Handover mechanisms in next generation heterogeneous wireless ...

More documents

Recommendations

Info

PROXY BASED AUTHENTICATION LOCALISATION SCHEME FOR HANDOVER ticket generation phase and fast authentication phase. A third-party entity called AAA proxy is introduced to act as a hub for bridging trust relationships between networks. The trust relationship between the AAA proxy and each network is based on a preshared key. When a mobile user hands over to a network, the mutual authentication required for handover is localised at the associated AAA proxy rather than resorting to the mobile’s home network. Using appropriate encryption and Mobile-Controlled Handover (MCHO), a mobile user can exert full control over the keying materials for fast authentication (e.g. fast authentication ticket) to be disclosed to only the target network. This effectively avoids the security threats such as Denial of Service (DoS) and masquerading attacks that are specified in other proposals for fast handover [94, 97]. The proposed scheme is to be implemented on the mobile terminal and its home AAA server, without any changes made to access routers that may have a large base of installation. The scheme can be deployed in a cost-effective manner. The rest of this chapter is organised as follows. The current fast authentication solutions for handover are investigated in Sec. 6.2. In Sec. 6.3, a new fast authentication scheme that addresses authentication for handover between non trust-associated domains is presented. Sec. 6.4 analyses the security of the proposed scheme. The practical implementation of the proposed scheme is discussed in Sec. 6.5. Finally, this chapter is finished with conclusions in Sec. 6.6. 6.2 Related Work In the direct pre-authentication approach [94], the long authentication delay in a handover is avoided by making use of the secondary network interface on a mobile handset, which can enable simultaneous handover to next point of attachment. The performance improvement is provided by the enhanced capability of the mobile handset (using multiple network interfaces) rather than the optimised authentication mechanism. Therefore, this approach is inapplicable to all handover cases. The current fast authentication solutions [69-71, 96-100] usually focus on the indirect pre-authentication approach as described in Sec. 6.1. A classification of fast authentication approaches can be found in Figure 6.2. - 114 -
PROXY BASED AUTHENTICATION LOCALISATION SCHEME FOR HANDOVER Figure 6.2 Classification of fast authentication approaches The IAPP protocol [96] defines a standard method to transfer context information between two 802.11 APs when an intra-domain handover takes place. It relies on secure communications between two APs at layer 2, which have to be under the control of the same Extended Service Set (ESS) [96]. To support handover between different ESSs, Bargh et al. proposed in [98] that IAPP messages can be encapsulated using the CTP protocol [97]. The IAPP-CTP combined approach [98] requires secure communications between Access Routers (AR) at L3. Sethom et al. proposed a distributed architecture with a Location Server (LS) for key derivation [70]. The proposed architecture supports pre-authentication to be performed through the serving AR after a mobile user has determined its next point of attachment. In all these solutions, handover authentication is usually triggered in a reactive manner as shown in Figure 6.2, which means context transfer for fast authentication is made after initiating a handover. The indirect pre-authentication can be performed in a proactive manner as shown in Figure 6.2. In the proactive authentication approach, fast authentication is achieved by pre-distributing the keying materials to the target network prior to conducting a handover to it. In [69], Mishra et al. defined a new data structure – Neighbour Graph, which can dynamically identify and maintain the mobility topology of a network. The home AAA server learns the association pattern of a mobile user by observing its neighbour graph, and thus determines the candidate set of APs. Before the mobile user moves to next AP, the home AAA server generates Pairwise Master Keys (PMK), and pre-distributes the keys to the candidate APs. When any one of the candidate APs receives an authentication request for handover from the mobile user, the identity - 115 -
Page 1 and 2:
Handover Mechanisms in Next Generat
Page 3 and 4:
ACKNOWLEDGMENT First of all, I woul
Page 5 and 6:
TABLE OF CONTENTS 4.4.2 Power Save
Page 7 and 8:
LIST OF FIGURES LIST OF FIGURES Fig
Page 9 and 10:
LIST OF FIGURES Figure 7.2 A generi
Page 11 and 12:
ABSTRACT New access technologies su
Page 13 and 14:
Chapter 1 INTRODUCTION New access t
Page 15 and 16:
INTRODUCTION becomes available. Han
Page 17 and 18:
INTRODUCTION The above multipliciti
Page 19 and 20:
INTRODUCTION network trust pattern
Page 21 and 22:
INTRODUCTION 1.3 Related Publicatio
Page 23 and 24:
INTRODUCTION TECHNICAL REPORTS XIII
Page 25 and 26:
HANDOVER MANAGEMENT horizontally. H
Page 27 and 28:
HANDOVER MANAGEMENT The objective o
Page 29 and 30:
HANDOVER MANAGEMENT air interface,
Page 31 and 32:
HANDOVER MANAGEMENT proposed archit
Page 33 and 34:
HANDOVER MANAGEMENT Access point (A
Page 35 and 36:
HANDOVER MANAGEMENT users. Moreover
Page 37 and 38:
HANDOVER MANAGEMENT For IEEE 802.11
Page 39 and 40:
HANDOVER MANAGEMENT The two schemes
Page 41 and 42:
HANDOVER MANAGEMENT When a MH is mo
Page 43 and 44:
3.1 Introduction Chapter 3 HANDOVER
Page 45 and 46:
SECURITY FOR HANDOVER ACROSS HETERO
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
DYNAMIC NEIGHBOUR TRUST INFORMATION
Page 71 and 72:
Page 73 and 74:
Page 75 and 76: DYNAMIC NEIGHBOUR TRUST INFORMATION
Page 93 and 94: Chapter 5 TRUST ASSISTED HANDOVER A
Page 95 and 96: TRUST ASSISTED HANDOVER ALGORITHM F
Page 123 and 124: Chapter 6 PROXY BASED AUTHENTICATIO
Page 125: PROXY BASED AUTHENTICATION LOCALISA
Page 129 and 130: PROXY BASED AUTHENTICATION LOCALISA
Page 147 and 148: MULTI-INTERFACE MOBILE MODEL FOR ME
Page 169 and 170: CONCLUSIONS AND FUTURE RESEARCH WOR
Page 175 and 176: ABBREVIATIONS 3G 3rd Generation Wir
Page 177 and 178:
ABBREVIATIONS LS Location Server MH
Page 179 and 180:
ABBREVIATIONS THOA Trust Assisted H
Page 181 and 182:
REFERENCES [12] C. Politis, T. Oda,
Page 183 and 184:
REFERENCES [37] Wi-Fi Alliance, "Wi
Page 185 and 186:
REFERENCES presented at IEEE Intern
Page 187 and 188:
REFERENCES [90] R. Verdone and A. Z
Page 189:
REFERENCES [116] K. E. Malki and H.
show all

Handover mechanisms in next generation heterogeneous wireless ...

Create successful ePaper yourself

Delete template?

Save as template?