Mobility management across converged IP-based heterogeneous access networks

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 8/2/2010.In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme

A survey of potential architectures for communication in heterogeneous networks

An increasingly wireless world will mean that devices with multiple network interfaces will soon become commonplace. Users will expect to be always connected from anywhere and at any time as connections will be switched to available networks using handover techniques. However, different networks have different Qualities-of-Service so a Quality-of-Service Framework is needed to help applications and services deal with this new environment. In addition, since these networks must work together, future mobile systems will have an open, instead of the currently closed, architecture. Therefore new mechanisms will be needed to protect users, servers and network infrastructure. This means that future mobile networks will have to integrate communications, mobility, quality-of service and security. This paper provides an overview of potential architectures for communication in future networks. Our study shows that only a number of these architectures support this integration

Providing security in 4G systems: unveiling the challenges

Several research groups are working on designing new security architectures for 4G networks such as Hokey and Y-Comm. Since designing an efficient security module requires a clear identification of potential threats, this paper attempts to outline the security challenges in 4G networks. A good way to achieve this is by investigating the possibility of extending current security mechanisms to 4G networks. Therefore, this paper uses the X.805 standard to investigate the possibility of implementing the 3G’s Authentication and Key Agreement (AKA) protocol in a 4G communication framework such as YComm. The results show that due to the fact that 4G is an open, heterogeneous and IP-based environment, it will suffer from new security threats as well as inherent ones. In order to address these threats without affecting 4G dynamics, Y-Comm proposes an integrated security module to protect data and security models to target security on different entities and hence protecting not only the data but, also resources, servers and users

Securing Handover in Wireless IP Networks

In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources. Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors. In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test

A formally verified AKA protocol for vertical handover in heterogeneous environments using Casper/FDR

Next generation networks will comprise different wireless networks including cellular technologies, WLAN and indoor technologies. To support these heterogeneous environments, there is a need to consider a new design of the network infrastructure. Furthermore, this heterogeneous environment implies that future devices will need to roam between different networks using vertical handover techniques. When a mobile user moves into a new foreign network, data confidentiality and mutual authentication between the user and the network are vital issues in this heterogeneous environment. This article deals with these issues by first examining the implication of moving towards an open architecture, and then looking at how current approaches such as the 3GPP, HOKEY and mobile ethernet respond to the new environment while trying to address the security issue. The results indicate that a new authentication and key agreement protocol is required to secure handover in this environment. Casper/FDR, is used in the analysis and development of the protocol. The proposed protocol has been proven to be successful in this heterogeneous environment

Security and mobility in 802.11 structured networks

Mestrado em Engenharia Electrónica e TelecomunicaçõesNesta tese é apresentado um protocolo que permite handovers rápidos e seguros em redes estruturadas 802.11. Este protocolo recupera o paradigma original do 802.11: autenticar primeiro, reassociar depois. Partindo deste paradigma, apresentamos duas novas operações 802.11 de autenticação e (re)associacão, que permitem que uma estacão móvel realize reautenticacões e reassociações com as mesmas funcionalidades do 802.1X. Esta nova aproxiamação requer pouca mudança na arquitectura da rede, nomeadamente só necessita de um novo Servidor de Reautenticação, para armazenar os dados usados pelas estações móveis durante as reautenticações. Nesta tese é também apresentada uma extensão do nosso protocolo, de maneira a permitir uma migração rápida e segura entre ESS usando Mobile IP. ABSTRACT: This thesis presents a fast, secure handover protocol that recovers the original 802.11 paradigm: authenticate first, reassociate next. Following this paradigm, we present two new 802.11 authentication and (re)association operations which allow a mobile station to perform network reauthentications and reassociations with the same functionality of a complete 802.1X authentication. This new approach requires very little from the environment, namely it only requires a new, central network Reauthentication Service, for storing data used in the reauthentication of stations. This thesis also presents a layer 3 extension of our protocol, to support fast, secure transitions between ESS using Mobile IP

Mobility management across converged IP-based heterogeneous access networks

In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Mobility management across converged IP-based heterogeneous access networks

In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

An integrated approach to QoS and security in future mobile networks using the Y-Comm framework

Future networks will comprise a wide variety of wireless networks. Users will expect to be always connected from anywhere and at any time as connections will be switched to available networks using vertical handover techniques. However, different networks have different Qualities-of-Service (QoS) so a QoS framework is needed to help applications and services deal with this new environment. In addition, since these networks must work together, future mobile systems will have an open, instead of the currently closed, architecture. Therefore new mechanisms will be needed to protect users, servers and network infrastructure. This means that future mobile networks will have to integrate communications, mobility, quality-of-service and security. However, in order to achieve this integration without affecting the flexibility of future networks, there is a need for novel methods that address QoS and security in a targeted manner within specific situations. Also, there is a need for a communication framework wherein these methods along with the communication and handover mechanisms could be integrated together. Therefore, this research uses the Y-Comm framework, which is a communication architecture to support vertical handover in Next Generations Networks, as an example of future communication frameworks that integrate QoS, security, communication and mobility mechanisms. Within the context of Y-Comm, research has been conducted to address QoS and security in heterogeneous networks. To preserve the flexibility of future network, the research in this thesis proposes the concept of Targeted Models to address security and QoS in specific scenarios: to address the QoS issue, a new QoS framework is introduced in this thesis, which will define targeted QoS models that will provide QoS in different situations such as connection initiation and in the case of handover. Similarly, to deal with the security side, targeted security models are proposed to address security in situations like connection initiation and handover. To define the targeted models and map them to actual network entities, research has been conducted to define a potential structure for future networks along with the main operational entities. The cooperation among these entities will define the targeted models. Furthermore, in order to specify the security protocols used by the targeted security models, an Authentication and Key Agreement framework is introduced to address security at different levels such as network and service levels. The underlying protocols of the Authentication and Key Agreement protocol are verified using Casper/FDR, which is a well-known, formal methods- based tool. The research also investigates potential methods to implement the proposed security protocols. To enable the implementation of some of the targeted security models, the research also proposes major enhancements to the current addressing, naming and location systems

Wireless Handoff Optimization: A Comparison of IEEE 802.11r and HOKEY

Abstract. IEEE 802.11 or Wi-Fi has long been the most widely deployed technology for wireless broadband Internet access, yet it is increasingly facing competition from other technologies such as packet-switched cellular data. End user expectations and demands have grown towards a more mobile and agile network. At one end, users demand more and more mobility and on the other end, they expect a good QoS which is sufficient to meet the needs of VoIP and streaming video. However, as the 4G technologies start knocking at doors, 802.11 is being questioned for its mobility and QoS (Quality of Service). Unnecessary handoffs and reauthentication during handoffs result in higher latencies. Recent research shows that if the handoff latency is high, services like VoIP experience excessive jitter. Bulk of the handoff latency is caused by security mechanisms, such as the 4-way handshake and, in particular, EAP authentication to a remote authentication server. IEEE 802.11r and HandOver KEY (HOKEY) are protocol enhancements that have been introduced to mitigate these challenges and to manage fast and secure handoffs in a seamless manner. 802.11r extends the 802.11 base specification to support fast handoff in the MAC protocol. On the other hand, HOKEY is a suite of protocols standardized by IETF to support fast handoffs. This paper analyzes the applicability of 802.11r and HOKEY solutions to enable fast authentication and fast handoffs. It also presents an overview of the fast handoff solutions proposed in some recent research