Upload
joleen-cain
View
214
Download
2
Embed Size (px)
Citation preview
May. 2003
David Johnston, IntelSlide 1
doc.: 802_Handoff_Linksec_Presentation
Submission
802 HandoffLinkSec Handoff Issues?
David Johnston
May. 2003
David Johnston, IntelSlide 2
doc.: 802_Handoff_Linksec_Presentation
Submission
First Session of 802 Handoff ECSG Launched, May 2003
• Attendance– Monday – 30– Tuesday – 19– Thursday – 22
• Total Attendance – 45
• 29 Separate organizations represented
May. 2003
David Johnston, IntelSlide 3
doc.: 802_Handoff_Linksec_Presentation
Submission
Officers• Chair
– David Johnston, Intel
• Reluctant Recording Secretary– Paul Lin, Intel
• Vice Chair– None, volunteers welcome
May. 2003
David Johnston, IntelSlide 4
doc.: 802_Handoff_Linksec_Presentation
Submission
Charter• Consider the possibility of specifying a
common handoff framework application to 802 standards, wired and wireless
• Consider placement of work (In a new working group or 802.1)
• Authorized to draft a PAR
May. 2003
David Johnston, IntelSlide 5
doc.: 802_Handoff_Linksec_Presentation
Submission
Objectives
• Define scope and requirements– May work with all MACs and PHYs
• Without unnecessary overhead• 802.x 802.y (where x could equal y)• 802.x non 802
– Consider how to address Authentication and Security• Within the PAR? Coordinated with Link Security group
• Specify a framework that 802 MACs can adopt– MAC SAP Messages– MIB Entries– Other?
May. 2003
David Johnston, IntelSlide 6
doc.: 802_Handoff_Linksec_Presentation
Submission
What it is not
• It is not proposed to implement a protocol for handoff– We are at the link layer. What are we handing
off?– Entire problem cannot be solved at layer 2
• So this is not a handoff standard!
May. 2003
David Johnston, IntelSlide 7
doc.: 802_Handoff_Linksec_Presentation
Submission
Scenario• Multi interfaced device
– Docked Laptop with 802.3, 802.11 and 802.16e– Mobile IP session being used for VoIP and web traffic
• Laptop undocks– Needs to make a timely decision to switch to 802.11
and attach to a suitable AP.– Existing traffic should suffer minimum interruption
• Laptop moves out of building– Needs to make a timely decision to switch to 802.16e
and choice a suitable BS– Existing traffic should suffer minimum interruption
May. 2003
David Johnston, IntelSlide 8
doc.: 802_Handoff_Linksec_Presentation
Submission
What it is• Focus is on
– Enabling good handoff decisions• Handoff decision data with interface
– Signaling appropriately to L3 handoff capable entities• L2 triggers
• Wired and Wireless– 802.3 to 802.[11/15/16] are important cases
May. 2003
David Johnston, IntelSlide 9
doc.: 802_Handoff_Linksec_Presentation
Submission
(very) Simplified Anatomy of a Handoff
• Something somewhere up the stack agrees, in its own way to handoff from one place to another– E.G. Mobile IP
• Consequently, down at the link layer, an attachment switches from one place to another– Association-authentication-authorization in one of
several possible orders and flavors
– Either by picking a new attachment point for an interface, or picking a new interface
May. 2003
David Johnston, IntelSlide 10
doc.: 802_Handoff_Linksec_Presentation
Submission
The blocking behavior of 802.1x
• 802.1x allows access to the MAC• Blocks access to all LSAPs above the LLC except for
EAPoL until authentication has completed– So only MAC signalling and EAP available prior to authentication– This takes advantage of the common MSDU transport capability
of different 802 networks.– A mechanism applicable to diverse 802 network types could not
be codified in existing MAC signaling or EAP
• So current 802 authentication practice impacts on the transfer of handoff related information prior to authentication
May. 2003
David Johnston, IntelSlide 11
doc.: 802_Handoff_Linksec_Presentation
Submission
Pre – auth Requirements• Prior to attempting to authenticate, the mobile
node may want to know whether it is worth the effort– Does the AP support my L3 network needs?– Do I have a payment method, auth protocol,
subscription that will work on the candidate AP?– Can my QoS needs be met?
• It would be nice for the conduit for this information:– To not be blocked prior to authentication– To be applicable to diverse 802 network types
May. 2003
David Johnston, IntelSlide 12
doc.: 802_Handoff_Linksec_Presentation
Submission
Extending the auth model be extended to support Handoff
• Extend set of pre authentication unblocked things from:– MAC signalling– EAPoL
• To:– MAC signalling– EAPol– Non sensitive handoff related data
May. 2003
David Johnston, IntelSlide 13
doc.: 802_Handoff_Linksec_Presentation
Submission
For Example• Extend the unblocked fork of 802.1x
802.2 802.2
EAPoLL3 L3 L3
Non SensitiveHandoff Information/Protocol/negotiationL3
May. 2003
David Johnston, IntelSlide 14
doc.: 802_Handoff_Linksec_Presentation
Submission
So: One requirement
• Don’t make it impossible for the definition of the distribution of media independent handoff decision data prior to authentication– Allows mobile nodes to handoff based on good
information– Enables mobile nodes to choose who they
should bother authenticating to.