1 / 15

802 Handoff LinkSec Handoff Issues?

802 Handoff LinkSec Handoff Issues?. David Johnston david.johnston@ieee.org dj.johnston@intel.com. First Session of 802 Handoff ECSG Launched, May 2003. Attendance Monday – 30 Tuesday – 19 Thursday – 22 Total Attendance – 45 29 Separate organizations represented. Officers. Chair

franceslee
Download Presentation

802 Handoff LinkSec Handoff Issues?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 802 HandoffLinkSec Handoff Issues? David Johnston david.johnston@ieee.org dj.johnston@intel.com David Johnston, Intel

  2. First Session of 802 Handoff ECSG Launched, May 2003 • Attendance • Monday – 30 • Tuesday – 19 • Thursday – 22 • Total Attendance – 45 • 29 Separate organizations represented David Johnston, Intel

  3. Officers • Chair • David Johnston, Intel • Reluctant Recording Secretary • Paul Lin, Intel • Vice Chair • None, volunteers welcome David Johnston, Intel

  4. Charter • Consider the possibility of specifying a common handoff framework application to 802 standards, wired and wireless • Consider placement of work (In a new working group or 802.1) • Authorized to draft a PAR David Johnston, Intel

  5. Objectives • Define scope and requirements • May work with all MACs and PHYs • Without unnecessary overhead • 802.x  802.y (where x could equal y) • 802.x  non 802 • Consider how to address Authentication and Security • Within the PAR? Coordinated with Link Security group • Specify a framework that 802 MACs can adopt • MAC SAP Messages • MIB Entries • Other? David Johnston, Intel

  6. What it is not • It is not proposed to implement a protocol for handoff • We are at the link layer. What are we handing off? • Entire problem cannot be solved at layer 2 • So this is not a handoff standard! David Johnston, Intel

  7. Scenario • Multi interfaced device • Docked Laptop with 802.3, 802.11 and 802.16e • Mobile IP session being used for VoIP and web traffic • Laptop undocks • Needs to make a timely decision to switch to 802.11 and attach to a suitable AP. • Existing traffic should suffer minimum interruption • Laptop moves out of building • Needs to make a timely decision to switch to 802.16e and choice a suitable BS • Existing traffic should suffer minimum interruption David Johnston, Intel

  8. What it is • Focus is on • Enabling good handoff decisions • Handoff decision data with interface • Signaling appropriately to L3 handoff capable entities • L2 triggers • Wired and Wireless • 802.3 to 802.[11/15/16] are important cases David Johnston, Intel

  9. (very) Simplified Anatomy of a Handoff • Something somewhere up the stack agrees, in its own way to handoff from one place to another • E.G. Mobile IP • Consequently, down at the link layer, an attachment switches from one place to another • Association-authentication-authorization in one of several possible orders and flavors • Either by picking a new attachment point for an interface, or picking a new interface David Johnston, Intel

  10. The blocking behavior of 802.1x • 802.1x allows access to the MAC • Blocks access to all LSAPs above the LLC except for EAPoL until authentication has completed • So only MAC signalling and EAP available prior to authentication • This takes advantage of the common MSDU transport capability of different 802 networks. • A mechanism applicable to diverse 802 network types could not be codified in existing MAC signaling or EAP • So current 802 authentication practice impacts on the transfer of handoff related information prior to authentication David Johnston, Intel

  11. Pre – auth Requirements • Prior to attempting to authenticate, the mobile node may want to know whether it is worth the effort • Does the AP support my L3 network needs? • Do I have a payment method, auth protocol, subscription that will work on the candidate AP? • Can my QoS needs be met? • It would be nice for the conduit for this information: • To not be blocked prior to authentication • To be applicable to diverse 802 network types (MSDU transport) David Johnston, Intel

  12. Extending the auth model be extended to support Handoff • Extend set of pre authentication unblocked things from: • MAC signalling • EAPoL • To: • MAC signalling • EAPol • Non sensitive handoff related data David Johnston, Intel

  13. For Example • Extend the unblocked fork of 802.1x EAPoL Non Sensitive Handoff Information/ Protocol/negotiation L3 L3 L3 L3 802.2 802.2 David Johnston, Intel

  14. So: One requirement • Don’t make it impossible for the definition of the distribution of media independent handoff decision data prior to authentication • Allows mobile nodes to handoff based on good information • Enables mobile nodes to choose who they should bother authenticating to. David Johnston, Intel

  15. Port == AID?! • In 802.11 the port is defined to be attached to an association • Prevents authentication before association • Is a problem for 802.11 if you have handoff decision data on the uncontrolled port • Increases time to access handoff data • Leaves only the beacon for public data before auth • Limited in size, • Unsafe to extend • Not common across 802 • Can the port not be per mobile part MAC address or some such thing? David Johnston, Intel

More Related