Redirection of call to MS at a visiting location

Download Report

Transcript Redirection of call to MS at a visiting location

Chapter 10
Mobile Communication Systems
1
Outline







Cellular System Infrastructure
Registration
Handoff Parameters and Underlying Support
Roaming Support
Multicasting
Security and Privacy
Firewalls and System Security
2
Cellular System Infrastructure
Base Station System
BTS
VLR
HLR
BSC
AUC
BTS
EIR
…
…
MS
BTS
MSC
BTS: Base transceiver system
BSC:BS controller
VLR: Visitor location register
HLR: Home location register
AUC: Authentication center
EIR: Equipment identity register
MSC: Mobile switching center
PSTN: Public switched telephone
Network
ISDN: Integrated services digital
network
BTS
BSC
…
MS
…
BTS
BTS
Gateway
MSC
PSTN/ISDN
MSC
Base Station System
3
VLR/HLR/AUC/EIR





VLR contains information about all visiting MSs
in that particular area of MSC
VLR has pointers to the HLR’s of visiting MS
VLR helps in billing and access permission to the
visiting MS
AUC provides authentication and encryption
parameters
EIR contains identity of equipment that prevents
service to unauthorized MSs
4
Classical Mail Forwarding
Technique?
Mail from the world
Post Office
Cincinnati
Cincinnati
Post Office
Washington, DC
Washington, DC
Automatic Location Update
Home
network
HLR
2
Caller
Home
Mobile
Switching
Center
Update location
Info. sent to HLR
MS
VLR
1
Visiting
Mobile
Switching
Center
PSTN
Location update request
Using Beacon Signals
MS
Visiting
area
6
Automatic Call Forwarding
using HLR-VLR
Home
Network
HLR
Home MSC checks
HLR; gets current
location of MS
in visiting area
2
Caller
home
Mobile
Switching
Center
1
VLR
3
PSTN
Call sent to
home location
Mobile
Switching
Center
4
Home MSC forwards
call to visiting MSC
MS
Visiting
Area
MSC in visiting area sends
call to BS and connects MS
7
Redirection of Call to MS at a
Visiting Location
Home MSC
Call routed as
per called
number to
MS
Home
MSC
Another MSC
Visiting
MSC
Cell where MS is
currently located
BS
HLR
VLR
MS
Through backbone
8
Registration






Wireless system needs to know whether MS is
currently located in its home area or some other
area (routing of incoming calls)
This is done by periodically exchanging signals
between BS and MS known as Beacons
BS periodically broadcasts beacon signal (1 signal
per second) to determine and test the MSs around
Each MS listens to the beacon, if it has not heard it
previously then it adds it to the active beacon
kernel table
This information is used by the MS to locate the
nearest BS
Information carried by beacon signal: cellular
network identifier, timestamp, gateway address ID
of the paging area, etc.
9
Steps for Registration




MS listens to a new beacon, if it’s a new one, MS
adds it to the active beacon kernel table
If MS decides that it has to communicate through
a new BS, kernel modulation initiates handoff
process.
MS locates the nearest BS via user level processing
The visiting BS performs user level processing and
decides:





Who the user is?
What are its access permissions?
Keeping track of billing
Home site sends appropriate authentication
response to the current serving BS
The BS approves/disapproves the user access
10
Using a Mobile Phone Outside the
Subscription Area
Through backbone
3 Authentication request
4 Authentication response
MS
1
2
5
Visiting BS
(Visiting MSC)
Home BS
(Home MSC)
11
Applications and Characteristics of
Beacon Signals
Application
Frequency band
Information carried
Cellular networks
824-849 MHz (AMPS/CDPD),
1,850-1,910 MHz (GSM)
Wireless LANs
902-928 MHz (industrial, scientific, and
Traffic indication map
medical band for analog and mixed signals)
2.4-2.5GHz (ISM band for digital signals)
(discussed in Chapter
15)
Cellular IP network identifier,
Gateway IP address, Paging area
ID, Timestamp
Ad hoc networks
(discussed in Chapter
14)
902-928 MHz (ISM band for analog and mixed
signals) 2.4-2.5 GHz (ISM band for digital
signals)
Network node identify
GPS (discussed in
Chapter 12)
1575.42 MHz
Timestamped orbital map and
astronomical information
Search and rescue
406 and 121.5 MHz
Registration country and ID of
vessel or aircraft in distress
Mobile robotics
100 KHz - 1 MHz
Position of pallet or payload
Location tracking
300 GHz - 810 THz (infrared)
Digitally encoded signal to
identify user's location
Aid to the impaired
176 MHz
Digitally coded signal uniquely
identifying physical locations
12
Handoff Parameters and
Underlying Support



Change of radio resources from one cell to
another adjacent one
Handoff depends on cell size, boundary length,
signal strength, fading, reflection, etc.
Handoff can be initiated by MS or BS and could
be due to



Radio link
Network management
Service issues
13
Handoff Parameters (Cont’d)


Radio link handoff is due to mobility of MS
It depends on:







Number of MSs in the cell
Number of MSs that have left the cell
Number of calls generated in the cell
Number of calls transferred from the neighboring cells
Number and duration of calls terminated in the cell
Number of calls that were handoff to neighboring cells
Cell dwell time
14
Handoff Parameters (Cont’d)


Network management may cause handoff if
there is drastic imbalance of traffic in adjacent
cells and optimal balance of resources is
required
Service related handoff is due to the
degradation of QoS (quality of service)
15
Time for Handoff

Need for Handoff is determined by:



Signal strength
CIR (carrier to interference ratio)
Factors deciding right time for handoff:



Signal strength
Bit error rate (BER)
Distance
16
Handoff Region
Signal strength
due to BSi
Signal strength
due to BSj
Pj(x)
Pi(x)
E
Pmin
BSi
X1
X3
MS
X5
Xth
X4
X2
BSj
By looking at the variation of signal strength from either base station it is
possible to decide on the optimum area where handoff can take place
17
Handoff Initiation (Cont’d)





Region X3-X4 indicates the handoff area, where
depending on other factors, the handoff needs to be
performed
One option is to do handoff at X5 where the two
signal strengths are equal
If MS moves back and forth around X5, it will result
in too frequent handoffs (ping-pong effect)
Therefore MS is allowed to continue with the
existing BS till the signal strength decreases by a
threshold value E
Different cellular systems follow different handoff
procedure
18
Types of Handoff
 Hard Handoff (break before make)
 Releasing current resources from the prior BS before
acquiring resources from the next BS
 FDMA,TDMA follow this type of handoff
 Soft Handoff (make before break)
 In CDMA, since the same channel is used, we can use
the same if orthogonal to the codes in the next BS
 Therefore, it is possible for the MS to communicate
simultaneously with the prior BS as well as the new BS
19
Hard Handoff
BS1 MS
BS2
BS1
(a) Before handoff
MS BS2
(c) After handoff
BS1
MS
BS2
(b) During handoff (No connection)
20
Soft Handoff (CDMA only)
BS1 MS
BS2
BS1
(a) Before handoff
MS BS2
(c) After handoff
BS1
MS
BS2
(b) During handoff
21
Roaming Support


To move from a cell controlled by one MSC
area to a cell connected to another MSC
Beacon signals and the use of HLR-VLR allow
the MS to roam anywhere provided the same
service provider using that particular
frequency band, is there in that region
22
Roaming Support
Home
MSC
BS1 MS
Home
MSC
Visiting
MSC
BS2
MS
moves
BS1
Visiting
MSC
MS
BS2
23
Handoff Scenarios with Different
Degree of Mobility
PSTN
MSC2
MSC1
MSC3
MSC4
MS
a
b
c
d
e
Paging Area 1
Paging Area 2
24
Possible Handoff Situations





Assume MSC1 to be the home of the MS for
registration, billing, authentication, etc.
When handoff is from position “a” to “b”, the
routing can be done by MSC1 itself
When handoff is from position “b” to “c” , then
bi-directional pointers are set up to link the HLR
of MSC1 to VLR of MSC2
When handoff occurs at “d” or “e”, routing of
information using HLR-VLR may not be
adequate (“d” is in a different paging area)
Concept of Backbone network
25
Information Transmission Path
when MS Hands Off from “b” to “c”
MSC1
HLR
Information
to MS being
sent
Initial path of
information
transfer
MSC2
VLR
Connection
Path after
handoff
MS
a
b
c
26
Illustration of MSC Connections to Backbone
Network and Routing/Rerouting
From rest of the backbone
R: Routers
Router
R1
MSC
(a,b,c,d,e)
R12
R2
R7
(a,b,c,d)
R10
R5
R3
R8
(d)
R4
R6
R9
(a,b)
(c)
MSC1
(a,b)
MSC2
(c)
R11
R13
(e)
MSC3
(d)
Paging area 1 (PA1)
MSC4
(e) Paging area 2 (PA2)
27
Backbone Network



Routing done according to the topology and
connectivity of the backbone network
The dotted lines show the possible paths for a
call headed for different MS locations
One option is to find a router along the original
path, from where a new path needs to start to
reach the MSC along the shortest path
28
Home Agents (HA), Foreign Agents
(FA) and Mobile IP

Two important software modules are associated with
routers, home agent (HA) and foreign agent (FA)

MS is registered with a router, mostly a router closest to
the home MSC can be used to maintain its HA

A router other than closest one could also serve as an HA

Once a MS moves from the home network, a software
module in the new network FA assists MS by forwarding
packets for the MS

This functionality is somewhat similar to HLR-VLR
29
Home MSC and Home Agent
(HA) for the Previous Network
Home MSC
MSC1 MSC2 MSC3 MSC4
Selected router for R3
R4
R6
R9
maintaining its
home agent
30
Call Establishment using HA-FA






Whenever a MS moves to a new network, it still retains its
initial HA
The MS detects the FA of the new network, by sensing the
periodic beacon signals which FA transmits
MS can also itself send agent solicitation messages to
which FA responds
When FA detects a new MS, it allocates a CoA (care of
address) to the MS, using dynamic host configuration
protocol (DHCP)
Once MS receives CoA, it registers its CoA with its HA
and the time limit binding for its validity
Such registration is initiated either directly by MS to the
HA of the home router or indirectly through FA
31
Call Establishment (Cont’d)







HA confirms its binding through a reply to the MS
A message sent from an arbitrary source to the MS at the
home address is received by the HA
Binding is checked, the CoA of the MS is encapsulated in
the packet and forwarded to the network
If CoA of the FA is used, then packet reaches FA, it
decapsulates packet and passes to MS at the link layer
In an internet environment, it is called Mobile IP
After binding time, if MS still wants to have packets
forwarded through HA, it needs to renew its registration
When MS returns to its home network, it intimates its HA
32
Registration Process Between FA, MS, and
HA When the MS Moves to a Paging area
MS
HA
FA
1 Beacon Signal
(Any one new)
1’ I am new here
1” OK, send
information
2
Here is my HA and
binding information
3
4 Here is CoA or co-located CoA (C-CoA) for this MS
4’
4”
Same as step
CoA or C-CoA
created
Same as step 4
4
Acknowledge Registration +
binding
33
Message Forwarding using HA-FA
Pair
Incoming message
for MS
Source
To MS
Payload Data
HA
Encapsulation
HA CoA/C-CoA
Source
To MS
Payload Data
Forwarding through intermediate
router if CoA used
FA
Source
To MS
MS
Forwarding
through
intermediate router
if C-CoA used
Payload Data
Decapsulation done at MS
34
Routing in Backbone Routers




How FA finds HA of the MS?
One approach is to have a global table at each
router of each MSC so that the route from FA to
HA for that MS can be determined
Disadvantages: Information too large, one
network might not like to give out information
about all its routers to any external network (only
gateways information is provided)
Use of Distributed Routing Scheme
35
Illustration of Paging Areas (PAs) and
Backbone Router Interconnect
Network 1
Router W
PA1
PA2
Router X
Router Y
MS moves
PA3
PA4
Router Z
PA5
Network 2
36
Distributed Routing Table and
Location PAs
Table at routerTable at router Table at routerTable at router
W
X
Y
Z
Route
to PA
Next
hop
Route
to PA
Next
hop
Route
to PA
Next
hop
Route
to PA
Next
hop
1
X
1
-
1
X
1
Y
2
X
2
-
2
X
2
Y
3
X
3
Y
3
Z
3
-
4
X
4
Y
4
Z
4
-
5
X
5
Y
5
Z
5
-
37
Multicasting



Process of transmitting messages from a source to
multiple recipients by using a group address for
all hosts that wish to be the members of the group
Reduces number of messages to be transmitted as
compared to multiple unicasting
Useful in video/audio conferencing, multi party
games
38
Multicasting



Multicasting can be performed either by
building a source based tree or core based tree
In source based tree, for each source of the group
a shortest path is maintained, encompassing all
the members of the group, with the source being
the root of the tree
In core based tree, a particular router is chosen
as a core and a tree is maintained with the core
being the root

Every source forwards the packet to a core router,
which then forwards it on the tree to reach all
members of the multicast group
39
Multicasting



Bi-directional Tunneling (BT) and Remote
Subscription approaches have been proposed by
IETF for providing multicast over Mobile IP
In BT approach, whenever a MS moves to a
foreign network, HA is responsible for
forwarding the multicast packets to the MS via
FA
In Remote Subscription protocol, whenever a
MS moves to a foreign network, the FA (if not
already a member of multicast group) sends a
tree join request
40
Multicasting





Remote Subscription based approach is simple
and prevents packet duplication and non optimal
path delivery
It can cause data interruption till the FA is
connected to the tree
It results in a number of tree join and tree leave
requests when MS are in continuous motion
In contrast, in the BT approach, the HA creates
a bi-directional tunnel to FA and encapsulates
the packets for MS
FA then forwards the packets to the MS
41
Multicasting



BT approach prevents data disruption due to the
movement of MS
But causes packet duplication if several MSs of
the same HA, that have subscribed to the same
multicast group move to same FA
Also causes Tunnel Convergence Problem, where
one FA may have several MSs subscribed to the
same group, belonging to different HAs and each
HA may forward a packet for its MSs to the same
FA
42
Packet Duplication in BT Tunnel
Approach
Multicast
packets from the
multicast tree
MS 1
MS1
HA
MS2
MS3
FA
MS 2
MS 3
43
Tunnel Convergence Problem
Multicast packets
from the multicast tree
HA 1
MS 1
CoA (MS1)
FA
HA 2
CoA (MS2)
MS 2
CoA (MS3)
MS 3
CoA (MS4)
MS 4
HA 3
44
Multicasting


To overcome Tunnel Convergence Problem,
mobile multicast (MoM) protocol is proposed
wherein the FA selects one of the Has for each
group, called the Designated Multicast Service
Provider (DMSP), from the HA List for a
particular group
The remaining HAs do not forward packets to
FA
45
Illustration of MoM Protocol
Multicast packets from
the multicast tree
MS 1
HA 1
Stop
CoA (MS1)
MS 2
Forward
HA 2
CoA (MS2)
DMSP Selection
HA 3
Stop
FA
MS 3
CoA (MS3)
MS 4
CoA (MS4)
46
Security and Privacy




Transfer data through an open air medium makes
messages vulnerable to various attacks
One such problem is “Jamming” by a very
powerful transmitting antenna
Can be overcome by using frequency hopping
Many encryption techniques used so that
unauthorized users cannot interpret the signals
47
Encryption Techniques



Permuting the bits in a pre specified manner
before transmitting them
Such permuted information can be reconstructed
by using reverse operation
This is called “Data Encryption Standard (DES)”
on input bits
48
Simple Permutation Function
W 1
Input
1 W
I
2
5
L
R
3
2
I
E
4
6
E
L
5
3
R
E
6
7
S
S
7
4
E
S
8
8
S
Output
49
Initial Bit Patterns and effect of before
Transmission and after Reception using DES
7 8
57 49 41 33 25 17 9 1
8 24 40 56 16 32 48 64
9 10 11 12 13 14 15 16
61 53 45 37 29 21 13 5
7 23 39 55 15 31 47 63
1
2
3 4 5 6
17
18 19 20 21 22 23 24
58 50 42 34 26 18 10 2
6 22 38 54 14 30 46 62
25
26 27 28 29 30 31 32
62 54 46 38 30 22 14 6
5 21 37 53 13 29 45 61
33
34 35 36 37 38 39 40
59 51 43 35 27 19 11 3
4 20 36 52 12 28 44 60
41 42 43 44 45 46 47 48
63 55 47 39 31 23 15 7
3 19 35 51 11 27 43 59
49
50 51 52 53 54 55 56
60 52 44 36 28 20 12 4
2 18 34 50 10 26 42 58
57 58 59 60 61 62 63 64
64 56 48 40 32 24 16 8
1 17 33 49 9 25 41 57
(a) Information
sequence to be
transmitted
(b) Permutation of
information sequence
before transmission
(c) Permutation to be
performed on received
information sequence
50
Encryption Techniques



A complex encryption scheme involves
transforming input blocks to some encoded form
Encoded information is uniquely mapped back
to useful information
Simplest transformation involves logical or
arithmetic or both operations
51
A Generic Process of Encoding and
Decoding
Encoding
Information
at
Transmitted
signal
Encoded
signal
block
transmitter
Encoded
Received
signal
signal
Decoding Information
at
block
receiver
(Original)
52
A Generic Process of Encoding and
Decoding
Encoding
Information
at
block
transmitter
Received
signal
Encoded
Encoded
signal
Transmitted
signal
Initial
pattern
EX-OR
bits
Bits after
EX-OR
1
1
0
0
0
1
1
1
1
1
0
1
0
1
1
1
1
0
1
0
1
0
1
1
1
0
1
1
0
Transmitted
Shuffle
bits
0
0
Operations done at the transmitting MS
0
Air
signal
Received Inverse
bits
Shuffle
Decoding Information
at
block
receiver (Original)
Bits after EX-OR
bits
shuffle
Bits after
EX-OR
0
0
1
1
1
1
1
0
1
0
1
1
1
1
1
0
0
1
0
1
1
1
0
1
1
1
0
1
0
0
0
0
Operations done at the receiving MS
53
Permutation and Coding of
Information (DES)
Input (64 bits)
Initial Permutation (IP)
32 bits
32 bits
Left half: L1
Right half: R1
Key K1
f
+
R1 = L1 + f(R1, K1)
Left half: L1 = R1
f
+
Key K16
Left half: L16 = R15
R16 = L16 + f(R15, K16)
Inverse initial permutation (IP –1)
Coded Output
54
Authentication


Making sure user is genuine
Using password (not foolproof)




if the server has been hacked, or spoofed, an attacker
can learn your password.
Another approach is to use two different
interrelated keys
One known only to system generating the key
(private key), other used for sending to outside
world (public key)
RSA algorithm (best known public key system)
55
Public/Private Key Authentication Steps
(2) Send Public Key
System
User i
(1) Compute Public Key for User i
from its private key
Save Public Key
usually
done
off line
(3) ID, Signature
System
User i
(4) Verify using private key of
User i
System
Use public key to
generate signature.
online
test
(5) Authentication Result
User i
56
Authentication (RSA Algorithm)
• In RSA method 2 large prime numbers (p,q) are selected.
• n = p*q,
• A number e is selected to use (n,e) as the public key and is
transmitted to the user,
• User stores this, whenever a message m < n needs to be
transmitted, user computes c = me| mod n and sends to the system.
• After receiving c, the system computes cd|mod n where d is
computed using the private key (n,e)
• cd|mod n = (me|mod n) d |mod n = (me)d |mod n
ed
= m |mod n
• To make this equal to m, ed should be equal to 1.
• This means e and d need to be multiplicative inverse using mod n
(or mod p*q)
• This can be satisfied if e is prime with respect to (p-1)*(q-1)
• Using this restriction original message is reconstructed.
57
Authentication (RSA Algorithm)

Let us take p = 3 and q = 11, giving n = pq =33

Assume e = 7, gives (n, e) as public key of (33, 7)

For message m = 4, c = me| mod n = 47 mod 33 = 16

d is computed such that ed mod (p-1)(q-1) = ed mod 20= 1,
thus, d = 3, giving private key of (33, 3)

After receiving c =16, compute cd mod 33 = 16 3 mod 33
=4
58
Message Authentication using
Public/Private Keys
Base Station
Select p and q as two prime
numbers
n = p*q
1<e<n
Base Station
Compute d from e
(n, d) private key
Receive c
Base Station
Compute cd|mod n = mde|mod n
=m
If de = 1
Public Key (n, e)
Mobile Station
Save public key
(n, e)
c
Authentication
Mobile Station
Message m < n
Sent as c = me|mod n
Mobile station
OK
59
Authentication of a MS by the BS
(ID)e|mod n
Mobile
Station
Base Station
Authentication
(a) Authentication based on ID
(ID)e|mod n
Base Station
R: Random Number as a
Challenge
Send Re|mod n
Authentication
Mobile
Station
(b) Authentication using a challenge
60
Wireless System Security

Basic services of security:
 Confidentiality: only the authorized party can
access the information
 Non-repudiation: sender and receiver cannot
deny the transmission
 Authentication: sender of the information is
correctly identified
 Integrity: content of the message can only be
modified by authorized user
 Availability: resources available only to
authorized users
61
Wireless System Security

Security Mechanisms:
 Security Prevention: Enforces security during
the operation of the system
 Security Detection: Detects attempts to violate
security
 Recovery: Restore the system to pre-security
violation state
62
Cost Function of a Secured
Wireless System
Cost
Expected total
cost
Expected total
cost with
violations
Cost for Security
enhancing
mechanisms
Optimal Level
100%
Security
Level
63
Security Threat Categories
S
I
Source
D
Intruder
Message
S
I
D
S
Destination
Message
D
Message
I
Interruption
S
Message
Interception
D
Message
I
Modification
D
S
Message
I
Fabrication
64
Wireless Security

Active Attacks: When data modification or false
data transmission takes place





Masquerade: one entity pretends to be a different
entity
Replay: information captured and retransmitted to
produce unauthorized effect
Modification of message
Denial of service (DoS)
Passive Attacks: Goal of intruder is to obtain
information (monitoring, eavesdropping on
transmission)
65
Firewalls and System Security


Firewall carries out traffic filtering, web
authentication, and other security mechanisms
Filtering can be configured by fixing:








Source IP
Destination IP
Source TCP/UDP port
Destination TCP/UDP port
Arrival interface
Destination interface
IP protocol
Firewall resides at wireless access point to carry
out authentication
66
Home Work

10.10, 10.11, 10.15, 10.21 (Due: Dec. 2)
67