Page 1 Hans Peter Schwefel Life-long learning, Aalborg University, Aug. 2005 Wireless Networking Trends – Architectures, Protocols & optimizations for future networking scenarios H. Fathi, J. Figueiras, F. Fitzek, T. Madsen, R. Olsen, P. Popovski, HP Schwefel • Session 1 Network Evolution & Mobility Support (HPS) • Session 2 Ad-hoc networking (TKM/FF) • Session 3 Enabling technologies for ad-hoc NWs (TKM/FF) • Session 4 Wireless Sensor Networks (PP) • Session 5 Performance aspects & optimizations (HF/TKM) • Session 6 Context-sensitive Networking (RLO/JF) Note: Slide-set contains more material than covered in the lecture! Page 2 Hans Peter Schwefel Life-long learning, Aalborg University, Aug. 2005 Wired / Wireless network Computer/Communication Convergence is the key challenge
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Note: Slide-set contains more material than covered in the lecture!
Page 2 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Wired / Wireless network Computer/Communication
Convergence is the key challenge
Page 3 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Antennas &
Propagation
Patrick Eggers
Center for Teleinfrastructure (CTIF)Director: Ramjee Prasad,
Co-directors: Ole Brun Madsen and Peter Koch
Cellular
Systems
Preben Mogensen
Digital
Com
munications
Bernard Fleury
RF Integrated
Systems and
Circuits
TorbenLarsen
Wireless
Netw
orks &
Embedded
Systems
RamjeePrasad
Speech and M
ultimedia
Com
munications
BørgeLindberg
Wireless
Perspective
BentDalum
Aalborg U
niversitySPA
CE C
enter
Jens F.D. Nielsen
Center for
Netw
ork Planning
Ole BrunMadsen
Wireless
Com
puting and Security
Henrik Larsen
Page 4 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
WING: Research projects (selection)Selected research projects with relevance for this course/course lecturers• Center for Network and Service Convergence – CNTK
– Danish Research Council, with local industry partners– Real-time service provisioning, traffic & performance modeling, network optimization– WING Researchers: Hanane Fathi, Tatiana K. Madsen
• Wireless Access Networks, Devices, and Applications – WANDA– Danish Research Council, with local industry partners– Localization & location-based network optimization– WING Researchers: Joao Figueiras
• My Adaptive Global NETwork – MAGNET– EU funded, with 36 European partners– Personal Networks, context-sensitive networking– WING Researchers: Rasmus Olsen (and more)
• HIghly DEpendable ip-based NETworks and Services – HIDENETS– EU funded, with 9 European partners– End-to-end dependability solutions for car-to-car communication with infrastructure service
accessAnd many more ...
Page 5 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
5. Summary and outlook• Personal Area Networks and
Personal Networks• Heterogeneous access
networks
Page 11 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
GSM: Global System for Mobile Communication
• 2nd Generation of Mobile Telephony Networks• 1982: Groupe Spèciale Mobile (GSM) founded• 1987: First Standards defined• 1991: Global System for Mobile Communication,
Standardisation by ETSI (European Telecommunications Standardisation Institute) - First European Standard
• 1995: Fully in Operation
• Deployed in more than 184 countries in Asia, Africa, Europe, Australia, America)
• more than 747 million subscribers• more than 70% of all digital mobile phones use GSM• over 10 billion SMS per month in Germany, > 360 billion/year
worldwide
History:
Today:
Page 12 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
GSM – Architecture
Components:• BTS: Base Transceiver Station• BSC: Base Station Controller• MSC: Mobile Switching Center• HLR/VLR: Home/Visitor Location
Transmission: • Circuit switched transfer• Radio link capacity: 9.6 kb/s
(FDMA/TDMA)• Duration based charging
BSC
BSC
MS
BTS
BTS
BTS
MS
MS
MSC
HLR
VLR
OMC
EIR
AuC
O
Abis AUm
Radio Link
Base StationSubsystem
Network andSwitchung Subsystem
OperationSubsystem
Connection toISDN, PDNPSTN
Radio Subsystem (RSS)
Page 13 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
GSM Services‘Traditional’ voice services
– voice telephonyprimary goal of GSM was to enable mobile telephony offering the traditional bandwidth of 3.1 kHz
– emergency numbercommon number throughout Europe (112); mandatory for all service providers; free of charge; connection with the highest priority (preemption of other connections possible)
– Multi-numberingseveral ISDN phone numbers per user possible
– voice mailbox (implemented in the fixed network supporting the mobile terminals)– Supplementary services, e.g.: identification, call forwarding, number suppression,
conferencing
‘Non-Voice’ Services (examples)• Fax Transmissions• electronic mail (MHS, Message Handling System, implemented in the fixed network)• Short Message Service (SMS)
alphanumeric data transmission to/from the mobile terminal using the signaling channel, thus allowing simultaneous use of basic services and SMS
Page 14 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
1 2 3 124
890 915Uplink Downlink
MHz 935 960
Kanäle:
200 kHz
Frequenzband derMobilstation
Frequenzband derBasisstation
GSM: Air Interface IFrequency Division Multiple Access (FDMA)• Separate up-link (MT BTS) and down-link (BTS MT) traffic
– Two 25MHZ bands • Distinguish 124 adjacent channels within each band
– Each channel 200kHz
Radio Network Planning:• Determine location of BTS• Determine number of TRX per BTS
– Multiple transceivers (TRX) per BTS (e.g. 1,4 ,or 12)simultaneous use of different FDMA channels
• Assign subsets of 124 channels to BTSs
Page 15 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
0 1 2 3 4 5 6 7
4,615 ms
data bits data bitstraining
57 26 57
time slot:
3 tail bits 3 tail bits1 togglebit
1 togglebit
burst 148 bit
time slot 156,25 bit
0,577 ms
GSM: Air Interface IITime Division Multiple
Access (TDMA)• Within each channel: sequence
of TDMA frames• TDMA frames subdivided into
8 time-slots
TDMA Frame
Page 16 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
1 2 3 4 5 6 7 8
higher GSM frame structures
935-960 MHz124 channels (200 kHz)downlink
890-915 MHz124 channels (200 kHz)uplink
frequ
ency
time
GSM TDMA frame
GSM time-slot (normal burst)
4.615 ms
546.5 µs577 µs
tail user data TrainingSguardspace S user data tail
guardspace
3 bits 57 bits 26 bits 57 bits1 1 3
GSM Air Interface: Combination of TDMA & FDMA
Page 17 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
GSM: Logical Channels
Page 18 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Example: Mobile Terminated Call1. calling a GSM subscriber2. forwarding call to GMSC3. signal call setup to HLR4. 5. request MSRN from VLR6. forward responsible
MSC to GMSC7. forward call to current MSC8, 9. get current status of MS10, 11. paging of MS12, 13. MS answers14, 15. security checks16, 17. set up connection
PSTNcallingstation GMSC
HLR VLR
BSSBSSBSS
MSC
MS
1 2
3
45
6
7
8 9
10
11 12
1316
10 10
11 11 11
14 15
17
Page 19 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Example: Message flow between MS and BTS for Mobile Terminated Call
BTSMS
paging request
channel request
immediate assignment
paging responseauthentication request
authentication response
ciphering command
ciphering complete
setupcall confirmed
assignment command
assignment complete
alerting
connectconnect acknowledge
data/speech exchange
MTC
Page 20 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
0
200
400
600
800
1000
1200
1400
1600
1800
1995 2000 2005 2010
Subscriptions worldwide (millions)
Mobile InternetSubscribers
MobileSubscribersMobile
FixedMobile InternetFixed Internet
• The future Internet will mainly be accessed by mobile devices
Mobile Communication & Data Traffic
Page 21 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Data services in GSM• Data transmission standardized with only 9.6 kbit/s
– advanced coding allows 14,4 kbit/s– not enough for Internet and multimedia applications
• HSCSD (High-Speed Circuit Switched Data)– mainly software update– bundling of several time-slots to get higher
AIUR (Air Interface User Rate)(e.g., 57.6 kbit/s using 4 slots, 14.4 each)
– advantage: ready to use, constant quality, simple– disadvantage: channels blocked for voice transmission
• Radio Access Network– Node B (Base station)– Radio Network Controller (RNC)
• Mobile Core Network– Serving GPRS Support Node (SGSN)– Gateway GPRS Support Node (GGSN)– Mobile Switching Center (MSC)– Home/Visited Location Register (HLR/VLR)– Routers/Switches, DNS Server, DHCP Server,
Page 31 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
UMTS Radio Access Network (UTRAN): architecture
• W-CDMA (Wideband Code Division Multiple Access) on Radio Link
• transmission rate up to 2Mbit/s (see course ‚UMTS Evolution‘ for rather complex details)
Page 32 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Transport of IP packets
ApplicationServerGGSNTerminal SGSNUTRAN
GTP-UGTP-U
User IP (v4 or v6)
Radio Bearer
IP tackets are tunnelled through the UMTS network(GTP – GPRS tunneling protocol)
L1
RLC
PDCP
MAC
IPv4 or v6
Application
L1
RLC
PDCP
MAC
ATM
UDP/IPv4 or v6
GTP-U
AAL5
Relay
L1
UDP/IPv4 or v6
L2
GTP-U
IPv4 or v6
Iu-PSUu Gn Gi
ATM
UDP/IPv4 or v6
GTP-U
AAL5
L1
UDP/IPv4 or v6
GTP-U
L2
Relay
L1
L2
IPv4 or v6
[Source: 3GPP]
Page 33 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
IP Transport: Concepts• PDP contexts (Packet Data Protocol) activation
• done by UE before data transmission• specification of APN and traffic parameters• GGSN delivers IP address to UE• set-up of bearers and mobility contexts in SGSN and GGSN• activation of multiple PDP contexts possible
•Access Point Names (APN)• APNs identify external networks (logical Gi interfaces of GGSN)• At PDP context activation, the SGSN performs a DNS query to find out the GGSN(s) serving the APN requested by the terminal.• The DNS response contains a list of GGSN addresses from which the SGSN selects one address in a round-robin fashion (for this APN).
•Traffic Flow Templates (TFTs)• set of packet filters (source address, subnet mask, destination port range, source port range, SPI, TOS (IPv4), Traffic Class (v6), Flow Label (v6)• used by GGSN to assign IP packets from external networks to proper PDP context
• GPRS tunneling protocol (GTP)•For every UE, one GTP-C tunnel is established for signalling and a number of GTP-U tunnels, one per PDP context (i.e. session), are established for user traffic.
Page 34 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
GGSN
IP Transport: PDP Context & APNs
Terminal SGSNGGSN
PDP Context X2 (APN X, IP address X, QoS2)
PDP Context X1 (APN X, IP address X, QoS1)
ISP X
ISP Z
ISP Y
PDP Context Z (APN Z, IP address Z, QoS)
PDP Context Y (APN Y, IP address Y, QoS)
APN
YA
PN Z
APN
X
Same PDP (IP) address and APN
PDP Context selectionbased on TFT (downstream)
[Source: 3GPP]
Page 35 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
UMTS Data Transport: Bearer Hierarchy
TE MT UTRAN/GERAN
CN IuEDGENODE
CNGateway
TE/AS
End-to-End Service(IP Bearer Service)
TE/MT LocalBearer Service
UMTS BearerService
External BearerService
UMTS Bearer Service
Radio Access BearerService
CN BearerService
BackboneBearer Service
Iu BearerService
Radio BearerService
PhysicalRadio
Service
PhysicalBearer Service
Air Interface
3G GGSN3G SGSNRAN
User Equipment
Page 36 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
5. Summary and outlook• Personal Area Networks and
Personal Networks• Heterogeneous access
networks
Page 40 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
IP based Multimedia Subsystem (IMS)Additional domain in UMTS Rel. 5, based on Packet-switched domainEstablishment and Control of IP based multimedia calls based on SIP
Standardized interfaces to applicationsAuthentication and authorisation of service accessService based chargingQoS controlGlobal roaming and access to home services
Originally planned to be based on IPv6‘Network centric’ approach (as opposed to IETF SIP)In principle access independent (e.g. also WLAN access)No Network layer mobility support in IMS (mobility via SIP or in access networks)
Page 41 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Session Initiation Protocol -- SIPSIP: Application layer signalling protocol (RFC 3261)• Provides call control for multi-media services
• initiation, modification, and termination of sessions• terminal-type negotiation and selections• call holding, forwarding, forking, transfer • media type negotiation (also mid-call changes)
using Session Description Protocol (SDP)• Provides personal mobility support• Independent of transport protocols (TCP, UDP, SCTP,…)• ASCII format SIP headers• Separation of call signalling and data stream
Application types/examples:• Interactive Voice over IP (VoIP)• Multimedia conferences (multi-party, e.g. voice & video)• Instant messaging • Presence service• Support of location-based services
Page 42 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
SIP – Basic messages
• Selected Requests (Methods)– INVITE: initiate call– ACK: confirm final response (after ‘invite’)– BYE: terminate call– CANCEL: cancel pending requests– OPTIONS: queries features supported by
other side– REGISTER: register with location service
• Responses– 1xx Intermediate results
e.g. 180 Ringing– 2xx Successful Responses
e.g. 200 OK– 3xx Redirections
e.g. 302 Moved Temporarily– 4xx Request Failures– 5xx Server Failures– 6xx Global Errors
Page 43 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
SIP Addressing and header formatAddressing:• Addresses specified SIP URL, in the format: user@host. • Examples of SIP URLs:
Page 44 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
SIP: Architecture & Entities
• User agent: An application program which initiates SIP requests (User agent client) and also acts upon (accepts, rejects or re-directs) incoming SIP requests (User agent server)
• Location server provides SIP redirect or proxy servers information about a callee's possible location(s).
• Proxy server takes requests on behalf other user agents or servers and forwards them to the next hop.
• Redirect server accepts a SIP request, maps the address into zero or more new addresses and returns these addresses to the client. Unlike a proxy server, it does not initiate its own SIP request.
• Registrar is a server that accepts REGISTER requests. A registrar is typically co-located with a proxy or redirect server and may offer location services.
Redirect Server
Location Server
Registrar Server
User Agent Proxy ServerProxy Server User Agent
Page 45 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
SIP Call Signalling: Example
302 (Moved Temporarily)
INVITE
200 (OK)200 (OK)
ACK
INVITE180 (Ringing)180 (Ringing)180 (Ringing)
200 (OK)ACKACK ACK
RTP MEDIA PATH
BYEBYE BYE200 (OK)200 (OK) 200 (OK)
Call Teardown
MediaPath
Call Setup
INVITELocation/Redirect ServerProxy Server Proxy Server User AgentUser Agent
INVITE
Page 46 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
SIP: Separation of signalling and data
• Route of SIP messages (proxy chain) different than media stream route:
Potential Problems with Firewalls & NATs
Page 47 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
SIP: additional topics
Not touched in this lecture, see IETF SIP WG:• Multitude of SIP extensions: new methods (e.g. instant messages)• SIP over NAT/FW• Authentication and security aspects• Support of location based services• Discovery of SIP entities (e.g. DNS SRV records)• Service Discovery (e.g. SLP)• Reliability aspects of SIP-based call control
Page 48 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
SIP
IMS:Network Entities and Protocols
IM SubsystemApplicationsand
ServicesMultimedia
IPNetworks
CS Domain-or-
PSTN-or-
Legacy-or-
External
PS Domain
HSS
R-SGW
CSCF
CSCF
GGSN
MRF-CSCP
MGCF
MGW
SGSN
Cx
Sh
Sc
Gr
Mm
Mw
Mc
Gc
Mg
Gn
BGCF
T-SGW
BGCFMi
GoGm
SLF
Dx
AS
AlternativeAccess Networks
„Gi-Cloud“
PCF
OSA-SCS
IM-SSF
MRF-PMp
Sr
ISC
SIP
SIP
?
?
Diam
eter
H248
SIP
H248
COPS
TCP/IP/UDP/RTP/…
SIP
?
MAP
CAP SIP
SIP
Mj
SIP TCP UDP
HTTP Others
? ?
SIP
?
R-SGW
CAP
OSA
UEUTRAN
MT TEUu IuR
GERAN
Mr
SIP Mk
Page 49 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Page 50 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
IMS: Important Network ElementsHSS : Home Subscriber ServiceDatabase for subscriber related information• Identification (SIP, Mail, E.164, Label, IMSI, ...)• Location management (P-CSCF, S-CSCF, IP address)• List of authorized services, List of subscribed services• Quintuplets for Security
Proxy Call State Control Function (P-CSCF)First contact point of an operator‘s network (for the mobile terminal)• Forwarding of SIP messages between terminal and core network• Generation of charging records• Translation of IDs other than SIP URIs into SIP URIs
(e.g. E.164 numbers)• Termination of confidentiality and integrity, Lawful interception• Authorisation of bearer resources and QoS management• Detection of emergency calls and selection of a emergency S-CSCF• Translation of SIP URIs for local services• SIP header compression
Page 51 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
IMS: Important Network Elements (cntd.)Interrogating Call State Control Function (I-CSCF)First contact point of an operator‘s network (for other operators)• Forwarding of SIP messages (proxy functionality)• Assignment of a S-CSCF
– during registration and during invite (for services for not registered subscribers)• Generation of charging records• Hiding of internal network configuration/capacity/topology
Serving Call State Control Function (S-CSCF)Performs session control and service triggering• Acts as a registrar according to RFC2543• May behave as a Proxy Server as defined in RFC2543, i.e. it accepts requests and services
them internally or forwards them on, possibly after translation.• May behave as a User Agent as defined in RFC2543, i.e. it may terminate and
independently generate SIP transactions.• Interaction with service platform(s), provides endpoints with service event related information • Authentication (based on quintuplets from HSS), Generation of charging records
Page 52 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Levels of Registration
UE xGSNVisited Network Home Network
UMSCSCFDHCP AS
HLR
Bearer Level
IM Subsystem
Application?
DHCP
CSCF HSS
Page 53 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Registration in a Roaming ScenarioHome Network of MS B
Network visited by MS B
MS B
P-CSCF-B
S-CSCF-B
2
1
Home Network of MS A
Network visited by MS A
MS A
P-CSCF-A
S-CSCF-A
REGI
STER
I-CSCF-A
HSS-A User Profile
1
2
4
5
REGI
STER
I-CSCF-A4
HSS-AUser Profile5
Page 54 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Routing of Mobile-To-Mobile CallsHome Network of MS A
Network visited by MS A
Home Network of MS B
Network visited by MS B
MS A MS B
P-CSCF-A
I-CSCF-B
P-CSCF-B
HSS-B
S-CSCF-A S-CSCF-B
REGI
STER
User Profile
1 2
345
6
7
INVI
TE
Call C
ontro
l
REGI
STER
I-CSCF-A
HSS-A User Profile
Page 55 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
SIP in IMS• Mandatory existence of P-CSCF as first point of contact• Network initiated call release (e.g. due to missing coverage or administrative reasons)
– Proxies are able to send BYE• Network Control of Media Types
– P/S-CSCF checks the SDP in the SIP body– If SDP contains invalid parameters (e.g. not supported codecs), P/S-CSCF rejects the SIP
request by sending a 488 (“not acceptable here”) response that contains a SDP body indicating parameters that would be acceptable by the network
• Network Hiding (Encryption of Route and Via Headers)• Additional Signaling Information
– For example Cell-ID, Mobile Network/Country Code, Charging-IDs – Information transported P-header based solution
• Compression– SIP Compression is mandatory as radio interface is a scarce resource– Compression / decompression of SIP will be performed by the UE and the P-CSCF
• Authentication & Integrity protection– S-CSCF performs the Authentication using AKA – P-CSCF checks the integrity of messages received via the air interface via IPsec ESP
Page 56 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
QoS in IMS (linking SIP level and PDP contexts)
Page 57 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
QoS: Secondary PDP context
Source: 3GPP: TS 29.208
UE PDF SGSN GGSN
2. Activate PDP Req.
3. Create PDP Req.
9. Create PDP Res.
10. Activate PDP Acc.
4. COPS REQ
6. COPS DEC
8. COPS RPT
1. Mapping ofSDP parametersinto UMTS QoS
5. Process authorization
request
7. PolicyEnforcement
Page 58 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
QoS control – multiple levels• UMTS QoS --- PDP contexts• IP QoS (e.g., DiffServ)
– IP transport between SGSN & GGSN (Gn interface)– IP transport in external network (Gi interface)
• End-to-end SIP Signalling
Page 59 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Security: Overview of UMTS Mechanisms (R5)
• Mutual Authentication (UE--SGSN): UMTS AKA• Encryption on air interface (data and signalling, UE--RNC)• Integrity protection of signalling data on the air-interface• Network protection (secure topologies, firewalls, etc.) up to operator• Integrity protection and encryption of signalling traffic on external
interfaces (Gp, Gi) via IPsec tunnels (ESP)• Additional security mechanisms for IMS
– Authentication IMS AKA– Integrity Protection for SIP messages (UE—P-CSCF)
Page 60 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
UMTS Air interface: Integrity ProtectionCOUNT-I
MESSAGE
DIRECTION
FRESH
Integrity Function f9Integrity Key IK
Integrity Function f9 XMAC-I
SENDER(UE or RNC)
RECEIVER(UE or RNC)
Integrity Key IK
MAC-I
COUNT-I
MESSAGE
DIRECTION
FRESH
MESSAGE
MAC-IAir Interface
MAC-I = XMAC-I ?
Page 61 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
UMTS Air interface: EncryptionCOUNT-C
BEARER
DIRECTION
LENGTH
Ciphering function f8Cipher Key CK
KEYSTREAM BLOCK
COUNT-C
BEARER
DIRECTION
LENGTH
Ciphering function f8Cipher Key CK
KEYSTREAM BLOCK
PLAINTEXTBLOCK
PLAINTEXTBLOCK
CIPHERTEXTBLOCK
SENDER(UE or RNC)
RECEIVER(UE or RNC)
Air Interface
Page 62 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
UMTS authentication and key agreement -security properties
• Assurance of key freshness to the user
• Entity authentication of the network to the user
• Establishment of a 128 bit cipher key CK
• Establishment of a 128 bit integrity key IK
• Provision of a means to exchange authenticated information between Authentication Centre and USIM for management purposes
Page 63 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
UMTS Authentication and Key Agreement (AKA)
• Based on long-term pre-shared key K on USIM and in HLR/AuC • Authentication vector: Quintuplet (random number RAND, expected response
XRES=f2(K,RAND), cipher key CK, integrity key IK, authentication token AUTN) generated in HLR/AuC using a sequence number SQN, RAND, and K
• VLR/SGSN downloads authentication vectors from HLR/AuC during Attach
MS
User Authentication Request(RAND,AUTN)
User Authentication Response (Res)
VLR/SGSN
RES = XRES?
verify AUTNcompute RES
select CK IK Compute CK, IK
VLR / SGSN
Authentication Data Request
Authentication Data Response (AV 1..n)
store AV‘s
HLR/AuC
Page 64 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Page 65 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
IM Core Network Subsystem
IMS Security Architecture
HSS
I-CSCF S-CSCF
Home / Serving Network
P-CSCF
Visited / Home Network
ISIM
UA
UE
Mutualauthentication
IMS AKA
IPSec:IntegrityProtection
IPSec: Confidentiality and Integrity Protection
IPSec: Confidentiality and Integrity Protection
Page 66 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Security features for the IMS• Mutual authentication and key agreement between UE
and home network
• Integrity protection between UE and first-hop SIP proxy (P-CSCF)(in later UMTS releases confidentiality protection is likely to be provided in addition)
5. Summary and outlook• Personal Area Networks and
Personal Networks• Heterogeneous access
networks
Page 69 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Background: Mobility types
Assumption in this lecture: Infrastructure networks (only first hop wireless)
Different Levels of Mobility:• Pico (e.g. within same radio cell)• Micro (e.g. within same subnet)• Macro (e.g. across subnets but within same administrative domain)• Global (e.g. across different administrative domains)
D Internet
GPRS
NetworkCellular access(GPRS)
RouterSwitchWLAN AP
WLAN AP
WLAN AP
WLAN AP
Router
Router
Router
Router
’Alternative’ classification:
• vertical mobility: changing access technology
Mobile Host
Page 70 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Background II: Handover & more mobility typesHand-over classification:• Mobile initiated or network-initiated• Backward or forward• mobile controlled or network controlled• Mobile-assisted or network assisted or unassisted• Proactive or reactive• Make-before-break or break-before make• Soft or hard• fast (without ‚noticable‘ delay)• smooth (no loss of data) • seamless = fast + smooth
More mobility types ...• Host Mobility • User Mobility • Application Mobility• Network Mobility
... and related identifiers• IP address, hostname (DNS)• User-name (e.g. SIP URL)• ---• address prefix / subnetmask
Page 71 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Link-Layer Hand-over: Measurements 802.11b
Scenario• Hard Handover in 802.11b• Both APs use same SSID • HO initiated by pulling cable
from AP1 (’Istanbul’)
Source: Master Thesis, Rui Martins
Page 72 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Measurements II: Hard Hand-over
Page 73 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Measurements III: Soft Hand-over Scenario
Page 74 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Measurements IV: Soft Handover Results
Page 75 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Problem: IP address identifies host as well as topological locationReason: IP Routing:
– Routes selected based on IP destination address– network prefix (e.g. 129.13.42) determines physical subnet– change of physical subnet change of IP address to have a topological correct address
• Solution? Host-based routing: Specific routes to each host– Handover change of all routing table entries in each (!) router– Scalability & performance problem
• Solution? Obtain new IP-address at hand-over– Problem: how to identify host after handover? DNS update performance/scalability problem– Higher protocol layers (TCP/UDP/application) need to ‘handle’ changing IP address
Development of mobile IP
Mobile IP Motivation: Host mobility & Routing
Subnet A
Subnet BIP networkMobile Node
Page 76 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Mobile IP: Principles & Terminology
Underlying Approach: separate host identifier and location identifier maintain multiple IP addresses for mobile host
Terminology:• Mobile Node (MN) with fixed IP address IP1 (home address)• Home Network: subnet that contains IP1 • Home Agent (HA): node in home network, responsible for packet forwarding to MN• Visited Network: new subnet after roaming / handover• Care-of Address (CoA): temporary IP address within visited network• Foreign Agent (FA): node in visited network, responsible for packet forwarding to CoA
Home network
Visited network
IP networkMobile Node
Home Address IP1
HA
FA Home Address IP1
Care of Address: CoA1Correspondent Node
Page 77 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Home Network
Mobile IP: Tunneling &Triangle Routing
CN sends packets to the MN using its Home Address IP1 HA tunnels them to FA, using CoA1; FA forwards them to MNMN sends packets back to the CN using IP2 (without any tunneling)Home Agent needs to contain mapping of care-of address to home address (location register)
Mobile NodeIP1, CoA1
Home Agent Subnet
Correspondent Node (CN)IP2
Visited Network
FA
←IP1
CoA1→
IP2 →
Source: Mobile IPv4 illustrated
Page 78 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Mobile IP: TunnelingDefault encapsulation:
• IP-within-IP (RFC2003)
Other Approaches:
• Minimal encapsulation (RFC2004)
• Generic Routing Encapsulation (GRE) (RFC1702)
IP-within-IP encapsulation
Page 79 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Mobile IP: Agent Discovery & Registration
• Mobile Node finds out about FA through Agent Advertisements– FAs broadcast Advertisements in periodic intervals– Advertisements can be triggered by an Agent Solicitation from the MN
• Care of Address of the MN is determined, either– Dynamically, e.g. using Dynamic Host Configuration Protocol (DHCP)– Or: use IP address of FA as CoA
• MN registers at FA and HA: Registration Request & Reply– MN signals COA to the HA via the FA– HA acknowledges via FA to MN
• Registration with old FA simply expires (limited life-time, soft-state)
FAHA MN
[Agent Solicitation] (opt.)Agent Advertisement
Registration Request
Registration Reply Time
Obtain c/o address
Page 80 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
type = 16R: registration requiredB: busy, no more registrationsH: home agentF: foreign agentM: minimal encapsulationG: GRE encapsulationr: =0, ignored (former Van Jacobson compression)T: FA supports reverse tunnelingreserved: =0, ignored
MIP messages:Agent advertisement
preference level 1router address 1
#addressestype
addr. size lifetimechecksum
COA 1COA 2
type = 16 sequence numberlength
0 7 8 15 16 312423code
preference level 2router address 2
. . .
registration lifetime
. . .
R B H F M G r reservedT
Procedure:
• HA and FA periodically broadcast advertisement messages into their subnets
• MN listens to these messages and detects, if it is in the home or a (new?) foreign network
• when new foreign network: MN reads a COA from the advertisement (opt.)
ICMP Router Discovery extension:
Page 81 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
MIP messages: registration request & reply
home agenthome address
type = 1 lifetime0 7 8 15 16 312423
T x
identification
COA
extensions . . .
S B D MG rS: simultaneous bindingsB: broadcast datagramsD: decapsulation by MNM mininal encapsulationG: GRE encapsulationr: =0, ignoredT: reverse tunneling requestedx: =0, ignored
Registration Request (via UDP)
home agenthome address
type = 3 lifetime0 7 8 15 16 31
code
identification
extensions . . .
Registration Reply (UDP)
Example codes:registration successful• 0 registration accepted• 1 registration accepted, but simultaneous mobility bindings unsupportedregistration denied by FA•65 administratively prohibited•66 insufficient resources•67 mobile node failed authentication
•68 home agent failed authentication•69 requested Lifetime too longregistration denied by HA•129 administratively prohibited•131 mobile node failed authentication•133 registration Identification mismatch•135 too many simultaneous mobility bindings
Page 82 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Transport Layer ProtocolsGoal: data transfer between application (processes) in end-systems
• support of multiplexing/de-multiplexing e.g. socket API
data stream/connection identified by:two IP addresses, protocol number, two port numbers
Page 83 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Overview: Transport Protocols
• User Datagram Protocol UDP (RFC 768)– Connectionless– Unreliable– No flow/congestion control
• Transmission Control Protocol TCP (RFC 793, 1122, 1323, 2018, 2581)– Connection-oriented (full duplex)– Reliable, in-order byte-stream delivery– Flow/congestion control
• Stream Control Transport Protocol SCTP (see later)• Real-Time Transport Protocol RTP
Page 84 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Streaming Control Transmission Protocol (SCTP)
• Defined in RFC2960 (see also RFC 3257, 3286)• Purpose initially: Signalling Transport• Features
– Reliable, full-duplex unicast transport (performs retransmissions)– TCP-friendly flow control (+ many other features of TCP)– Multi-streaming, in sequence delivery within streams
Avoid head of line blocking (performance issue)– Multi-homing: hosts with multiple IP addresses, path monitoring (heart-beat mechanism),
transparent failover to secondary paths• Useful for provisioning of network reliability
Host A Host BIPa1
IPa2 IPb2
IPb1
Separate Networks
SCTP Association
Page 85 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Transport Layer Handover in SCTP
1. MN communicates with CN via established SCTP association (From IP1 to IP CN)
2. When MN comes in Range of AP B• MN obtains new IP address IP2• MN adds IP2 to the existing SCTP association
Address configuration Change (ASCONF) Chunk
3. When connection should be transferred to new AP B• MN sets primary address to IP2• MN deletes old IP1 from SCTP association (ASCONF
chunk)
IP1
IP 2
Correspondent Node
AP A
AP B
Page 86 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
SCTP Mobility support: Discussion• SCTP Handover transparent for network
– No additional network infrastructure needed– Possible use-case: switch to peer-to-peer mode without network support
• avoids tunneling and tri-angular routing
• Endpoints need to support SCTP (with dynamic control of IP addresses)• Signalling to every correspondent node necessary (for every established SCTP
association) for high number of parallel connections, large signalling volume over air interface
• Dynamic Naming Service for connection set-up from CN required (to establish the initial SCTP association)– Dynamic DNS– Other location mechanisms (e.g. based on SIP URLs)
• Only usable for traffic without real-time requirements (due to SCTP flow/congestion control)– but similar approaches, e.g. for RTP, possible
• Simultaneous Handover (Mobile Node and Correspondent Node) can lead to loss of connection
Page 87 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
SIP: Mobility support
User/Session/Application Mobility (change of terminal)
• Registration via SIP ‘REGISTER’• Initial connection set-up between MN1 and CN
through ‘INVITE’• mid-session mobility (application mobility): call
transfer, SIP method ‘REFER’ (RFC3515) • Application state could be contained in the message body
(‘proprietary’ extension)
Host Mobility (change of IP address)• Pre-call: re-register, routing of ‘INVITE’ based on SIP-
URL• mid-call: re-invite
MN1
MN2
MN2
MN1
CN
Page 88 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Host Identity Protocol (HIP)• IETF drafts, see http://www.ietf.org/html.charters/hip-charter.html• Underlying ideas for mobility support
– Separate host identifier (HI, ‘name’) and locator (‘IP address’)– Dynamic name service or rendezvous server for pre-session mobility– Update of mapping of host identifier locator at handovers– Mechanism works between transport
and network layer• In combination with security
– Host Identity Name space based on public keys
– Hash of HI 128bit Host Identity Tag attached to packets
Page 89 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Host Identity / Host identifier
• Host Identity in HIP is a public asymmetric key pair.– RSA– DSA– Possible others
• Host Identifier (HI) is the public key which is used to refer the Host Identity.– Statically globally unique.– Used for host authentication.– Variable length (Depending on cryptographic algorithm).
• Host Identity Tag (HIT)– is a fixed length (128 or 64 bit) representation of a Host Identifier– Can be used as IPv6 address– Goal: low collision probability
Page 90 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
HIP Base exchange
• Beginning of a HIP connection• Consists of a 4-way handshake.• Involves :
• J. Schiller: ’Mobile Communications’. Addison-Wesley, 2000.• A. Festag, ‘Mobile Internet II, Overview of current mobility approaches’ (lecture material). TU Berlin,
2002.• Seok Joo Koh, ‘mSCTP: Use of SCTP for IP Mobility Support’, Presentation, IT Forum, Korea, 2003• H. Schulzrinne, E. Wedlund, ‘Application-Layer Mobility Using SIP’. Mobile Computing and
Communications Review, Vol. 1, No. 2 • K. Boman, G. Horn, P. Howard, V. Niemi: “UMTS security“, IEE Electronics & Communication
Engineering Journal (ECEJ), special issue on 'Security for telecommunications‘ (2002)• G. Horn, D. Kröselberg,K. Müller: “Security for IP multimedia services in the 3GPP third generation
mobile system”, Proceedings of INC 2002, Third International Network Conference, Plymouth, July 2002.
3GPP specifications can be found under http://www.3gpp.org/.• 3GPP TS 33.102: ‘Security architecture’
Page 94 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Acknowledgements• Lecture notes: Mobile Communciations, Jochen Schiller,
www.jochenschiller.de• Tutorial: IP Technology in 3rd Generation mobile networks,
Siemens AG (J. Kross, L. Smith, H. Schwefel)• Tutorial: Voice over IP Protocols – An Overview, www.vovida.org• Various 3GPP slide-sets• Siemens ICM N PG U SE and Siemens CT IC 3
• Student work AAU– Rui Martins (Master Thesis)– Lars Roost, Per Toft, Gustav Haraldson (Semester project)
• Lecture notes: Wireless communication protocols (R. Prasad, TKM)
Page 95 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
PAN
CAN
BBT
BT
BT
BT
You
Br
VD
aT
VD
aT
YouYouMe
aT
B aTBr
BRo/Br
aT
B aTBr
BThird Party
Ro/Br
aT
Br : BridgeRo : Router
Network Architectures beyond cellular networks
Personal Area Networks (PANs)• Devices attached to or in vicinity of person
group mobility models• Wireless communication
• Between devices within PAN• To infrastructure networks• Between two PANs
Wireless multi-hop communication
Impact of wireless multi-hop• Mutual interference• MAC protocol deficiencies• Need for modified routing (ad-hoc domain)
[see http:/www.imec.be/pacwoman]
Page 96 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Personal Networks– Logical networks, defined by appropriate security associations– Potential huge geographical/topological span– Consisting of ad-hoc and infrastructure networks– User centric (PAN as central entity)
Core PAN
Home network
Corporatenetwork
Interconnecting structure(Internet, UMTS, WLAN, Ad Hoc, etc.)
Vehicular area network
PAN
Smart building
Personal Network Remote personal devices
Local foreign devices
Remote foreign devices
Extensions of the PAN concept
[see http:/www.ist-magnet.org/]
Page 97 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005
Health Scenario
Patient’s PAN
Home Network
Hospital Network
InternetHome Agent
AN
AN
AN
Private Network
AN - Active Node (Active Router + Server)
HospitalServices
PatientRecords
Doctor’s PAN
Patient moves home Patient’s PAN
Content server- entertainment- insurance company- etc.
Recoveringpatient at home
Page 98 Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005