Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
May. 2003 doc.: 802_Handoff_Linksec_Presentation 802 Handoff LinkSec Handoff Issues? David Johnston [email protected] [email protected] Submission Slide 1 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation First Session of 802 Handoff ECSG Launched, May 2003 • Attendance – Monday – 30 – Tuesday – 19 – Thursday – 22 • Total Attendance – 45 • 29 Separate organizations represented Submission Slide 2 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation Officers • Chair – David Johnston, Intel • Reluctant Recording Secretary – Paul Lin, Intel • Vice Chair – None, volunteers welcome Submission Slide 3 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation Charter • Consider the possibility of specifying a common handoff framework application to 802 standards, wired and wireless • Consider placement of work (In a new working group or 802.1) • Authorized to draft a PAR Submission Slide 4 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation Objectives • Define scope and requirements – May work with all MACs and PHYs • Without unnecessary overhead • 802.x 802.y (where x could equal y) • 802.x non 802 – Consider how to address Authentication and Security • Within the PAR? Coordinated with Link Security group • Specify a framework that 802 MACs can adopt – MAC SAP Messages – MIB Entries – Other? Submission Slide 5 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation What it is not • It is not proposed to implement a protocol for handoff – We are at the link layer. What are we handing off? – Entire problem cannot be solved at layer 2 • So this is not a handoff standard! Submission Slide 6 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation Scenario • Multi interfaced device – Docked Laptop with 802.3, 802.11 and 802.16e – Mobile IP session being used for VoIP and web traffic • Laptop undocks – Needs to make a timely decision to switch to 802.11 and attach to a suitable AP. – Existing traffic should suffer minimum interruption • Laptop moves out of building – Needs to make a timely decision to switch to 802.16e and choice a suitable BS – Existing traffic should suffer minimum interruption Submission Slide 7 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation What it is • Focus is on – Enabling good handoff decisions • Handoff decision data with interface – Signaling appropriately to L3 handoff capable entities • L2 triggers • Wired and Wireless – 802.3 to 802.[11/15/16] are important cases Submission Slide 8 David Johnston, Intel May. 2003 (very) doc.: 802_Handoff_Linksec_Presentation Simplified Anatomy of a Handoff • Something somewhere up the stack agrees, in its own way to handoff from one place to another – E.G. Mobile IP • Consequently, down at the link layer, an attachment switches from one place to another – Association-authentication-authorization in one of several possible orders and flavors – Either by picking a new attachment point for an interface, or picking a new interface Submission Slide 9 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation The blocking behavior of 802.1x • 802.1x allows access to the MAC • Blocks access to all LSAPs above the LLC except for EAPoL until authentication has completed – So only MAC signalling and EAP available prior to authentication – This takes advantage of the common MSDU transport capability of different 802 networks. – A mechanism applicable to diverse 802 network types could not be codified in existing MAC signaling or EAP • So current 802 authentication practice impacts on the transfer of handoff related information prior to authentication Submission Slide 10 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation Pre – auth Requirements • Prior to attempting to authenticate, the mobile node may want to know whether it is worth the effort – Does the AP support my L3 network needs? – Do I have a payment method, auth protocol, subscription that will work on the candidate AP? – Can my QoS needs be met? • It would be nice for the conduit for this information: – To not be blocked prior to authentication – To be applicable to diverse 802 network types (MSDU transport) Submission Slide 11 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation Extending the auth model be extended to support Handoff • Extend set of pre authentication unblocked things from: – MAC signalling – EAPoL • To: – MAC signalling – EAPol – Non sensitive handoff related data Submission Slide 12 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation For Example • Extend the unblocked fork of 802.1x Non Sensitive Handoff Information/ Protocol/negotiation EAPoL L3 L3 L3 L3 802.2 Submission 802.2 Slide 13 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation So: One requirement • Don’t make it impossible for the definition of the distribution of media independent handoff decision data prior to authentication – Allows mobile nodes to handoff based on good information – Enables mobile nodes to choose who they should bother authenticating to. Submission Slide 14 David Johnston, Intel May. 2003 doc.: 802_Handoff_Linksec_Presentation Port == AID?! • In 802.11 the port is defined to be attached to an association • Prevents authentication before association • Is a problem for 802.11 if you have handoff decision data on the uncontrolled port – Increases time to access handoff data – Leaves only the beacon for public data before auth • Limited in size, • Unsafe to extend • Not common across 802 • Can the port not be per mobile part MAC address or some such thing? Submission Slide 15 David Johnston, Intel