An example of the usage of wireless LAN technologyfor multimedia: see Berlin live!
News
People
Research
Papers
Teaching
Resources
Location


Intern
TKN - Telecommunication Networks Group TU-Berlin
Head of Group: Prof. Adam Wolisz Faculty of Electrical Engineering and Computer Science
Technical University of Berlin, Germany

SeQoMo

1. Introduction

The focus of the SeQoMo (Security, QoS and Mobility) project (funded by Siemen AG) is to investigate the suitability of IP-based networks for support of mobility under the perspective of advanced mobility mechanisms, security, and Quality of Service (QoS). As the result of the project, a proposal for a secure and efficient QoS-aware mobility support in IP-based cellular networks has been concluded.
 

The investigation of mobility mechanisms started from the development of the MOMBASA architecture and its software environment that enabled the use of multicast for mobility support. Finally, the Hierarchical Mobile IPv6 architecture was adapted as the mobility environment; The QoS support at first rested upon the concept of a binding update which was conditionalized upon the availability of sufficient resources in a new path during a handover. To cooperate with mobility and security functions, a CASP Mobility Client protocol was invented, subsituting the idea of QoS-conditionalized binding update approach; The security part focused on authentication, authorization and temporary security assocation establishment.

Integrating these three components harmonically for a  secure and efficient QoS-aware mobility support in IP-based cellular networks was the ultimate goal of this project. To achieve the goal, the main measures include:

  • enhance access router's advertisements with QoS parameters;
  • separate authentication into two steps: cookie verifcation as the first step to prevent Denial of Service (DoS) attacks; authenticity verifcation with the session key as the second step;
  • piggyback binding update (BU) information in the QoS signaling;
  • parallelize the BU+QoS process with the authorization process;
  • protect user data over wireless channels with a temporary IPSec security association if necessary.
An overview of the project is shown in Figure 1. An demonstration is shown in Figure 2. The ideas were implemented in Rathat Linux kernel.
 
                               Figure 1                                 Figure 2

Security

The identified issues in the SeQoMo environment were:
  • Authentication: how to authenticate a mobile node during handover;
  • Authorization: how to check whether a mobile node is allowed to use the resources it requests for QoS support;
  • Avoidance of explosure of user's confidential data: it is not preferable to distribute user's subscribed values contained in his Service Level Agreement (SLA) to a foreign visited domain unnecessarily for the purpose of re-authorization;
  • Denial of Service (DoS) attacks: how to minimize the risk of DoS attacks such as reserving resources by bogus QoS requests and depleting the signaling capacities in the access network;
  • Protection of data user over the wireless channel: how to enable IPSec between a mobile user and its associated access router efficiently.
More detailed discussions are available in the security page.

Two patent applications have been submitted in the respect of security:

QoS

Some problems exist in current mobility protocols and QoS mechanisms: mobility mechanisms are QoS-unware and QoS mechanisms are mobility-unaware. The consequences of this situation is that after a handover QoS is either not assured or has to be renegotiated and existing end-to-end QoS signalings are not appropriate to deal with local handover operations.

The QoS-conditionalized Binding Update scheme was proposed first. The basic idea is that QoS requests are carried in mobility's handover signaling messages, and evaluated by intermediate routers. If routers reserve resources if they can satisfies the requests fully or partially. The switching router decides whether a handover should take place. The prototypical implementation and the simulation of this concept  have been finished.

To cooperate with mobilty and security, CASP Mobility Client Protocol was invented. The details see TKN technical reports:

  • TKN-03-014: Report on CASP Mobility Client Protocol Implementation Design and First Prototype Functionality
  • TKN-03-011: CASP Mobility Client Protocol specification
and the internet draft: QoS Resource Allocation in Mobile Networks with CASP

Mobility

The goal of the mobility in this project is to provide fast local handover support (including LL-triggers) and seamless handover support by realizing macro diversity. The approach to achieve this goal is to move th re-routing node close to the mobile node. Two approaches have been studied completely: Hierarchical Mobile IP (HMIP) and Multicast Based Mobility Support.

The Hierarchical Mobile IP approach is suitable in this project. Hierarchical mobility entities address a drawback of Mobile IP: If the distance between the access point in a foreign domain and the home agent is large, the signaling delay for the registration may be long, which then results in long service disruption and packet losses. HMIPv6 proposes a hierachical mobility management model to minimize the latency due to handovers and reduce amount of mobility signalings.

Design of Multicast Based Mobility Support (MOMBASA) has been finished. Detailed information is available from here. The software environment can be found from here.
 

To coordinate with the design of security and QoS, HMIPv6 has been selected as the mobility management scheme. A prototypical implementation of HMIPv6 and QoS-conditionalized Binding Update approach has been completed in a diploma work.

2. Publications