. of Vehicular Technology Conference (VTC) Fall 2009, Anchorage, Alaska, USA, Sep 20-23, 2009.

17. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Hiroshi Mano, Root, Inc.Slide 17 Questions & Comments

18. doc.: IEEE 802.11-10/0r0 Submission Mar 2010 Hiroshi Mano, Root, Inc.Slide 18 Straw Poll? Motion? “?”