Handover mechanisms in next generation heterogeneous wireless ...

More documents

Recommendations

Info

SECURITY FOR HANDOVER ACROSS HETEROGENEOUS WIRELESS NETWORKS be employed to exchange a set of request/response messages directly between two entities to establish a security association. As the network grows in size, the two-party authentication exchange model has been extended to a three-party authentication exchange model, which is more scalable. This created functional separation between “authenticator” and “authentication server”. Intuitively, three main entities would be involved in the three-party authentication exchange model as shown in Figure 3.1: � Supplicant: a supplicant is an entity at one end of a point-to-point link that is being authenticated by an authenticator attached to the other end of that link [17]. The supplicant can be an IEEE 802.11 client station (STA) or a UMTS terminal. � Authenticator: an authenticator is an entity at one end of a point-to-point link that facilitates authentication of the entity attached to the other end of that link [17]. This entity often appears as Network Access Server (NAS) in the AAA model that will be discussed later. � Authentication Server: an authentication server has the real authority and maintains user credentials database. It determines, from the credentials provided by the supplicant, whether the supplicant is authorised to access the services provided by the authenticator [17]. Figure 3.1 The three-party authentication key exchange model A separation between the role of “authenticator” and the role “authentication server” is very suitable for deploying a large-scale network that consists of multiple domains. Inevitably, the point-to-point authentication exchange is required between the supplicant and the authentication server. By taking part in the exchange of authentication key, the - 34 -
SECURITY FOR HANDOVER ACROSS HETEROGENEOUS WIRELESS NETWORKS authenticator controls communications into and out of the wired network, and acts as a protocol dividing point [40]. As a result, the communications between the authenticator and the authentication server can use a standard protocol, e.g. Extensible Authentication Protocol (EAP) [18], to carry authentication messages. The protocols for communications between the authenticator and the supplicant may vary according to the type of access technology involved. For example, IEEE standard 802.1x [17] can be employed for a IEEE 802.11 WLAN to do a four-way handshake exchange between a STA and an Access Point (AP). With the mediating of an authenticator, the authentication across heterogeneous wireless systems is supported. Authorisation Authorisation is the process of granting a particular privilege for the access to a service or information based on a user’s presented credential. While authentication attempts to establish a level of confidence that a certain thing holds true, authorisation decides what a user is allowed to do. For example, a mobile user purchases a pre-paid SIM card that is supposed to include the credits for 60 mins phone calls. Every time the user requests to make a phone call, the network must check to see whether there is sufficient credit left on the user’s account before allowing the user to connect. The decision on authorisation may be restricted by a number of factors: e.g. key lifetimes, Service Set Identifier (SSID) restrictions, called-station-ID restrictions suggested for IEEE 802.11 in [43]. A simple authorisation process is described as follows. Upon receiving the request for access attachment, the network operator first consults an authorisation server that holds user profiles. A good example of the authorisation server is the Home Location Register (HLR) in a GSM network. Then, the network makes a decision on whether the user is authorised to use the service it has requested. Authorisation requests are processed after the user has been authenticated. It makes sense that both authentication and authorisation functions could be implemented in the same server. The authorisation example shown above assumes that the access request is made through a network that is administered by the same network operator. In a more complex case, the mobile user may be served by a foreign network operator. This - 35 -
Page 1 and 2: Handover Mechanisms in Next Generat
Page 3 and 4: ACKNOWLEDGMENT First of all, I woul
Page 5 and 6: TABLE OF CONTENTS 4.4.2 Power Save
Page 7 and 8: LIST OF FIGURES LIST OF FIGURES Fig
Page 9 and 10: LIST OF FIGURES Figure 7.2 A generi
Page 11 and 12: ABSTRACT New access technologies su
Page 13 and 14: Chapter 1 INTRODUCTION New access t
Page 15 and 16: INTRODUCTION becomes available. Han
Page 17 and 18: INTRODUCTION The above multipliciti
Page 19 and 20: INTRODUCTION network trust pattern
Page 21 and 22: INTRODUCTION 1.3 Related Publicatio
Page 23 and 24: INTRODUCTION TECHNICAL REPORTS XIII
Page 25 and 26: HANDOVER MANAGEMENT horizontally. H
Page 27 and 28: HANDOVER MANAGEMENT The objective o
Page 29 and 30: HANDOVER MANAGEMENT air interface,
Page 31 and 32: HANDOVER MANAGEMENT proposed archit
Page 33 and 34: HANDOVER MANAGEMENT Access point (A
Page 35 and 36: HANDOVER MANAGEMENT users. Moreover
Page 37 and 38: HANDOVER MANAGEMENT For IEEE 802.11
Page 39 and 40: HANDOVER MANAGEMENT The two schemes
Page 41 and 42: HANDOVER MANAGEMENT When a MH is mo
Page 43 and 44: 3.1 Introduction Chapter 3 HANDOVER
Page 45: SECURITY FOR HANDOVER ACROSS HETERO
Page 49 and 50: SECURITY FOR HANDOVER ACROSS HETERO
Page 69 and 70: DYNAMIC NEIGHBOUR TRUST INFORMATION
Page 93 and 94: Chapter 5 TRUST ASSISTED HANDOVER A
Page 95 and 96: TRUST ASSISTED HANDOVER ALGORITHM F
Page 97 and 98:
TRUST ASSISTED HANDOVER ALGORITHM F
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Chapter 6 PROXY BASED AUTHENTICATIO
Page 125 and 126:
PROXY BASED AUTHENTICATION LOCALISA
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
MULTI-INTERFACE MOBILE MODEL FOR ME
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
CONCLUSIONS AND FUTURE RESEARCH WOR
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
ABBREVIATIONS 3G 3rd Generation Wir
Page 177 and 178:
ABBREVIATIONS LS Location Server MH
Page 179 and 180:
ABBREVIATIONS THOA Trust Assisted H
Page 181 and 182:
REFERENCES [12] C. Politis, T. Oda,
Page 183 and 184:
REFERENCES [37] Wi-Fi Alliance, "Wi
Page 185 and 186:
REFERENCES presented at IEEE Intern
Page 187 and 188:
REFERENCES [90] R. Verdone and A. Z
Page 189:
REFERENCES [116] K. E. Malki and H.
show all

Handover mechanisms in next generation heterogeneous wireless ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?