IEEE802.21 Assisted Fast Re-Authentication Scheme over GSABA

Introduction

In order to satisfy the demand for high bit rate services to be available in real-time in mobility and globally, network operators (Internet Service Providers (ISPs), carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure generally referred to as a Next Generation Network (NGN). For network professionals, NGNs will potentially allow company staff to access corporate network or outsourced real-time applications away from the office while mobile. This has major implications for situational awareness. Network professionals would need to monitor the use of such resources in real-time by company staff who are out of the office and on the move. However, the starting point for all discussions associated with business critical information services over the Internet is availability. In the context of NGNs use of real-time applications in mobility is critically dependent on stringent QoS requirements being met. Roaming often implies a temporary service disruption due to handover from one Point of Attachment (PoA) to another. Authentication, Access and Accounting (AAA) based authentication mechanisms like Extensible Authentication Protocol (EAP) incur signalling overheads due to large Round Trip Times (RTTs) and as a result overall handover latency also increases. Such disruption is unacceptable for potentially business critical applications such as Voice over IP (VoIP), video conferencing, streaming media, etc. In this chapter a fast re-authentication scheme is presented in which utilizes IEEE802.21 Media Independent Handover (MIH) services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Therefore, it is shown that the demands mobility places on availability can broadly be met leaving only the generic issues of Internet availability. For situational awareness authentication of all users of the network is an absolute requirement. For users accessing company provided resources out of the office on a NGN there will be two steps to authenticating users, first the user must be authenticated by the NGN, then the corporate network must authenticate users of resources it provides who are accessing those resources over a NGN.

In presenting a fast re-authentication scheme this chapter shows that the overall handover procedure across integrated IP-based access networks is a very complicated process, which occurs at almost every layer of the protocol stack. In order to perform an intelligent and optimized handover, it is essential to exchange and utilize cross-layer information between different layers of the protocol stack. Even when intelligent and optimised handover is enabled the complexity of the process will raise major challenges for situational awareness. For NGN operators the first challenge will be the need to educate their own analysts as to the nature of, and the risks posed by, the process. For corporate network professionals the challenge will be to find ways of working with NGN operators to obtain the assurances they need to make their resources available in real-time to company employees who away from the office and on the move. These assurances could include the provision of information related to company employees’ use of the network.

Mobile IPv6 (MIPv6) and Fast Mobile IPv6 (FMIPv6) have been specified by the Internet Engineering Task Force (IETF) as mobility standards to tackle the issues associated with handover latencies at the IP (i.e. Layer 3 (L3)) layer. Similarly, there are media specific mechanisms intended to improve the Layer 2 (L2) handover, such as, the handover optimization in 802.16e and the fast Base Station (BS) transition in 802.11r (Goldman 2008). Also, the IEEE802.21 Working Group (WG) has developed a standard for cross-layer interactions to enable handover and interoperability between heterogeneous network types including both 802 and non 802 networks.