Efficient Micro-Mobility using Intra-domain Multicast-based Mechanisms (M&M)

One of the most important metrics in the design of IP mobility protocols is the handover performance. The current Mobile IP (MIP) standard has been shown to exhibit poor handover performance. Most other work attempts to modify MIP to slightly improve its efficiency, while others propose complex techniques to replace MIP. Rather than taking these approaches, we instead propose a new architecture for providing efficient and smooth handover, while being able to co-exist and inter-operate with other technologies. Specifically, we propose an intra-domain multicast-based mobility architecture, where a visiting mobile is assigned a multicast address to use while moving within a domain. Efficient handover is achieved using standard multicast join/prune mechanisms. Two approaches are proposed and contrasted. The first introduces the concept proxy-based mobility, while the other uses algorithmic mapping to obtain the multicast address of visiting mobiles. We show that the algorithmic mapping approach has several advantages over the proxy approach, and provide mechanisms to support it. Network simulation (using NS-2) is used to evaluate our scheme and compare it to other routing-based micro-mobility schemes - CIP and HAWAII. The proactive handover results show that both M&M and CIP shows low handoff delay and packet reordering depth as compared to HAWAII. The reason for M&M's comparable performance with CIP is that both use bi-cast in proactive handover. The M&M, however, handles multiple border routers in a domain, where CIP fails. We also provide a handover algorithm leveraging the proactive path setup capability of M&M, which is expected to outperform CIP in case of reactive handover.Comment: 12 pages, 11 figure

Trusted emergency management

The ability for emergency first responders to access sensitive information for which they have not been pre-vetted can save lives and property. We describe a trusted emergency management solution for ensuring that sensitive information is protected from unauthorized access, while allowing for extraordinary access to be authorized under the duress of an emergency. Our solution comprises an emergency access control policy, an operational model and a scalable system security architecture. The operational model involves endusers who are on call as first responders, providers of critical information, and a coordinating authority. Extraordinary access to information is allowed to occur only during emergencies, and only in a confined emergency partition, which is unavailable before the emergency and can be completely purged after the emergency. As all information remains within its assigned partition, after the emergency the system can meaningfully enforce its pre-emergency access control policy. A major component of the architecture is the end-user device, and we describe mechanisms on the device for secure storage of data, and for management of emergency state, to indicate feasibility.Grant numbers: CNS-0430566 and CNS-0430598.Approved for public release; distribution is unlimited

Helmy: TCP over Micro Mobility Protocols: A Systematic Ripple Effect Analysis; http://nile.usc.edu/~helmy/stress/vtc-tcp-mnm-Ganesh-final.pdf

Abstract-- With the increasing popularity of powerful handheld / mobile computing devices and ubiquitous availability of wireless connectivity, protocols that support mobility are becoming increasingly important. It is critically important to explore and understand the design space, so that appropriate mechanisms are incorporated into the design to provide the required performance under varied environments and services provided by the lower layers. The mechanisms incorporated into the design may interact in subtle ways with the mechanisms of the higher layer to produce unintended effects. In this paper, we study how the different mechanisms of the lower layers (IP and MAC) that support mobility affect the performance of Transmission Control Protocol (TCP). We use the building block framework to capture and study the wide variety in the IP layer handover optimization mechanisms. We use detailed 802.11 models to study the effect of MAC layer mobility support on TCP. We show by simulation how different mechanisms affect TCP differently in different scenarios. We also show results that very counter intuitive, like buffering packets does not always improve TCP throughput and TCP-Tahoe performs better than its more sophisticated counterparts

Multicast-based Mobility: A Novel Architecture for Efficient Micro-Mobility

Handover performance is very important when evaluating IP mobility protocols. If not performed efficiently, handover delays, jitters and packet loss directly impact application performance. We propose a new architecture for providing efficient handover, while being able to co-exist with other protocols. We propose a paradigm for multicastbased micro mobility (M&M), where a visiting mobile is assigned a multicast address to use while moving within a domain. The multicast address is obtained using algorithmic mapping, and handover is achieved using multicast join/prune mechanisms. This study outline

Preliminary security requirements for SecureCore hardware

This document describes a set of preliminary high level security requirements for the SecureCore hardware base (SCHW). A SecureCore (SC) component is anticipated to be a mobile networked device capable of operating in different modes with different levels of trust. To promote rapid user acceptability, it is essential that security features implemented in the SC architecture must minimize changes to existing application-level software. The SCHW security requirements are specified in terms of the following capabilities: hardware virtualization, protected processing environment, protected memory management, secure I/O channels, secure boot, secure system maintenance, concealed execution mode, trusted platform attestation and hardware isolation of security critical functions.-- p. i.Approved for public release; distribution is unlimited

Idea: Trusted Emergency Management

Through first-responder access to sensitive information for which they have not been pre-vetted, lives and property can be saved. We describe enhancements to a trusted emergency information management (EIM) system that securely allows for extraordinary access to sensitive information during a crisis. A major component of the architecture is the end-user device, the security of which is enhanced with processor- level encryption of memory. This paper introduces an approach to more efficiently use the processor-encryption feature for secure data storage, as well as ISA instructions for the management of emergency state.Approved for public release; distribution is unlimited

Integration of user specific hardware for SecureCore cryptographic services

The objective of this document is to begin to provide details and design issues that may arise while integrating Secret Protected (SP) with the SecureCore hardware and the SecureCore architecture. This document describes the use of cryptographic hardware such as SP and the Trusted Platform Module (TPM) within the context of the SecureCore project to provide cryptographic services. The assumptions about the architecture, hardware, software and usage of the SecureCore device are described. The hardware requirements for virtualization of SP and how the virtualized SP is integrated into and used in the SecureCore architecture are presented.-- p.i.Approved for public release; distribution is unlimited