This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Handover is a complex process that involves multiple layers of protocol and security executions. A great challenge faced by handover nowadays comes from the security implementations that can cause performance degradation. An essential research question that needs to be addressed is how to achieve a balance between security and performance during the handover. In order to understand the problems and challenges in this field, different state of the art security schemes that assist handover in wireless IP networks will be analyzed in this paper. Performance of existing security schemes in terms of handover completion time, throughput and quality of service (QOS) will be analyzed. The goal of this paper is to seek a balance between handover security and performance.
One major issue among the challenges of future IP-based wireless networks is to maintain the network connectivity for roaming users when they migrate from one access network to another in a mobile environment. The procedure of switching access networks is called handover. If the handover occurs between heterogeneous networks then it is known as vertical handover but if it is occurs within a single network then it is known as horizontal handover. In this paper, our focus will be on vertical handover. The IEEE 802.21 MIH(Multimedia Independent Handover) is a standard that facilitate mobility across heterogeneous or hybrid networks. Unfortunately, the IEEE 802.21 standard does not consider security in the main standard. So, in order to improve the VHO techniques, robust security solutions must be adopted that can be used in heterogeneous networks to allow security at anytime and anywhere. At the same time, security challenges make the handover procedure more complicated in a wireless and mobile environment. Authentication and Authorization are essential to
secure the user mobility, but it brings overhead during the handover phase. In order to achieve a balance between the handover security and performance, different security schemes for handover will be discuss in this paper. Section 2 covers different challenges related to vertical handover, current trends including existing security solutions and comparison between these security solutions. Section 3 contains the proposal of a balanced security mechanism to attain handover security and performance simultaneously. Section 4 presents conclusion.
2. Current Challenges, Trends and Issues
Handover management requires the transfer of essential user context between two access networks in a secure manner. However, existing security solutions add complexity and overhead to handover management. Hence, it is essential to achieve both efficiency and security at the same time. The trade-off between security and efficiency is especially true in environments where the network provider is different from the service provider. In such case, the end user must be authenticated to both providers. In such scenarios, authentications are accomplished using AAA protocols like RADIUS or DIAMETER, which are costly especially when the home network is many network hops away from the visiting network. In order to cope with long delays, a number of techniques have been proposed to optimize the handoff procedure. Mobile IP enables a mobile node in an IP network to change its poA (Point of Attachment), redirects data traffic to its current location and keeps the existing connection uninterrupted. Although Mobile IP can solve the basic mobility issue but the fast development of wireless technologies and real-time applications such as VoIP increase challenges to the mobility management. Mobile IP increases the overhead introduced by handover in terms of control signaling, packet redirection and authentication process. The lengthy delay between the break of previous connection and the establishment of new one may lead to serious performance degradation. Hence, security challenges make the handover procedure more complicated in wireless network.
Vertical handover also affect QOS of different applications since different networks offer different bandwidth and delay profiles. MPA(Media-Independent Pre-Authentication)is another secure handover optimization scheme that works over any link layer and with any mobility management protocol. With MPA, a mobile node securely obtains an IP address and other configuration parameters for a Candidate Target Network (CTN), but is also able to send and receive IP packets using that IP address before it attaches to the CTN. Mobile node complete binding update of any mobility management protocol and use the new care of address before performing handover at the link layer. MPA provide four procedures including pre-authentication, pre-configuration and secure proactive handover to optimize handover for a mobile device that has connectivity to the serving network but is not yet attached to the CTN. After mobile's pre-authentication, two keys MN-SA key and MN-AR key are derived from MPA-SA (Security Association) to protect tunnel management protocol. Mobile node attain an IP address, i.e., nCoA (new care-of address) after it changes oPoA (old point of attachment) to nPoA (new point of attachment). Before the handoff, the MIPv6 tunneled traffic between the MN and HA (Home Agent) goes through the IPSec pro-active tunnel created by MPA with IPSec policy setting. Authentication agent maintains the state of neighboring networks in order to accelerate establishing SAs when MN returns to current network. Hence, the performance improvement of handover using MPA is 85% to 99.65%. There are following Cons attach with MPA security scheme:
MPA scheme does not provide secure transport of media independent messages as per required.
It also does not address confidentiality and message integrity of MIH messages which is an essential requirement of message level security.
In MPA, it will cause packet loss problem when a MN starts handover before the MPA binding update procedure. Dynamic buffering mechanism will buffer those packets and ensuring that oAR (old Access Router) will not drop the undelivered packets sent from current node to the mobile node with oCoA. After HO, oAR will forward those packets to MN via nAR.
FMIP (Fast Mobile Internet Protocol) created a tunnel between mobile node and nAR to forward all packets with oCoA to nAR during handover. After HO, nAR flushes the buffer and forward packets to mobile node. It will reduce the delay mentioned in dynamic buffering process. If the MN loses the binding update of the CN, then MN will request a new address of CN from the HA of CN. This will increase costs and increase the handover delay.
Enhanced MPA (eMPA)  scheme is used to avoid the packet loss which occurs before the completion of binding update procedure during handover. It is based on two steps. Firstly, CN or HA of mobile node must reply a binding update ACK (BUA) whenever they receives the binding update message. The BUA is used to decide the timing of deleting the tunnel between the MN and oAR. Secondly, oAR and MN need to modify as follows:
Mobile node must be able to assess how many BUAs are not received.
oAR will apply IPSec encapsulation technique to the packets sent to the mobile node with oCoA and replace these packets with a new IP header and nCoA as the destination address.
After the completion of handover, mobile node will check whether all of the BUA packets are received and then send a delete IPSec tunnel message to the oAR.
The mobile node will send a delete PHT tunnel message to the nAR before handover after ensuring that all BUA have been received. IPSec tunnel will be created after the handover between mobile node and oAR oAR will now forward all packets with MN and oAR as a destination address to the mobile node with nCoA after replacing oCoA with nCoA in IP header of packet using tunnel node of IPSec. nAR will then buffer all those packets until the mobile node completes handover. After completion of HO, nAR will flush and forward those buffered packets to mobile node. Mobile node will then decrypt those packets by using the key established during creation of IPSec tunnel. Ultimately, mobile node will send the delete IPSec tunnel message to oAR.
As compare to dynamic buffering used in MPA, the eMPA dynamic buffering can shorten the delay time of forwarding packets and also avoid the packet loss problem.
After analyzing IPSec and DTLS (Datagram Transport Layer Security), a new method to secure MIH messages with protocol extensions is introduce, i.e., MIHSec (MIH Security). The problem with IPSec/DTLS security methods is multiple authentications, i.e., L2 authentication and authentication of MIH transport that occur in the flow. The additional MIH transport authentication would add to the latency during the handover, which in turn degrade the performance of handover. MIHSec will eliminate the MIH transport authentication and use the Master shared key generated by L2 authentication procedure for generating MIH keys. It will provide low latency as well as maintenance of key hierarchy. MIHSec security solution has following merits:
IKE authentication or DTLS authentication is not necessary as the MSK keys are use for mainting key hierarchy as well as key generation.
The handover latency is reduced by eliminating IKE/DTLS authentication procedure.
Confidentiality and integrity protection is achieved with MIHSec.
Security signaling latency is the time taken to perform the authentication and security key generation along with the tunnel establishment time.
The comparison among IPSec/IKEV2, DTLS, and MIHSec proves that MIHSec is best in order to reduce handover latency, i.e.,
Security signaling latency
High(100s of msec)
Moderate(10s of msec)
Low(1s of msec)
Message transport latency
Message overhead per MIH Exchange
Less than 25%
Less than 25%
According to the analysis of security impact, the lengthy delay introduced by security schemes constitutes a major part of performance degradation in handover, and the above security schemes prove this fact.
The Extensible Authentication Protocol (EAP) enables to carry out authentication. Authenticator relays EAP messages b/w server and client to ensure the distribution of ciphering keys on the access link where the MN is going to connect. EAP is transported between authentication server and authenticator by using RADIUS or Diameter protocols. PANA (Protocol for carrying Authentication for N/w Access) is used to enable EAP to be transported over IP. PANA session is establish between client and PAA (PANA authenticator) after client discovers the PAA, negotiate parameters and grant of authorization. MSK bootstraps the security of access link. In order to install PANA session, mobile node has to make authentication and authorization which take no less than 6 round trips delay between client and authentication server.
PANA Session Transfer, also known as Context transfer contributes to shorten this handover delay. After discovering new PAA, mobile node transmits the old PANA session identifier as well as an authentication token, indicating that it wants the old PANA session to be transferred from the old PAA. Authorization parameters are determined after authentication of mobile node by old PAA. The remaining authorization lifetime and intermediate MSK will be sent to the new PAA and it indicates successful authentication and authorization to the mobile node. The new PANA session is constructed based on the parameters obtain from previous PAA.
In Make-before-break, mobile node obtain configuration for the target access router, install whatever require to recover access link, and request for routing update to fit its future movement. It allows mobile node to install PANA session at a target authenticator.
Context transfer has several differences and shortcomings as compare to other techniques:
Authorization based on previous authenticator violates the basic assumption that AAA server plays a central role in deciding authorization.
If an attacker compute intermediate MSK and determine unencrypted nonces b/w mobile node and authenticator, he can easily compute the new MSK.
Finally, the above solution can't be deployable for inter domain handovers.
EAP has certain drawbacks when a mobile scenario is taken into account:
EAP authentication lasts a considerable time.
Authentication mechanism is in-efficient since frequent roundtrips are required from poA to user's home domain.
Hence, a fast re-authentication mechanism that involves local re-authentication server placed near the mobile user is the need of time.
A simple multi-layered architecture for pseudo-random pseudonym generation offers a privacy preserving mechanism for fast re-authentication process in EAP-based NGN. A 3PFH (The three-party protocol for fast handoff) is executed between three entities namely A (EAP Peer), B (EAP Authenticator) and S (EAP Server/AAA/KDS). When mobile gets a network access for the first time or when EMSK life time will expire, bootstrapping phase is occur. The multilayer pseudonym architecture improve privacy during bootstrapping and fast re-authentication phase. Requirements of of this process are, User anonymity and Untraceability. According to this architecture, besides permanent identity(PI), MN has three types of pseudonyms:
Home Fast Pseudonym
Visited Fast Pseudonym
Three servers including home EAP server, home Fast Re-authentication server, and visited fast re-authentication server are involved in this architecture. Intra-layer relation-ship refers to relationships between pseudonyms that belong to the same layer (e.g., BP1 and BP2), and Inter-layer refers to relationships between pseudonyms that belong to different layers (e.g., BP1 and HFP1).
We distinguish three different groups of relationships:
Group R1 collects the relationships between the PI and all the BPs.
Group R2 is formed by the relationships that exist between the BP used in a bootstrapping process and all the HFPs.
Group R3 collects the relationships between the HFP and the VFPs.
Example of usage Scenario (Inter-KDF Handoff):
1. Bootstrapping phase (full EAP authentication): When the user attempts to connect to his HD for the ï¬rst time (step 1), a boot-strapping process is performed employing BP1. After the full EAP exchange, a fresh EMSK is established (from which the3PFH key hierarchy is derived), current BP is renewed by BP2.
2. Fast re-authentication phase (inter-KDS handoff): In this step an inter-KDS handoff takes place. In the ï¬rst 3PFH execution to establish a trust relationship between the mobile user and AAA/KDS server 2, the pseudonym HFP2 is used and then renewed with HFP3 after this 3PFH execution. The second 3PFH exchange with visited KDS uses VFP1, which is renewed by VFP2 for the next fast re-authentication process.
3. Bootstrapping phase (full EAP authentication): The user leaves visited domain A and needs network access service from visited domain B. During this change of location, the mobile device is reinitialized (remember that BP is available in these situations since it is stored in non-volatile memory) provoking the execution of a bootstrapping phase.
4. Fast re-authentication phase (inter-KDS handoff): Finally, when the user returns to its HD, another inter-KDS handoff occurs. In this situation, given that EMSK has not expired, the 3PFHkey hierarchy established in step 3 is still valid.
Binary String Length
Local Administrative Domain (LAD) with localized optimization is another mechanism to seek a balance between security and performance. It has following advantages:
1) By conducting access authentication and AAA operation within the LAD, the frequent security signaling across the Internet can be avoided,
2) By using EAP-AKA and ERP re-authentication mechanism, less security signal-ing is needed.
3) EAP-AKA adopts symmetric key, less computation time is needed for authentication on the mobile terminal.
4) ERP provides a method-independent generic framework to support eï¬ƒcient re-authentication and distribution of EAP keying materials.
5) Proxy Mobile IP enables the mobility management without the involvement of mo-bile terminals, which greatly reduces the energy consumed by transmitting security and mobility related signaling over the wireless link.
6) The local AAA operation with key management enables the fast authentication and authorization procedure, which helps shorten the overall handover completion time.
CAPWAP(Control and provisioning of wireless APs) play a role of central authority and manage all APs. WLAN deployment is split into two parts: Fat AP, implements both PHY and MAC layers of IEEE 802.11 protocol and Thin AP, implement lower portion of MAC and PHY layer. Authentication and Access Control reside on AC (Access Controller) allow clients to connect any WTP (Wireless Termination Point) without EAP-re authentication, AC also acts as authenticator. After initial authentication, session key is deliver to AC, so that traffic keys are derived and delivers to WTP using CAPWAP. After mobile node discovers new WTP, AC runs a 4-way handshake in order to deliver new traffic key.
HOKEY (Handover Keying) supports handover from one AP to another and also roaming b/w different operators. It supports fast re authentication to visited network, cutting the handover time between AP in that visited network, since credentials can be cached in local AAA server and used to derive new session keys, local HOCKEY server, co-located with visited n/w AAA server get keys using AAA protocols.
In IEEE 802.11r, the initial AP acts as an authenticator, communicate with AAA server. After that each AP interacts with initial AP rather than directly with AAA server. The important property of IEEE 802.11r is key management and key transfer protocol between R0kh(R0 key holder), since it holds PMKR0 and R1kh(R1 key holder), since it holds PMKR1.
HOKEY is only hierarchy to support domain level keys and is the only handover scheme supporting inter-enterprise routing. CAPWAP is simple at application level, since it can use PMK; reside at centralized AC to derive multiple traffic keys. Initially, IEEE 802.11i requires:
2Ne(Tw + Ta) + Ta + 4Tw………………(1)
Since first part of above equation represents time to complete the EAP authentication, Ta is the time to distribute MASK to AP and 4Tw is the time for 4 way handshake. Hence,
CAPWAP:4(Tw + Tc) + Tc, HOKEY: 2(Tw + Ta) + 4Tw, and IEEE 802.11r: 2Tw + 2Tc + 2Tw.
Using numbers typical of many network deployments, i.e., Tw=15us, Tc=5us, Ta=20us; We get:
CAPWAP HO time= 85us
HOKEY handover time=130us
IEEE 802.11r= 70us
Hence, IEEE 802.11r and CAPWAP are the winners.
In order to reduce the EAP authentication latency during handover, many protocols have been proposed including security context transfer, i.e., security context keys are transfer to target BS from service BS, Key hierarchy is used to reduce authentication delay by utilizing new key hierarchy designed for handover keying purpose, and Kerberos style ticket use Kerberos to distribute keys to target authenticator. A new ticket-based HO authentication scheme based on IEEE 802.16m, i.e., Multicast and Broadcast Service (MBS) reduce handover delay without using TGS. AAA server sets up multi-BS group which contains all registered BS and the entire group members share a multi-BS group key MGK. MS holds 512 bit MSK with AAA server after a full EAP authentication. AAA server issue MSK to BS through ASN-GW after EAP authentication. After receiving MSK, BS computes CMAC key TCK and TMGK then generate TMs (credential ticket) for future handover authentication of MS and send messages to MS. This scheme allows only the legitimate MS to access IEEE 802.16m network.
3. Proposed Solution:
My proposal is defined as an access domain consisting of a collection of sub-nets, network entities, and AAA databases under a common administration. The network entities operating under such administration can be assumed to share administratively created trust. Optimization can be implemented in the domain to enhance the performance and handover security. When a mobile node leaves its home network and enters a LAD, handover occurs and is handled by the responsible entities in this local domain. When the mobile node changes its access point within the LAD, localized handover schemes will be used to guarantee a good level of security and performance.
In wireless and mobile networks, handover security enables the protection of integrity, conï¬dentiality, and availability of user credentials and network resources during a handover. The security impact from authentication, key management, and cryptographic operations aï¬€ects the handover performance. To understand the interaction between performance and handover security, we analyze different schemes and provide the process of handover security into two phases supported by in-depth analysis on trust relationships and performance aspects that are aï¬€ected by existing security schemes. As an attempt to seek a balance between handover security and performance, local administrative domain with localized security optimization is proposed to promote handover performance.