MediaIndependent Preauthentication MPA Framework - PowerPoint PPT Presentation

About This Presentation
Title:

MediaIndependent Preauthentication MPA Framework

Description:

MPA Phases. Pre-authentication: EAP pre-authentication to CTN (Candidate ... Not all MPA phases have to be executed and can be replaced with other mechanisms ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 10
Provided by: ietf
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: MediaIndependent Preauthentication MPA Framework


1
Media-Independent Pre-authentication (MPA)
Framework
  • draft-ohba-mobopts-mpa-framework-04.txt
  • Ashutosh Dutta
  • Victor Fajardo
  • Yoshihiro Ohba
  • Kenichi Taniuchi
  • Henning Schulzrinne

(See also draft-ohba-mobopts-mpa-implementation-03
.txt for performance results)
2
Media-independent Pre-Authentication (MPA)
  • MPA is a mobile-assisted higher-layer
    authentication, authorization and handover scheme
    that is performed before establishing L2
    connectivity to a network where mobile may move
    in near future
  • MPA provides a secure and seamless mobility
    optimization that works for Inter-subnet handoff,
    Inter-domain handoff and Inter-technology handoff
  • MPA works with any mobility management protocol

Client Authentication
AP Switching
IP address configuration IP handover
AP Discovery
Conventional Method
Time
Pre-authentication
MPA
Time
Packet Loss Period
3
MPA Phases
  • Pre-authentication EAP pre-authentication to CTN
    (Candidate Target Network)
  • Pre-configuration Proactive IP address
    acquisition from CTN
  • Pre-switching L3 HO execution over MN-nAR tunnel
  • Switching L2 handover
  • Post-switching Tunnel deletion

Not all MPA phases have to be executed and can be
replaced with other mechanisms MPA Operation can
stop at phase 1 (pre-auth only) or at phase 2
(pre-auth pre-authorization),
4
Proactive Handover Tunnelin pre-switching phase
CN
AR
Serving Network
Target Network
MN
5
Investigated Issues
  • Operational Issues
  • Pre-authentication to multiple Candidate Target
    Networks
  • Tunnel management
  • Ping-pong considerations
  • Authentication state management
  • Packet loss prevention techniques Buffering,
    reachability test
  • Authentication in initial network attachment
  • Link-layer security and mobility (see
    mpa-implementation draft for results)
  • Pre-Authorization techniques
  • Proactive IP address acquisition
    (IKEv2,DHCP,stateless autoconf, etc.)
  • Proactive DAD / Address resolution issues
  • Pre-allocation of QoS resources (for both
    end-to-end and edge network)
  • Co-existence with other mobility management
    protocols
  • MIPv4 FA-CoA, ProxyMIPv6, FMIPv6
  • In some case, proactive handover tunnel is
    terminated at serving AR instead of MN
  • For ProxyMIPv6 MPA, see draft-taniuchi-netlmm-mp
    a-proxymipv6-00.txt

6
Applicability Statement Added
  • MPA is categorized as a proactive handover
    optimization mechanism. In other words, MPA is
    more applicable where an accurate prediction of
    movement can be easily made
  • Even if accurate prediction of movement is easily
    made, effectiveness of MPA may be relatively
    reduced if the network employs network-controlled
    localized mobility management in which the MN
    does not need to change its IP address while
    moving within the network.
  • Effectiveness of MPA may also be relatively
    reduced if signaling for network access
    authentication is already optimized for movements
    within the network, e.g., when simultaneous use
    of multiple interfaces during handover is allowed
  • In other words, MPA is most viable solution for
    inter-administrative domain predictive handover
    without simultaneous use of multiple interfaces

An administrative domain (or a domain hereafter)
is a logical network that is administered by a
single authority using its own authentication and
authorization mechanisms
7
Focus on inter-domain handover optimization
  • Problem Statement Inter-domain handover
    optimization cannot be solved solely by existing
    mobility management protocols
  • Requires SA between mobility agents across
    domains
  • Different domains may use different M-M protocols
    (e.g., CMIP??PMIP handover optimization)
  • MPAs ability to work across multiple-domains can
    enhance performance of inter-domain handover
  • MPA as a helper for existing M-M protocols for
    inter-domain handover
  • More focus on pre-authorization and proactive
    handover tunneling part of MPA for inter-domain
    handover optimization
  • Pre-authentication signaling is being discussed
    in IETF / IEEE
  • Possible Research topics Co-existence with
    FMIPv6, PMIP and 802.21 for inter-domain handover
    optimization

8
Summary
  • The draft has been presented 4 times since IETF62
  • Feedback from the members has been reflected
  • Experimental results have been shown in the past
    (MPA with MIPv6, MPA with bootstrapping L2sec,
    etc.)
  • Possible direction focus on pre-authorization
    and proactive handover tunneling part of MPA for
    inter-domain handover
  • Possible Research topics Co-existence with
    FMIPv6, PMIP and 802.21 for inter-domain handover
    optimization
  • We are willing to commit to work on this topic
    and provide more experimental results

9
Thank You!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "MediaIndependent Preauthentication MPA Framework" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!