wireless networking trends - aalborg...

Hans Peter SchwefelLife-long learning, Aalborg University, Aug. 2005

Wireless Networking Trends –Architectures, Protocols & optimizations for future networking scenarios

H. Fathi, J. Figueiras, F. Fitzek, T. Madsen, R. Olsen, P. Popovski, HP Schwefel

• Session 1 Network Evolution & Mobility Support (HPS)

• Session 2 Ad-hoc networking (TKM/FF)

• Session 3 Enabling technologies for ad-hoc NWs (TKM/FF)

• Session 4 Wireless Sensor Networks (PP)

• Session 5 Performance aspects & optimizations (HF/TKM)

• Session 6 Context-sensitive Networking (RLO/JF)

Note: Slide-set contains more material than covered in the lecture!

Wired / Wireless network Computer/Communication

Convergence is the key challenge

Antennas &

Propagation

Patrick Eggers

Center for Teleinfrastructure (CTIF)Director: Ramjee Prasad,

Co-directors: Ole Brun Madsen and Peter Koch

Cellular

Systems

Preben Mogensen

Digital

munications

Bernard Fleury

RF Integrated

Systems and

Circuits

TorbenLarsen

Wireless

orks &

Embedded

Systems

RamjeePrasad

Speech and M

ultimedia

munications

BørgeLindberg

Wireless

Perspective

BentDalum

Aalborg U

niversitySPA

Jens F.D. Nielsen

Center for

ork Planning

Ole BrunMadsen

Wireless

puting and Security

Henrik Larsen

WING: Research projects (selection)Selected research projects with relevance for this course/course lecturers• Center for Network and Service Convergence – CNTK

– Danish Research Council, with local industry partners– Real-time service provisioning, traffic & performance modeling, network optimization– WING Researchers: Hanane Fathi, Tatiana K. Madsen

• Wireless Access Networks, Devices, and Applications – WANDA– Danish Research Council, with local industry partners– Localization & location-based network optimization– WING Researchers: Joao Figueiras

• My Adaptive Global NETwork – MAGNET– EU funded, with 36 European partners– Personal Networks, context-sensitive networking– WING Researchers: Rasmus Olsen (and more)

• HIghly DEpendable ip-based NETworks and Services – HIDENETS– EU funded, with 9 European partners– End-to-end dependability solutions for car-to-car communication with infrastructure service

accessAnd many more ...

Content1. Introduction/Motivation

• Cellular Concepts, Layering Models2. Cellular Network Evolution

• GSM, GPRS, UMTS: Architecture, air interface, and protocols

• IP connectivity and IP transport3. IP-based multimedia subsystem (IMS)

• Session Initiation Protocol (SIP)• IMS architecture• Cross-Layer Aspects: Quality of Service and

Security4. Mobility support mechanisms

• L2 mobility support, Network Layer (MIP)• Transport Layer Mobility, Session Layer

Mobility (SIP)• Intermediate (L3.5 solution): Host Identity

Protocol (HIP)• Mobility support on which layer?

5. Summary and outlook• Personal Area Networks and

Personal Networks• Heterogeneous access

networks

Intro: Cellular systems

• Geographic region subdivided in radio cells

• Base Station provides radio connectivity to Mobile Station within cell

• Handover to neighbouring base station when necessary

• Base Stations connected by some networking infrastructure

Extended layered communication model• Ultimate goal of (wireless)

service provisioning: user satisfaction

• Focus in this course: network aspects, i.e. Layers 2-5

Functionalities, that are difficult to assign to single layers:

• Mobility support• Quality of service support• Security (authentication, etc.)• Dependability/Resilience... More later in this session

L3: Network Layer: IP

L2: MAC/LLC

L4: Transport: TCP, UDP, RTP/UDP

Application

(L5) Session Control, e.g. SIP

Middleware

User Interface

L1: PHYS

User Environment

ork QoS

Application Q

User perceived Q

Wireless Communication Technologies

20 155

Indoor

Pedestrian

High SpeedVehicular

Mobility & Range

Personal Area

VehicularUrban

Fixed urban

Total data rate per cell10

WLAN/ BRAN

B-PANWPANBluetooth

1000 Mb/s

Different Requirements on Wireless Communication:•Range, Mobility Support

•Throughput (interference/medium sharing), availability/reliability, QoS support

•Scalability/Number of Nodes

•Power consumption

•Cost, simplicity

•Voice / data support

•Security

Cellular systems: technologies & subscribers

1996 1997 1998 1999 2000 2001 2002 year

ion] GSM total

TDMA totalCDMA totalPDC totalAnalogue totalTotal wirelessPrediction (1998)

networks

GSM: Global System for Mobile Communication

• 2nd Generation of Mobile Telephony Networks• 1982: Groupe Spèciale Mobile (GSM) founded• 1987: First Standards defined• 1991: Global System for Mobile Communication,

Standardisation by ETSI (European Telecommunications Standardisation Institute) - First European Standard

• 1995: Fully in Operation

• Deployed in more than 184 countries in Asia, Africa, Europe, Australia, America)

• more than 747 million subscribers• more than 70% of all digital mobile phones use GSM• over 10 billion SMS per month in Germany, > 360 billion/year

worldwide

History:

Today:

GSM – Architecture

Components:• BTS: Base Transceiver Station• BSC: Base Station Controller• MSC: Mobile Switching Center• HLR/VLR: Home/Visitor Location

Register• AuC: Authentication Center• EIR: Equipment Identity Register• OMC: Operation and

Maintenance Center

Transmission: • Circuit switched transfer• Radio link capacity: 9.6 kb/s

(FDMA/TDMA)• Duration based charging

Abis AUm

Radio Link

Base StationSubsystem

Network andSwitchung Subsystem

OperationSubsystem

Connection toISDN, PDNPSTN

Radio Subsystem (RSS)

GSM Services‘Traditional’ voice services

– voice telephonyprimary goal of GSM was to enable mobile telephony offering the traditional bandwidth of 3.1 kHz

– emergency numbercommon number throughout Europe (112); mandatory for all service providers; free of charge; connection with the highest priority (preemption of other connections possible)

– Multi-numberingseveral ISDN phone numbers per user possible

– voice mailbox (implemented in the fixed network supporting the mobile terminals)– Supplementary services, e.g.: identification, call forwarding, number suppression,

conferencing

‘Non-Voice’ Services (examples)• Fax Transmissions• electronic mail (MHS, Message Handling System, implemented in the fixed network)• Short Message Service (SMS)

alphanumeric data transmission to/from the mobile terminal using the signaling channel, thus allowing simultaneous use of basic services and SMS

1 2 3 124

890 915Uplink Downlink

MHz 935 960

Kanäle:

200 kHz

Frequenzband derMobilstation

Frequenzband derBasisstation

GSM: Air Interface IFrequency Division Multiple Access (FDMA)• Separate up-link (MT BTS) and down-link (BTS MT) traffic

– Two 25MHZ bands • Distinguish 124 adjacent channels within each band

– Each channel 200kHz

Radio Network Planning:• Determine location of BTS• Determine number of TRX per BTS

– Multiple transceivers (TRX) per BTS (e.g. 1,4 ,or 12)simultaneous use of different FDMA channels

• Assign subsets of 124 channels to BTSs

0 1 2 3 4 5 6 7

4,615 ms

data bits data bitstraining

57 26 57

time slot:

3 tail bits 3 tail bits1 togglebit

1 togglebit

burst 148 bit

time slot 156,25 bit

0,577 ms

GSM: Air Interface IITime Division Multiple

Access (TDMA)• Within each channel: sequence

of TDMA frames• TDMA frames subdivided into

8 time-slots

TDMA Frame

1 2 3 4 5 6 7 8

higher GSM frame structures

935-960 MHz124 channels (200 kHz)downlink

890-915 MHz124 channels (200 kHz)uplink

GSM TDMA frame

GSM time-slot (normal burst)

4.615 ms

546.5 µs577 µs

tail user data TrainingSguardspace S user data tail

guardspace

3 bits 57 bits 26 bits 57 bits1 1 3

GSM Air Interface: Combination of TDMA & FDMA

GSM: Logical Channels

Example: Mobile Terminated Call1. calling a GSM subscriber2. forwarding call to GMSC3. signal call setup to HLR4. 5. request MSRN from VLR6. forward responsible

MSC to GMSC7. forward call to current MSC8, 9. get current status of MS10, 11. paging of MS12, 13. MS answers14, 15. security checks16, 17. set up connection

PSTNcallingstation GMSC

HLR VLR

BSSBSSBSS

11 11 11

Example: Message flow between MS and BTS for Mobile Terminated Call

paging request

channel request

immediate assignment

paging responseauthentication request

authentication response

ciphering command

ciphering complete

setupcall confirmed

assignment command

assignment complete

alerting

connectconnect acknowledge

data/speech exchange

1995 2000 2005 2010

Subscriptions worldwide (millions)

Mobile InternetSubscribers

MobileSubscribersMobile

FixedMobile InternetFixed Internet

• The future Internet will mainly be accessed by mobile devices

Mobile Communication & Data Traffic

Data services in GSM• Data transmission standardized with only 9.6 kbit/s

– advanced coding allows 14,4 kbit/s– not enough for Internet and multimedia applications

• HSCSD (High-Speed Circuit Switched Data)– mainly software update– bundling of several time-slots to get higher

AIUR (Air Interface User Rate)(e.g., 57.6 kbit/s using 4 slots, 14.4 each)

– advantage: ready to use, constant quality, simple– disadvantage: channels blocked for voice transmission

AIUR [kbit/s] TCH/F4.8 TCH/F9.6 TCH/F14.44.8 19.6 2 1

14.4 3 119.2 4 228.8 3 238.4 443.2 357.6 4

GPRS: General Packet Radio Service

• Packet Switched Extension of GSM• 1996: new standard developed by ETSI• Components integrated in GSM architecture• Improvements:

– Packet-switched transmission– Higher transmission rates on radio link (multiple

time-slots)– Volume based charging ‚Always ON‘ mode

possible• Operation started in 2001 (Germany)

GPRS - Architecture

GSM GPRS

HLR GR

Components

A Abis Gb Gp

Components:• CCU: Channel Coding Unit• PCU: Packet Control Unit• SGSN: Serving GPRS Support Node • GGSN: Gateway GPRS Support Node• GR: GPRS Register

Transmission: • Packet Based Transmission• Radio link:

– Radio transmission identical to GSM– Different coding schemes (CS1-4)– Use of Multiple Time Slots – On-demand allocation of time-slots

• Volume Based Charging

GPRS: Channel Coding and Multiplexing

9,05 kbit/s

Time Slot (MS-> BTS)

Coding Scheme 1

72.4.......171,2 kbit/s

9,05 kbit/s

13,4 kbit/s

9,05 kbit/s

13,4 kbit/s 13,4 kbit/s

15,6 kbit/s 15,6 kbit/s 15,6 kbit/s

.....21,4 kbit/s .....21,4 kbit/s 21,4 kbit/s

9,05 kbit/s

Coding Scheme 2

Coding Scheme 3

Coding Scheme 4

‚optimal‘ radio quality: no interference, etc.

Selection of Codingdepending on qualityof radio connection

Overall transmission rate

Example: Channel Assignment & Multiplexing

• 4 TRX 4 FDMA channels32 time slots

• 3 Signalling Channels– 1TS: FCCH, SCH, BCCH (PBCCH),

PAGCH, RACH (PRACH)– 2 TS: SDCCH

• 29 Tracffic Channels (TCH/PDTCH)– GSM calls only– GPRS calls only– Common channels

GPRS: Protocol Stack

• RLC: Radio Link Control– Acknowledged mode (reliable) or unacked

• LLC: Logical Link Control– Acknowledged mode (reliable) or unacked

• BSSGRP: BSS GPRS Protocol

• SNDCP: Sub-Network Dependent Convergence Protocol

• GTP: GPRS Tunneling Protocol– Mobility Support– GTP-C and GTP-U

Coding Schemes

• USF = Uplink State Flag– ‘owner’ of time-slot in next uplink TDMA frame– Allows multiplexing of up to 8 MS on one time-slot

• Block header contains Temporary Flow Identifier (TFI)– TFI and direction identifies Temporary Block Flow (TBF)

Enhanced Data rates for the GSM Evolution (EDGE)

Time Slot (MS-> BTS) Transmission Rate

48.......384 kbit/s

48 kbit/s ....48 kbit/s 48 kbit/s8 PSK

....New Modulation

Scheme

• Advantages– Increased Data Rate– No Modificatíons in Core Network (SGSN/GGSN) required

• Disadvantages– New Modulationscheme(8 PSK), not compatible to GSMK– HW Changes in the BTS required

Universal Mobile Telecommunication System (UMTS)• Currently standardized by 3rd Generation Partnership Project (3GPP),

see http://www.3GPP.org[North America: 3GPP2]

• So far, three releases: R’99, R4, R5

Modifications:• New methods & protocols on radio link increased access bandwidth• Coexistence of two domains in the core network

– Packets Switched (PS)– Circuit Switched (CS)

• New Services• IP Service Infrastructure: IP Based Multimedia Subsystems (IMS) (R5)

User EquipmentDomain

User EquipmentDomain Access

NetworkDomain

AccessNetworkDomain

CoreNetworkDomain

Service and ApplicationDomain

Charging/ Lawful Interception/ OAMCharging/ Lawful Interception/ OAM

Other Networks (IP/ ISDN)

• Radio Access Network– Node B (Base station)– Radio Network Controller (RNC)

• Mobile Core Network– Serving GPRS Support Node (SGSN)– Gateway GPRS Support Node (GGSN)– Mobile Switching Center (MSC)– Home/Visited Location Register (HLR/VLR)– Routers/Switches, DNS Server, DHCP Server,

Radius Server, NTP Server, Firewalls/VPN Gateways

• Application/Services• IP-Based Multimedia Subsystem (IMS)• Operation, Administration & Maintenance (OAM)• Charging Network • [Legal Interception]

UMTS Network Domains

UMTS Radio Access Network (UTRAN): architecture

• W-CDMA (Wideband Code Division Multiple Access) on Radio Link

• transmission rate up to 2Mbit/s (see course ‚UMTS Evolution‘ for rather complex details)

Transport of IP packets

ApplicationServerGGSNTerminal SGSNUTRAN

GTP-UGTP-U

User IP (v4 or v6)

Radio Bearer

IP tackets are tunnelled through the UMTS network(GTP – GPRS tunneling protocol)

IPv4 or v6

Application

UDP/IPv4 or v6

IPv4 or v6

Iu-PSUu Gn Gi

UDP/IPv4 or v6

IPv4 or v6

[Source: 3GPP]

IP Transport: Concepts• PDP contexts (Packet Data Protocol) activation

• done by UE before data transmission• specification of APN and traffic parameters• GGSN delivers IP address to UE• set-up of bearers and mobility contexts in SGSN and GGSN• activation of multiple PDP contexts possible

•Access Point Names (APN)• APNs identify external networks (logical Gi interfaces of GGSN)• At PDP context activation, the SGSN performs a DNS query to find out the GGSN(s) serving the APN requested by the terminal.• The DNS response contains a list of GGSN addresses from which the SGSN selects one address in a round-robin fashion (for this APN).

•Traffic Flow Templates (TFTs)• set of packet filters (source address, subnet mask, destination port range, source port range, SPI, TOS (IPv4), Traffic Class (v6), Flow Label (v6)• used by GGSN to assign IP packets from external networks to proper PDP context

• GPRS tunneling protocol (GTP)•For every UE, one GTP-C tunnel is established for signalling and a number of GTP-U tunnels, one per PDP context (i.e. session), are established for user traffic.

IP Transport: PDP Context & APNs

Terminal SGSNGGSN

PDP Context X2 (APN X, IP address X, QoS2)

PDP Context X1 (APN X, IP address X, QoS1)

PDP Context Z (APN Z, IP address Z, QoS)

PDP Context Y (APN Y, IP address Y, QoS)

Same PDP (IP) address and APN

PDP Context selectionbased on TFT (downstream)

[Source: 3GPP]

UMTS Data Transport: Bearer Hierarchy

TE MT UTRAN/GERAN

CN IuEDGENODE

CNGateway

End-to-End Service(IP Bearer Service)

TE/MT LocalBearer Service

UMTS BearerService

External BearerService

UMTS Bearer Service

Radio Access BearerService

CN BearerService

BackboneBearer Service

Iu BearerService

Radio BearerService

PhysicalRadio

Service

PhysicalBearer Service

Air Interface

3G GGSN3G SGSNRAN

User Equipment

UMTS Bearer: Traffic Classes (Source TS23.107, V5.2.0)

UMTS Bearer: Selected Traffic/QoS Parameters• Maximum Bitrate (kb/s)• Guaranteed Bitrate (kb/s)• Source statistics descriptor (`speech´, `unknown´)

• Transfer delay (ms)• SDU error ratio• Maximum SDU size (bytes)

Message Flow: PDP Context Setup

The ’full picture’ of the UMTS packet switched domain

G G SNSG SN

D HC P

R ADIU S

IM S D o m ain

H L R/AuC

Node B

N etw ork Services

SS7, G r

SS 7, G c

G RX Netw o rk

D N SG n-SEC

DN S G n-PRI

G n N etw ork

D N S E xt

G i N etw ork

D NSExt

E -m ail

HT T Pproxy

D N S NS

D N S IM S

P-C S C F

I/S -C S CF

MN O 1`s B ackbone

AS N etw o rk

M essages

V ideo

DN SAS

C orp. Network

VPN -G W Y

M N O 1`s N etw ork

1 2 3 4 5 6 7 8 9 * 0 # U E1

In ternetAS

M N O 3

M N O 2

Roaming Support: • UE attaches with SGSN in visited network• PDP context is set-up to GGSN in home network (via Gp interface, GRX network)

networks

IP based Multimedia Subsystem (IMS)Additional domain in UMTS Rel. 5, based on Packet-switched domainEstablishment and Control of IP based multimedia calls based on SIP

Standardized interfaces to applicationsAuthentication and authorisation of service accessService based chargingQoS controlGlobal roaming and access to home services

Originally planned to be based on IPv6‘Network centric’ approach (as opposed to IETF SIP)In principle access independent (e.g. also WLAN access)No Network layer mobility support in IMS (mobility via SIP or in access networks)

Session Initiation Protocol -- SIPSIP: Application layer signalling protocol (RFC 3261)• Provides call control for multi-media services

• initiation, modification, and termination of sessions• terminal-type negotiation and selections• call holding, forwarding, forking, transfer • media type negotiation (also mid-call changes)

using Session Description Protocol (SDP)• Provides personal mobility support• Independent of transport protocols (TCP, UDP, SCTP,…)• ASCII format SIP headers• Separation of call signalling and data stream

Application types/examples:• Interactive Voice over IP (VoIP)• Multimedia conferences (multi-party, e.g. voice & video)• Instant messaging • Presence service• Support of location-based services

SIP – Basic messages

• Selected Requests (Methods)– INVITE: initiate call– ACK: confirm final response (after ‘invite’)– BYE: terminate call– CANCEL: cancel pending requests– OPTIONS: queries features supported by

other side– REGISTER: register with location service

• Responses– 1xx Intermediate results

e.g. 180 Ringing– 2xx Successful Responses

e.g. 200 OK– 3xx Redirections

e.g. 302 Moved Temporarily– 4xx Request Failures– 5xx Server Failures– 6xx Global Errors

SIP Addressing and header formatAddressing:• Addresses specified SIP URL, in the format: user@host. • Examples of SIP URLs:

• sip:hostname@vovida.org• sip:hostname@192.168.10.1• sip:14083831088@vovida.org

INVITE sip:5120@192.168.36.180 SIP/2.0Via: SIP/2.0/UDP 192.168.6.21:5060From: sip:5121@192.168.6.21To: <sip:5120@192.168.36.180>Call-ID: c2943000-e0563-2a1ce-2e323931@192.168.6.21CSeq: 100 INVITEExpires: 180User-Agent: Cisco IP Phone/ Rev. 1/ SIP enabledAccept: application/sdpContact: sip:5121@192.168.6.21:5060Content-Type: application/sdp

• Example: SIP Header

SIP: Architecture & Entities

• User agent: An application program which initiates SIP requests (User agent client) and also acts upon (accepts, rejects or re-directs) incoming SIP requests (User agent server)

• Location server provides SIP redirect or proxy servers information about a callee's possible location(s).

• Proxy server takes requests on behalf other user agents or servers and forwards them to the next hop.

• Redirect server accepts a SIP request, maps the address into zero or more new addresses and returns these addresses to the client. Unlike a proxy server, it does not initiate its own SIP request.

• Registrar is a server that accepts REGISTER requests. A registrar is typically co-located with a proxy or redirect server and may offer location services.

Redirect Server

Location Server

Registrar Server

User Agent Proxy ServerProxy Server User Agent

SIP Call Signalling: Example

302 (Moved Temporarily)

INVITE

200 (OK)200 (OK)

INVITE180 (Ringing)180 (Ringing)180 (Ringing)

200 (OK)ACKACK ACK

RTP MEDIA PATH

BYEBYE BYE200 (OK)200 (OK) 200 (OK)

Call Teardown

MediaPath

Call Setup

INVITELocation/Redirect ServerProxy Server Proxy Server User AgentUser Agent

INVITE

SIP: Separation of signalling and data

• Route of SIP messages (proxy chain) different than media stream route:

Potential Problems with Firewalls & NATs

SIP: additional topics

Not touched in this lecture, see IETF SIP WG:• Multitude of SIP extensions: new methods (e.g. instant messages)• SIP over NAT/FW• Authentication and security aspects• Support of location based services• Discovery of SIP entities (e.g. DNS SRV records)• Service Discovery (e.g. SLP)• Reliability aspects of SIP-based call control

IMS:Network Entities and Protocols

IM SubsystemApplicationsand

ServicesMultimedia

IPNetworks

CS Domain-or-

PSTN-or-

Legacy-or-

External

PS Domain

MRF-CSCP

BGCFMi

AlternativeAccess Networks

„Gi-Cloud“

OSA-SCS

IM-SSF

MRF-PMp

TCP/IP/UDP/RTP/…

CAP SIP

SIP TCP UDP

HTTP Others

UEUTRAN

MT TEUu IuR

SIP Mk

Network Entities

• CSCF (Call State/Service Control Function)• PDF (Policy Decision Function)• HSS (Home Subscriber Service)• SLF (Subscription Locator Function)• MRF (Multimedia Resource Function)• BGCF (Breakout Gateway Control Function)• MGCF (Median Gateway Control Function)• MGW (Media Gateway)• T-SGW (Transport Signaling Gateway)• R-SGW (Roaming Signaling Gateway)• AS (Application Server)• SCP (Service Content Provider)• IM-SSF (Service Switching Function)• OSA-SCS (Service Capability Server)

Additionally:- Charging Entities- Security Entities- Lawful Interception- Firewalls- DNS, DHCP, TRIP, …- QoS Entities- OAM and NM- …

IMS: Important Network ElementsHSS : Home Subscriber ServiceDatabase for subscriber related information• Identification (SIP, Mail, E.164, Label, IMSI, ...)• Location management (P-CSCF, S-CSCF, IP address)• List of authorized services, List of subscribed services• Quintuplets for Security

Proxy Call State Control Function (P-CSCF)First contact point of an operator‘s network (for the mobile terminal)• Forwarding of SIP messages between terminal and core network• Generation of charging records• Translation of IDs other than SIP URIs into SIP URIs

(e.g. E.164 numbers)• Termination of confidentiality and integrity, Lawful interception• Authorisation of bearer resources and QoS management• Detection of emergency calls and selection of a emergency S-CSCF• Translation of SIP URIs for local services• SIP header compression

IMS: Important Network Elements (cntd.)Interrogating Call State Control Function (I-CSCF)First contact point of an operator‘s network (for other operators)• Forwarding of SIP messages (proxy functionality)• Assignment of a S-CSCF

– during registration and during invite (for services for not registered subscribers)• Generation of charging records• Hiding of internal network configuration/capacity/topology

Serving Call State Control Function (S-CSCF)Performs session control and service triggering• Acts as a registrar according to RFC2543• May behave as a Proxy Server as defined in RFC2543, i.e. it accepts requests and services

them internally or forwards them on, possibly after translation.• May behave as a User Agent as defined in RFC2543, i.e. it may terminate and

independently generate SIP transactions.• Interaction with service platform(s), provides endpoints with service event related information • Authentication (based on quintuplets from HSS), Generation of charging records

Levels of Registration

UE xGSNVisited Network Home Network

UMSCSCFDHCP AS

Bearer Level

IM Subsystem

Application?

CSCF HSS

Registration in a Roaming ScenarioHome Network of MS B

Network visited by MS B

P-CSCF-B

S-CSCF-B

Home Network of MS A

Network visited by MS A

P-CSCF-A

S-CSCF-A

I-CSCF-A

HSS-A User Profile

I-CSCF-A4

HSS-AUser Profile5

Routing of Mobile-To-Mobile CallsHome Network of MS A

Network visited by MS A

Home Network of MS B

Network visited by MS B

MS A MS B

P-CSCF-A

I-CSCF-B

P-CSCF-B

S-CSCF-A S-CSCF-B

User Profile

Call C

I-CSCF-A

HSS-A User Profile

SIP in IMS• Mandatory existence of P-CSCF as first point of contact• Network initiated call release (e.g. due to missing coverage or administrative reasons)

– Proxies are able to send BYE• Network Control of Media Types

– P/S-CSCF checks the SDP in the SIP body– If SDP contains invalid parameters (e.g. not supported codecs), P/S-CSCF rejects the SIP

request by sending a 488 (“not acceptable here”) response that contains a SDP body indicating parameters that would be acceptable by the network

• Network Hiding (Encryption of Route and Via Headers)• Additional Signaling Information

– For example Cell-ID, Mobile Network/Country Code, Charging-IDs – Information transported P-header based solution

• Compression– SIP Compression is mandatory as radio interface is a scarce resource– Compression / decompression of SIP will be performed by the UE and the P-CSCF

• Authentication & Integrity protection– S-CSCF performs the Authentication using AKA – P-CSCF checks the integrity of messages received via the air interface via IPsec ESP

QoS in IMS (linking SIP level and PDP contexts)

QoS: Secondary PDP context

Source: 3GPP: TS 29.208

UE PDF SGSN GGSN

2. Activate PDP Req.

3. Create PDP Req.

9. Create PDP Res.

10. Activate PDP Acc.

4. COPS REQ

6. COPS DEC

8. COPS RPT

1. Mapping ofSDP parametersinto UMTS QoS

5. Process authorization

request

7. PolicyEnforcement

QoS control – multiple levels• UMTS QoS --- PDP contexts• IP QoS (e.g., DiffServ)

– IP transport between SGSN & GGSN (Gn interface)– IP transport in external network (Gi interface)

• End-to-end SIP Signalling

Security: Overview of UMTS Mechanisms (R5)

• Mutual Authentication (UE--SGSN): UMTS AKA• Encryption on air interface (data and signalling, UE--RNC)• Integrity protection of signalling data on the air-interface• Network protection (secure topologies, firewalls, etc.) up to operator• Integrity protection and encryption of signalling traffic on external

interfaces (Gp, Gi) via IPsec tunnels (ESP)• Additional security mechanisms for IMS

– Authentication IMS AKA– Integrity Protection for SIP messages (UE—P-CSCF)

UMTS Air interface: Integrity ProtectionCOUNT-I

MESSAGE

DIRECTION

Integrity Function f9Integrity Key IK

Integrity Function f9 XMAC-I

SENDER(UE or RNC)

RECEIVER(UE or RNC)

Integrity Key IK

COUNT-I

MESSAGE

DIRECTION

MESSAGE

MAC-IAir Interface

MAC-I = XMAC-I ?

UMTS Air interface: EncryptionCOUNT-C

BEARER

DIRECTION

LENGTH

Ciphering function f8Cipher Key CK

KEYSTREAM BLOCK

COUNT-C

BEARER

DIRECTION

LENGTH

Ciphering function f8Cipher Key CK

KEYSTREAM BLOCK

PLAINTEXTBLOCK

CIPHERTEXTBLOCK

SENDER(UE or RNC)

RECEIVER(UE or RNC)

Air Interface

UMTS authentication and key agreement -security properties

• Assurance of key freshness to the user

• Entity authentication of the network to the user

• Establishment of a 128 bit cipher key CK

• Establishment of a 128 bit integrity key IK

• Provision of a means to exchange authenticated information between Authentication Centre and USIM for management purposes

UMTS Authentication and Key Agreement (AKA)

• Based on long-term pre-shared key K on USIM and in HLR/AuC • Authentication vector: Quintuplet (random number RAND, expected response

XRES=f2(K,RAND), cipher key CK, integrity key IK, authentication token AUTN) generated in HLR/AuC using a sequence number SQN, RAND, and K

• VLR/SGSN downloads authentication vectors from HLR/AuC during Attach

User Authentication Request(RAND,AUTN)

User Authentication Response (Res)

VLR/SGSN

RES = XRES?

verify AUTNcompute RES

select CK IK Compute CK, IK

VLR / SGSN

Authentication Data Request

Authentication Data Response (AV 1..n)

store AV‘s

HLR/AuC

UMTS AKA: Message flow during Attach

UE Node B RNC SGSN/VLR

HLR/ AuC

1. RRC Connection Request

2. RRC Connection Setup

3. RRC Connection Setup Complete

RRC Connection Setup

4. NAS: Attach Request

5. NAS: User Identity Request

6. NAS: User Identity Response

Start of GPRS Attach Procedure

7. MAP: Authentication Data Request

8. MAP: Authentication Data Response

9. Storage of Authentication Vectors

Distribution of Authentication Vectors

UE Node B RNCSGSN/VLR

HLR/AuC

10. Selection of the oldest AV

11. NAS: User Authentication Request

12. Verification of Authentication Token.

13. Compute RES

14. Store KSI

15. NAS: User Authentication Response

16. RES = XRES?

17. Compute Cipher and Integrity Key

18. Select Cipher and Integrity Key

Authentication and Key Establishment

19. Decide allowed Integrity & Encryption Algorithms

20. RANAP: Security Mode Command

21. Reset START value to zero

22. Select UIA and UEA

Security Mode Setup Procedure

continues at next page

UE Node B RNC SGSN /VLR

HLR/ AuC

23. Generate FRESH value

24. Start Integrity Protection

25. RRC: Security Mode Command

26. Check UE Security Capabilities

27. Verify Message Integrity

28. Start Integrity Protection

29. RRC: Security Mode Complete

30. Verify Integrity of the Message

31. RANAP: Security Mode Complete

32.Start Ciphering 32.Start Ciphering

Security Mode Setup Procedure

Continuation from previous page

IM Core Network Subsystem

IMS Security Architecture

I-CSCF S-CSCF

Home / Serving Network

P-CSCF

Visited / Home Network

Mutualauthentication

IMS AKA

IPSec:IntegrityProtection

IPSec: Confidentiality and Integrity Protection

Security features for the IMS• Mutual authentication and key agreement between UE

and home network

• Integrity protection between UE and first-hop SIP proxy (P-CSCF)(in later UMTS releases confidentiality protection is likely to be provided in addition)

• IPsec tunnels between IMS network nodes (core network signalling security)

IMS authentication message flow (simplified)

SIP Register

Visited Network Home Network

P-CSCF

Register

UE I-CSCF HSS S-CSCF

Register

401 Unauthorised RAND||AUTN

Cx-AuthDataReq

Register RES

Cx-AuthDataResp RAND||AUTN||XRES||IK||CK

401 Unauthorised RAND||AUTN||IK(||CK)

Register RES

401 Unauthorised RAND||AUTN||IK||CK

Authentication

Register RES

OK OK OK

Authentication

networks

Background: Mobility types

Assumption in this lecture: Infrastructure networks (only first hop wireless)

Different Levels of Mobility:• Pico (e.g. within same radio cell)• Micro (e.g. within same subnet)• Macro (e.g. across subnets but within same administrative domain)• Global (e.g. across different administrative domains)

D Internet

NetworkCellular access(GPRS)

RouterSwitchWLAN AP

WLAN AP

Router

’Alternative’ classification:

• vertical mobility: changing access technology

Mobile Host

Background II: Handover & more mobility typesHand-over classification:• Mobile initiated or network-initiated• Backward or forward• mobile controlled or network controlled• Mobile-assisted or network assisted or unassisted• Proactive or reactive• Make-before-break or break-before make• Soft or hard• fast (without ‚noticable‘ delay)• smooth (no loss of data) • seamless = fast + smooth

More mobility types ...• Host Mobility • User Mobility • Application Mobility• Network Mobility

... and related identifiers• IP address, hostname (DNS)• User-name (e.g. SIP URL)• ---• address prefix / subnetmask

Link-Layer Hand-over: Measurements 802.11b

Scenario• Hard Handover in 802.11b• Both APs use same SSID • HO initiated by pulling cable

from AP1 (’Istanbul’)

Source: Master Thesis, Rui Martins

Measurements II: Hard Hand-over

Measurements III: Soft Hand-over Scenario

Measurements IV: Soft Handover Results

Problem: IP address identifies host as well as topological locationReason: IP Routing:

– Routes selected based on IP destination address– network prefix (e.g. 129.13.42) determines physical subnet– change of physical subnet change of IP address to have a topological correct address

• Solution? Host-based routing: Specific routes to each host– Handover change of all routing table entries in each (!) router– Scalability & performance problem

• Solution? Obtain new IP-address at hand-over– Problem: how to identify host after handover? DNS update performance/scalability problem– Higher protocol layers (TCP/UDP/application) need to ‘handle’ changing IP address

Development of mobile IP

Mobile IP Motivation: Host mobility & Routing

Subnet A

Subnet BIP networkMobile Node

Mobile IP: Principles & Terminology

Underlying Approach: separate host identifier and location identifier maintain multiple IP addresses for mobile host

Terminology:• Mobile Node (MN) with fixed IP address IP1 (home address)• Home Network: subnet that contains IP1 • Home Agent (HA): node in home network, responsible for packet forwarding to MN• Visited Network: new subnet after roaming / handover• Care-of Address (CoA): temporary IP address within visited network• Foreign Agent (FA): node in visited network, responsible for packet forwarding to CoA

Home network

Visited network

IP networkMobile Node

Home Address IP1

FA Home Address IP1

Care of Address: CoA1Correspondent Node

Home Network

Mobile IP: Tunneling &Triangle Routing

CN sends packets to the MN using its Home Address IP1 HA tunnels them to FA, using CoA1; FA forwards them to MNMN sends packets back to the CN using IP2 (without any tunneling)Home Agent needs to contain mapping of care-of address to home address (location register)

Mobile NodeIP1, CoA1

Home Agent Subnet

Correspondent Node (CN)IP2

Visited Network

←IP1

CoA1→

IP2 →

Source: Mobile IPv4 illustrated

Mobile IP: TunnelingDefault encapsulation:

• IP-within-IP (RFC2003)

Other Approaches:

• Minimal encapsulation (RFC2004)

• Generic Routing Encapsulation (GRE) (RFC1702)

IP-within-IP encapsulation

Mobile IP: Agent Discovery & Registration

• Mobile Node finds out about FA through Agent Advertisements– FAs broadcast Advertisements in periodic intervals– Advertisements can be triggered by an Agent Solicitation from the MN

• Care of Address of the MN is determined, either– Dynamically, e.g. using Dynamic Host Configuration Protocol (DHCP)– Or: use IP address of FA as CoA

• MN registers at FA and HA: Registration Request & Reply– MN signals COA to the HA via the FA– HA acknowledges via FA to MN

• Registration with old FA simply expires (limited life-time, soft-state)

FAHA MN

[Agent Solicitation] (opt.)Agent Advertisement

Registration Request

Registration Reply Time

Obtain c/o address

type = 16R: registration requiredB: busy, no more registrationsH: home agentF: foreign agentM: minimal encapsulationG: GRE encapsulationr: =0, ignored (former Van Jacobson compression)T: FA supports reverse tunnelingreserved: =0, ignored

MIP messages:Agent advertisement

preference level 1router address 1

#addressestype

addr. size lifetimechecksum

COA 1COA 2

type = 16 sequence numberlength

0 7 8 15 16 312423code

preference level 2router address 2

registration lifetime

R B H F M G r reservedT

Procedure:

• HA and FA periodically broadcast advertisement messages into their subnets

• MN listens to these messages and detects, if it is in the home or a (new?) foreign network

• when new foreign network: MN reads a COA from the advertisement (opt.)

ICMP Router Discovery extension:

MIP messages: registration request & reply

home agenthome address

type = 1 lifetime0 7 8 15 16 312423

identification

extensions . . .

S B D MG rS: simultaneous bindingsB: broadcast datagramsD: decapsulation by MNM mininal encapsulationG: GRE encapsulationr: =0, ignoredT: reverse tunneling requestedx: =0, ignored

Registration Request (via UDP)

home agenthome address

type = 3 lifetime0 7 8 15 16 31

identification

extensions . . .

Registration Reply (UDP)

Example codes:registration successful• 0 registration accepted• 1 registration accepted, but simultaneous mobility bindings unsupportedregistration denied by FA•65 administratively prohibited•66 insufficient resources•67 mobile node failed authentication

•68 home agent failed authentication•69 requested Lifetime too longregistration denied by HA•129 administratively prohibited•131 mobile node failed authentication•133 registration Identification mismatch•135 too many simultaneous mobility bindings

Transport Layer ProtocolsGoal: data transfer between application (processes) in end-systems

• support of multiplexing/de-multiplexing e.g. socket API

data stream/connection identified by:two IP addresses, protocol number, two port numbers

Overview: Transport Protocols

• User Datagram Protocol UDP (RFC 768)– Connectionless– Unreliable– No flow/congestion control

• Transmission Control Protocol TCP (RFC 793, 1122, 1323, 2018, 2581)– Connection-oriented (full duplex)– Reliable, in-order byte-stream delivery– Flow/congestion control

• Stream Control Transport Protocol SCTP (see later)• Real-Time Transport Protocol RTP

– Uses UDP– Provides: Time-stamps, sequence numbers– Supports: codecs, codec translation, mixing of multi-media streams

Streaming Control Transmission Protocol (SCTP)

• Defined in RFC2960 (see also RFC 3257, 3286)• Purpose initially: Signalling Transport• Features

– Reliable, full-duplex unicast transport (performs retransmissions)– TCP-friendly flow control (+ many other features of TCP)– Multi-streaming, in sequence delivery within streams

Avoid head of line blocking (performance issue)– Multi-homing: hosts with multiple IP addresses, path monitoring (heart-beat mechanism),

transparent failover to secondary paths• Useful for provisioning of network reliability

Host A Host BIPa1

IPa2 IPb2

Separate Networks

SCTP Association

Transport Layer Handover in SCTP

1. MN communicates with CN via established SCTP association (From IP1 to IP CN)

2. When MN comes in Range of AP B• MN obtains new IP address IP2• MN adds IP2 to the existing SCTP association

Address configuration Change (ASCONF) Chunk

3. When connection should be transferred to new AP B• MN sets primary address to IP2• MN deletes old IP1 from SCTP association (ASCONF

chunk)

Correspondent Node

SCTP Mobility support: Discussion• SCTP Handover transparent for network

– No additional network infrastructure needed– Possible use-case: switch to peer-to-peer mode without network support

• avoids tunneling and tri-angular routing

• Endpoints need to support SCTP (with dynamic control of IP addresses)• Signalling to every correspondent node necessary (for every established SCTP

association) for high number of parallel connections, large signalling volume over air interface

• Dynamic Naming Service for connection set-up from CN required (to establish the initial SCTP association)– Dynamic DNS– Other location mechanisms (e.g. based on SIP URLs)

• Only usable for traffic without real-time requirements (due to SCTP flow/congestion control)– but similar approaches, e.g. for RTP, possible

• Simultaneous Handover (Mobile Node and Correspondent Node) can lead to loss of connection

SIP: Mobility support

User/Session/Application Mobility (change of terminal)

• Registration via SIP ‘REGISTER’• Initial connection set-up between MN1 and CN

through ‘INVITE’• mid-session mobility (application mobility): call

transfer, SIP method ‘REFER’ (RFC3515) • Application state could be contained in the message body

(‘proprietary’ extension)

Host Mobility (change of IP address)• Pre-call: re-register, routing of ‘INVITE’ based on SIP-

URL• mid-call: re-invite

Host Identity Protocol (HIP)• IETF drafts, see http://www.ietf.org/html.charters/hip-charter.html• Underlying ideas for mobility support

– Separate host identifier (HI, ‘name’) and locator (‘IP address’)– Dynamic name service or rendezvous server for pre-session mobility– Update of mapping of host identifier locator at handovers– Mechanism works between transport

and network layer• In combination with security

– Host Identity Name space based on public keys

– Hash of HI 128bit Host Identity Tag attached to packets

– 4-packet basic exchange (cookies, Diffie-Hellman Key Exchange)

Host Identity / Host identifier

• Host Identity in HIP is a public asymmetric key pair.– RSA– DSA– Possible others

• Host Identifier (HI) is the public key which is used to refer the Host Identity.– Statically globally unique.– Used for host authentication.– Variable length (Depending on cryptographic algorithm).

• Host Identity Tag (HIT)– is a fixed length (128 or 64 bit) representation of a Host Identifier– Can be used as IPv6 address– Goal: low collision probability

HIP Base exchange

• Beginning of a HIP connection• Consists of a 4-way handshake.• Involves :

– Host authentication– IPsec encryption key exchange

(Diffie-Hellman)– DoS prevention via first handshake

• After Base exchange: only ‘normal’ IPsec packets

• Mobility support via ‘re-direction of Ipsec associations’

Cross-layer aspects of mobility support• Mobility support is not only about connectivity

– Inter-linked with security (authentication, access control/filtering)– Inter-linked with QoS support– Inter-linked with service control

• Example IMS scenario– SIP level (P-CSCF) has responsibility

for service-control, QoS control and access control/filter configuration

– Mobility support mechanisms must not be transparent to SIP levelcross-layer approaches required if lower-layer mobility mechanisms deployed

Summary1. Introduction/Motivation

networks

References• C. Perkins: ’Mobile IP: Design Principles and Practices.’ Addison-Wesley, 1998. • IETF Working groups (see also for RFCs and drafts):

– Mobile IP: http://www.ietf.org/html.charters/mobileip-charter.html– IPsec: http://www.ietf.org/html.charters/ipsec-charter.html– IPv6: http://www.ietf.org/html.charters/ipv6-charter.html– Others: nemo, mip4, dhcp, seamoby

• J. Schiller: ’Mobile Communications’. Addison-Wesley, 2000.• A. Festag, ‘Mobile Internet II, Overview of current mobility approaches’ (lecture material). TU Berlin,

2002.• Seok Joo Koh, ‘mSCTP: Use of SCTP for IP Mobility Support’, Presentation, IT Forum, Korea, 2003• H. Schulzrinne, E. Wedlund, ‘Application-Layer Mobility Using SIP’. Mobile Computing and

Communications Review, Vol. 1, No. 2 • K. Boman, G. Horn, P. Howard, V. Niemi: “UMTS security“, IEE Electronics & Communication

Engineering Journal (ECEJ), special issue on 'Security for telecommunications‘ (2002)• G. Horn, D. Kröselberg,K. Müller: “Security for IP multimedia services in the 3GPP third generation

mobile system”, Proceedings of INC 2002, Third International Network Conference, Plymouth, July 2002.

3GPP specifications can be found under http://www.3gpp.org/.• 3GPP TS 33.102: ‘Security architecture’

Acknowledgements• Lecture notes: Mobile Communciations, Jochen Schiller,

www.jochenschiller.de• Tutorial: IP Technology in 3rd Generation mobile networks,

Siemens AG (J. Kross, L. Smith, H. Schwefel)• Tutorial: Voice over IP Protocols – An Overview, www.vovida.org• Various 3GPP slide-sets• Siemens ICM N PG U SE and Siemens CT IC 3

• Student work AAU– Rui Martins (Master Thesis)– Lars Roost, Per Toft, Gustav Haraldson (Semester project)

• Lecture notes: Wireless communication protocols (R. Prasad, TKM)

YouYouMe

B aTBr

BRo/Br

B aTBr

BThird Party

Br : BridgeRo : Router

Network Architectures beyond cellular networks

Personal Area Networks (PANs)• Devices attached to or in vicinity of person

group mobility models• Wireless communication

• Between devices within PAN• To infrastructure networks• Between two PANs

Wireless multi-hop communication

Impact of wireless multi-hop• Mutual interference• MAC protocol deficiencies• Need for modified routing (ad-hoc domain)

[see http:/www.imec.be/pacwoman]

Personal Networks– Logical networks, defined by appropriate security associations– Potential huge geographical/topological span– Consisting of ad-hoc and infrastructure networks– User centric (PAN as central entity)

Core PAN

Home network

Corporatenetwork

Interconnecting structure(Internet, UMTS, WLAN, Ad Hoc, etc.)

Vehicular area network

Smart building

Personal Network Remote personal devices

Local foreign devices

Remote foreign devices

Extensions of the PAN concept

[see http:/www.ist-magnet.org/]

Health Scenario

Patient’s PAN

Home Network

Hospital Network

InternetHome Agent

Private Network

AN - Active Node (Active Router + Server)

HospitalServices

PatientRecords

Doctor’s PAN

Patient moves home Patient’s PAN

Content server- entertainment- insurance company- etc.

Recoveringpatient at home

Outlook: Future wireless networksServices andapplications

IP based core network

IMT-2000UMTS

WLANtype

cellularGSM

short rangeconnectivity

WirelinexDSL

otherentities

DABDVB

New radiointerface

Properties of future networks (‘4G’):• Heterogeneous access

technologies – 802.11, Bluetooth, cellular, etc.

• IP-based core network– Mobility support on IP layer

(complemented by higher-layer methods)• Mobile IP one major candidate

• wireless multi-hop connections• Personalization (Personal Area Networks,

Personal Networks)• Reconfigurability (Software Defined Radio)• Context Sensitivity

Comparison of technologiesUTRA 802.11

a b g Bluetooth 802.15.1 .3 .4

Standard Availability

1999 2001 1999 2003 1999 2002 (2004) (2004)

Frequency Band /

Licences

2GHzYes

5 GHz 2.4GHz 2.4GHzNo No No

2.4 GHzNo

2.4 2.4 2.4/.915/.868No No No

Cell Radius 30 m – 20 km 50 - 300 m 0,1 - 10 m 10m...100m

Modulation W/TD-CDMA OFDM DSSS DSSS FHSS FHSS FHSS DSSS

MAC Mechanism

Polling CSMA/CA & Polling Polling Polling Poll. CSMA/CA

MobilitySupport

High (Soft handover)

Limited (802.11f) Limited Limited

QoS Support Reservation Polling (PCF) & Priorities (802.11e, HCF)

SCO SCO enhanced Prio.

Security Encryption (data), Integrity

(Signalling)Encryption and Integrity

(WEP, 11i, 11x)

3 levels: no, link level,

service level

3 levels

Hyperlan1 2

1998 2000

5GHz 5GHzNo No

50 - 300 m

GMSK OFDM

Polling

Limited

Scheduling by AP

56\168 DES Encrypt.

(Data+Sgn)

Data Rates(50-60m dist.)

Max. 2 Mbit/s 54Mb/s 11Mb/s 54Mb/s6Mb/s 2Mb/s 2Mb/s

0.72Mb/s0

20Mb/s 55Mb/s 0.25Mb/s20Mb/s 54Mb/s

NO Yes (but throughput degradation)

Yes (Scatternets)

Yes (Scatternets)Support of multi-hop

dynamic Sleep mode Sleep Mode Sleep ModeSleep ModePower Management

Yes (but throughput degradation)

Wireless Networking Trends –Architectures, Protocols & optimizations for future networking scenarios

H. Fathi, J. Figueiras, F. Fitzek, T. Madsen, R. Olsen, P. Popovski, HP Schwefel

• Session 1 Network Evolution & Mobility Support (HPS)

• Session 2 Ad-hoc networking (TKM/FF)

• Session 3 Enabling technologies for ad-hoc NWs (TKM/FF)

• Session 4 Wireless Sensor Networks (PP)

• Session 5 Performance aspects & optimizations (HF/TKM)

• Session 6 Context-sensitive Networking (RLO/JF)

International Wireless Summit

WSPW Wireless Science Park Workshop

GWSW Global Wireless Start-up Promotion Workshop

TRCW Triangular Research Cooperation Workshop

IE Industrial Exhibition

WPMC International Symposium on Wireless Personal Multimedia Communications

SW Strategy Workshop

WSP Wireless Science Parks

8th International Symposium on Wireless Personal Multimedia Communications

September 18-22, 2005 Aalborg Congress & Culture Centre, Denmark

Since 1998 WPMC has become a successful symposium and is now an annual event which has been held in Europe, Asia and USA.

The 8th symposium will address the open challenges to realize

ubiquitous wireless networks seen from a human point of view.

More information www.iws2005.org

wireless networking trends - aalborg...

Documents

wireless networking trends - aalborg...

introduction to computer networking: trends and...

basic issues in wireless networking - nsrc.org · basic...

wireless networking: issues and...

wireless networking systems research - ku...

current trends in wireless networking

wireless networking basics - computer networking products

wireless mesh networking protocol for sustained throughput...

wireless and mobile networking: facts, statistics, and...

wireless networking products

wireless networking: issues and trends - department of

wireless communication & networking

wireless networking: issues and...

wireless networking: issues and trends

wireless networking complete -...

wireless networking adapter

introduction to computer networking: trends and...

chap24 wireless networking

wireless mesh networking

wireless networking