WLAN / 3G Cellular WLAN / 3G Cellular Interworking Interworking

WLAN / 3G Cellular WLAN / 3G Cellular InterworkingInterworking

Innovation Breakfast Series – Bell University Laboratories

Bell Mobility, CanadaBell Mobility, Canada

Centre for Wireless CommunicationsCentre for Wireless CommunicationsUniversity of Waterloo, CanadaUniversity of Waterloo, Canada

October 28, 2005 | Bell Mobility

Contacts:Hai Jiang ([email protected])Jon W. Mark ([email protected])Xuemin (Sherman) Shen ([email protected])Minghui Shi ([email protected])Wei Song ([email protected])Weihua Zhuang ([email protected])

Aladdin Saleh ([email protected])

Innovation Breakfast - WLAN / 3G Cellular Interworking 2

Agenda

Introduction to Centre for Wireless Communications

IEEE 802.11 roaming in WLAN / cellular environment

Mutual authentication and key exchange protocols

Resource management for QoS support in WLAN / cellular interworking

Acknowledgement


Centre for Wireless Communications

Centre for Wireless Communications (CWC) at the University of Waterloo was established in 1996 with a donation of one million dollars from Ericsson Communications Canada over a period of five years as seed money

Our mission– to develop a world-class telecommunications research facility – to pursue first-rate research, to train highly qualified personnel,

and to transfer technology with industry


Research Team

Professor Jon W. Mark, Director of CWCProfessor Xuemin (Sherman) ShenProfessor Weihua Zhuang4 Postdoctoral fellows26 PhD students11 MASc students

Dr. Aladdin Saleh, Bell MobilityMr. Khai Nyuen, Bell Mobility


Objectives

To develop efficient resource and secure mobility management algorithms/protocols for a wireless/wired communication network which

– achieves flexible and effective utilization of network resources(radio spectrum)

– guarantees end-to-end QoS requirements of multimedia traffic, taking into account the characteristics of wireless and mobile links


Research Projects

Voice over Mobile IPPacket traffic modeling WLAN / cellular interworkingWLAN / WiMAXWireless Application Protocol (WAP)Wireless transmission control protocolUWB wireless communicationsWireless ad hoc and sensor networksWireless network security


Textbook

Jon W. Mark ⋅ Weihua ZhuangUniversity of Waterloo

Publisher: Prentice HallCopyright 2003Format: Cloth; 368 ppPublished: 2003


Research Progress for BUL Projects

IEEE 802.11 roaming in WLAN / cellular environment

Mutual authentication and key exchange protocols

Resource management for QoS support in WLAN / cellular interworking

IEEE 802.11 Roaming in WLAN/3G EnvironmentIEEE 802.11 Roaming in WLAN/3G Environment

Innovation Breakfast by Bell University Laboratories

M. Shi, L. Xu, X. Shen, J.W. Mark, and A. Saleh, Air Interface Switching and Performance Analysis for Fast Vertical Handoff in Cellular Network and WLAN Interworking, International Journal of Wireless Communications and Mobile Computing, 2005

M. Shi, X. Shen, and J.W. Mark, and A. Saleh, Location Management and Vertical Handoff in WLAN/Cellular Integrated Networks, Proc. Global Mobile Congress, pp. 111-116, 2004

L. Xu, X. Shen, J.W. Mark, and A. Saleh, Mobile IP Based Seamless Vertical Handoff for Interworking WLAN and CDMA2000 Cellular Networks, Proc. Global Mobile Congress, pp. 12-17, 2004

Innovation Breakfast - IEEE 802.11 Roaming in WLAN/3G Environment 10

WLAN / 3G Interworking

IP network


Objective

Design WLAN roaming architecture and signaling process based on AAA (authentication, authorization and accounting) mechanism satisfying

– smooth transition

– compatibility


WLAN Roaming Architecture

NAS (Network Access Server) blocks network access until user is authenticatedNAS collects user credentialAAA broker (AAAB) relays user credential and Mobile IP registrationSignaling mode: interactive | seamless


WLAN Roaming Signaling

Interactive mode– Transition stage– NAS blocks Mobile IP registration request– User are prompted to enter the credential manually– NAS verifies the credential with home network– NAS releases Mobile IP registration packets and completes registration

Seamless mode– Final stage– NAS does not block the network traffic at the beginning– NAS forwards Mobile IP registration request together with the

challenge/response from mobile terminal to home network– NAS blocks the data traffic from mobile terminal if unsuccessful result is

returned

Mutual Authentication and Key Exchange Protocols Mutual Authentication and Key Exchange Protocols for Roaming Servicesfor Roaming Services


Innovation Breakfast - Mutual Authentication and Key Exchange Protocols 15

Motivation

Simple solution for implementation on mobile terminalsExisting self-encryption protocol–

– identity disclosure

– not secure due to secret algorithm

( )=MH MK f ID

Shared secret key

Identity

Secret one way function


Objective

Design secure protocols for roaming services– mutual authentication and implicit key exchange

– session key freshness assurance

– sealed real identity

– additional requirements for mobile terminal implementation• light computation requirement on mobile terminal

• minimized number of message exchanges


Proposed Protocols

Functions of the protocols– mutual authentication | key exchange | key renewal– with anonymity property

Two sets of protocols are proposed

Parties in proposed protocols– M: mobile terminal– H: home network– V: visited (foreign) network

HigherLowerSecurity strength

YesNoRequire pre-setup KMH?

Higher-end deviceLower-end deviceApplication

Higher (one exp. op.)LowerComp. complexity

Protocol II: Self-certifiedProtocol I: Secret splitting


Mutual authentication and key exchange phase

M uses Pseudo Identity (PID) in all communications

+

Secret key shared between M and H:

Session Key

+

Protocol I: Secret-splitting Principle Based

Identity PID RND

'( )Mf ID

Public one way function

RND by V session keyRND by M


Session key renewal phase

Protocol I: Secret-splitting Principle Based (cont.)

M V

new RND by M

new RND by V

new session key

session key


Protocol II: Self-certified Based

Mutual authentication phaseM uses Temporary Identity (TID) in all communications

Witness issued by H contains g r_V or g r_M

H V Mg r_Mg r_V, g r_M

witness for V and M witness for M

KeyHV

KeyMH

KeyMH IDM RND


Protocol II: Self-certified Based (cont.)

Session key acquiring and renewal phase

Repeat the process for session key renewal

M

witnessM, g t_M

V

witnessV, g t_V

r_M, t_M r_V, t_Vg(r_V x t_M + r_M x t_V)

session key

g r_V


Sample Results

YesYesN/AAnonymity

233M ↔ VTransmissions

111MSymmetricDecryption

122MSymmetricEncryption

1N/A1MHash operation

1+2 Pre-computedN/AN/AMExponential operation

Protocol IIProtocol ISelf-encryptionPerformance Metrics


Summary

AAA architecture and registration signaling process for IEEE802.11 roaming in WLAN / cellular environment

– smooth transition for implementation

Two novel mutual authentication and key exchange protocols for roaming service

– identity anonymity: protect mobile user’s privacy

– key renewal: reduce risk of compromised communications

– equivalent complexity as referenced protocol with significant security enhancement


Further Work

Propose integration service model for independently owned cellular and WLAN networks

Develop analytical framework for QoS performance concurrent connections over multi-mode radio interfaces

Develop corresponding AAA architecture for multi-homing over multiple radio interfaces

Resource Management for Resource Management for QoSQoS Support in Support in WLAN / Cellular WLAN / Cellular InterworkingInterworking


W. Song, W. Zhuang, and A. Saleh, Interworking of 3G cellular Networks and wireless LANs, International Journal of Wireless and Mobile Computing, 2005

Innovation Breakfast - Resource Management for QoS Support in WLAN / Cellular Interworking 26

WLAN / Cellular Interworking

Complementary characteristics of cellular networks and WLANs– Coverage– Implementation cost

Radio resource management– Effectively combines the strengths of both networks to provide

high-quality services– Efficiently allocates the overall resources for QoS provisioning to

multiple services


Research Challenges

Heterogeneous networking environment– Capacity– QoS support– Traffic density– Mobility

Research objective– Admission strategy to maximize resource utilization with QoS


Admission Control

WLAN

D

C

A

B

Cell

WLANCell


Admission Strategy

Try WLAN first whenever it is availableAdmission criteria in WLAN– Voice capacity Nv

max: maximum number of voice calls that can be accommodated

– Traditional method: allow Nvmax in WLAN

– Our method: apply admission region for voice: Nv < Nvmax

Overflow to cellular if rejected by WLANBlocked if rejected by bothQoS indication: bounded blocking probabilities


Numerical Results

0 3 6 9 12 15 18 21 24 271.4

1.6

1.8

2

2.2

2.4

2.6

Admission region of voice in WLAN

Dat

a ca

paci

ty


Summary

WLAN is always tried first for cost efficiency

Maximum number of voice calls admitted in a WLAN is less than the WLAN capacity for voice service

Maximum number of data calls admitted in a WLAN should also be restricted

Optimal configuration can be found numerically


Further Work

Effect of handoff latency

Video applications

Load balancing inside the WLAN


Acknowledgement

Funding from BUL program has – provided upgrades to our existing laboratory– allowed us to access government matching programs such as

NSERC Collaborative Research and Development (CRD) Grant, Canada Foundation for Innovation (CFI), Ontario Graduate Scholarship (OGS)

– attracted high quality students and researchers

The BUL program also incorporates industrial relevance into our research programs

We highly appreciate the full support from Vanessa Vogwill, Vic DiCiccio, Jean Webster, and researchers from Bell Mobility

Business

WLAN / 3G Cellular WLAN / 3G Cellular Interworking Interworking