Low-latency mobile IP handoff for infrastructure-mode wireless LANs

The increasing popularity of IEEE 802.11-based wireless local area networks (LANs) lends them credibility as a viable alternative to third-generation (3G) wireless technologies. Even though wireless LANs support much higher channel bandwidth than 3G networks, their network-layer handoff latency is still too high to be usable for interactive multimedia applications such as voice over IP or video streaming. Specifically, the peculiarities of commercially available IEEE 802.11b wireless LAN hardware prevent existing mobile Internet protocol (IP) implementations from achieving subsecond Mobile IP handoff latency when the wireless LANs are operating in the infrastructure mode, which is also the prevailing operating mode used in most deployed IEEE 802.11b LANs. In this paper, we propose a low-latency mobile IP handoff scheme that can reduce the handoff latency of infrastructure-mode wireless LANs to less than 100 ms, the fastest known handoff performance for such networks. The proposed scheme overcomes the inability of mobility software to sense the signal strengths of multiple-access points when operating in an infrastructure-mode wireless LAN. It expedites link-layer handoff detection and speeds up network-layer handoff by replaying cached foreign agent advertisements. The proposed scheme strictly adheres to the mobile IP standard specification, and does not require any modifications to existing mobile IP implementations. That is, the proposed mechanism is completely transparent to the existing mobile IP software installed on mobile nodes and wired nodes. As a demonstration of this technology, we show how this low-latency handoff scheme together with a wireless LAN bandwidth guarantee mechanism supports undisrupted playback of remote video streams on mobile stations that are traveling across wireless LAN segments.     

一种身份与位置分离环境下基于网络的安全移动性管理协议

针对身份与位置分离(Locator/Identifier Separation Protocol,LISP)环境下的移动性管理问题,提出一种基于网络的安全移动性管理协议—LISP-SMCP(Secure Mobility Control Protocol)。以接入网为移动管理区域,LISP-SMCP有效地支持移动节点在区域内切换和区域间切换,并实现本地认证和双向认证。安全性和性能分析结果表明,LISP-SMCP可以防止中间人、重放和消息篡改等网络攻击,且具有较小的认证时延、切换时延和切换阻塞率。     

An efficient heterogeneous key management approach for secure multicast communications in ad hoc networks

In a mobile wireless ad hoc network, mobile nodes cooperate to form a network without using any infrastructure such as access points or base stations. Instead, the mobile nodes forward packets for each other, allowing communication among nodes outside wireless transmission range. As the use of wireless networks increases, security in this domain becomes a very real concern. One fundamental aspect of providing confidentiality and authentication is key distribution. While public-key encryption has provided these properties historically, ad hoc networks are resource constrained and benefit from symmetric key encryption. In this paper, we propose a new key management mechanism to support secure group multicast communications in ad hoc networks. The scheme proposes a dynamic construction of hierarchical clusters based on a novel density function adapted to frequent topology changes. The presented mechanism ensures a fast and efficient key management with respect to the sequential 1 to n multicast service.     

A Seamless Handoff Mechanism for DHCP-Based IEEE 802.11 WLANs

IEEE 802.11 wireless networks have gained great popularity. However, handoff is always a critical issue in this area. In this paper, we propose a novel seamless handoff mechanism for IEEE 802.11 wireless networks which support IEEE 802.11i security standard. Our approach consists of a dynamic tunnel establishing procedure and a seamless handoff mechanism. Both intra- and inter-subnet handoff cases are considered in our seamless handoff approach. Our work focuses on handoffs in DHCP-based IP networks rather than mobile IP-supported networks, but the proposed scheme can be easily tailored to mobile IP-supported networks.     

Pre-scan based fast handoff scheme for enterprise IEEE 802.11 networks

In IEEE 802.11 networks, many access points (APs) are required to cover a large area due to the limited coverage range of APs, and frequent handoffs may occur while a station (STA) is moving in an area covered by several APs. However, traditional handoff mechanisms employed at STAs introduce a few hundred milliseconds delay, which is far longer than what can be tolerated by some multimedia streams such as voice over Internet protocol (VoIP), it is a challenging issue for supporting seamless handoff service in IEEE 802.11 networks. In this paper, we propose a pre-scan based fast handoff scheme within an IEEE 802.11 enterprise wireless local area network (EWLAN) environment. The proposed scheme can help STA obtain the best alternative AP in advance after the pre-scan process, and when the handoff is actually triggered, STA can perform the authentication and reassociation process toward the alternative AP directly. Furthermore, we adopt Kalman filter to minimize the fluctuation of received signal strength (RSS), thus reducing the unnecessary pre-scan process and handoffs. We performed simulations to evaluate performance, and the simulation results show that the proposed scheme can effectively reduce the handoff delay.     

A Secure Relay-Assisted Handover Protocol for Proxy Mobile IPv6 in 3GPP LTE Systems

The LTE (Long Term Evolution) technologies defined by 3GPP is the last step toward the 4th generation (4G) of radio technologies designed to increase the capacity and speed of mobile telephone networks. Mobility management for supporting seamless handover is the key issue for the next generation wireless communication networks. The evolved packet core (EPC) standard adopts the proxy mobile IPv6 protocol (PMIPv6) to provide the mobility mechanisms. However, the PMIPv6 still suffers the high handoff delay and the large packet lost. Our protocol provides a new secure handover protocol to reduce handoff delay and packet lost with the assistance of relay nodes over LTE networks. In this paper, we consider the security issue when selecting relay nodes during the handoff procedure. During the relay node discovery, we extend the access network discovery and selection function (ANDSF) in 3GPP specifications to help mobile station or UE to obtain the information of relay nodes. With the aid of the relay nodes, the mobile station or UE performs the pre-handover procedure, including the security operation and the proxy binding update to significantly reduce the handover latency and packet loss. The simulation results illustrate that our proposed protocol actually achieves the performance improvements in the handoff delay time and the packet loss rate.     

Proactive key distribution using neighbor graphs

User mobility in wireless data networks is increasing because of technological advances, and the desire for voice and multimedia applications. These applications, however, require that handoffs between base stations (or access points) be fast to maintain the quality of the connections. In this article we introduce a novel data structure, the neighbor graph, that dynamically captures the mobility topology of a wireless network. We show how neighbor graphs can be utilized to obtain a 99 percent reduction in the authentication time of an IEEE 802.11 handoff (full EAP-TLS) by proactively distributing necessary key material one hop ahead of the mobile user. We also present a reactive method for fast authentication that requires only firmware changes to access points and hence can easily be deployed on existing wireless networks.     

Secure and efficient scheme for fast initial link setup against key reinstallation attacks in IEEE 802.11ah networks

IEEE 802.11ah is a recently released IEEE standard to specify a wireless communication system with a long‐range, low‐power, and low data transmission rate over smart devices used in Internet of Things (IoT) systems. This new standard belongs to IEEE 802.11 wireless local area networks (WLANs) protocol family. It requires lightweight protocols to support the low‐power and low‐latency features of the IoT devices. On the other hand, an upcoming solution of fast initial link setup (FILS) specified by IEEE 802.11ai standard is a brand‐new approach aiming to establish fast and secure links among devices in WLANs to meet this new demand. It is natural and feasible to apply it to the 802.11ah networks to support massively deployed wireless nodes. However, security concerns on the link connection by the FILS scheme have not been fully eliminated, especially in the authentication process. It has been explored that a type of recently revealed malicious attack, key reinstallation attack (KRA) might be a threat to the FILS authentication. To prevent the success of the KRAs, in this paper, we proposed a secure and efficient FILS (SEF) protocol as the optional substitute of the FILS scheme. The SEF scheme is designed to eradicate potential threats from the KRAs without degrading the network performance.     

Trust-Based Fast Authentication for Multiowner Wireless Networks

In multiowner wireless networks, access points (APs) are owned and operated by different administrations, leading to significant authentication delays during handoff between APs. We propose to exploit the trust between the owners of neighboring APs for reducing the authentication delay. In the proposed authentication scheme, neighboring APs that trust each other share the security key for the visiting node to avoid lengthy authentication routines each time the visiting node switches APs. The performance of the proposed trust-based authentication scheme is evaluated using a Markov model. Using numerical experiments, we first study a basic scenario where mobile nodes are not aware of the trust networks that exist in a given neighborhood. Subsequently, we consider an advanced scenario where a mobile node functionality is augmented to discover the trust network so as to minimize roaming beyond the trusted APs. We find that, even with the basic implementation, the average number of full authentications needed for a roaming mobile reduces linearly as the likelihood of two neighboring APs trusting each other increases. With the advanced implementation, our experiments show that quadratic reduction is achieved. The Markov model is validated using discrete event simulation.     

一种新的基于移动IPv6的快速切换方案

基本的移动IPv6（MIPv6）切换延迟非常大,不能满足实时业务的要求。本文基于对MIPv6的切换时延的分析,提出了一种IEEE802．11无线局域网环境下MIPv6的低时延切换方法,该方法通过结合使用连接触发器和快速路由器公告,并通过IP地址与MAC地址的映射机制来优化切换过程。仿真结果表明,该方法能够有效降低节点切换过程的时延,同时其性能优于以往相关的工作。     

Provisioning QoS controlled media access in vehicular to infrastructure communications

The emerging IEEE 802.11p standard adopts the enhanced distributed channel access (EDCA) mechanism as its Media Access Control (MAC) scheme to support quality-of-service (QoS) in the rapidly changing vehicular environment. While the IEEE 802.11 protocol family represents the dominant solutions for wireless local area networks, its QoS performance in terms of throughput and delay, in the highly mobile vehicular networks, is still unclear. To explore an in-depth understanding on this issue, in this paper, we develop a comprehensive analytical model that takes into account both the QoS features of EDCA and the vehicle mobility (velocity and moving directions). Based on the model, we analyze the throughput performance and mean transmission delay of differentiated service traffic, and seek solutions to optimally adjust the parameters of EDCA towards the controllable QoS provision to vehicles. Analytical and simulation results are given to demonstrate the accuracy of the proposed model for varying EDCA parameters and vehicle velocity and density.     

基于动态群签名的802.11s Mesh网络接入认证

802.11s Mesh网络作为新一代的无线局域网（WLAN）标准能有效弥补802.11b协议在易布署性和安全性方面中存在的不足。由于802.11s Mesh网络原有接入认证协议时间复杂性较高,针对性地提出了一种基于动态群签名技术的接入认证协议,在认证服务器、密钥分发者和接入点之间通过四轮交互即可实现所有接入点之间的相互认证。通过论证,该接入认证协议能有效提高接入认证过程的计算性能和通信性能,并保证接入认证过程的安全性。     

Protected session keys context for distributed session key management

Handoffs must be fast for wireless mobile nodes (MN) without sacrificing security between the MN and the wireless access points in the access networks. We describe and analyze our new secure Session Keys Context (SKC) scheme which has all the good features, like mobility and security optimization, of the currently existing key distribution proposals, namely key-request, pre-authentication, and pre-distribution. We analyze these solutions together, and provide some conclusions on possible co-operative scenarios and on which level of the network to implement them. Finally before conclusions we provide some handoff delay simulation results with SKC and key request schemes with corresponding example handoff scenarios with a next generation radio link layer.     

车载网络IEEE 802.11p协议的特性研究

为了深入探讨车载网络协议IEEE 802.11p的特性,首先对该协议的物理层、媒体控制访问层及其帧结构进行了详细介绍,然后从工作频率、传输速率及最大功耗等方面与其他短距离无线通信技术进行对比分析,最后归纳出车载网络协议IEEE 802.11p作为一项新的协议标准,在车载网络的实际应用中有着区别于其他无线通信技术的特有优势。因此,对该协议的突破性研究,将有助于车载网络技术在智能交通系统领域走向实用,既具有一定的理论意义,又具有重要的应用前景。     

Performance Study of a Mobile Multi-hop 802.11a/b Railway Network Using Passive Measurement

In this paper, we study the performance of IEEE 802.11a/b in a large-scale mobile railway networks and introduce our developed passive measurement approach. To provide a comprehensive evaluation, we built an outdoor multi-hop multi-interface railroad testbed (UNL-FRA Testbed), which consists of eight access points deployed along 3.5 mile of railroad track. We propose a novel large-scale passive measurement approach that synchronizes the system clocks of our monitoring systems, merges packet traces collected from multiple wireless channels across a multi-hop network, and enables a global performance view for the entire monitored network and across multiple layers. Based on the testing data collected from 15 field experiments carried out using BNSF locomotives and HyRail vehicles over a period of 18 months we conclude that in typical outdoor 802.11 railway environments the wireless link quality, the channel assignment scheme, and the handoff latency have much more significant impacts on the performance than the velocity. Furthermore, we discuss the implications of our conclusions on guaranteeing the quality of mobile services. We believe this is the first analysis on such a scale for 802.11-family railway networks.     

A mutual authentication and privacy mechanism for WLAN security

IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.     

IEEE 802.11 roaming and authentication in wireless LAN/cellular mobile networks

A wireless LAN service integration architecture based on current wireless LAN hot spots is proposed so that migration to a new service becomes easier and cost effective. The proposed architecture offers wireless LAN seamless roaming in wireless LAN/cellular mobile networks. In addition, a link-layer-assisted mobile IP handoff mechanism is introduced to improve the network/domain switching quality in terms of handoff delay and packet loss. An application layer end-to-end authentication and key negotiation scheme is proposed to overcome the open-air connection problem existing in wireless LAN deployment. The scheme provides a general solution for Internet applications running on a mobile station under various authentication scenarios and keeps the communications private to other wireless LAN users and foreign network. A functional demonstration of the scheme is given. The research results can contribute to rapid deployment of wireless LANs.     

无线异构网络的关键安全技术

异构网络的融合及协同工作在下一代公众移动网络中将是一个很普遍的问题,无线异构网络融合技术作为改善公众移动网络的覆盖和容量以及提供无处不在的通信能力、接入Internet的能力和无处不在的移动计算能力的有效手段,已引起广泛的关注,有着良好的应用前景。构建无线异构网络的安全防护体系,研究新型的安全模型、关键安全技术和方法,是无线异构网络发展过程中所必须关注的重要问题。无线异构网络中的关键安全技术包括安全路由协议、接入认证技术、入侵检测技术、节点间协作通信等。     

Hierarchical Mobile IPv6 Mobility Management in Heterogeneous 3G/WLAN Networks

The research and development of next generation networks results in continuously growing in heterogeneity of wireless systems. Those systems also offer users the increasing possibility of roaming between different networks, which undoubtedly needs seamless integration. As mobile users continue to expand their requirements for seamless roaming, a good handoff mechanism is necessary especially for cellular networks and wireless local area networks. The most critical problem faced in the handoff mechanism is that users may need immediate data transmission. However, immediate data transmission is always obstructed because handoff latency occurs. In this paper, we propose a Hierarchical Mobile IPv6 handoff scheme using active measurement-foreign mobility agent to measure the residual bandwidth of each access point (AP) for handoff decision. As a result, the proposed scheme prevents whole efficiency from being affected by the registration time and improves immediate data transmission. In addition, a dual-threshold of the received signal strength is used to avoid the ping-pong effect. Simulation results show that the proposed scheme outperforms the traditional Mobile IPv6 and enhanced multilayer Hierarchical Mobile IPv6.     

Mitigating tail latency in IEEE 802.11–based networks

Delay sensitive applications are being actively introduced with the advent of 5G and vehicular communications, and such applications are very sensitive to tail latency. However, tail latency has not been seriously considered so far, especially in IEEE 802.11–based networks. Channel access is scheduled by random Contention Window (CW) values in IEEE 802.11–based networks, and the node with the larger CW waits longer, and it may even observe multiple transmissions from a single contending node, which results in a long latency tail. In this paper, we propose a new decentralized MAC called SynchMAC to mitigate this latency tail. In SynchMAC, every competing node transmits exactly one packet within a virtual time slot without a centralized controller. Using the proposed approach, the maximum channel access latency is bounded by T×2N, where T is the time required for transmitting a single packet (including Inter‐Frame Space and CW) and N is the number of competing nodes. To maximize the system throughput, the proposed scheme optimizes the value of T by considering the probability of successful transmission. Our simulation study shows that SynchMAC reduces the maximum access latency by up to 94% and 53% compared with the conventional IEEE 802.11 MAC and the comparative scheme, respectively, without degrading throughput performance. We also show that SynchMAC is easily extended to support weighted access.