Doc.: IEEE 802.11-09/1000r6 Submission Jan 2010 Hiroshi Mano, Root, Inc.Slide 1 IEEE802.11 for High Speed Mobility Notice: This document has been prepared

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

Hiroshi Mano, Root, Inc.Slide 1

IEEE802.11 for High Speed Mobility

Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.

Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11.

Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <[email protected]> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <[email protected]>.

Date: 2010-01-19

Authors:Name Company Address Phone emailHiroshi MANO ROOT Inc. 8F TOC2 Bldg. 7-21-11 Nishi-

Gotanda, Shinagawa-ku, Tokyo 141-0031 JAPAN

+81-3-5719-7630 [email protected]

Hitoshi MORIOKA ROOT Inc. #33 Ito Bldg. 2-14-38 Tenjin, Chuo-ku, Fukuoka 810-0001 JAPAN

+81-92-771-7630 [email protected]

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


Abstract

• We told about IEEE802.11 enhancement for high speed mobility support in the previous session in Atlanta.– Mobile vs. Nomadic

– Limitation of Market

– Connectivity Lost

– How to solve the issue

– Example implementation

• Today, we talk about our experimental protocol and another profit– Scalability for simultaneous access from large number of mobile

devices .

– Straw Polls for tutorial session

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

Hiroshi Mano, Root, Inc.Slide 3Slide 3

Mobile vs. Nomadic

Let’s quote definitions fromRECOMMENDATION ITU-R F.1399-1“Vocabulary of terms for wireless access”

• Mobile wireless access (MWA)– Wireless access application in which the location of the end-user

termination is mobile.

• Nomadic wireless access (NWA)– Wireless access application in which the location of the end-user

termination may be in different places but it must be stationary while in use.

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


Limitation of market growth in the existing 802.11

• Bandwidth?– No! We are getting wide bandwidth day by day

• 11b, g, a, n, ac, ad

• Securities?– No! 802.11 incorporates new security system too.

• WEP, 802.11i…

• Propagation range?– No! it is true, but it is not limit of technologies.– It’s depends on regulatory.– And it’s good for avoiding congestion.

• Service devices?– No! now we have several type of devices such as cell-phone, game and

digital camera. • Service model?

– Yes! we are still in nomadic services.

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


Beyond “Nomadic”

• If we got actual mobility on 802.11

• We will get• Wi-Fi IP mobile phone (not only in-house phone)

• Wi-Fi on a car (high context navigation)

• Wi-Fi on a train (passenger services)

• Wi-Fi real-time audio (anywhere anytime)

• Wi-Fi real-time video (anywhere anytime)

• skype, etc.,

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


Existing Wi-Fi Service Area• Huge number of APs were deployed by different owners.

(autonomously deployment)– APs owned by one owner can be operated by 802.11r technology to provide fast

roaming inside one ESS. • An STA is always receiving at least one or more signals from

someone's APs continuously.• However, we have to spend a couple of seconds to connect to another

ESS every time.– In other words, we lost connectivity at every border of ESS.

• This fact is not suitable for mobile communication.

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

Nomadic Vs Mobile

ESS 1 ESS 2 ESS 3

ESS 1 ESS 2 ESS 3

Slide 7 Hiroshi Mano, Root, Inc.

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


Reasons of Connectivity Loss

Waste much time to …1. Discover a new AP.

• Latency can be reduced by 11k or background scan.

2. Make association with a new AP. (includes authentication/key exchange…)• 11i authentication is not so fast.

– It needs many packet exchanges.3. Upper layer setup. (Out of Scope)4. Upper layer handover. (Out of Scope)

Fast authentication and key management (AKM) can reduce connectivity loss.

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

Time for handover

• IEEE802.16e -- 35-50ms

• IEEE802.16m -- 30ms?

• IEEE802.11i + .1X -- >100ms

while

• G.711 sends a packet every 20ms.

• Another VoIP implementation sends every 50ms.


doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


Protocol Sequence of IEEE802.11i (EAP-TLS)STA AP RADIUS Server

Beacon

Probe Request

Probe Response

Authentication Request

Authentication Reply

Association Request

Association Accept

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/TLS-Start

RADIUS-Access-Request/Identity

RADIUS-Access-Challenge/TLS-Start

EAP-Response/TLS-client Hello

EAP-Success

RADIUS-Access-Request/Pass Through

RADIUS-Access-Challenge/ Server Certificate

EAP-Key

EAP-Request/Pass Through

EAP-Response/Client Certificate RADIUS-Access-Request/Pass Through

RADIUS-Access-Challenge/Encryption TypeEAP-Request/Pass Through

EAP-Response RADIUS-Access-Request

RADIUS-Access-Accept

Roundtrip: 2ms to 5ms

Roundtrip: 1ms to 20ms

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


An Example of Faster AKM

• Utilize Pre-RSNA Security Framework– Authentication and PTK exchange can be done in pre-RSNA

security framework.– After PTK setup, GTK can be securely delivered.

STA AP Authentication ServerBeacon

(Probe Request)

(Probe Response)

Authentication Request

Authentication Reply

Access Request

Access Response

(Association Request)

(Association Accept)

Roundtrip: 2ms to 5ms Roundtrip: 1ms to 20ms

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

Time for handover (review)

• IEEE802.16e -- 35-50ms

• IEEE802.16m -- 30ms?

• IEEE802.11i + .1X -- >100ms

• New Fast AKM -- 25-30ms (target)


doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

IS IT POSSIBLE TO IMPLEMENT WHAT YOU PROPOSE TODAY WITH CURRENT MECHANISMS?

USE AN INDUSTRY GROUP RATHER THAN A CHANGE TO THE STANDARD.


doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


An Example: Pre-shared Secret Key

Access Point(AP)

AuthenticationServer (AS)

Station(non-AP STA)

• No pre-shared information between mobile STA and AP– AP and AS function can be equipped in a box for a small system.

• Share an identifier and a secret key (MN-key)• Each mobile STA has a different key• Identified by NAI (account name)

• Share a secret key (AP-key)• Each AP has a different key• Identified by IP/MAC address

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


An Example: PTK delivery

Access Point(AP)


Station(non-AP STA)

AP-key shared

STA-key shared

• PTK is delivered via AS between mobile STA and AP

PTK delivery without STA-AP mutual secrets

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

An Example: Authentication Procedure

Access Point(AP)


Station(Non-AP STA)

AuthenticationRequestFrame

AuthenticationData (16byte)

ICV (16byte)

MD5

HMAC-MD5(STA-key)

AuthenticationRequestFrame


AccessRequestMessage

ICV (16byte)

Extract

Authenticator (16byte)

MD5

HMAC-MD5(AP-key)




ICV (16byte)


ICV (16byte)

Extract

Extract

HMAC-MD5(AP-key)

HMAC-MD5(STA-key)

Compare

Compare

Beacon/Probe resp

Beacon/Probe resp

Nonce

NAI…Check Timestamp

TransmitTransmit

Broadcast


doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

An Example: Authentication Procedure (Cont.)

Access Point(AP)


Station(Non-AP STA)

AuthenticationSuccessFrame


ICV (16byte)

MD5

HMAC-MD5



Nonce (16byte)

PTK (16byte)ICV (16byte)

Extract

HMAC-MD5(STA-key)Extract

HMAC-MD5(AP-key)

Hashed ICV(16byte)

Session Key DD (16byte)

XOR

AccessApprovalMessage


HMAC-MD5(AP-key)

AccessApprovalMessage


Compare

Extract HMAC-MD5(AP-key)

ICV (16byte)

Hashed ICV(16byte)

Extract

HMAC-MD5(AP-key)

Session Key DD (16byte)

PTK (16byte)

Extract

XOR

AuthenticationSuccessFrame


ICV (16byte)

MD5

HMAC-MD5

ICV (16byte)

Nonce (16byte)

PTK (16byte)

HMAC-MD5(STA-key)

Compare

Extract

Network Info(IP address…)

Transmit

Transmit


doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

Slide 18

Protocol Sequence between AP and STA on IEEE802.11i ( PEAP/EAP-MSCHAPv2)

STA AP

EAPOL-Start

EAP-Success

PEAPEAP-MSCHAPv2(4 round trip)

Establishing TLS tunnel for PEAP(3 round trip)

EAP-Identity (1 round trip)

Association (1 round trip)

Authentication (1 round trip)

EAPOL-Key(2 round trip)

Total: 14 round trip

Probe (1 round trip)


doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

Airtime consumption for every single authentication process

• We observed an STA connecting to an AP with PEAP/MS-CHAPv2 by IEEE802.11g.• All management frames were transmitted in 1Mbps mode.• Required airtime for one unicast frame is defined as described below.

Frame

Occupied Time

DIFS CW

ACK

• aSlotTime: 20us• aSIFSTime: 10us• aPreambleLength: 144us• aPLCPHeaderLength: 48bits• aCWmin: 31• aCWmax: 1023

• DIFS: 50us• CW: 620us

• ACKRate: 1Mbps• ACKLength: 14Bytes

TXTIME SIFS TXTIME

• PEAP/EAP-MSCHAPv2 needs 14 round trip frame exchanges.• From our observation result, total frame length without PLCP header is 4390 byte.• An STA needs 48.4ms airtime connecting to an AP.


doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010

Simulation• Assumption

– Place: Train Station– Time: Rush Hour– Walking Speed: 4.8km/h=80m/min– AP cover area: 80m*80m square– Occupied Space by 1 Person: 2m*2m square– All persons have a cellular phone which supports WLAN.– All persons are walking same direction.

• 1,600 STAs are passing through the AP’s cover area in 1 minutes.• this means 1,600 authentication process should be proceeded during every 1

minutes.• Every authentication process needs 48.4ms airtime to connect to the AP.• Only 1,238 authentication process can be proceeded .• There is no time space to data communication. • Furthermore, AP transmits beacons, STA needs DHCP…

AKM should be shortened.Slide 20 Hiroshi Mano, Root, Inc.

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


Conclusion

• Limitation of IEEE802.11 is “NOMADIC” use only.

• Mobile communication will expand IEEE802.11 market.

• Long AKM time is not suitable for mobile use.

• We have to reduce AKM time toward mobile.

• We show an example of new fast AKM method.

• AKM should be shortened to support simultaneous access from large number of portable devices .

• Further study in SG/WG is required for better AKM method.

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


Questions & Comments

doc.: IEEE 802.11-09/1000r6

Submission

Jan 2010


Straw Poll

“Does WNG think that we need tutorial session exploring the need for support for mobile communication ?”

• Yes: 18

• No: 1

• Abstain : 7

Documents

Doc.: IEEE 802.11-09/1000r6 Submission Jan 2010 Hiroshi Mano, Root, Inc.Slide 1 IEEE802.11 for High Speed Mobility Notice: This document has been prepared