00-03-0019-00-0000Linksec_Handoff_Issues_r2
Download
Report
Transcript 00-03-0019-00-0000Linksec_Handoff_Issues_r2
May. 2003
doc.: 802_Handoff_Linksec_Presentation
802 Handoff
LinkSec Handoff Issues?
David Johnston
[email protected]
[email protected]
Submission
Slide 1
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
First Session of 802 Handoff
ECSG Launched, May 2003
• Attendance
– Monday – 30
– Tuesday – 19
– Thursday – 22
• Total Attendance – 45
• 29 Separate organizations represented
Submission
Slide 2
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
Officers
• Chair
– David Johnston, Intel
• Reluctant Recording Secretary
– Paul Lin, Intel
• Vice Chair
– None, volunteers welcome
Submission
Slide 3
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
Charter
• Consider the possibility of specifying a
common handoff framework application to
802 standards, wired and wireless
• Consider placement of work (In a new
working group or 802.1)
• Authorized to draft a PAR
Submission
Slide 4
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
Objectives
• Define scope and requirements
– May work with all MACs and PHYs
• Without unnecessary overhead
• 802.x 802.y (where x could equal y)
• 802.x non 802
– Consider how to address Authentication and Security
• Within the PAR? Coordinated with Link Security group
• Specify a framework that 802 MACs can adopt
– MAC SAP Messages
– MIB Entries
– Other?
Submission
Slide 5
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
What it is not
• It is not proposed to implement a protocol
for handoff
– We are at the link layer. What are we handing
off?
– Entire problem cannot be solved at layer 2
• So this is not a handoff standard!
Submission
Slide 6
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
Scenario
• Multi interfaced device
– Docked Laptop with 802.3, 802.11 and 802.16e
– Mobile IP session being used for VoIP and web traffic
• Laptop undocks
– Needs to make a timely decision to switch to 802.11
and attach to a suitable AP.
– Existing traffic should suffer minimum interruption
• Laptop moves out of building
– Needs to make a timely decision to switch to 802.16e
and choice a suitable BS
– Existing traffic should suffer minimum interruption
Submission
Slide 7
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
What it is
• Focus is on
– Enabling good handoff decisions
• Handoff decision data with interface
– Signaling appropriately to L3 handoff capable
entities
• L2 triggers
• Wired and Wireless
– 802.3 to 802.[11/15/16] are important cases
Submission
Slide 8
David Johnston, Intel
May. 2003
(very)
doc.: 802_Handoff_Linksec_Presentation
Simplified Anatomy of a Handoff
• Something somewhere up the stack agrees, in its
own way to handoff from one place to another
– E.G. Mobile IP
• Consequently, down at the link layer, an
attachment switches from one place to another
– Association-authentication-authorization in one of
several possible orders and flavors
– Either by picking a new attachment point for an
interface, or picking a new interface
Submission
Slide 9
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
The blocking behavior of 802.1x
• 802.1x allows access to the MAC
• Blocks access to all LSAPs above the LLC except for
EAPoL until authentication has completed
– So only MAC signalling and EAP available prior to authentication
– This takes advantage of the common MSDU transport capability of
different 802 networks.
– A mechanism applicable to diverse 802 network types could not be
codified in existing MAC signaling or EAP
• So current 802 authentication practice impacts on the
transfer of handoff related information prior to
authentication
Submission
Slide 10
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
Pre – auth Requirements
• Prior to attempting to authenticate, the mobile
node may want to know whether it is worth the
effort
– Does the AP support my L3 network needs?
– Do I have a payment method, auth protocol,
subscription that will work on the candidate AP?
– Can my QoS needs be met?
• It would be nice for the conduit for this
information:
– To not be blocked prior to authentication
– To be applicable to diverse 802 network types (MSDU
transport)
Submission
Slide 11
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
Extending the auth model be
extended to support Handoff
• Extend set of pre authentication unblocked
things from:
– MAC signalling
– EAPoL
• To:
– MAC signalling
– EAPol
– Non sensitive handoff related data
Submission
Slide 12
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
For Example
• Extend the unblocked fork of 802.1x
Non Sensitive
Handoff Information/
Protocol/negotiation
EAPoL
L3 L3 L3 L3
802.2
Submission
802.2
Slide 13
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
So: One requirement
• Don’t make it impossible for the definition
of the distribution of media independent
handoff decision data prior to authentication
– Allows mobile nodes to handoff based on good
information
– Enables mobile nodes to choose who they
should bother authenticating to.
Submission
Slide 14
David Johnston, Intel
May. 2003
doc.: 802_Handoff_Linksec_Presentation
Port == AID?!
• In 802.11 the port is defined to be attached to an
association
• Prevents authentication before association
• Is a problem for 802.11 if you have handoff
decision data on the uncontrolled port
– Increases time to access handoff data
– Leaves only the beacon for public data before auth
• Limited in size,
• Unsafe to extend
• Not common across 802
• Can the port not be per mobile part MAC address
or some such thing?
Submission
Slide 15
David Johnston, Intel