a11-omari
TRANSCRIPT
-
7/29/2019 a11-omari
1/7
1
Abstract WLANs have emerged very fast in both public and
private areas during the recent years. They provide a non trivial
replacement for the complicated and high cost wired LANs.
However, the access points (APs) that build these WLANs do not
have a very long coverage range. Consequently, many handoffs
may occur as the mobile station is moving while accessing the
network resources located at the distribution system side.
Unfortunately, these handoffs can disturb the real time
applications if they consumed a long time.
This paper investigates the reduction of the handover in
wireless network domain. We considered some mechanisms andtechniques used to reduce handoff latency in wireless protocols.
We developed a simulation tool in order to compare the data
throughput with or without the re-association and the re-
authentication phase. Experimental results show that the
reduction of the re-association and the re-authentication phases
enhances throughput and reduces the handoff latency.
Index Terms Handoff, re-association, re-authentication,
wireless LAN.
I. INTRODUCTION
LANs deals on the IEEE 802.11 standards become well
known due to their many benefits such as: easy
operation and low cost [1][2][3]. These WLANs motivated theusers because it is easy to use in such as places especially in
the hot spot areas like universities, airports and hotels. In
addition, one of the goals for these networks (Wi-Fi) is the
ability to provide wireless mobile stations with free mobility
within the coverage range of their associated access points
(AP). So stations are able to move freely while accessing the
network. Since these wireless networks (WLANs) were
designed for indoor use at the beginning, APs of these
WLANs have a limited coverage radio range. Furthermore,
the limited range of these APs enforces a station to handoff
(re-associate) from its previous AP to a new AP, whenever the
station moves beyond the coverage range of its currentlyassociated AP in order to maintain continuous connectivity.
In WLANs, fast re-association of stations from one AP to
M. Omari, associate professor, is with the laboratory of sustainable
development and computer science (LDDI) at the University of Adrar, Adrar
01000, Algeria (phone: 213-49-967571; fax: 213-49-967572; e-mail:
S. Rezzougui, master student, is with the University of Adrar, Adrar 01000,
Algeria (e-mail: [email protected]).
N. Talhaoui, was with the University of Adrar, Adrar 01000, Algeria (e-
mail: [email protected]).
another (low handoff latency) is one of these requirements
which are not supported very efficiently in the IEEE 802.11
standard. Therefore, these handoffs can cause long latencies
and packet loss which can affect the performance of such real-
time applications. Consequently, fast handoff during
mobility in WLANs is considered to be a critical issue [1].
As a result of the advancement in wireless technologies,
real-time Multimedia services such as video conferencing
have been provided by Internet Service Providers (ISPs) to the
wireless subscribers [1]. However, since the IEEE 802.11
does not support fast handoffs, the performance of theapplications that support such services can be degraded when
the station moves beyond the coverage range of its original
AP and performers a handoff to another AP. This degradation
in the performance is the result of the handoff latency which is
caused by the handoff procedure. Consequently, if the latency
of the handoff procedure is large, some packets may be lost
which can disrupt the current session and make the real-time
applications become unreachable..
The rest of this paper is organized as follows. Section 1
provides an overview of the IEEE 802.11 protocol. The IEEE
802.11 architecture and the handoff procedure and its phases
are presented in Section 2. In Section 3, we will presentrelated work in reducing handoff latency. In Section 4, we
present our simulation experiments, their parameter settings,
along with the obtained results. The conclusion is presented in
Section 5.
II. IEEE 802.11 WIRELESS LANS OVERVIEW
In Wireless Local Area Network (Wireless LAN) the user is
assisted with high bit rate connection because of wireless
(Radio) connection [1]. The range of wireless LAN is fairly
short but it support high bit rate. In Wireless LAN, IEEE
standards enumerate its different types and these IEEE
standards also include the encryption algorithm to make
Wireless LAN more secure as compare to regular LAN.
Similar with the LANs, the IEEE 802.11 based wireless
local area networks (WLANs) provide low cost and effective
way to access the internet. These WLANs have various
standards which are specified by the Institute of Electrical and
Electronics Engineers (IEEE). The famous ones are: IEEE
802.11a (Band: 5 GHz, Data rate: 54 Mbps), IEEE 802.11b
(Band: 2.4 GHz, Data rate: 11 Mbps), IEEE 802.11g (Band:
2.4 GHz, Data rate: 54 Mbps), IEEE 802.11n (Data rate: 200
Mbps), and IEEE 802.11F [1] [2].
Simulation of Reducing Re-association and Re-
authentication Phases for Low Handoff Latency
Mohammed Omari, Sarah Rezzougui, and Nora Talhaoui
W
-
7/29/2019 a11-omari
2/7
2
A. Wireless LANs Architecture
In the IEEE 802.11 architecture, there are several
components and services which interact and work together in
order to provide WLAN functionality [1]:
1- Station: A station is the basic component of the wireless
network. It is any device which provides 802.11functionality
by implementing the 802.11 functions in Medium Access
Control (MAC) layer as well as physical (PHY) layer. A
station could be a laptop, PDA or an AP.
2- Access point (AP): An AP is any device that has
802.11functionality and allows the associated mobile stations
to access the services of the distributed system (DS) via the
wireless medium. Each frame on an 802.11 network must be
converted to another type of frame in order to be delivered to
the wired network by an AP which performs this wireless-to-
wired bridging function.
3- Wireless medium: The wireless medium is used by the
802.11 standards in order to move frames from one station to
another.
4- Distribution System (DS): A distribution system (DS) is
also called the backbone network. It is used to forward framesbetween several connected access points (APs), which form a
large coverage area, so they can communicate with each other
in order to track the movements of mobile stations (stations).
[1]
B. Wireless topologies
The 802.11 standard supports the following three
topologies [1]:
1- Independent Basic Service Set (IBSS) networks: IBSS
networks are commonly referred to as Ad Hoc Networks. In
IBSS networks, all mobile stations must be within direct
communication range in order to communicate with each
other. In addition, these networks consist of a small number ofstations which are set up for a specific purpose and for a short
period of time, for instance a single meeting in a conference
room.
2- Infrastructure Basic Service Set (BSS) networks: BSS
networks are differentiated by the use of an AP. In BSS
networks, APs are used for all communications, including
communication between mobile stations in the same service
area. When stations need to communicate with each others,
they communicate by transferring each frame to the AP,
which forwards them to their destination.
3- Extended Service Set (ESS) networks: The ESS consists
of different BSSs networks which are combined together inorder to form a large network. Each BSS has a single AP that
acts as bridge between the wireless link and any other
connections. The AP in each BSS is connected to a
distribution system that is usually an Ethernet backbone. In
general, the ESS is the union of the multiple BSSs that are
connected with each other through a DS.
C. Handoff Procedure
The handoff procedure occurs whenever the mobile station
moves farther than the radio coverage range of its currently
associated AP. When the received signal strength identifier
(RSSI) value becomes less than a predefined handoff
threshold (HT) the station initiates the handoff procedure and
decides to associate to a new AP which has a better RSSI
value in order to maintain its wireless connectivity [1].
During the handoff procedure, there are sequence of
messages (management frames) that are exchanged between
the APs and the station. As a result of these messages
exchanging, the current state information is transferred fromone AP to another with respect to the station.
The entire handoff procedure can be classified into three
logical phases namely: Discovery phase, Re-authentication
phase and Re-association phase.
D. Discovery Phase
In the discovery phase, two sub-phases are involved: the
handoff initiation sub-phase and the scanning sub-phase.
When a station is moving farther than the radio covered area
of its currently associated AP, the signal strength and the
signal-to-noise ratio SNR of the signal from the currently
associated AP decreases until it becomes less than HT. This
causes the station to initiate a handoff procedure. On the other
hand, before the station disconnects the connection to the
currently associated AP, the station needs to find new APs and
selects the best one among them in order to connect itself
with. This is achieved by the Medium Access Control (MAC)
layer scanning function [1].
E. Re-authentication phase
The re-authentication is a process in which the identity of
the station is either accepted or rejected by the AP. The re-
authentication process starts by the station sending a re-
authentication request frame from the station to the selected
AP. This frame informs the selected AP of the station identity.Upon receiving the re-authentication request frame, the
selected AP responds with a re-authentication response frame.
This frame indicates the acceptance or rejection of the selected
AP. Once the station has been successfully authenticated, then
it can send a re-association request frame to the selected AP
[4].
There are two authentication services or methods that have
been defined in the IEEE 802.11 standard: The open system
authentication and the shared key authentication.
The Open System authentication is considered a null
authentication algorithm which means that all the requesting
mobile stations (stations) can be authenticated by the recipient
AP. The authentication algorithm at the recipient AP is set to
Open System authentication. In addition, this method required
the exchange of only two frames between the station and the
new AP, an authentication request frame and an authentication
response frame [1].
In the shared key authentication method, the mobile station
initiates an authentication process by sending an
authentication request frame to the new selected AP. Upon
receiving the authentication request frame, the new AP utilizes
a Wired Equivalent Privacy (WEP) key in order to generate a
-
7/29/2019 a11-omari
3/7
3
challenge text for the station. After the challenge text has been
generated, the new AP attaches the challenge text into an
authentication response frame and sends the frame as a replay.
When the station receives the challenge text, it encrypts this
text with the correct shared WEP key and returns an
authentication request, which contains the encrypted challenge
text, to the new AP [1].
Once the authentication request frame received
successfully, the new AP gets the encrypted text from thereceived frame and decrypts it using the shared WEP key.
Then, the new AP compares the decrypted and the original
challenge texts. If these two texts match, the new AP sends an
authentication response frame back to the station in order to
confirm a successful authentication. This method requires four
exchange messages between the station and the new AP.
F. Re-association phase
The re-association phase can be defined as the process in
which the association of a mobile station is transferred from
one AP to another. After the station has been successfully
authenticated with the new selected AP, the re-association
process begins [1].
III. REDUCING HANDOFF LATENCY IN WIRELESS PROTOCOLS
Reducing handoff delay can be divided into four
subcategories. The first category is to reduce the probe delay
during the scanning phase where the focus is mainly to reduce
the number of channels to be scanned. The second category is
to reduce the re-authentication delay where the focus is
mainly on pre-authentication before station joins the new
network. The third category is to reduce the re-association
delay and the forth category is to reduce the overall handoff
delay which covers the previous three delays. Next, we will
discuss some mechanisms and techniques that are currently
used to reduce handoff delay.
A. Reducing MAC Layer Handoff Latency in IEEE
802.11Wireless LANs
The probe delay constitutes the biggest part (over 90%) of
the handoff latency. For this reason, Shin and Forte [6]
focused on minimizing this delay by improving the scanning
procedure, using a selective scanning algorithm. Furthermore,
Shin and Forte had to minimize the number of times the
previous scanning procedure was needed. This second point
was achieved with the use of a caching mechanism that is
described below.
In the selective scanning procedure, when a station scans
APs, a channel mask is built. In the next handoff, during the
scanning process, this channel mask will be used. In doing so,
only a well-selected subset of channels will be scanned,
reducing the probe delay.
The selective scanning procedure reduced the handoff
latency between 30 to 60% [6]. For seamless VoIP, it is
recommended that overall latency does not exceed 50 ms.
This further improvement was achieved by using an AP cache.
The AP cache consists of a table which uses the MAC address
of the current AP as the key. Corresponding to each key entry
in the cache is a list of MAC addresses of APs adjacent to
current one which were discovered during scanning. This list
is automatically created while roaming. The cache has a size
of ten, meaning that it could store up to ten keys and a width
of two, meaning that for each key, it can store up to two
adjacent APs in the list.
B. Reducing Layer Two Handoff Latency in WLANs UsingAdvanced Context Distribution (ACD)
This mechanism aims to reduce the re-association delay
which is caused by the transferring of the mobile station
context information from the old AP to the new AP using
the Inter Access Point Protocol (IAPP). Context information
of a station is the stations security information that may allow
faster re-authentication of a station on re-association. Using
IAPP for transferring stations context can increase the re-
association delay (up to 40 ms) due to its four additional
messages during re-association phase. transferring of stations
context from the old AP only if it can satisfy a specific
condition which is called context threshold. Only new AP
with RSSI value bigger than the context threshold value (CT)
can request stations context to be transferred from the old
AP.
C. Eliminating handoff latencies in 802.11 WLANs using
Multiple Radios
In the multi-radio scenario, a node is assumed to have two
interfaces: the primary interface and the secondary interface
[7]. Suppose that the primary interface is associated with APoldand is used for communication, while the secondary interface
is available to perform other tasks. Clearly, such multi-radio
node will have an advantage since it will be able to
communicate normally and perform management operationssimultaneously. In a naive approach, the secondary interface
could perform the scanning stage (which is the most time
consuming stage of a handoff), while the primary interface is
communicating normally with its AP. Once the secondary
interface determines an AP to which the node needs to
connect next, the primary interface could start the handoff
process skipping the scanning stage. This optimized handoff
can be performed in less than 5 ms. Besides the delay due to
the last two stages of handoff, just switching the card to a
different channel may require as much 20 ms, depending on
chipset, which is significant for real-time applications. This
naive approach vastly reduces latency due to handoff and is
absolutely safe, since from the AP infrastructures point ofview, the node does not do anything unexpected, it simply
appears as if the node knows which AP to connect to without
a scan [7].
D. Reducing Re-authentication Delay
Pack et. al. have proposed a fast predictive handoff scheme,
which is based on mobility prediction, for reducing the re-
authentication delay [4]. In this proposed scheme, the
reduction of the re-authentication delay was achieved by
enabling a mobile station to perform re-authentication
-
7/29/2019 a11-omari
4/7
4
procedures for multiple access points (APs) rather than just
the current AP whenever it enters the coverage radio range of
a new AP and when the initial registration is performed. The
authentication information, related to the station, is
proactively propagated to multiple APs (neighbour APs)
depending on the stations mobility. In addition, a prediction
method called the Frequent Handoff Region (FHR) selection
algorithm, which is introduced in this scheme, was used for
the selection of these multiple APs. This algorithm takes intoaccount the stations mobility patterns and service classes.
E. Reducing Re-association Delay
To further reduce the re-association delay during handoff
procedures, Funn has proposed a layer two handoff
mechanism called Selective Pro-active Context Caching
(SPCC). The main idea of SPCC mechanism is that, when a
mobile station first initiates a handoff process, it starts the
scanning phase. During this phase, the station sends a
modified probe request frame to all APs discovered in the
scanning phase except the old AP. The modified probe request
frame contains the old APs MAC address. After that, all the
APs that receive the modified probe request frame will send
the station-AP link quality information to the old AP (base on
the old AP MAC address received in the probe request frame)
using Link Quality Info management packet which is
introduced for the potential next APs selection process.
Consequently, a list of potential next APs to which a station is
likely to associate with will be created in the old AP [1].
IV. DEPLOYMENT OF SDES SECURE MECHANISM IN
WIRELESS DOMAIN
A. Authentication and Association
Soliman and Omari [8][9][10] developed a new securitymechanism based on stream ciphers. The Synchronous
Dynamic Encryption System (SDES) performs encryption,
integrity, and authentication. SDES is characterized by its
efficiency while maintaining higher security through dynamic
keys. At network initialization stage, all APs go through a
registration process authenticating themselves with the
authentication server (AS) (once in their life cycle). Then,
every AP is authenticated with its neighboring APs via the AS
that generates and transmit a private secret shared key SSK to
each pair of authenticated APs. When a mobile station joins
the network, with the pair (MAC address, secret
authentication key SAK) installed in its wireless card, it sends
a first authentication request to its local AP. The AP forwards
the station's request to the AS in order to authenticate the
station, and transfer its newly generated SAK back to the AP.
Fig. 1 explains in detail the protocol sequence of the
stations initial authentication.
Notice that the station authentication with the AS is done
only once; subsequent authentications are performed directly
with the associated AP. Only in case a station remains out of
rang with its AP for long time, would it need to re-
authenticate with the AS again.
B. Handover
When the communication signal between the mobilestation and its currently associated AP (say AP1) get weak, the
station roams for another AP (say AP2) of stronger signal.
Then, the station sends a handover request to AP1 including
AP2's info. Usually, AP1 and AP2 are adjacent and wired;
therefore, they are already pre-authenticated to each other via
the AS. Following the rule of a trusted by a trusted is
trusted, AP1 sends a secure handover request to AP2including the station's authentication information. This AP-AP
communication is secured via their private shared SSK. Then,
AP1 sends a secure integrity check message to the station in
order to check the previously received data integrity.
V. SIMULATION, RESULTS AND ANALYSIS
Our simulator was developed based on a framework
initially created by Soliman and Omari [8] [9] [10] to simulate
security protocols in ESS networks. Every station performs
tasks independently; so the simulator needs to implement
concurrent programming. Java has packages to facilitate
multiprogramming, namely threading. Next is an example of
some code that is part of base station (AP) simulation:baseSt ati onThr eads = newBaseSt at i onThr ead[ si mul at i onPar amet ers. get NumberOf BaseSt ati ons( ) ] ;f or ( i nt i = 0; i