Efficient Management of the Efficient Management of the Traffic Flows in Wireless InternetTraffic Flows in Wireless Internet
Abbas Jamalipour
The University of SydneyAustralia
International Workshop on Internet Security and Management
[email protected] Jan 2003, Sendai, Japan
20032003A. JamalipourA. Jamalipour 22
ContentsContents
1.1. An Introduction to Wireless IPAn Introduction to Wireless IP
2.2. Wireless Internet SecurityWireless Internet Security
3.3. Quality of ServiceQuality of Service
4.4. ConclusionsConclusions
An Introduction to Wireless IPAn Introduction to Wireless IP
Abbas Jamalipour11
20032003A. JamalipourA. Jamalipour 44
??
??
The mobile InternetThe mobile Internet
Global Internet
IP-based core network
IP-based access network
To other telecommunication networks
AccessNode
Mobile Node
Can “mobile Internet” be defined like this?
Location-independent access
Wire-free access
ISP-independent access
Seamless access
INTERNET ACCESS
20032003A. JamalipourA. Jamalipour 55
Evolution in telecom technologiesEvolution in telecom technologies
Telephony– Wired– Wireless– Cellular
Internet– Fixed– Wireless– Mobile
Increase in:• No of services• Accessibility (time/space)• No of applications
AP����������
����������
����������
����������
����������
���������
���������
����������
����������
Internet
?APAP
����������
����������
����������
����������
����������
����������
����������
����������
����������
����������
���������
���������
���������
���������
����������
����������
����������
����������
Internet
?
Available options:• Working independently• Replacing• Complementing
Network Traffic: Voice, Text, Data, Image, Video, …, Multimedia
20032003A. JamalipourA. Jamalipour 66
Trend 1: Fixed to mobile accessTrend 1: Fixed to mobile access
Saturation of fixed access for voice service in near future400m mobile subscribers worldwide in 2000 and 1800m in 2010Similar exponential increase pattern in number of Internet subscribers
0
200
400
600
800
1000
1200
1400
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005
Million Users
Fixed Lines
Mobile Lines
Fixed Internet
20032003A. JamalipourA. Jamalipour 77
Trend 2: Voice to dataTrend 2: Voice to data
Significant increase in no. of multimedia users compared with voice3m mobile data users in 1998 to 77m in 2005: 70% increase per yearToday’s Internet users: potential users of tomorrow’s mobile Internet
0
20
40
60
80
100
120
140
1997 1998 1999 2000 2001 2002
Data Traffic Volume
Voice Traffic Volume
Pbit/day
20032003A. JamalipourA. Jamalipour 88
Get the first 50m usersGet the first 50m users
0
20
40
60
80
100
P ublic TelephonyNetwork
RadioBroadcasting
TelevisionBroadcasting
Cellular M obileCom m unications
Internet
S 1
Y ears
75 35 13 12 4 (years)
20032003A. JamalipourA. Jamalipour 99
The applicationThe application--oriented Internetoriented Internet
Internet to:• connect people• connect devices• connect people/ devices
1980 1985 1990 1995 2000 2005 2010100
1000
10000
100000
1000000
10000000
100000000
1000000000
Number of Internet users
FTPTelnet
WWW
embedded Internet and wireless Internet
Variety Growth of Internet Applications
20032003A. JamalipourA. Jamalipour 1010
Mobile Internet applicationsMobile Internet applications
Information• internet-surfing• intelligent search-
& filtering agents• on-line media• on-line translation• local information• booking & reservation• news
Education
• virtual school• on-line laboratories• on-line library• on-line training• remote consultation
Leisure
• virtual book store• music on demand• games on demand• video-clips• virtual sight seeing• ski net, Disney net• lottery services
• public elections and voting• public information• help• broadcast services• yellow pages
PublicServices
OfficeInformation
• virtual working groups• mobile office• tele-working• schedule synchronisation
SpecialServices
• security services• hotline• tele-medicine
Communication• video telephony• video conferencing• speech• e-mail• announcing services• SMS• electronic postcard
FinancialServices
• on-line banking• universal SIM-
& credit card• home shopping• stock quotes
TelemetricServices
(Machine-Machine Services)
• location basedtracking (GPS)
• navigation assistance• travel information• fleet management• remote diagnostics
???
???
???
20032003A. JamalipourA. Jamalipour 1111
Telecom of the futureTelecom of the future
Horizontal communication between different access technology– cellular, cordless, WLAN, short-range connectivity, wired
On a common platform to complement each other servicesConnected through a common, flexible, seamless IP-based core networkAn advanced media access technology that connects the core network to different access technologiesGlobal roaming and inter-working between different access technologies both horizontal (intra-system) and vertical (inter-system) handoverSeamless service negotiation including mobility, security, QoS
Supporting new and existing applications
20032003A. JamalipourA. Jamalipour 1212
Interoperated telecom architectureInteroperated telecom architecture
3G networksUMTS/cdma2000
indoor high-speed networks
public telephony switched networks
packet data networksother
wireless/wired networks
common core network
20032003A. JamalipourA. Jamalipour 1313
A network architecture of the future mobile networksA network architecture of the future mobile networks
Internetwork Access Technology
IP Core Network
Satellite Backbone
Private IP Network
Global Internet
Wireless LAN
GSM
cdmaOne
DECT
GPRS/UMTS Core
cdma2000 Core
cdma2000 Access Network
UMTS Access Network
PSTN/ISDN
ADSL
20032003A. JamalipourA. Jamalipour 1414
Two Dimensional InternetworkingTwo Dimensional Internetworking
Wired Networks
Personal Networks
Hot Spot Networks
2G Mobile Networks
3G Mobile Networks
Global Networks DAB/DVB
PSTN ADSL Internet
Ad Hoc DECT Bluetooth
Wireless LAN PHS
GSM GPRS cdmaOne PDC
UMTS cdma2000 UWC-136
GEO SAT MEO/LEO SAT
20032003A. JamalipourA. Jamalipour 1515
SummarySummary
Applications were and will be the driving wheels in evolution of all telecommunication networks.Success of the Internet is mainly due to its accessibility and the usage of an open architecture.Mobility is a recognized feature of the future telecommunication networks.Multimedia mobile applications will force the future networks to be united under a common platform and incorporate efficiently to complement services of each other.
But, wouldn’t this integration add new complications to QoS and network security?
20032003A. JamalipourA. Jamalipour 1616
RequirementsRequirements
Efficient homogeneous traffic flow management as well as QoS management techniques are required.
– Capable of delivering QoS and security on an end-to-end basis within the heterogeneous networks (wired/wireless)
Traffic flow volume is needed to be controlled by discriminatory preferences given to individual users and application data.
Wireless Internet SecurityWireless Internet Security
Abbas Jamalipour22
20032003A. JamalipourA. Jamalipour 1818
Why security?Why security?
Original reasons in necessity of Internet security
PLUS
Increase in number of internetworking networksGrowth in number and variety of network hostsIncrease in variety of network applicationsIncrease in amount of data stored in network and their storage locations Increase in volume of data being exchanged
20032003A. JamalipourA. Jamalipour 1919
Internet securityInternet security
Network Security
Privacy Authentication Integrity Non-repudiation
aka secrecy:Only sender and intended receiver shouldunderstand the message
• S: Encryption• R: Decryption
Receiver is confident of the sender’s identity
The content of the received message is exactly same as what was sent by original sender
Receiver must be able to prove that the sender did send the message(sender cannot deny it)
20032003A. JamalipourA. Jamalipour 2020
Internet attacks Internet attacks –– SniffingSniffing
Internet is a broadcasting medium– A third party can intercept a message which is not encrypted– Read, write, or delete the data being transferred
A
B
C
src:B dest:A payload
20032003A. JamalipourA. Jamalipour 2121
Internet attacks Internet attacks –– IP spoofingIP spoofing
Internet is a broadcasting medium– A third party can pretend to be the original sender by putting
the original sender’s IP address in the source IP field
A
B
C
src:B dest:A payload
20032003A. JamalipourA. Jamalipour 2222
Internet attacks Internet attacks –– Denial of serviceDenial of service
Internet is a broadcasting medium– A third party can overloading the receiver by flooding malicious
packets
A
B
C
SYN
SYNSYNSYN
SYNSYN
SYN
Also Distributed DoS: by multiple coordinated sources
20032003A. JamalipourA. Jamalipour 2323
Where to secure?Where to secure?
Application layer– For private, authenticated transactions using certificate
infrastructure; e.g. SET (secure electronic transaction), digital signatures, Pretty Good Privacy (PGP) and Secure Shell
Transport layer– Data encryption using certificate infrastructure; e.g. SSL, TLS
Network layer– Data protection across the network; e.g. IPSec, Firewall, AAA
Link layerPhysical layer
– Encoding the data before sending on air for physical isolation
20032003A. JamalipourA. Jamalipour 2424
Basic security techniquesBasic security techniques
Encryption and decryption– Mainly to create privacy but are also applied in the other three
parts of the network security– Secret key (aka symmetric key)
Using the same key shared between sender and receiver pair and common encryption/decryption algorithmsUse of short keys: ideal for encrypt/decrypt long messagesOne key for each pair: too many keys are needed for all
– Public keyUse of a private key and a public keyPrivate key is kept by receiver, public key is announced to publicLess keys required, but more complex algorithms: good for short messages
20032003A. JamalipourA. Jamalipour 2525
Digital signatureDigital signature
Handles authentication, integrity and non-repudiation – Signing the message using encryption techniques– Sender encrypt the message using his private key– Receiver decrypt the message using sender’s public key
Integrity: If the message is changed by an intruder, there is a high probability that the message is unreadable.Authentication: Using a different private key will result a different message than the one sent by the sender.Non-repudiation: The private key of the sender can be tested on the original plaintext thus the sender cannot deny sending the message.
20032003A. JamalipourA. Jamalipour 2626
IPSecIPSec: Network layer security: Network layer security
Providing a framework and a mechanism only– Encryption/authentication selections are left to the user
Can provide network layer secrecy and authentication– Network layer secrecy: sending host encrypts TCP and UDP
segments, ICMP and SNMP messages in IP datagram– Network layer authentication: destination host can authenticate
the source IP addressDefining two protocols at the network layer
– Authentication header (AH) protocolTo provide integrity and authentication (digital signature)
– Encapsulating Security Payload (ESP) protocolTo provide privacy plus integrity and message authentication
20032003A. JamalipourA. Jamalipour 2727
Service agreement (SA)Service agreement (SA)
A source-destination handshake for AH and ESP protocols
– Creating network-layer logical channel called a service agreement (SA)
Each SA is unidirectional and uniquely determined by:– The security protocol (AH or ESP)– The source IP address– A 32-bit connection ID
20032003A. JamalipourA. Jamalipour 2828
Encapsulating security payload Encapsulating security payload
Provides secrecy, host authentication, data integrityData and ESP trailer are encryptedNext header field is in ESP trailerESP authentication field is similar to AH authentication fieldProtocol = 50
IP Header ESP Header TCP/UDP Segment ESP Trailer ESP Auth
Encrypted
Authenticated
Protocol = 50
20032003A. JamalipourA. Jamalipour 2929
Authentication header protocolAuthentication header protocol
Provides source host authentication, data integrity, but not secrecyAH header inserted between IP header and data fieldProtocol field = 51Intermediate routers process datagrams as usualAH header includes:
– connection ID– authentication data: signed message digest, calculated over original
IP datagram, providing source, authentication, data integrity– Next header field: specifies type of data (TCP, UDP, ICMP, etc.)
IP Header AH Header TCP/UDP Segment
20032003A. JamalipourA. Jamalipour 3030
Security in wireless InternetSecurity in wireless Internet
All issues and techniques explained so far are also applicable to the wireless Internet security, but
– Are they still sufficient?– Are they still efficient?– Are they all supportable in heterogeneous networks?– Are those techniques scalable enough?– Are the security threats limited to those considered?
Security should be considered as an end-to-end issue– So, in order to resolve the above doubts and to implement
security (which would be redefined at a later time), security has to be treated similar to other quality of service themes
Quality of ServiceQuality of Service
Abbas Jamalipour33
20032003A. JamalipourA. Jamalipour 3232
GeneralGeneral QoSQoS requirementsrequirements
Technology-based quality of service requirements– Timeliness
delayresponse timedelay variation
– Bandwidthsystem level data rateapplication level data ratetransaction rate
– Reliabilitymean time to failuremean time to repairmeantime between failuresloss or corruption rate
20032003A. JamalipourA. Jamalipour 3333
QoSQoS requirements, more …requirements, more …
User-level quality of service requirements– critically
perceived QoS based on data transmission application type– picture detail– picture color accuracy– video rate– video smoothness– audio quality– video/audio synchronization
cost– per-use cost– per-unit cost
security– confidentiality (information access only by appropriate users)– integrity (information not to be corrupted)– digital signatures– authentication (verification of a user’s identity and right to access)
20032003A. JamalipourA. Jamalipour 3434
BW vs. coverage in wireless networksBW vs. coverage in wireless networks
Wider coverage and higher mobility equal to higher cost but not necessarily higher data rate
Harmonic QoS adjustment on an end-to-end basis is also challenging when more than one network involved
Wireless network Coverage Data rate Infrared Room 19.2 kbps-4 Mbps IEEE 802.11/b/a 100-500m around each AP 1, 2/11/54 Mbps GSM (HSCSD) Cellular network 9.6 (56) kbps CDPD (for AMPS, IS-95, IS-136) Cellular network 19.2 kbps DECT, PHS Cellular network 32 kbps GPRS (for GSM) Cellular network 155 kbps UMTS/IMT-2000 Cellular network 384 kbps to 2 Mbps Iridium LEO Satellite Global 2.4 kbps Broadband satellites Global/regional 2 Mbps
20032003A. JamalipourA. Jamalipour 3535
Challenging wirelessChallenging wireless QoSQoS managementmanagement
Data applications over wireless channel require sophisticated techniques of quality of service management
– short loss of communications during handover is not desirable, though it is acceptable in voice applications
– similar facilities required in the new point of attachment after any handover
– blind spots are unavoidable in wireless networksEnd-user QoS is also affected by certain specifications of portable terminals– battery limit – screen size– processing power – screen resolution
More importantly, traffic flows are transported by a variety of networks, each with its QoS and security treatment techniques
20032003A. JamalipourA. Jamalipour 3636
ImprovingImproving QoSQoS in IP networksin IP networks
IETF groups are working on proposals to provide better QoS control in IP networks, i.e., going beyond best effort to provide some assurance for QoSWork in Progress includes RSVP, Differentiated Services, and Integrated ServicesSimple model for sharing and congestionstudies:
Looking for an ideal and general network QoS model
20032003A. JamalipourA. Jamalipour 3737
Principles forPrinciples for QoSQoS guaranteesguarantees
Consider a phone application at 1Mbps and an FTP application sharing a 1.5 Mbps link
– bursts of FTP can congest the router and cause audio packets to be dropped
– want to give priority to audio over FTP
PRINCIPLE 1: marking of packets is needed for router to distinguish between different classes; and new router policy to treat packets accordingly
20032003A. JamalipourA. Jamalipour 3838
QoSQoS guarantees, more…guarantees, more…
Applications misbehave (audio sends packets at a rate higher than 1Mbps assumed above) PRINCIPLE 2: provide protection (isolation) for one class from other classes Require policing mechanisms to ensure sources adhere to bandwidth requirements;
– marking and policing need to be done at the edges
20032003A. JamalipourA. Jamalipour 3939
QoSQoS guarantees, more…guarantees, more…
Alternative to marking and policing: allocate a set portion of bandwidth to each application flow
– can lead to inefficient use of bandwidth if one of the flows does not use its allocation
PRINCIPLE 3: while providing isolation, it is desirable to use resources as efficiently as possible
20032003A. JamalipourA. Jamalipour 4040
QoSQoS guarantees, more…guarantees, more…
Cannot support traffic beyond link capacityPRINCIPLE 4: need a “Call Admission Process”
– application flow declares its needs – network may block call if it cannot satisfy the needs
20032003A. JamalipourA. Jamalipour 4141
QoSQoS summarysummary
Now, let’s have some examples from Internet and cellular networks
20032003A. JamalipourA. Jamalipour 4242
IP solutions forIP solutions for QoSQoS supportsupport
Three classes of service– guaranteed-service class
provides for delay-bounded service agreements– controlled-load service class
provides for a form of statistical delay service agreement (nominal mean delay)
– best-effort servicesinteractive burst (e.g. Web), interactive bulk (e.g. FTP), and asynchronous (e.g. Email)
Guaranteed and controlled-load services are based on quantitative service requirements and require signaling and admission control in network nodes
– usually Resource Reservation Protocol (RSVP) is used
Integrated services (IntServ)
20032003A. JamalipourA. Jamalipour 4343
IntServIntServ: Advantages and disadvantages: Advantages and disadvantages
Advantages– provides service classes which closely match different apps– leaves the existing best-effort service unchanged
no change to the existing apps, efficient as current Internet– leaves forwarding mechanism in the network unchanged
non-upgraded networks can receive data from IntServ
Disadvantages– E2E service guarantee requires IntServ support by all nodes– subdivision of best-effort service may cause problems in
commercial networks
20032003A. JamalipourA. Jamalipour 4444
Differentiated services (Differentiated services (DiffServDiffServ))
Aims at providing simple, scalable and flexible service differentiation using a hierarchical model
– interdomain resource managementunidirectional service levels are agreed at each boundary point between a customer and a provider for traffic entering the provider network
– intradomain resource managementprovider is solely responsible for configuration and provisioning of resources within its domain
Provider builds its offered services with a combination of traffic classes, traffic conditioning, and billing
– DiffServ does not impose either the number of traffic classes or their characteristics on a service provider
Based on local service agreements at customer/provider boundariesPer-flow state is avoided within the network since individual flows are aggregated in classes
20032003A. JamalipourA. Jamalipour 4545
DiffServDiffServ, more …, more …
Aggregates the entire customer’s requirements for QoSThe customer must have a service level agreement (SLA) with service provider
– SLA specifies the forwarding service the customer receives– static or dynamic
static SLA: negotiated on a long-term basis (e.g., monthly)dynamic SLA: changes more frequently
For receiving different service levels, the customer must mark its packets by specific values in TOS filed (renamed DS field)
DS field supersedes the existing definition of IPv4 TOS octet and the IPv6 traffic class octet
DSCP (differentiated services codepoint) unused0 6 7
20032003A. JamalipourA. Jamalipour 4646
DiffServDiffServ 33--level routerslevel routersLocal Differentiated
Services Domain
Transit Internet Network
border router
border router
interior router
interior router
interior router
access routers
access routers
access routers
contracted link
20032003A. JamalipourA. Jamalipour 4747
DiffServDiffServ: Advantages and disadvantages: Advantages and disadvantages
Advantages– provides discrimination based on payment for service– traffic classes are accessible without signaling as a traffic class
is predefined aggregate of traffic– classification of the traffic needs not be performed in the end
system (simpler network management)
Disadvantages– DiffServ tries to keep the operating mode of the network
simple by pushing as much complexity as possible onto network provisioning and configuration
– DiffServ does not make providing several services with different qualities within the same network easier
20032003A. JamalipourA. Jamalipour 4848
IntServIntServ andand DiffServDiffServ––A comparisonA comparison
IntServ– Requires flow-specific state for each flow at routers
increase of state information based on number of flowsneed huge storage space and processing power at routermake routers much more complex
DiffServ– Simpler and more scalable– Scalability:
per-flow service replaced with per-aggregate servicecomplex processing is moved from the core of network to the edge
20032003A. JamalipourA. Jamalipour 4949
GPRS example ofGPRS example of QoSQoS supportsupport
QoS profile assigned to every subscriber– traffic precedence class
high, normal, and low priority– delay class
four classes– reliability class
five classes– peak throughput class
8, 16, 32, 64, 128, 256, 512, 1024, 2048 kbps– mean throughput class
19 classes from best-effort to 111 kbpsProfile requested by user or as default
– defined in the home location register (HLR)– SGSN responsible for fulfilling the QoS profile
TE MT BSS SGSN GGSN
EIR
SMS-SC
HLR
SMS-GMSCSMS-IWMSC
E C
DA
Gb
Gd
GrGsMSC/VLR
PDN
GGSN
Other PLMN
Gc
R Um
Gn
Gf
GiTE
SGSNGn
SignalingSignaling & Data
Gp
TE MT BSS SGSN GGSN
EIR
SMS-SC
HLR
SMS-GMSCSMS-IWMSC
E C
DA
Gb
Gd
GrGsMSC/VLR
PDN
GGSN
Other PLMN
Gc
R Um
Gn
Gf
GiTE
SGSNGn
SignalingSignaling & Data
Gp
20032003A. JamalipourA. Jamalipour 5050
UMTS network architectureUMTS network architecture
GSM CircuitSwitched
(Real-Time)
Non-Real-TimeData Services
CS
BTS
ATM
UMTS
Node B
ATM
PSTN
IP Core
IP
SGSN GGSN
FeatureServers
RNC
BSC
MSC
MSCu
20032003A. JamalipourA. Jamalipour 5151
UMTS architectural improvementsUMTS architectural improvements
Wideband access– higher bit rates toward mobile multimedia
applicationsMobile-fixed-Internet convergence– a uniform way to offer cross-domain services to
users– service portability across networks and terminals
Flexible service architecture– enhancing creativity and flexibility for new services
standardizing the blocks that make up services and not services themselves
Compared with GSM
20032003A. JamalipourA. Jamalipour 5252
UMTS and open service architectureUMTS and open service architecture
Providing access of UMTS service architecture via OSA to third party service providers
– To enhance portability of telecommunications services between networks and terminals (Rel-5, TS 22.127)
Virtual Home Environment (VHE)– A system concept for personalized service portability across
networks boundaries and between terminals– Considered by 3GPP (Rel-5, TS 22.121)– Use of services available at home network even after roaming
into another network– e.g., VHE converts a WAP into SMS when WAP is not
available in the visiting network
20032003A. JamalipourA. Jamalipour 5353
VHE for UMTSVHE for UMTS
network layer
standardized service-network UMTS interfaces
service
service layer
SCS 1
SCF
callcontrol servers
SCS 5
SCF
CAMEL servers
SCS 4
SCF
SIM application toolkit servers
SCS 2
SCF
home location register servers
SCS 3
SCFmobile
execution environment
servers
serviceservice
application servers
application servers
application servers
20032003A. JamalipourA. Jamalipour 5454
VHE elementsVHE elements
Enabling development of services independent of the underlying networks
– A layered UMTS service architecture
Service capability servers (SCS): servers that provide functionality used to construct services (e.g. MSC)Service capability features (SCF): the classes of OSA interface
– SCSs are network elements whereas SCFs are only additional software layer of interface classes on top of SCSs
– Examples of SCFs: call control, location/positioning, notifications
20032003A. JamalipourA. Jamalipour 5555
VHE SCS specificationsVHE SCS specifications
Call control (CC) servers: MSC to support circuit-switched telephony using 24.08 CC protocol (R99)Home location register (HLR): database for location and subscriber information using MAP protocolMobile execution environment (MExE) server: for value-added services through WAPSIM application toolkit (SAT) server: to offer additional capabilities to communications protocol between SIM and mobile terminalCustomized application for mobile networks enhanced logic (CAMEL) server: extends the scope of IN service provisioning to the mobile environment and to exchange mobile-specific service information between CAMEL and service switching point (SSP) and service control point (SCP)
20032003A. JamalipourA. Jamalipour 5656
UMTSUMTS QoSQoS supportsupport
Traffic class
Fundamental characteristics
BER
Example of the application
Conversational class
• Preserve time relation between informationentities of the stream• Conversational pattern (stringent and low delay)≤10-3
Voice, videotelephony, video games
Streaming class
• Preserve time relation between informationentities of the stream
≤10-5
Streamingmultimedia
Interactive class
• Request responsepattern• Preserve data integrity
≤10-8
Web browsing, network games
Background class
• Destination is not expectingthe data within a certain time• Preserve data integrity
≤10-8
Backgrounddownload of emails
20032003A. JamalipourA. Jamalipour 5757
E2E quality of service in 3G/UMTSE2E quality of service in 3G/UMTS
TE MS RAN CN TE
local bearer service
3G/UMTS bearer service
external bearer service
terminal-to-terminal QoS
3G/UMTS QoS
MT
20032003A. JamalipourA. Jamalipour 5858
cdma2000cdma2000
cdmaOne
PSTN
BTS
PCFcdma2000
AN
Internet
AN-AAA
PDSN HA
AAA
HLR
PCN
BSC
MSC/VLR
PCF
cdmaOne
PSTN
BTS
PCFcdma2000
AN
Internet
AN-AAA
PDSN HA
AAA
HLR
PCN
BSC
MSC/VLR
PCF
Packet data service reference model
cdma2000 network architecture
Access Layer
Data Link Layer
Network Layer
Higher Layers
Security
Service Access Provider
to other packet data networks
Access Layer
Data Link Layer
Network Layer
Higher Layers
Security
Access Layer
Data Link Layer
Network Layer
Higher Layers
Security
Service Access Provider
to other packet data networks
20032003A. JamalipourA. Jamalipour 5959
Access layerAccess layer
Mobile station supports in regard to provider– radio access technology– signaling standards
supporting only a single packet data service (Simple IP or Mobile IP); differentiation at higher layers
Access network– authenticates and authorizes MS for access service– establishes a connection to IMT-2000 network– initializes a data link layer
After this link layer establishment, network layer protocols are executed to establish the packet data session
20032003A. JamalipourA. Jamalipour 6060
Data link layerData link layer
Support of two types of data link layers by IMT-2000 network
PPP for Version 1 and 2– PPP protocol in compliance with RFC 1661– PPP compression control protocol (RFC 1962) used to
negotiate a PPP payload compression algorithm– In Mobile IP service, higher layers will not be reset when the
mobile re-establishes PPP to a new IMT-2000 serving areaSimple data link-layer protocol for Version 2
20032003A. JamalipourA. Jamalipour 6161
Network layerNetwork layer
Two types of network access methods– Mobile IP
Local and public network access– HA resides in IMT-2000 service provider network (SPN)– Authentication and authorization by SPN or a private network
Private network access– HA resides in a private network– Authentication and authorization by the private network
– Simple IPLocal and public network access
– IP address is dynamically assigned from the serving networkPrivate network access
– Same with addition of VPN software in mobile station
20032003A. JamalipourA. Jamalipour 6262
SecuritySecurity
Three levels of security from mobile station perspective– Radio access security
Authentication of the mobile stationSupport of air interface encryption
– IP network securityFor Mobile IP, use of FA challenge to authenticate mobile stationFor Simple IP, use of CHAP or PAP to authenticate mobile station
– CHAP: Challenge Handshake Authentication Protocol– PAP: Password Authentication Protocol– Both at the data link layer
– User end-to-end security Additional security measures provided by the user (optional)
ConclusionsConclusions
44Abbas Jamalipour
20032003A. JamalipourA. Jamalipour 6464
Application Level
Packet-based Traffic
Non-packet-based Traffic
Encapsulated Data
QoS
Mobility
Traffic
Network Management Level
Security
Physical Level
Wireless CellularWireless LAN
ADSLWired Networks
Application Level
Packet-based Traffic
Non-packet-based Traffic
Encapsulated Data
QoS
Mobility
Traffic
Network Management Level
Security
Physical Level
Wireless CellularWireless LAN
ADSLWired Networks
Layered manageable architectureLayered manageable architecture
A generic architecture that covers all networks under same assumptions and I/O traffic flows
Application level: harmonization of all different data into a unified form, prioritization of data according to the application and service requestedPhysical level: optimization of data transmission based on the unified dataNetwork level: management of the traffic flow transportation by resolving shortfall of the access network in providing requested service to the application; should be open, configurable, and scalableTasks include: traffic management, mobility management, QoS management, security management, and resource management
20032003A. JamalipourA. Jamalipour 6565
MWIF layered functional network architectureMWIF layered functional network architecture
Application
Service
Control
Transport
Security
OA
M&
P
API
Third party applications
Applications/Services Directory Services
Global Name ServersLocation Servers
AuthorizationPolicy Servers
Mobility Management
Communication Session Management
Resource Management
Access Gateway
Access Network Network Gateways
Terminals Other Networks
API
API
Access Specific Core
PSTN/external CS networksExternal IP networksLegacy 2G networksSignaling networks
20032003A. JamalipourA. Jamalipour 6666
ReferencesReferences
A. Jamalipour, The Wireless Mobile Internet – Architectures, Protocols and Services, John Wiley & Sons, Chichester, England, 2003.J. Kurose and K. Ross, Computer Networking – A Top-Down Approach Featuring the Internet, Second Edition, Addison Wesley, Boston, 2002.D. Wisely, P. Eardley, and L. Burness, IP For 3G, John Wiley & Sons, Chichester, England, 2002.http://www.3gpp.orghttp://www.3gpp2.orghttp://www.mwif.org