1 / 9

Media-Independent Pre-authentication (MPA) Framework

Media-Independent Pre-authentication (MPA) Framework. draft-ohba-mobopts-mpa-framework-04.txt Ashutosh Dutta Victor Fajardo Yoshihiro Ohba Kenichi Taniuchi Henning Schulzrinne. (See also draft-ohba-mobopts-mpa-implementation-03.txt for performance results).

michaelsoto
Télécharger la présentation

Media-Independent Pre-authentication (MPA) Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Media-Independent Pre-authentication (MPA) Framework draft-ohba-mobopts-mpa-framework-04.txt Ashutosh Dutta Victor Fajardo Yoshihiro Ohba Kenichi Taniuchi Henning Schulzrinne (See also draft-ohba-mobopts-mpa-implementation-03.txt for performance results)

  2. Media-independent Pre-Authentication (MPA) • MPA is a mobile-assisted higher-layer authentication, authorization and handover scheme that is performed before establishing L2 connectivity to a network where mobile may move in near future • MPA provides a secure and seamless mobility optimization that works for Inter-subnet handoff, Inter-domain handoff and Inter-technology handoff • MPA works with any mobility management protocol Client Authentication AP Switching IP address configuration & IP handover AP Discovery Conventional Method Time Pre-authentication MPA Time Packet Loss Period

  3. MPA Phases • Pre-authentication: EAP pre-authentication to CTN (Candidate Target Network) • Pre-configuration: Proactive IP address acquisition from CTN • Pre-switching: L3 HO execution over MN-nAR tunnel • Switching: L2 handover • Post-switching: Tunnel deletion • Not all MPA phases have to be executed and can be replaced with other mechanisms • MPA Operation can stop at phase 1 (pre-auth only) or at phase 2 (pre-auth + pre-authorization),

  4. Home Network HA BU Tunneled Data Proactive Handover Tunnelin pre-switching phase CN AR Serving Network Target Network MN

  5. Investigated Issues • Operational Issues: • Pre-authentication to multiple Candidate Target Networks • Tunnel management • Ping-pong considerations • Authentication state management • Packet loss prevention techniques: Buffering, reachability test • Authentication in initial network attachment • Link-layer security and mobility (see mpa-implementation draft for results) • Pre-Authorization techniques: • Proactive IP address acquisition (IKEv2,DHCP,stateless autoconf, etc.) • Proactive DAD / Address resolution issues • Pre-allocation of QoS resources (for both end-to-end and edge network) • Co-existence with other mobility management protocols • MIPv4 FA-CoA, ProxyMIPv6, FMIPv6 • In some case, proactive handover tunnel is terminated at serving AR instead of MN • For ProxyMIPv6 + MPA, see draft-taniuchi-netlmm-mpa-proxymipv6-00.txt • Multicast mobility

  6. Applicability Statement Added • MPA is categorized as a proactive handover optimization mechanism. In other words, MPA is more applicable wherean accurate prediction of movement can be easily made • Even if accurate prediction of movement is easily made, effectivenessof MPA may be relatively reduced if the network employs network-controlled localized mobility management in which the MN does not need to change its IP address while moving within the network. • Effectiveness of MPA may also be relatively reduced if signaling fornetwork access authentication is already optimized for movements within the network, e.g., when simultaneous use of multipleinterfaces during handover is allowed • In other words, MPA is most viable solution for inter-administrativedomain predictive handover without simultaneous use of multiple interfaces An administrative domain (or a domain hereafter) is a logical network that is administered by a single authority using its own authentication and authorization mechanisms

  7. Focus on inter-domain handover optimization • Problem Statement: Inter-domain handover optimization cannot be solved solely by existing mobility management protocols • Requires SA between mobility agents across domains • Different domains may use different M-M protocols (e.g., CMIPPMIP handover optimization) • MPA’s ability to work across multiple-domains can enhance performance of inter-domain handover • MPA as a helper for existing M-M protocols for inter-domain handover • More focus on pre-authorization and proactive handover tunneling part of MPA for inter-domain handover optimization • Pre-authentication signaling is being discussed in IETF / IEEE • Possible Research topics: Co-existence with FMIPv6, PMIP and 802.21 for inter-domain handover optimization

  8. Summary • The draft has been presented 4 times since IETF62 • Feedback from the members has been reflected • Experimental results have been shown in the past (MPA with MIPv6, MPA with bootstrapping L2sec, etc.) • Possible direction: focus on pre-authorization and proactive handover tunneling part of MPA for inter-domain handover • Possible Research topics: Co-existence with FMIPv6, PMIP and 802.21 for inter-domain handover optimization • We are willing to commit to work on this topic and provide more experimental results

  9. Thank You!

More Related