PowerPoint 簡報
Download
Report
Transcript PowerPoint 簡報
Wireless and Mobile All-IP Networks
Yi-Bing Lin
[email protected]
1
From Traditional Telecom to All-IP
Circuit-Switched vs Packet-Switched:
Intelligent Network (IN) vs. IP Multimedia Core
Network Subsystem (IMS)
Example: Video Phone
All-IP Telecom Services : New Technologies vs.
New Services
VoIP: Numbering, Number Portability
Service Creation: Dictatorship vs. Democracy
Peer-to-Peer, Web 2.0
2
All-IP Architecture
3
4
5
6
Issues on Mobile All-IP Network
Short Message Service
(SMS) and IP Network
Integration
SMS is considered as the
application level
signaling mechanism.
Session Management
PDP context is
introduced.
7
Issue: Mobility Management
GSM: Location Area (LA) tracking
GPRS: Routing Area (RA), cell tracking
UMTS: RA, UTRAN RA (URA), cell tracking
Performance of Mobile Telecommunications Network with Overlapping
Location Area Configuration. Accepted and to appear in IEEE Transactions
on Vehicular Technology)
8
Overlapping LA Configuration
to resolve Ping-pong Effect
9
The expected number E[M] of cell
movement in an LA
N: LA size;
K: overlay degree
p: probability of
moving direction
10
Issues on Mobile All-IP Network (Cont.)
Mobile Core Networks that Support All-IP:
UMTS: GPRS
cdma2000: PDSN (Packet Data Support Node)
Mobile All-IP Network Signaling
Traditional: SS7 is supported by MTP
(Message Transfer Part)
All-IP: SS7 is supported by SCTP
(Stream Control Transport Protocol)
11
Issue: On-line Charging
Sou, S.-I., Hung, H.-N., Lin, Y.-B., Peng, N.-F., and Jeng, J.-Y. Modeling Credit
Reservation Procedure for UMTS Online Charging System. Accept and to
appear in IEEE Transactions on Wireless Communications .
The Online Charging System (OCS) determines the
rating and allocates the granted credit units to the IMS
prepaid services. The prepaid credit units are deducted at
the OCS in real time when the prepaid service is delivered.
When the amount of the remaining prepaid credit is below
a threshold, the OCS reminds the user to recharge the
prepaid account.
Issue: It is essential to choose an appropriate recharge
threshold to reduce the probability that the in-progress
service sessions are forced-terminated.
12
Online Charging System Architecture
Online charging for the IMS services is performed by using the Diameter Credit
Control (DCC) protocol.
The OCS provides the Session
Based Charging Function (SBCF)
responsible for online charging of
network bearer and user sessions.
The Account Balance Management
Function (ABMF) keeps a user’s
balance and other account data.
When the prepaid user’s credit
IMS
depletes, the ABMF instructs the Application
Server
Recharge Server to trigger the
recharge account function.
The SBCF interacts with the Rating
Function to determine the price of
the requested service.
Online Charging System
c
a
Diameter
b
Session
Based
Charging
Function
(SBCF)
Account
Balance
Management
Function
(ABMF)
f
Recharge
Server
Account
d
e
Charging
Gateway
Function
(CGF)
g
Billing
System
Rating
Function
Tariffs
13
Diameter Credit Reservation Procedure
Upon receipt of an RU
operation request (Steps 1 or 3),
the OCS needs to determine
when to send the recharge
message, and how to allocate
the credit units when the
remaining credit left in the
prepaid account is too small.
RTCR: Let Cmin be the recharge
threshold. When Cmin less than
the amount of the remaining
prepaid credit in the OCS, the
OCS reminds the user to
recharge the prepaid account by
sending a recharge message.
IMS AS
OCS
(Diameter Credit Control Client)
(Diameter Credit Control Server)
Reserve Units Operation
1. CCR (INITIAL-REQUEST)
2. CCA (INITIAL-REQUEST)
Reserve Units and Debit Units Operation
3. CCR (UPDATE-REQUEST)
4. CCA (UPDATE-REQUEST)
Debit Units Operation
5. CCR (TERMINATE-REQUEST)
6. CCA (TERMINATE-REQUEST)
AS: Application Server
CCR: Credit-Control Request
CCA: Credit-Control Answer
OCS: Online Charging System
14
Input Parameters and Output Measures
Input parameters:
n : the number of types for IMS session-based services.
1/mi: the mean of the session holding time for the type-i service session.
1/li: the mean of the inter-arrival time for the type-i service session.
qi : the amount of credit units that the OCS grants in each RU operation for a
type-i service session.
Cmin : the recharge threshold used in RTCR.
Output Measures:
Pf : the probability that an in-progress session is forced to terminate (for all
service type-i). The smaller the Pf value, the better the user satisfaction.
E[Cd]: the expected amount of unused credit units in the user account at the end
of RTCR execution (before recharging). Note that Cd = 0 if any in-progress
session is forced to terminate at the end of RTCR execution. It is apparent that
the smaller the E[Cd] value, the better the credit utilization in the user account.
15
Numerical Example (n = 2, λ = μ and λ = μ = 2μ )
1
1
2
2
1
16
Issue: UMTS Security
Virus, fraudulent Usage, Redundant
Authentication
Eavesdropping through Mobile Phone
Y.-B. Lin and M.-H. Tsai, Eavesdropping through Mobile
Phone. Accepted and to appear in IEEE Transactions on
Vehicular Technology.
17
Mobile Phone Eavesdropping
The software of the spied-on phone can be easily modified to
accommodate the eavesdropping procedure.
Spying Phone
2.4-2.5) From the caller ID, the
spied-on phone detects the
eavesdropping event. Without
alerting the victim, the spiedon phone automatically
disables the ringing tone,
turns off the speaker, turns on
the microphone, and then
establishes the call for
eavesdropping.
PSTN
Spied-on Phone
Mobile
Network
Originating
Switch
Terminating
MSC and BSS
2.1. IAM
2.1. page
2.2. ACM
2.3. Ring-Back Signal
2.2. page response
2.3. ringing
2.4
2.5. answer
2.5. ANM
2.6. Eavesdropping
18
Eavesdropping Scenario
The eavesdropper purchases the spied-on mobile phone. The
phone is initially set up with the eavesdropper's phone number
as the caller ID that will trigger the eavesdropping procedure.
The eavesdropper gives this mobile phone to the victim (e.g., as
a birthday gift).
When the eavesdropper wants to eavesdrop on the victim, he
uses the spying phone to dial the number of the spied-on phone.
Thus the spied-on phone becomes a remote microphone through
which the eavesdropper could hear all sounds around the victim
when the victim was not using the spied-on phone for
conversation.
19
Issue: Cellular-WLAN Integration
Lin, Y.-B., Chen, W.-E., and Yen, C.-H. Effective VoIP Call Routing in WLAN and
Cellular Integration. IEEE Communications Letters, 9(10): 874-876, 2005.
In cellular-WLAN integration, a dual-mode mobile station (MS)
typically disables the WLAN module for power saving.
A major problem is that for an incoming VoIP call, the MS will not
be able to receive this call from the WLAN.
It turns out that the call is directed to the cellular network.
We propose a simple push solution where an MS can accurately
detect a VoIP call from paging signaling of the cellular network.
Then the WLAN module of the MS is turned on and the VoIP call is
connected to the MS through the relatively inexpensive WLAN.
20
PSTN Phone
Dual-mode MS Table
0936015401
(5)
MS
PSTN
UMTS
(3)
(2)
(1)
UMTS
BS
0936105401 MS
PSTN
Gateway
(4)
Call Server
(CSP)
UA
Internet
WLAN AP
Wireless LAN (WLAN)
User Agent (UA)
Public Switched Telephone Network (PSTN)
Universal Mobile Telecommunications System (UMTS)
21
Message Flow for an Incoming Call to the
Dual-mode MS
22
Cellular and WLAN Integration : Timer
Issue
Sung, Y.-C., Lin, Y.-B. Effects of the EAPOL Timers in IEEE 802.1X
Authentication. Accepted and to appear in IEEE Trans. on Wireless
Commun.
Mobile Device
(Supplicant)
Access Point
(Authenticator)
WLAN Radius Server
(Authentication Server)
EAP-Based Authentication
(type: EAP-SIM)
(type: EAP-SIM)
EAP
EAPOL
Cellular
Network
Internet EAP-Based Authentication
EAP
HLR/AuC
MAP
MAP
SS7
SS7
EAP
RADIUS
RADIUS
UDP
UDP
IP
IP
EAPOL
802 LAN
802 LAN
Mobile device
(Supplicant)
Access Point
(Authenticator)
802 LAN
Authentication Server
HLR/AuC
23
SIM-based IEEE 802.1X
Authentication
Mobile Device
1
Radius Server
Access Point
HLR
Message Path
EAPOL-Start
2.1
EAPOL-Packet/
EAP Request Identity
[email protected]
startWhen
2.2
EAPOL-Packet/
EAP Response Identity
Access-Request/
EAP Response Identity
RTT (sec.)
ⓐ Mobile Device
→ AP
→ Mobile Device
2.3
Associated
Timer
startWhen
0.005
authWhile
0.013
authWhile
1.087
authWhile
0.013
3.1 Access-Challenge/
EAP Request / EAP-SIM Start
3.2
EAPOL-Packet/
EAP Request/ EAP-SIM Start
4.1 EAPOL-Packet/
EAP Response/ EAP-SIM Start, AT_NONCE_MT
authWhile
4.2
Access-Request/
EAP Response/ EAP-SIM Start, AT_NONCE_MT
5.1 MAP_Send_Authentication_Info_Request
5.2
MAP_Send_Authentication_Info_Response
RAND, SRES, Kc
6.1
Access-Challenge/
EAP Request / EAP-SIM Challenge, AT_RAND, AT_MAC
6.2 EAPOL-Packet/
i
EAP Request / EAP-SIM Challenge, AT_RAND, AT_MAC
RAND + K →(A3)→ SRES→AT_MAC
authWhile
EAPOL-Packet/
EAP Response/ EAP-SIM Challenge, AT_MAC
ⓑ Mobile Device
→ RADIUS Server
→ Mobile Device
ⓒ Mobile Device
→ HLR
→ Mobile Device
7.1
ⓓ Mobile Device
7.2 Access-Request/
EAP Response/ EAP-SIM Challenge, AT_MAC
8.2
heldWhile
EAPOL-Packet/
EAP Success
or
EAPOL-Packet/
EAP Failure
8.1
Access-Accept/
EAP Success
or
Access-Reject/
EAP Failure
authWhile
→ RADIUS Server
→ Mobile Device
24
Performance Modeling
pa
2
pa
1
Initial
State
【State 1】
Message
a
Exchange st
(the 1 time)
ps
【State 6】
Message
a
Exchange (the 2nd time)
1 – ps
【State 2】
Message
Exchange b
1 – ps
ps
pa
3
1 – pa1
【State 3】
Message
Exchange c
1 – pa2
【State 4】
Message
Exchange d
1 – pa3
【State 5】
Success
1 – ps
【State 7】
Message
a
Exchange (the 3rd time)
ps
【State 8】
False
Failure
pX : timeout probability,
X = s, a1 , a2 , or a3 .
Output Measures:
pf : the false failure detection probability of the IEEE 802.1X authentication procedure; pf =
Pr[the mobile device has consecutively sent the EAPOL-Start frame for three times]
E[t ]: the expected response time of the IEEE 802.1X authentication procedure
25
Numerical Examples var[t ] = 100 × E[t ]
X
X
2
(tX: service time of message exchange, X = s, a1, a2, or a3).
EAPOL message arrival rate
l ≦ 0.925 × E[ta2]–1
Ts ≧ 10 sec p =0
f
Case 1: Ts = Ta1
Case 2: Ts = Ta1
Case 3: Ts = Ta1
Case 4: Ts = Ta1
= Ta2 = Ta3 = 30 sec (default values of timeout timers)
= Ta2 = Ta3 = 15 sec
= Ta2 = Ta3 = 10 sec
= 10 sec, Ta2 = 5 sec, Ta3 = 30 sec
(TX: associated timeout period of message exchange)
Case 4 has the same pf performance as Cases 1 –
3, but has much better E[t] performance than
these three Cases.
In Case 3, the total timeout value Ts + Ta1 + Ta2
+ Ta3 = 40 seconds.
For Case 4, the total timeout value is 55 seconds.
But, Case 4 outperforms Case 3 for both pf and
E[t] performances.
l ≧ 0.925 × E[ta2]–1
Case 4 improves E[t] at the cost of degrading pf
as compared with Cases 1 and 2
The system is saturated, and will not occur be
allowed in most commercial operations
26
UMTS All-IP Network
SIP (Session Initiation Protocol)
IPv6
Caching in I-CSCF of UMTS IP Multimedia
Subsystem
[1] Y.-B. Lin, M.-H. Tsai, Caching in I-CSCF of UMTS IP Multimedia
Subsystem. IEEE Transactions on Wireless Communications,
5(1):186-192, 2006
[2] Y.-B. Lin, M.-H. Tsai, J.-S. Yang, "SYSTEM AND METHOD FOR
ACCELERATING CALL SETUP BY CACHING", R.O.C. Patent, Patent
Number: I252027, Assignee: CCL/ITRI, R.O.C.
27
Caching in I-CSCF of UMTS IMS
Problem Definition
In UMTS IMS, every
incoming call leads to a
query overhead from ICSCF to HSS (Step 2.).
Proposed Idea
Caching in I-CSCF can
effectively reduce the
query overhead.
Call Setup Defined in 3GPP (B Scheme)
UE
S-CSCF
HSS
I-CSCF
Caller
1. Invite
2. LIR (Location-Info-Request)
LIA (Location-Info-Answer)
4. Invite
5. Offer
Response
3. Invite
6. Offer Response
7. Offer
Response
8. QoS negotiation
28
Proposed Cache (C) Scheme
During registration, when I-CSCF receives the 200 OK, the (UE,
S-CSCF) mapping is saved in the cache (Step 6.).
During call setup, HSS query is replaced by a cache retrieval (Step
2.).
Call Setup
Registration
UE
I-CSCF
HSS
S-CSCF
UE
S-CSCF
HSS
I-CSCF
Caller
1. Invite
1. Register
2. UAR (User-Authorization-Request)
2. Cache
Retrieval
UAA (User-Authorization-Answer)
3. Register
4. Invite
3. Invite
4. SAR (Server- Assignment-Request)
SAA (Server-Assignment-Answer)
5. 200 OK
6. Cache
Update
7. 200 OK
5. Offer
Response
6. Offer Response
7. Offer
Response
8. QoS negotiation
29
Effects on Timeout Thresholds
Assume that a timer is maintained in the I-CSCF to detect incomplete call setups.
Let pq,x be the probability that a call setup is misleadingly aborted because its
transmission delay is longer than the timeout period.
To ensure the same pq,x , the timeout period for the C scheme is much shorter than
the B scheme, and smaller timeout threshold can be set to support early detection
of incomplete call setups.
qB, qC: timeout threshold for B and
C schemes
V1: variance of transmission delay
between two IMS nodes
1/d: mean transmission delay
between two IMS nodes
30
Push-to-Talk Service for Intelligent
Transportation Systems
Push to Talk (PTT) is a walkie-talkie
like service, where a member can
simply press a button to talk with
group members.
Typically, a central coordinator is
needed to coordinate the permission to
speak among the group members.
However, in distributed environment, it
is difficult to have a stable central
coordinator.
D
I
H
(1) Transmission
Scope
E
C
F
G
A
(2) Radio Link
B
Gan, C.-H., and Lin, Y.-B. Push-to-Talk Service for ITS, Accepted and to
appear in IEEE Transactions on ITS
31
Distributed Push-to-Talk Mechanism
We propose a distributed PTT mechanism
for coordinating the permission to speak,
which does not require any central
coordinator.
The group member that is permitted to
speak is automatically determined through
distributed “learning” interaction among
group members.
The proposed mechanism is modeled by a
Finite State Mechanism (FSM).
(16) Receive Packet/
Release_M, where ti<tj
(17) Receive Release_M,
where ti>tj (ti←tj)
Initial
(13) Receive Release_M,
where ti>tj
(ti←tj)
(2) Receive Packet,
where ti>tj (ti←tj; Start
buffer timer; Min=False)
(14) Receive Release_M,
where ti>tj (ti←tj)
(15) Send Release_M
(3) Receive Packet,
where ti>tj (ti←tj;
Min=False)
Buffering
(12) Receive Packet,
where Ii<Ij (ti←tj; Reset
buffer timer)
(4) Receive Packet,
where ti≤tj
(7) Receive Packet, where
Ii<Ij (ti←tj; Reset buffer
timer; Min=False)
(6) Timeout, where
Min=False
Listening
(1) Press
(Ii←Ii+1; Ti←τc; Start
buffer timer; Min=True)
(5) Timeout, where
Min=True
(9) Receive Packet,
where Ii=Ij and Ti>Tj
(ti←tj; Min=False)
(11) Receive Release_M,
where ti<tj
(10) Receive Packet,
where Ii≥Ij
Speaking
(8) Receive Packet/
Release_M, where ti<tj
32
Performance Results
N: the number of clients; T: the buffering time
33
Application Issue: Nokia S60 Platform and
Emulator
176*208-pixel
204*320-pixel
352*416-pixel
User Interface- Display and Input Methods
User Interface Styles
S60 Applications
S60 JavaTM
Technology Services
S60 Application Services
S60 Platform Services
S60 Platform
Symbian OS
Extensions
Symbian OS
Hardware
Nokia S60 Platform
Nokia S60 Emulator
34
Example: Connect6
Playing Connect6 game
Invalid move
35
OMA Service Interoperability Test (IOT)
Lin, Y.-B., Liang, C.-F., and Chen, K.-H. NTP-SIOT: A Test Tool for
Advanced Mobile Services. IEEE Network, 21(1): 21-26, 2007.
WAP/Proxy Gateway
BTS/Node B BSC/RNC SGSN
GPRS/WCDMA/CDMA2000
Network Simulator
Handset
Report
Generator
Test Case
Creator
DRM
Test Cases
GGSN
Download
Test Cases
Browsing
Test Cases
Test Tool
IMPS
Test Cases
MMS
Test Cases
PoC
Test Cases
IMPS
Java Lib
MMS
Java Lib
PoC
Java Lib
TTCN3 Workbench
Protocol
Analyzer
DRM
Java Lib
Download
Java Lib
Browsing
Java Lib
Microsoft Windows Platform
36
Our Work on OMA Service IOT
OMA Test Tool Development
Contributions to OMA
Push-to-talk over Cellular (PoC)
Instant Messaging and Presence Service (IMPS)
Multimedia Messaging Service (MMS)
6 test cases submitted to OMA IOP working group
Ongoing Tasks
Download and Browsing test cases
Digital Right Management (DRM) test tool
37
Contributions to OMA
38
NCTU-PoCT: A Conformance Test Tool for
Push-to-Talk over Cellular
39
PoC Registration Procedure and Test Case
PoC Registration Message Flow
PoC Registration Test Result in TTCN-3
40