Internet Goes Mobile

Reviews

Shared by: vixycn

Tags

mobile Internet, mobile phones, mobile devices, mobile market, Internet access, mobile network operator, Nokia GPRS, Nokia plans, mobile broadband, product development

Stats

views:: 18
rating:: not rated
reviews:: 0
posted:: 10/12/2009
language:: ENGLISH
pages:: 0

Public Domain

Internet Goes Mobile Alper Yegin KIOW 2003 at APNIC 16 August 19th, 2003. Seoul, Korea Internet - Yesterday T1 Enterprise Network Internet Dial up DSL Home user Home Network 1 Internet - Today and Tomorrow W-CDMA T1 Enterprise Network Community Network Operator Network Internet Dial up DSL PAN Home user Home Network Home Network Mobile Network DSL GPRS 2 Challenge • Users expect the same characteristics (greedy!) – – – – Secure Reliable Seamless High performance • Burden is on: – Standards bodies (IETF, IEEE, 3GPP, 3GPP2, etc.) – Vendors – Operators 3 Security • First things first! • Physical security is replaced with cryptobased security – Threats: Eavesdropping, spoofing – Not a full replacement! • Crypto designs and experts get a good exercise! 4 Solutions • Good solutions: – 3GPP, 3GPP2 • Bad solutions – IEEE WEP fiasco! • Practical but less than adequate solutions: – WECA WISPer: HTTP redirect and web-based login hackery • Practical and reasonable solutions: – IEEE 802.11b access outside VPN gateway 5 The Right Solution • Authenticate, authorize the client • Accounting and privacy Home AAA Diameter, RADIUS ISP AAA Home Network Diameter, RADIUS Visited Network Access Router AP host PANA, 802.1X 6 The Right Solution • IETF AAA, EAP, and PANA Working Groups • IEEE 802.11i, 802.1aa Home AAA Diameter, RADIUS ISP AAA Home Network Diameter, RADIUS Visited Network Access Router AP host PANA, 802.1X 7 Global AAA • AAA web of trust is here (unlike global PKI) and more capable. AAA server AAA broker AAA broker AAA server AAA server Home Network AAA server Visited Network Home Network Visited Network 8 Impact • Security is never plug-and-play (plug-and-gethacked!) • Additional infrastructure – Front-end AAA servers (NAS) – Backend AAA servers (RADIUS, Diameter servers) – VPN gateways • Configuration – On the clients – Per-client configuration on the servers (keys, authorization parameters, etc.) – Configuration to join the AAA web-of trust 9 Impact • Increased popularity of IPsec and TLS – AAA requires confidential information exchange – VPN – Anonymizer.com • Strengthening internal network is a MUST – Unless you are 100% sure that wireless access is secure – Partitioning, IDS, enforcing strict policy execution (social aspects) 10 But Still • …. You are vulnerable to attacks! • Price of going wireless 11 Mobility Management • Host at home (fixed Internet). Access Router Web server AP a::/64 Home Network Visited Network host a::1 Access Router Access Router Access Router AP AP AP 12 Mobility Management • You move, you break! Access Router Web server AP Home Network Visited Network Access Router Access Router Access Router AP b::/64 host b::1 AP AP 13 Mobile IP • IETF Mobile IP Working Group – www.ietf.org/html.charters/mobileip-charter.html Home Agent Access Router home address care-of address Web server a::1b::1 AP Home Network Visited Network Access Router Access Router Access Router AP b::/64 host b::1 AP AP 14 Mobile IP • Traffic tunneled through home network Home Agent Access Router Web server AP Home Network Visited Network Access Router Access Router Access Router AP b::/64 host b::1 AP AP 15 Mobile IP • End-to-end signaling for route optimization Home Agent Access Router home address care-of address Web server AP Home Network Visited Network Access Router Access Router a::1b::1 Access Router AP b::/64 host b::1 AP AP 16 Mobile IP • Most direct path for data traffic. Home Agent Access Router Web server AP Home Network Visited Network Access Router Access Router Access Router AP b::/64 host b::1 AP AP 17 … Fast and Smooth • Problem: Signaling latency. Home Agent Access Router new care-of address Web server AP Home Network Visited Network Access Router Access Router a::1c::1 Access Router AP AP AP c::/64 host c::1 18 … Fast and Smooth • Fast Handovers – draft-ietf-mobileip-fast-mipv6-06.txt • IETF Seamoby Working Group – www.ietf.org/html.charters/seamoby-charter.html Home Agent Access Router Web server AP Home Network Visited Network Access Router Access Router Access Router AP AP old care-of address b::1c::1 AP c::/64 host c::1 19 new care-of address … Fast and Smooth • Context transferred and routes fixed. Home Agent Access Router Web server AP Home Network Visited Network Access Router Access Router Access Router AP AP AP c::/64 host c::1 20 … Privacy • Hide precise location and movement. Home Agent Access Router Web server AP Home Network Visited Network Access Router Access Router Access Router AP AP b::/64 cafeteria AP c::/64 CEO’s office d::/64 host d::1 employee office 21 … Privacy • Obtain an IP address from the localized mobility agent. Home Agent Access Router regional care-of address home address local care-of address Localized Mobility Agent Web server AP Home Network e::/64 e::1d::1 Visited Network Access Router Access Router Access Router a::1e::1 AP AP b::/64 AP c::/64 d::/64 host d::1 22 … Privacy • Correspondent sends packets directly to the agent. Agent tunnels them to the precise location. Home Agent Access Router Localized Mobility Agent Web server AP Home Network Visited Network Access Router Access Router Access Router AP AP b::/64 AP c::/64 d::/64 host d::1 23 … Privacy • Correspondent does not know the real IP destination, or when it changes. Home Agent Access Router Localized Mobility Agent Web server AP Home Network Visited Network Access Router Access Router Access Router AP AP host b::1 b::/64 AP c::/64 24 … AAA • Mobility management is a for-profit “service” Home Agent Access Router Home AAA Localized Mobility Agent ISP AAA Web server AP Home Network Visited Network Access Router Access Router Access Router AP AP host b::1 b::/64 AP c::/64 25 … Network is Mobile • IETF NEMO Working Group – www.ietf.org/html.charters/nemo-charter.html Visited Network Access Router Access Router Access Router Base Station Base Station Base Station 26 Impact on Intranet • More stateful servers – Home agents, access routers (for context transfer and fast handovers), localized mobility agents – Mobile IP bindings, tunnels, host-routes – Redundancy and fault-tolerance are MUST! • More configuration – Per client on the servers – Trust relations among communicating servers 27 Impact on Internet/Intranet • Tunnels – Several levels of nesting Web server Home Agent Localized Mobility Agent Previous Access Router Current Access Router host Home Address (Regional) Care-of Address (Older local) Care-of Address (Current local) Care-of Address Fast Handovers Localized Mobility Management Mobile IP 28 Impact on Internet • Address consumption – Always-on hosts – Purpose-specific address usage (home address, care-of address) – Multihomed devices (GPRS, IEEE 802.11b, Bluetooth) – Sensor networks 29 Impact on Internet • Suboptimal routing, redirect servers host A Home Agent A host B Home Agent B 30 Host Assumptions • Can be anything: • Dynamic auto-configuration needed: – IPv6 address auto-configuration (RFC 2462) – IPv6 prefix delegation (draft-troan-dhcpv6-opt-prefixdelegation-02.txt) – Service discovery (IPv6 anycast address support) 31 IPv6 • IPv6 benefits: – Ability to run server apps on devices (accept incoming connections) – Plug-and-play – End-to-end IPsec for thwarting first-hop and last-hop threats – Mobile IPv6 : Efficient, easy to deploy and manage, and scalable mobility protocol – Extensibility • Mobile and wireless Internet will expedite the transition from IPv4-NAT to IPv6 • www.isoc.org/briefings/014/index.html 32 Conclusion • Wireless and mobility provide tremendous benefits, but they come with a price. • Transitioning the Internet protocols, architectures, products, and running networks should be done very carefully. 33 Questions?