AAA architectures applied in multi-domain IMS (IP multimedia subsystem)

There is a group of communication services that use\ud resources from multiple domains in order to deliver their service.\ud Authorization of the end-user is important for such services,\ud because several domains are involved. There are no current\ud solutions for delivering authentication, authorization and\ud accounting (AAA) to multi-domain services. In our study we\ud present two architectures for the delivery of AAA to such\ud services. The architectures are analyzed on their qualitative\ud aspects. A result of this analysis is that direct interconnection of\ud AAA servers is an effective architectural solution. In current\ud multi-domain IP Multimedia Subsystem (IMS) architectures,\ud direct interconnection of AAA servers, such as the Home\ud Subscriber Servers (HSS), is not yet possible. In this paper we\ud argue and recommend to extend the IMS specification by adding\ud a new interface to HSS in order to support the direct\ud interconnection of HSS/AAA servers located in different IMS\ud administrative domains

Evaluation of policy based admission control mechanisms in NGN

The 3GPP consortium proposed in the release 7 of the IP Multimedia Subsystem (IMS) a Diameter interface for the resource admission communication process replacing the previous COPS solution. Although both academic and industry communities have deeply debate the advantages and disadvantages of each protocol, its impact in NGN may have not been thoroughly quantified. This paper compares both protocols in terms of messages exchanged between network entities, and of bandwidth requirements during the admission control process. Based on general network operator environment characteristics, we present several exploitation scenarios where it is analyzed the scalability and adequacy of each protocol

Flat Cellular (UMTS) Networks

Traditionally, cellular systems have been built in a hierarchical manner: many specialized cellular access network elements that collectively form a hierarchical cellular system. When 2G and later 3G systems were designed there was a good reason to make system hierarchical: from a cost-perspective it was better to concentrate traffic and to share the cost of processing equipment over a large set of users while keeping the base stations relatively cheap. However, we believe the economic reasons for designing cellular systems in a hierarchical manner have disappeared: in fact, hierarchical architectures hinder future efficient deployments. In this paper, we argue for completely flat cellular wireless systems, which need just one type of specialized network element to provide radio access network (RAN) functionality, supplemented by standard IP-based network elements to form a cellular network. While the reason for building a cellular system in a hierarchical fashion has disappeared, there are other good reasons to make the system architecture flat: (1) as wireless transmission techniques evolve into hybrid ARQ systems, there is less need for a hierarchical cellular system to support spatial diversity; (2) we foresee that future cellular networks are part of the Internet, while hierarchical systems typically use interfaces between network elements that are specific to cellular standards or proprietary. At best such systems use IP as a transport medium, not as a core component; (3) a flat cellular system can be self scaling while a hierarchical system has inherent scaling issues; (4) moving all access technologies to the edge of the network enables ease of converging access technologies into a common packet core; and (5) using an IP common core makes the cellular network part of the Internet

Securing Handover in Wireless IP Networks

In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources. Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors. In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test

On secure communication in integrated internet and heterogeneous multi-hop wireless networks.

Integration of the Internet with a Cellular Network, WMAN, WLAN, and MANET presents an exceptional promise by having co-existence of conventional WWANs/WMANs/WLANs with wireless ad hoc networks to provide ubiquitous communication. We call such integrated networks providing internet accessibility for mobile users as heterogeneous multi-hop wireless networks where the Internet and wireless infrastructure such as WLAN access points (APs) and base stations (BSs) constitute the backbone for various emerging wireless networks (e.g., multi-hop WLAN and ad hoc networks. Earlier approaches for the Internet connectivity either provide only unidirectional connectivity for ad hoc hosts or cause high overhead as well as delay for providing full bi-directional connections. In this dissertation, a new protocol is proposed for integrated Internet and ad hoc networks for supporting bi-directional global connectivity for ad hoc hosts. In order to provide efficient mobility management for mobile users in an integrated network, a mobility management protocol called multi-hop cellular IP (MCIP) has been proposed to provide a micro-mobility management framework for heterogeneous multi-hop network. The micro-mobility is achieved by differentiating the local domain from the global domain. At the same time, the MCIP protocol extends Mobile IP protocol for providing macro-mobility support between local domains either for single hop MSs or multi-hop MSs. In the MCIP protocol, new location and mobility management approaches are developed for tracking mobile stations, paging, and handoff management. This dissertation also provides a security protocol for integrated Internet and MANET to establish distributed trust relationships amongst mobile infrastructures. This protocol protects communication between two mobile stations against the attacks either from the Internet side or from wireless side. Moreover, a secure macro/micro-mobility protocol (SM3P) have been introduced and evaluated for preventing mobility-related attacks either for single-hop MSs or multi-hop MSs. In the proposed SM3P, mobile IP security has been extended for supporting macro-mobility across local domains through the process of multi-hop registration and authentication. In a local domain, a certificate-based authentication achieves the effective routing and micro-mobility protection from a range of potential security threats

MOBILITY SUPPORT ARCHITECTURES FOR NEXT-GENERATION WIRELESS NETWORKS

With the convergence of the wireless networks and the Internet and the booming demand for multimedia applications, the next-generation (beyond the third generation, or B3G) wireless systems are expected to be all IP-based and provide real-time and non-real-time mobile services anywhere and anytime. Powerful and efficient mobility support is thus the key enabler to fulfil such an attractive vision by supporting various mobility scenarios. This thesis contributes to this interesting while challenging topic. After a literature review on mobility support architectures and protocols, the thesis starts presenting our contributions with a generic multi-layer mobility support framework, which provides a general approach to meet the challenges of handling comprehensive mobility issues. The cross-layer design methodology is introduced to coordinate the protocol layers for optimised system design. Particularly, a flexible and efficient cross-layer signalling scheme is proposed for interlayer interactions. The proposed generic framework is then narrowed down with several fundamental building blocks identified to be focused on as follows. As widely adopted, we assume that the IP-based access networks are organised into administrative domains, which are inter-connected through a global IP-based wired core network. For a mobile user who roams from one domain to another, macro (inter-domain) mobility management should be in place for global location tracking and effective handoff support for both real-time and non-real-lime applications. Mobile IP (MIP) and the Session Initiation Protocol (SIP) are being adopted as the two dominant standard-based macro-mobility architectures, each of which has mobility entities and messages in its own right. The work explores the joint optimisations and interactions of MIP and SIP when utilising the complementary power of both protocols. Two distinctive integrated MIP-SIP architectures are designed and evaluated, compared with their hybrid alternatives and other approaches. The overall analytical and simulation results shown significant performance improvements in terms of cost-efficiency, among other metrics. Subsequently, for the micro (intra-domain) mobility scenario where a mobile user moves across IP subnets within a domain, a micro mobility management architecture is needed to support fast handoffs and constrain signalling messaging loads incurred by intra-domain movements within the domain. The Hierarchical MIPv6 (HMIPv6) and the Fast Handovers for MIPv6 (FMIPv6) protocols are selected to fulfil the design requirements. The work proposes enhancements to these protocols and combines them in an optimised way. resulting in notably improved performances in contrast to a number of alternative approaches