Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Computer security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Computer network wikipedia , lookup
Wireless security wikipedia , lookup
Network tap wikipedia , lookup
Distributed firewall wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Airborne Networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Network Composition between Ambient Networks Cornelia Kappler, Siemens AG ITG Fachgruppentreffen in Aachen, 4./5. Mai 2006 1 Outline Motivation for Composition Composition Examples Composition Process GANS Protocol Identifiers in Composition Detailed Use Case Standardization Summary 2 Motivation: Why Composition? Number and heterogeneity of networks increases Common interface for data communication (IP) exists But what about control signalling? Networks have different capabilities/resources How to extend the capabilities/resources of networks? Networks are moving How to attach/detach moving networks? Radio resources are not the bottleneck But how to exploit them? 3 Motivation: What is Composition A central concept of Ambient Networks is Composition Composition is… a uniform, dynamic procedure for network interworking on the control plane Control Plane Interworking regarding routing, addressing, mobility, QoS, security, charging,.. Uniform procedure independent of network type and technology Dynamic procedure minimize human intervention 4 Composition Examples Attaching the Access Network to the Cellular Network UMTS WLAN WLAN Access Network in a Café Creation of PAN 1 Cellular Operator Network B Cellular Operator Network A Automatic establishment or dynamic update of Roaming Agreements 5 Composition Examples Types of Composition Increasing control plane interworking Network Integration • Involved networks merge into one common network • E.g. creation of a PAN Control Delegation • One AN delegates certain control functions to the other AN • 3GPP-WLAN interworking: WLAN delegates authentication, authorization and charging to 3GPP network • Mobility delegation a la nemo Network Interworking • Cooperation but no control delegation • E.g. dynamic roaming agreements 6 Composition Procedure FE: Functional Entity Ambient Service Interface Network A+B Ambient Control Space Ambient Control Space FE1 Ambient FE1 Network Interface FE2 Ambient Connectivity Composition FE FE5 Ambient Control Space Ambient QoS-FE FE1 Ambient FE5 Connectivity Connectivity Mobility FE6 FE FE 4 FE 3 Composition FE FE2 Ambient Composition Resource Interface FE FE4 FE6 FE 4 FE 3 FE 4 FE 3 7 Ambient Network Interface Composition Procedure Media sense Media Sense Discovery / Discovery / Advertisement ANI AN 1 FE A1 AN AN 22 FE A2 FE B1 FE B2 FE C1 GANS FE C2 Security and Internetworking Establishment Composition Agreement Composition Negotiation Communication of Functional Entities (FEs) across ANI Composition Agreement Realization 8 GANS Signaling ANI AN 1 AN 2 FE x FE y GANS Protocol for communication of FEs across ANI (and intra-AN) To facilitate composition • E.g. QoS FEs negotiate SLA Is backwards compatible with NSIS protocols standardized by NSIS (Next Steps In Signaling) WG of IETF NSIS is a general protocol suite control signaling • Modular and extensible • Signaling flow-related • Signaling to entities on the flow path GANS generalization Signaling composition related rather than flow-related control signaling between FEs rather than along data path Symbolic addressing of FEs 9 GANS Signaling Two layer approach: Lower layer for transporting signaling messages and common functions Upper layer for signaling applications • Upper layer GSLPs (Application Layer) Actual signaling application, e.g. SLA negotiation • Lower layer GTLP (Transport Layer) provides common message transport services – Resolves abstract name (“FEy.AN1”) into host ID/locator (e.g. IP address) – Locates signaling peer, i.e. FE in other AN Establishes security association between pairs of signaling FEs Establishes signaling relation between pairs of signaling FEs • maintained if a peer FE is relocated/reconfigured QoS NSIS Application NAT/FW NSIS Application SLS Negotiation GANS Application Other GANS Applications Abstract Addressing Resolution Lower NSIS / GANS Layer NSIS GANS 10 Identifiers in Composition Problem How identify entities as belonging to a particular AN • E.g. nodes, FEs,… How dynamically change this identification upon composition? Identification includes • Authentication • Establishing a security association • … 11 Identifiers in Composition Solution Each security domain (e.g. ANs α and φ) is identified by a public key • E.g. α, φ • These identifier / public keys are exchanged in the Discovery/Advertisment phase The associated private key is located with the security manager of the AN • E.g. Nodes B, F Each entity owns a self-generated private/public key pair • E.g. A, A* Each entity belonging to the same AN owns a certificate by the security manager, signed with the private key • This way entities belonging to this AN can authenticate themselves 12 Identifiers in Composition – Rearrangement of identifiers upon composition – Example: network integration, φ absorbs α • • • • Security manager of AN α sends list of all entities belonging to α to security manager φ • E.g. entities A, B, C Security manager of AN φ issues membership certificates to A, B, C Security manager of AN φ installs the membership certificates in each A, B, C • with an assertion from manager of AN α Security manager of AN α removes its own membership certificates from A, B and C 13 Composition Use Case: Extension of an Access Networks Internet RADIUS WLAN Cafe AN DHCP Operator Network RADIUS As 3GPP-WLAN interworking in 23.234, but plug&play and more flexible Café sets up WLAN network to offer Internet Access to its customers has corresponding agreement with Operator Network Case 1: Customer is authenticated and charged by Operator Network Case 2: Customer is authenticated and charged by Café Network Café and Operator have SLA guaranteeing access and bandwidth 14 Composition Use Case: Extension of an Access Networks Mapping onto Composition Process Discovery WLAN Access Router has preconfigured access information • IP address of Operator gateway ->Ambient Network ID WLAN sends discovery message to Operator gateway Security and Internetworking Establishment Authentication and Authorisation Establishment of IPSec tunnel for control signaling On basis of pre-established shared secret Composition Agreement preconfigured. May detail control delegation: Who is responsible for allocating addresses? Who is responsible for authentication and authorization? Who is responsible for charging? QoS (may still adjust this via SLA negotiation) Composition Realization 15 Composition Use Case: Extension of an Access Networks New Functionality needed Discovery WLAN-internal logic decides to send discovery messages upon detecting Internet connectivity Protocol for such messages Operator gateway-internal logic allows acting upon reception of discovery messages Dynamic automated agreement establishment between Café Network and Operator Network Preconfigured Agreements Protocol for agreement establishment Dynamic agreement realization WLAN may have to activate DHCP Server, accounting… 16 Composition - Standardization The Ambient Networks Project established a Study Item “Network Composition” in 3GPP SA1 TR 22.980 „Network composition feasibility study; (Release 7)” Content Purpose and benefits of composition Use cases Requirement Composition Process New functionality in 3GPP networks Relation to other functionality in evolving 3GPP architecture • AIPN,… 17 Summary Composition is a uniform, dynamic procedure for network interworking in the control plane Feasibility study in 3GPP Composition process Discovery/ Advertisment Security and Internetworking establishment Composition Agreement negotiation Composition Agreement realization GANS is the protocol for negotiating and realizing Composition Agreements Based on NSIS work ANs and their members are identified by a cryptographic key Certificates based on this key identify members Certificates are updated upon composition Composition is a Study Item in 3GPP SA1 18 Thank you! Ambient Control Space FE1 FE1 FE5 Ambient Control Space FE5 FE1 QoS-FE Ambient FE5 Any Questions? Ambient Connectivity FE2 Composition FE Connectivity MobilityFE6 FE2 FE FE 4 FE 3 FE2 Composition FE FE6 FE4 FE 4 FE 3 Decomposing 19 Backup 20 GANS Signaling – GTLP and DEEP DEEP (Destination Endpoint Exploring Protocol) Supporting distributed name resolution of abstract name into host ID/locator (e.g. IP address) Flexible regarding name resolution infrastructure (DNS, more dynamic mechanisms,…) Not tied to any particular name resolution mechanism/concept FE x GANS GANS FE y GANS GSLP GSLP name resolution name resolution GTLP GTLP AN 1 DEEP name resolution AN 2 name resolution 21 Composition Agreement - Overview The agreement made between two ANs during the composition is called the Composition Agreement Can pre-establish and re-use Composition Agreements • E.g. for reoccurring compositions A Composition Agreement covers Commercial and Technical issues Details of composing AN‘s relationship 22 Composition Agreement Information Model Composition Agreement Identification Legal Issues Service description Financial Issues QoS related part Monitoring & performance reporting Problem reporting & Troubleshooting Other issues 23 Different Composition Agreements Depending on compensation involved different forms of Composition Agreements may be required medium or large amount of compensation, e.g. 3GPP networks composition • preestablished paper Composition Agreements giving legal framework, possible range of cooperation • During composition procedure determine specific parameters low or no amount of compensation, e.g. small AN networks, or PANs composing • electronic Composition Agreements Electronic Composition Agreements may revolutionize network cooperation, in a way credit cards have revolutionized the way we pay! 24