140 likes | 317 Views
Media-Independent Pre-Authentication (draft-ohba-mobopts-mpa-framework-01.txt) (draft-ohba-mobopts-mpa-implementation-01.txt). Ashutosh Dutta, Telcordia Technologies Victor Fajardo, Yoshihiro Ohba, Kenichi Taniuchi Toshiba America Research Inc. Henning Schulzrinne, Columbia University.
E N D
Media-Independent Pre-Authentication(draft-ohba-mobopts-mpa-framework-01.txt)(draft-ohba-mobopts-mpa-implementation-01.txt) Ashutosh Dutta, Telcordia Technologies Victor Fajardo, Yoshihiro Ohba, Kenichi Taniuchi Toshiba America Research Inc. Henning Schulzrinne, Columbia University Prepared for IRTF MOBOPTS WG August 4th , 63rd IETF, Paris
Problem Statement • Existing mobility optimization mechanisms rely on signaling between access routers of different administrative domains • It is hard to assume an SA between access routers of different domains • There has been no solution for inter-domain handovers • Inter-domain handover can occur even for a mobile node with a single interface • Existing mobility optimization mechanisms do not deal with heterogeneous handovers in which authorization characteristics are different before and after handovers and thus a fresh authentication and authorization needs to be performed • Heterogeneous handover can occur even for a mobile node with a single interface • Existing mobility optimization mechanisms are tightly coupled with particular mobility management protocols • All those problems above need to be solved without sacrificing handover performance
Overview of Media-independent Pre-Authentication (MPA) • MPA is: • a mobile-assisted higher-layer authentication, authorization and handover scheme that is performed prior to establishing L2 connectivity to a network where mobile may move in near future • MPA provides a secure and seamless mobility optimization that works for • Inter-domain handover • Heterogeneous handover (single/multiple interface) • MPA works with any mobility management protocol • MIP(v4,v6), SIPMM, HIP, etc.
Home Network HA MN-AR key MN-CA key Data in new domain BU Pre configuration Tunneled Data Proactive handover tunneling end procedure pre-authentication L2 handoff procedure MN A(Y) MPA Overview 1. DATA[CN<->A(X)] 2. DATA [CN<->A(Y)] over proactive handover tunnel [AR<->A(X)] CN 3. DATA[CN<->A(Y)] AA CA AR Domain X Domain Y Data in old domain MN CN: Correspondent Node MN: Mobile Node AA: Authentication Agent CA: Configuration Agent AR: Access Router A(X)
Network 4 AR Information Server CN INTERNET Network 3 MN-CA key MN-CA key Network 2 AR Current Network 1 TN AR AA AA CA CA CTN Mobile AP1 AP2 AP3 AR AP1 Coverage Area AP 2 & 3 Coverage Area CTN – Candidate Target Networks TN – Target Network MPA-assisted Seamless Handoff (a deploymentscenario)
Changes from draft 00 to 01 • Split the original MPA document into two • Framework, Implementation • (draft-ohba-mobopts-mpa-framework-01.txt) • (draft-ohba-mobopts-mpa-implementation-01.txt) • (draft-ohba-mobopts-mpa-framework-01.txt) • Ping-Pong Effect • Buffering • Bi-casting • Pre-authentication with multiple CTNs • (draft-ohba-mobopts-mpa-implementation-01.txt) • New Experimental results • MIPv6 (Previously with SIP mobility management only) • With and w/o Route Optimization • Buffering at NAR • Layer 2 handover enhancement
MPA Experiment with MIPv6 Network 5 Information Server Home Network HA Network 4 Network 2 Network 1 AA PANA Agent Buffer Agent R1 Relay/ Client Proxy R2 NAR CA PAR oPoA IP2 Network 3 nPoA AP1(Channel 6) Audio Application AP2(Channel 9) ITSUMO network CN MN MN Move AP1, AP2: Access Point R1: Previous Access Router R2: New Access Router MN: Mobile Node CN: Correspondent Node HA: Home Agent
Conclusions • MPA attempts to address the issues of inter-domain handover and heterogeneous handover • MPA framework provides an optimized handover solution independent of mobility management protocol • Implementation results of both MIPv6 and SIP-based mobility management • Zero packet loss (with buffering) • L2 delay ~ 4ms • Jitter during handover (~ 20 – 50 ms) (with buffering) • Pre-authentication for PANA is being accepted as work item of PANA WG
Future Work • Network-initiated MPA • Performance comparison with other Fast Mobility management protocol • Integration of L2 security bootstrapping in the target network • Choose or define appropriate protocol set for each building block
Future Work (Contd.) • Do we need to solve the pre-authentication problem for inter-domain and heterogeneous handover? • Include MPA framework as part of MOBOPTS work item ?