On the security of the Mobile IP protocol family

The Internet Engineering Task Force (IETF) has worked on\ud network layer mobility for more than 10 years and a number\ud of RFCs are available by now. Although the IETF mobility\ud protocols are not present in the Internet infrastructure as of\ud today, deployment seems to be imminent since a number\ud of organizations, including 3GPP, 3GPP2 and Wimax, have\ud realized the need to incorporate these protocols into their architectures.\ud Deployment scenarios reach from mobility support\ud within the network of a single provider to mobility support\ud between different providers and technologies. Current Wimax\ud specifications, for example, already support Mobile IPv4,\ud Proxy Mobile IPv4 and Mobile IPv6. Future specifications will\ud also support Proxy Mobile IPv6. Upcoming specifications in\ud the 3GPP Evolved Packet Core (EPC) will include the use of\ud Mobile IPv4, Dual Stack MIPv6 and Proxy Mobile IPv6 for\ud interworking between 3GPP and non 3GPP networks.\ud This paper provides an overview on the state-of-the-art\ud in IETF mobility protocols as they are being considered by\ud standardization organizations outside the IETF and focusing\ud on security aspects

A Unified Mobility Management Architecture for Interworked Heterogeneous Mobile Networks

The buzzword of this decade has been convergence: the convergence of telecommunications, Internet, entertainment, and information technologies for the seamless provisioning of multimedia services across different network types. Thus the future Next Generation Mobile Network (NGMN) can be envisioned as a group of co-existing heterogeneous mobile data networking technologies sharing a common Internet Protocol (IP) based backbone. In such all-IP based heterogeneous networking environments, ongoing sessions from roaming users are subjected to frequent vertical handoffs across network boundaries. Therefore, ensuring uninterrupted service continuity during session handoffs requires successful mobility and session management mechanisms to be implemented in these participating access networks. Therefore, it is essential for a common interworking framework to be in place for ensuring seamless service continuity over dissimilar networks to enable a potential user to freely roam from one network to another. For the best of our knowledge, the need for a suitable unified mobility and session management framework for the NGMN has not been successfully addressed as yet. This can be seen as the primary motivation of this research. Therefore, the key objectives of this thesis can be stated as: To propose a mobility-aware novel architecture for interworking between heterogeneous mobile data networks To propose a framework for facilitating unified real-time session management (inclusive of session establishment and seamless session handoff) across these different networks. In order to achieve the above goals, an interworking architecture is designed by incorporating the IP Multimedia Subsystem (IMS) as the coupling mediator between dissipate mobile data networking technologies. Subsequently, two different mobility management frameworks are proposed and implemented over the initial interworking architectural design. The first mobility management framework is fully handled by the IMS at the Application Layer. This framework is primarily dependant on the IMS’s default session management protocol, which is the Session Initiation Protocol (SIP). The second framework is a combined method based on SIP and the Mobile IP (MIP) protocols, which is essentially operated at the Network Layer. An analytical model is derived for evaluating the proposed scheme for analyzing the network Quality of Service (QoS) metrics and measures involved in session mobility management for the proposed mobility management frameworks. More precisely, these analyzed QoS metrics include vertical handoff delay, transient packet loss, jitter, and signaling overhead/cost. The results of the QoS analysis indicates that a MIP-SIP based mobility management framework performs better than its predecessor, the Pure-SIP based mobility management method. Also, the analysis results indicate that the QoS performances for the investigated parameters are within acceptable levels for real-time VoIP conversations. An OPNET based simulation platform is also used for modeling the proposed mobility management frameworks. All simulated scenarios prove to be capable of performing successful VoIP session handoffs between dissimilar networks whilst maintaining acceptable QoS levels. Lastly, based on the findings, the contributions made by this thesis can be summarized as: The development of a novel framework for interworked heterogeneous mobile data networks in a NGMN environment. The final design conveniently enables 3G cellular technologies (such as the Universal Mobile Telecommunications Systems (UMTS) or Code Division Multiple Access 2000 (CDMA2000) type systems), Wireless Local Area Networking (WLAN) technologies, and Wireless Metropolitan Area Networking (WMAN) technologies (e.g., Broadband Wireless Access (BWA) systems such as WiMAX) to interwork under a common signaling platform. The introduction of a novel unified/centralized mobility and session management platform by exploiting the IMS as a universal coupling mediator for real-time session negotiation and management. This enables a roaming user to seamlessly handoff sessions between different heterogeneous networks. As secondary outcomes of this thesis, an analytical framework and an OPNET simulation framework are developed for analyzing vertical handoff performance. This OPNET simulation platform is suitable for commercial use

IP Mobility in Wireless Operator Networks

Wireless network access is gaining increased heterogeneity in terms of the types of IP capable access technologies. The access network heterogeneity is an outcome of incremental and evolutionary approach of building new infrastructure. The recent success of multi-radio terminals drives both building a new infrastructure and implicit deployment of heterogeneous access networks. Typically there is no economical reason to replace the existing infrastructure when building a new one. The gradual migration phase usually takes several years. IP-based mobility across different access networks may involve both horizontal and vertical handovers. Depending on the networking environment, the mobile terminal may be attached to the network through multiple access technologies. Consequently, the terminal may send and receive packets through multiple networks simultaneously. This dissertation addresses the introduction of IP Mobility paradigm into the existing mobile operator network infrastructure that have not originally been designed for multi-access and IP Mobility. We propose a model for the future wireless networking and roaming architecture that does not require revolutionary technology changes and can be deployed without unnecessary complexity. The model proposes a clear separation of operator roles: (i) access operator, (ii) service operator, and (iii) inter-connection and roaming provider. The separation allows each type of an operator to have their own development path and business models without artificial bindings with each other. We also propose minimum requirements for the new model. We present the state of the art of IP Mobility. We also present results of standardization efforts in IP-based wireless architectures. Finally, we present experimentation results of IP-level mobility in various wireless operator deployments.Erilaiset langattomat verkkoyhteydet lisääntyvät Internet-kykyisten teknologioiden muodossa. Lukuisten eri teknologioiden päällekkäinen käyttö johtuu vähitellen ja tarpeen mukaan rakennetusta verkkoinfrastruktuurista. Useita radioteknologioita (kuten WLAN, GSM ja UMTS) sisältävien päätelaitteiden (kuten älypuhelimet ja kannettavat tietokoneet) viimeaikainen kaupallinen menestys edesauttaa uuden verkkoinfrastruktuurin rakentamista, sekä mahdollisesti johtaa verkkoteknologioiden kirjon lisääntymiseen. Olemassa olevaa verkkoinfrastruktuuria ei kaupallisista syistä kannata korvata uudella teknologialla yhdellä kertaa, vaan vaiheittainen siirtymävaihe kestää tyypillisesti useita vuosia. Internet-kykyiset päätelaitteet voivat liikkua joko saman verkkoteknologian sisällä tai eri verkkoteknologioiden välillä. Verkkoympäristöstä riippuen liikkuvat päätelaitteet voivat liittyä verkkoon useiden verkkoyhteyksien kautta. Näin ollen päätelaite voi lähettää ja vastaanottaa tietoliikennepaketteja yhtäaikaisesti lukuisia verkkoja pitkin. Tämä väitöskirja käsittelee Internet-teknologioiden liikkuvuutta ja näiden teknologioiden tuomista olemassa oleviin langattomien verkko-operaattorien verkkoinfrastruktuureihin. Käsiteltäviä verkkoinfrastruktuureita ei alun perin ole suunniteltu Internet-teknologian liikkuvuuden ja monien yhtäaikaisten yhteyksien ehdoilla. Tässä työssä ehdotetaan tulevaisuuden langattomien verkkojen arkkitehtuurimallia ja ratkaisuja verkkovierailujen toteuttamiseksi. Ehdotettu arkkitehtuuri voidaan toteuttaa ilman mittavia teknologisia mullistuksia. Mallin mukaisessa ehdotuksessa verkko-operaattorin roolit jaetaan selkeästi (i) verkko-operaattoriin, (ii) palveluoperaattoriin ja (iii) yhteys- sekä verkkovierailuoperaattoriin. Roolijako mahdollistaa sen, että kukin operaattorityyppi voi kehittyä itsenäisesti, ja että teennäiset verkkoteknologiasidonnaisuudet poistuvat palveluiden tuottamisessa. Työssä esitetään myös alustava vaatimuslista ehdotetulle mallille, esimerkiksi yhteysoperaattorien laatuvaatimukset. Väitöskirja esittelee myös liikkuvien Internet-teknologioiden viimeisimmän kehityksen. Työssä näytetään lisäksi standardointituloksia Internet-kykyisissä langattomissa arkkitehtuureissa

Review of network integration techniques for mobile broadband services in next generation network

Next Generation Network (NGN) is intended at integrating the existing heterogeneous wireless access networks in order to produce a composite network that provides users with ubiquitous broadband experience. Currently, it has been established that Long Term Evolution (LTE) network, as a backbone network, provides broadband capacity with high efficiency, reduced latency and improved resource provisioning. Resource provisioning on this backbone network is not without its limitation as more mobile broadband services (MBBs) are evolving and users demand for mobility is on the increase. This paper, therefore, reviewed the different integration techniques for the heterogeneous networks that use LTE network as backbone that supports mobile broadband services.Keywords: MBB, NGN, LTE, SIP, Qo

Convergence: the next big step

Recently, web based multimedia services have gained popularity and have proven themselves to be viable means of communication. This has inspired the telecommunication service providers and network operators to reinvent themselves to try and provide value added IP centric services. There was need for a system which would allow new services to be introduced rapidly with reduced capital expense (CAPEX) and operational expense (OPEX) through increased efficiency in network utilization. Various organizations and standardization agencies have been working together to establish such a system. Internet Protocol Multimedia Subsystem (IMS) is a result of these efforts. IMS is an application level system. It is being developed by 3GPP (3rd Generation Partnership Project) and 3GPP2 (3rd Generation Partnership Project 2) in collaboration with IETF (Internet Engineering Task Force), ITU-T (International Telecommunication Union – Telecommunication Standardization Sector), and ETSI (European Telecommunications Standards Institute) etc. Initially, the main aim of IMS was to bring together the internet and the cellular world, but it has extended to include traditional wire line telecommunication systems as well. It utilizes existing internet protocols such as SIP (Session Initiation Protocol), AAA (Authentication, Authorization and Accounting protocol), and COPS (Common Open Policy Service) etc, and modifies them to meet the stringent requirements of reliable, real time communication systems. The advantages of IMS include easy service quality management (QoS), mobility management, service control and integration. At present a lot of attention is being paid to providing bundled up services in the home environment. Service providers have been successful in providing traditional telephony, high speed internet and cable services in a single package. But there is very little integration among these services. IMS can provide a way to integrate them as well as extend the possibility of various other services to be added to allow increased automation in the home environment. This thesis extends the concept of IMS to provide convergence and facilitate internetworking of the various bundled services available in the home environment; this may include but is not limited to communications (wired and wireless), entertainment, security etc. In this thesis, I present a converged home environment which has a number of elements providing a variety of communication and entertainment services. The proposed network would allow effective interworking of these elements, based on IMS architecture. My aim is to depict the possible advantages of using IMS to provide convergence, automation and integration at the residential level

Interworking in heterogeneous wireless networks: comprehensive framework and future trends

Interworking mechanisms are of prime importance to achieve ubiquitous access and seamless mobility in heterogeneous wireless networks. In this article we develop a comprehensive framework to categorize interworking solutions by defining a generic set of interworking levels and its related key interworking mechanisms. The proposed framework is used to analyze some of the most relevant interworking solutions being considered in different standardization bodies. More specifically, I-WLAN and GAN approaches for WLAN and cellular integration, solutions for WiMAX and 3GPP LTE/SAE interworking, and the forthcoming IEEE 802.21 standard are discussed from the common point of view provided by the elaborated framework.Postprint (published version

Securing Handover in Wireless IP Networks

In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources. Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors. In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test

Estudio de la movilidad en redes de siguiente generación

El continuo avance de las redes de telecomunicaciones nos proporciona cada vez más facilidades en todos los ámbitos de nuestra vida. En este caso, nos hemos centrado en el estudio de la movilidad en Redes de Siguiente Generación. Una parte del presente proyecto se ha realizado en colaboración con Deutsche Telekom AG, durante una estancia de seis meses trabajando como colaboradora en sus laboratorios con emplazamiento en Berlín. El principal objetivo de este proyecto ha sido realizar un estudio sobre los diferentes estándares y tecnologías que facilitan la movilidad en Redes de Siguiente Generación. Por ello, en la primera parte se han estudiado los diferentes grupos de trabajo centrados en este aspecto, así como se ha recabado información sobre productos y soluciones disponibles en el mercado, para obtener una visión global de la situación actual. Como se puede comprobar más adelante, esta primera parte es la más extensa de todo el documento. Esto se debe a que es, probablemente, la parte más importante del trabajo, ya que contiene el estudio de los mecanismos que más tarde nos servirán para dar una solución teórica a los distintos escenarios que se plantean. En la segunda parte del proyecto, nos hemos centrado en desarrollar varios escenarios de interés en sistemas de Redes de Siguiente Generación y aportar, de forma posterior, posibles soluciones teóricas. Para finalizar, se han expuesto las conclusiones extraídas como resultado del trabajo y los aspectos que se podrán tratar sobre el mismo en un futuro próximo.Ingeniería de Telecomunicació