Pre-Authenticated Fast Handoff in a Public Wireless LAN based on IEEE S02.1x Modell

Similar documents
Pre-Authenticated Fast Handoff in a Public Wireless LAN Based on IEEE 802.1x Model 1

FAST INTER-AP HANDOFF USING PREDICTIVE AUTHENTICATION SCHEME IN A PUBLIC WIRELESS LAN

Performance Analysis of Hierarchical Mobile IPv6 in IP-based Cellular Networks

Adaptive Local Route Optimization in Hierarchical Mobile IPv6 Networks

Secure and Seamless Handoff Scheme for a Wireless LAN System

Optimized Paging Cache Mappings for efficient location management Hyun Jun Lee, Myoung Chul Jung, and Jai Yong Lee

An Approach to Efficient and Reliable design in Hierarchical Mobile IPv6

Efficient Handoff using Mobile IP and Simplified Cellular IP

A Fast Handoff Scheme Between PDSNs in 3G Network

A Fast Handover Protocol for Mobile IPv6 Using Mobility Prediction Mechanism

ID/LOC Separation Network Architecture for Mobility Support in Future Internet

University of Würzburg Institute of Computer Science Research Report Series. Performance Comparison of Handover Mechanisms in Wireless LAN Networks

Improving the latency of Hand-offs using Sentinel based Architecture

Performance Analysis of Fast Handover in Mobile IPv6 Networks

A Study on Mobile Commerce AAA Mechanism for Wireless LAN *

An Enhancement of Mobile IP by Home Agent Handover

Performance Analysis of IP Paging Protocol in IEEE Networks

A Timer-based Session Setup Procedure in Cellular-WLAN Integrated Systems

QoS based vertical handoff method between UMTS systems and wireless LAN networks

A Global Mobility Scheme for Seamless Multicasting in Proxy Mobile IPv6 Networks

Seamless Network Mobility Management for Realtime Service

Operation Manual 802.1x. Table of Contents

Selective Channel Scanning for Fast Handoff in Wireless LAN using Neighbor Graph

Improving Channel Scanning Procedures for WLAN Handoffs 1

Deploying Mobility using Wireless VoIP

Fast Handoff Support in IEEE Wireless. Networks

Radiator. EAP-SIM and EAP- AKA Support

An Efficient Proactive Routing Method for Mobile Ad Hoc Networks using Peer-to-Peer and Cellular Communication System

A Cost-Effective Approach to Selective IP Paging Scheme Using Explicit Multicast 1

Chapter 4 Configuring 802.1X Port Security

What is Eavedropping?

Table of Contents X Configuration 1-1

Hybrid gateway advertisement scheme for connecting mobile ad hoc networks to the Internet

Configuring IEEE 802.1x Port-Based Authentication

Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0

Vivato Based VoIP. Introduction. Open Platform. Scalable. Wireless LAN Components. Application: Wi-Fi Base Station

Mobile SCTP for IP Mobility Support in All-IP Networks

A Centralized Approaches for Location Management in Personal Communication Services Networks

Configuring Port-Based and Client-Based Access Control (802.1X)

A Secure Wireless LAN Access Technique for Home Network

IEEE Media Independent Handover (MIH)

Vertical and Horizontal Handover in Heterogeneous Wireless Networks using OPNET

Radiator. EAP-SIM and EAP- AKA Support

Requirements and best practices for enabling Enhanced PTT over Wi-Fi networks

802.1X: Background, Theory & Implementation

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Ruckus ZoneDirector 1106 WLAN Controller (up to 6 ZoneFlex Access Points)

Security Considerations for Handover Schemes in Mobile WiMAX Networks

Configuring Layer2 Security

Exam Questions CWSP-205

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

A Seamless Handover Mechanism for IEEE e Broadband Wireless Access

Reducing MAC Layer Handoff Latency in IEEE Wireless LANs

With 802.1X port-based authentication, the devices in the network have specific roles.

TAKEOVER: A New Vertical Handover Concept for Next-Generation Heterogeneous Networks

Handover Management for Mobile Nodes in IPv6 Networks

WiMax-based Handovers in Next Generation Networks

Ju-A A Lee and Jae-Hyun Kim

Performance Evaluation of Wireless n Using Level 2 and Level 3 Mobility

802.1x Configuration. Page 1 of 11

Ruckus ZoneDirector 3450 WLAN Controller (up to 500 ZoneFlex Access Points)

ENHANCING PUBLIC WIFI SECURITY

Network Security: WLAN Mobility. Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017

IEEE C /26. IEEE Working Group on Mobile Broadband Wireless Access <

TopGlobal MB8000 Hotspots Solution

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Department of Electrical and Computer Systems Engineering

Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

Web and MAC Authentication

Mobile Node Speed Detection Mechanism in Hierarchical Mobile Internet Protocol (IPv6)

Table of Contents 1 WLAN Service Configuration 1-1

September PORT 10/100M DESKTOP SWITCH WITH 4x PoE+ PORTS. 8 PORT 10/100M DESKTOP SWITCH WITH 8x PoE+ PORTS. PoE+ Switch

Release Notes - Windows CE Fusion R

Grandstream Networks, Inc. GWN76XX Series Mesh Network Guide

Fast Handoff Scheme for Seamless Multimedia Service in Wireless LAN

FAST-HANDOFF SUPPORT IN IEEE WIRELESS NETWORKS

Authentication,Authorization and Accounting in Hybrid Ad hoc Networks. By, Venkata Vamshi

Secure User Authentication Mechanism in Digital Home Network Environments

Vendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo

Wireless technology Principles of Security

Simple, full featured and budgetary deployment of single AP or distributed APs Hot-Spot for small scale projects.

Route Optimization Problems with Local Mobile Nodes in Nested Mobile Networks

Top-Down Network Design

MAC in /20/06

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

Selecting transition process for WLAN security

Wi-Fi: Strengthening the Subscriber Carrier Connection

QoS and Mobility in Multicast/Broadcast Services (MBSs) in Mobile WiMAX Systems

Managing WCS User Accounts

Optimal Multi-sink Positioning and Energy-efficient Routing in Wireless Sensor Networks

Overview. Product Terminology. Autonomous Access Points. Lightweight Access Points CHAPTER

Seamless Traffic Migration between the Mobile and Fixed Networks

Access Connections 5.1 for Windows Vista: User Guide

Configuring a VAP on the WAP351, WAP131, and WAP371

Configuring Repeater and Standby Access Points

SUPPORT OF HANDOVER IN MOBILE ATM NETWORKS

IEEE 802.1X VLAN Assignment

accounting (SSID configuration mode) through encryption mode wep accounting (SSID configuration mode) through

Convergence WLAN/CDMA Architecture. CDG Technology Forum October 7, 2005

Transcription:

Pre-Authenticated Fast Handoff in a Public Wireless LAN based on IEEE S02.1x Modell Sangheon Pack and Yanghee Choi School o/computer Science & Engineering, Seoul National University, Seoul, Korea Telephone: +82-2-880-1832, Fax: +82-2-872-2045, E-mail: {shpack, yhchoi}@mmlab.snu.ac.kr Abstract: With the popularity of portable devices, public Internet access service using wireless LAN has started in many countries. In the public wireless LAN network, since re-authentication latency during handoff affects the service quality of multimedia applications, minimizing authentication latency is very important in order to support real-time multimedia applications on the wireless IP network. In this paper, we proposed a fast handoff scheme using the predictive authentication method based on IEEE 802.1x model. In our scheme, a mobile host entering an area of an access point (AP) performs authentication procedures for a set of multiple APs instead of the current AP. Multiple APs are selected using a Frequent Handoff Region (FHR) selection algorithm considering users' mobility patterns and their service classes. Since a mobile host is authenticated for FHR in advance, the handoff latency due to the reauthentication can be minimized. Simulation results show that the proposed scheme is more efficient than other schemes in terms of delay. Key words: Wireless LAN, Fast Handoff' Authentication, FHR, IEEE 802.1x 1. INTRODUCTION Public wireless Internet services based on IEEE 802.11 wireless LAN technology are becoming popular in hot spot regions such as hotels, airports, shopping malls, and so on. Unlike the existing wireless Internet service, the public wireless LAN system can provide fast Internet access at speeds up to I This work was supported in part by the Brain Korea 21 project of the Ministry of Education, and in part by the National Research Laboratory project of Ministry of Science and Technology, 2002, Korea. The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35618-1_37 C. G. Omidyar (ed.), Mobile and Wireless Communications IFIP International Federation for Information Processing 2003

176 Sangheon Pack and Yanghee Choi IIMbps using portable devices such as laptop computers and Personal Digital Assistances (PDA). In this public wireless LAN system. the user authentication and mobility support between Access Points (AP) are one of the critical issues. To overcome some drawbacks of the existing authentication scheme, IEEE has suggested an alternative authentication scheme based on the IEEE S02.Ix model [1]. In IEEE S02.1x, a network-to-client authentication mechanism utilizing EAP (Extensible Authentication Protocol) is used as the encapsulation protocol for upper-layer authentication information [1]. Since IEEE S02.1x provides a network port access control scheme, it is more scalable and robust than other schemes. The authentication mechanism may impact network and device performances. Because mobile hosts should to be authenticated during and after handoff, the used authentication mechanism need to be responsive to the handoff time-scale required in micro-mobility environments [2]. However, since AAA servers are located at locations far away from the AP, current handoff schemes cannot meet all requirements of the real-time multimedia applications. In this paper, we propose a fast handoff scheme that minimizes the authentication latency in a public wireless LAN. This algorithm is a centralized method based on traffic patterns and user mobility characteristics. In terms of architecture, we assume that the public wireless LAN system is based on IEEE S02.1x and uses IETF standard authentication servers. The remainder of this paper is organized as follows. Section 2 outlines the IEEE S02.1x model. In Section 3, we propose the fast handoff scheme using FHR selection. Section 4 describes the simulation results. Section 5 concludes this paper. 2. BACKGROUND In this paper, we assumed a public wireless LAN architecture based on the S02.1x model [1]. Fig. I shows the basic components and the port-based access control mechanism. The Supplicant system is an entity at one end of a point-to-point LAN segment that is being authenticated by an Authenticator attached to the other end of that link. The Authenticator system is an entity at one end of a LAN segment that facilitates authentication of the entity attached to the other end of that link and the Authentication server system is an entity that provides an authentication service. Port Access Entity (P AE) is the protocol entity associated with a port. In Fig. 1, the Authenticator's controlled port is in the unauthorized state and is therefore disabled from the point of view of access to the services offered by the Authenticator's system. The Authenticator P AE makes use of

Pre-Authenticated Fast Handoff... 177 the uncontrolled port to communicate with the Supplicant P AB, using EAPOL protocol exchanges, and communicates with the Authentication Server using Extensible Authentication Protocol (EAP). The communication between the Authenticator and the Authentication Server may make use of the services of a LAN. The public wireless LAN architecture based on 802.lx is in Fig. 2. In this architecture, the Supplicant is a user host requesting the authentication and moving from one AP to another AP. The corresponding AP and AAA server play the roles of Authenticator and Authentication server, respectively. Recently, new authentication scheme for fast handoff is proposed [3]. This is called preauthentication scheme. In this scheme, stations can authenticate with several APs during the scanning process so that when association is required, the station is already authenticated. As a result of preauthentication, stations can reassociate with APs immediately upon moving into their coverage area, rather than having to wait for the authentication exchange. Preauthentication makes roaming a smoother operation because authentication can take place before it is needed to support an association. However, since this scheme doesn't predict where the MH moves in the future, the preauthentication may be useless in some cases and cause unnecessary authentication procedures in the wireless link.,, l..... /7\...... - -- Autbmtiatar ArAIaIbt.. (.\_I'OW) 'I UP'*ftf'mlJJ -' -UN Wi... LAN Fig.I. Port-based authentication scheme Fig. 2. The basic IEEE 8OO.Ix architecture 3. PRE-AUTHENTICATED FAST HANDOFF In this section, we propose a fast inter-ap handoff scheme. In the scheme, a mobile host performs authentication procedures not only for the current AP but also for neighboring APs (Frequent Handoff Region), when it handoffs.

178 Sangheon Pack and Yanghee Choi 3.1 Frequent Handoff Region (FHR) Selection The FHR is a set of adjacent APs. It is determined by the APs' locations and users' movement patterns. Namely, the FHR consists of APs with which mobile hosts are likely to communicate to in the near future. Although there are a lot of APs in a public wireless LAN, the movement ratios between each AP are not same. The handoff probability for specific APs can be calculated by the movement ratio. The movement ratio is usually affected by the AP's location and user mobility. For example, if two APs are installed within a large conference room, users may move from one AP to another AP frequently and the movement ratio will be high. However, if there are some obstacles between the APs, users will seldom move between the APs. Therefore, to find the correct movement ratio between APs, these factors should be considered. To measure movement ratio between APs, event logging database system can be used. Table 1 shows an example of a database that records the users' login and handoff events. Table 10 Example of Event Log Database Number UserID Login Time Handoff Time Handoff Time 1 2314 07:54:57/3 2 3452 08:00:5512 08:05:18/5 3 1093 08:04:23/3 08:14:03/6 08:15:17/4 After recording the events, we should find out the handoff ratio between APs. The handoffratio is calculated in Eq. (1) using information in the event database. H (i 0) = N (i, j),j R(i,j) (1) H(i,j) and N(i,j) denote the handoff ratio and the number of handoff events from AP(i) to APm, respectively. RO, j) denotes the residential time in AP(i) of handoff events from AP(i) to APO). The weight values between APs are determined by the handoff ratio. Eq. (2) shows the weight value function between AP(i) and APO). wei, j) denotes the weight value. (i = j) (i # j, AP(i) and AP(j) are adjacent) (2) (AP(i) and AP{j) are not adjacent)

Pre-Authenticated Fast Handoff... 179 As in Eq. (2), the weight value is inversely proportional to the handoff ratio. The weight value in the path from AP(i) to AP(i) is set to zero and the weight value between non-adjacent APs is infmite. To select the FHR, the user's service level as well as its mobility pattern should be considered. Some users may be satisfied in spite of the session disconnection during handoff. But, other users may want more seamless connectivity without any data losses during handoff. To support these users, more neighboring APs should be pre-authenticated. To consider the user's service level, we defined the weight bound value according to the users' service class. According to the value, the number of selected APs for each user is limited. Using Eq. (1) and (2), we can obtain an N by N weight matrix, W. N denotes the number of APs. W represents the weighted bi-directional graph of AP placements. Using the W, the identifier of current AP, and a weight bound value, the FHR for a user can be selected. Detailed procedure is presented in [6]. The procedure is similar to that of Dijkstra's algorithm. 3.2 Modified Key Distribution in IEEE 802.1x Model Since IEEE S02.Ix supports only one to one message delivery, the modified key distribution is required. Fig. 3 and 4 show the proposed key distribution. The one-time password scheme is used for the user authentication. Although a mobile host sends an authentication request to the AAA server, the server sends multiple authentication responses to all APs within an FHR. Mter receiving responses, APs except the current AP keep the authenticated information during a specific time period (soft state). If there is no handoff event during that period, the information expires and the mobile host should perform re-authentication when a handoff event occurs. In the Diameter protocol, the valid time period value of a session is delivered using an Attribute Value Pair (A VP) [4]. In addition, multiple keys can be distributed to the mobile host using multiple A VPs. Fig. 4 shows the re-authentication message flow after handoff events. We assumed the AP(B) is an AP belonging to the FHR. If a mobile host hands off to APCB), since the AP(B) receives session information in advance, further message exchanges are not needed. In S02.Ix model, the controlled port changes into the authorized state after authentication procedures. In our scheme, since ports are in the ready state for fast handoff after receiving a grant response message from the AAA server, the port in the ready state can be changed into the authorized state just by checking the identifier of the mobile host, without further interaction with the AAA server. Therefore, the total handoff latency can be decreased.

180 Sangheon Pack and Yanghee Choi 1 : PAE :: PAE(A) :: Serlin' :: PAE(8) : : :; : : :: : -4..:: : '. I. '1 I I I, I : II 'I 'I I I, II I II II f ot1'im' : II I It - 'TT'--I:AJ''''--<t''\----.. I,,I,.: ---:t-- wvx.y -t: -.. : _.. ='... --too ::... n...... _1::.. : 1 : PAE(A):: Server :: :: fae'... a.t.4i:: :. (Eq»'O ): :: :: --.w.. : : +---rr v.r...- : :: :: +---tt-...,mom, I : :: :: I, : :: :: ::..., I I,... I I t., f' : :: 1: I.-. I I I. I I I I '. II I '-- ---------! '-- -_.. ------!,------------ '.. --------.. Fig. 3. Message Flow before Handoff Fig. 4. Message Flow after Handoff 4. PERFORMANCE EVALUATION 4.1 Simulation Environment For the performance evaluation, we assumed a simulation environment in Fig. 5. In this environment, AP(4) is the current AP of a mobile host. In this simulation, we assumed that there are three types of services: Class 1, 2, and 3. Each class has three weight bound values, 1, 2, and, 3, respectively. User i denotes a user in the class i. Fig. 5. Simulation Environment We used the independent and identically distributed (i.i.d.) mobility model [5]. In this model, time is slotted and a mobile host can make at most one move during a slot. If a host is in AP(i) at the beginning of a slot, then during the slot it moves to AP(i+l) with probability p, moves to AP(i-l) with probability q, or remains in AP(l) with probability I-p-q, independently of its movements in other slots. Each transition probability can be found based on Eq. (2). To consider the weight value of stable hosts, we used the stability factor, a. If a = 0, the mobile host hands off to another AP with probability

Pre-Authenticated Fast Handoff... 181 1. On the other hand, if a = 00, the mobile host stays in the current AP. Eq. (3) shows the transition probability between APs. P(i, j) is the transition probability from AP(i) to APG) and G is the normalization constant. II P(i, j) = { w(1,) - a G (i ' j) (i = j) 1 ( G=L-.. +a ) ji W(lJ) (3) 4.2 Result & Analysis In this section, we compare the handoff latency in the proposed fast handoff scheme, the preauthentication scheme, and the general handoff scheme. The total latency is the summation of the latencies in both the wireless network and the wired network. Each latency is proportional to the hop delay in each link and the number of message exchanges. We didn't consider any processing time in the AAA server. Fig. 7 shows the average latency when the AAA server is located in the local domain. According to the FHRSelect algorithm [6], user 1 with the lowest priority authenticates only three APs. On the other hand, user 2 and 3 authenticate five and eight APs, respectively. The handoff latency of the proposed scheme is about a half of that of the general scheme. The latency of the preauthentication scheme is similar to that of class 2. However, it requires more network resources. Fig. 8 shows the result in case of the remote AAA server. We found that the average latency in this case is much higher than that of the local sever in the general scheme. However, the latencies in the proposed scheme remain same. This is because the handoff is completed by message flows only in the wireless link. There are no reauthentication message deliveries and further server processing.,... 14 <> 12 - -Normal -;:: 10 -... u - Class 1 CI 8.. 3-6 :----... -----Class 2 - Class 3 :t:: 4 0 0 2 -Pre :I: 0 0 1 2 5 10 20 Stability Factor Fig.7. Average HandoffDeJay (Local AAA Server)

182 Sangheon Pack and Yanghee Choi '0 50 u..40 ;... g 30 j 20 It: i 10 = 0 +- - ;, o 2 5!O Stability factor --.... 20 -Class! -'-Class2 - Class 3 -Pre Fig.B. Average HandoffDeJay (Remote AAA Server) 5. CONCLUSION In this paper. we proposed a fast handoff scheme for a public wireless LAN system. Since the handoff and re-authentication procedures are essential in public wireless LAN, we focused on the minimization of the authentication latency during the handoff. In our scheme, multiple APs selected by the predictive algorithm. The algorithm utilizes traffic patterns and users' characteristics, which are collected and managed in the centralized system. Simulation results show that the total handoff latency of the proposed scheme is much less than that of the general handoff scheme and the preauthentication scheme. In the case where the AAA server is located in a remote domain, there is an even greater decrease in handoff latency. REFERENCE 1. IEEE Standards for Local and Metropolitan Area Networks: Port based Network Access Control, IEEE Std 802. 1 x-200 1, June 2001. 2. A. T. Campbell and J. Gomez, IP Micro-Mobility Protocols, ACM Mobile Computing and Communication Review, Oct. 2000. 3. Matthew S. Gast, 802.11 Wireless Networks -The Deftnitive Guide, O'Reilly, 1 st Edition, April 2002. 4. Pat R. Calhoun et al., ''Diameter Base Protocol, Internet draft, draft-ietfaaa-diameter-lo.txt, April 2002. 5. A. Bar-Noy, I. Kessler, and M. Sidi. Mobile Users: To Update or Not to Update? ACMJBaltzer Journal of Wireless Networks, July 1995. 6. Sangheon Pack and Yanghee Choi, Fast Inter-AP Handoff using Predictive-Authentication Scheme in a Public Wireless LAN, Networks 2002 (Joint ICN 2002 and ICWLHN 2002), Aug. 2002.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback