Internet Goes Mobile

1
Internet Goes Mobile

• Alper Yegin
• KIOW 2003 at APNIC 16
• August 19th, 2003. Seoul, Korea

2
Internet - Yesterday
T1
Enterprise Network
Internet
Dial up
DSL
Home user
Home Network
3
Internet - Today and Tomorrow
W-CDMA
T1
Enterprise Network
Operator Network
Community Network
Internet
Dial up
DSL
GPRS
DSL
PAN
Home user
Home Network
Home Network
Mobile Network
4
Challenge

• Users expect the same characteristics (greedy!)
• Secure
• Reliable
• Seamless
• High performance
• Burden is on
• Standards bodies (IETF, IEEE, 3GPP, 3GPP2, etc.)
• Vendors
• Operators

5
Security

• First things first!
• Physical security is replaced with crypto-based
  security
• Threats Eavesdropping, spoofing
• Not a full replacement!
• Crypto designs and experts get a good exercise!

6
Solutions

• Good solutions
• 3GPP, 3GPP2
• Bad solutions
• IEEE WEP fiasco!
• Practical but less than adequate solutions
• WECA WISPer HTTP redirect and web-based login
  hackery
• Practical and reasonable solutions
• IEEE 802.11b access outside VPN gateway

7
The Right Solution

• Authenticate, authorize the client
• Accounting and privacy

Home AAA
Diameter, RADIUS
ISP AAA
Home Network
Diameter, RADIUS
Visited Network
Access Router
AP
PANA, 802.1X
host
8
The Right Solution

• IETF AAA, EAP, and PANA Working Groups
• IEEE 802.11i, 802.1aa

Home AAA
Diameter, RADIUS
ISP AAA
Home Network
Diameter, RADIUS
Visited Network
Access Router
AP
PANA, 802.1X
host
9
Global AAA

• AAA web of trust is here (unlike global PKI) and
  more capable.

AAA server
AAA broker
AAA broker
Home Network
AAA server
AAA server
AAA server
Visited Network
Visited Network
Home Network
10
Impact

• Security is never plug-and-play
  (plug-and-get-hacked!)
• Additional infrastructure
• Front-end AAA servers (NAS)
• Backend AAA servers (RADIUS, Diameter servers)
• VPN gateways
• Configuration
• On the clients
• Per-client configuration on the servers (keys,
  authorization parameters, etc.)
• Configuration to join the AAA web-of trust

11
Impact

• Increased popularity of IPsec and TLS
• AAA requires confidential information exchange
• VPN
• Anonymizer.com
• Strengthening internal network is a MUST
• Unless you are 100 sure that wireless access is
  secure
• Partitioning, IDS, enforcing strict policy
  execution (social aspects)

12
But Still

• . You are vulnerable to attacks!
• Price of going wireless

13
Mobility Management

• Host at home (fixed Internet).

Web server
Access Router
Home Network
AP
a/64
Visited Network
Access Router
Access Router
Access Router
host a1
AP
AP
AP
14
Mobility Management

• You move, you break!

Web server
Access Router
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
AP
AP
AP
b/64
host b1
15
Mobile IP

• IETF Mobile IP Working Group
• www.ietf.org/html.charters/mobileip-charter.html

care-of address
home address
Home Agent
Web server
Access Router
a1?b1
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
AP
AP
AP
b/64
host b1
16
Mobile IP

• Traffic tunneled through home network

Home Agent
Web server
Access Router
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
AP
AP
AP
b/64
host b1
17
Mobile IP

• End-to-end signaling for route optimization

home address
care-of address
Home Agent
Web server
Access Router
a1?b1
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
AP
AP
AP
b/64
host b1
18
Mobile IP

• Most direct path for data traffic.

Home Agent
Web server
Access Router
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
AP
AP
AP
b/64
host b1
19
Fast and Smooth

• Problem Signaling latency.

new care-of address
Home Agent
Web server
Access Router
Home Network
a1?c1
AP
Visited Network
Access Router
Access Router
Access Router
AP
AP
AP
c/64
host c1
20
Fast and Smooth

• Fast Handovers
• draft-ietf-mobileip-fast-mipv6-06.txt
• IETF Seamoby Working Group
• www.ietf.org/html.charters/seamoby-charter.html

Home Agent
Web server
Access Router
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
AP
AP
AP
b1?c1
c/64
old care-of address
host c1
new care-of address
21
Fast and Smooth

• Context transferred and routes fixed.

Home Agent
Web server
Access Router
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
AP
AP
AP
c/64
host c1
22
Privacy

• Hide precise location and movement.

Home Agent
Web server
Access Router
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
d/64
AP
AP
AP
c/64
b/64
host d1
cafeteria
CEOs office
employee office
23
Privacy

• Obtain an IP address from the localized mobility
  agent.

regional care-of address
home address
Home Agent
Web server
Localized Mobility Agent
local care-of address
Access Router
a1?e1
Home Network
e/64
AP
e1?d1
Visited Network
Access Router
Access Router
Access Router
d/64
AP
AP
AP
c/64
b/64
host d1
24
Privacy

• Correspondent sends packets directly to the
  agent. Agent tunnels them to the precise location.

Home Agent
Web server
Localized Mobility Agent
Access Router
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
d/64
AP
AP
AP
c/64
b/64
host d1
25
Privacy

• Correspondent does not know the real IP
  destination, or when it changes.

Home Agent
Web server
Localized Mobility Agent
Access Router
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
AP
AP
AP
c/64
b/64
host b1
26
AAA

• Mobility management is a for-profit service

Home Agent
Home AAA
Web server
Localized Mobility Agent
ISP AAA
Access Router
Home Network
AP
Visited Network
Access Router
Access Router
Access Router
AP
AP
AP
c/64
b/64
host b1
27
Network is Mobile

• IETF NEMO Working Group
• www.ietf.org/html.charters/nemo-charter.html

Visited Network
Access Router
Access Router
Access Router
Base Station
Base Station
Base Station
28
Impact on Intranet

• More stateful servers
• Home agents, access routers (for context transfer
  and fast handovers), localized mobility agents
• Mobile IP bindings, tunnels, host-routes
• Redundancy and fault-tolerance are MUST!
• More configuration
• Per client on the servers
• Trust relations among communicating servers

29
Impact on Internet/Intranet

• Tunnels
• Several levels of nesting

Web server
Localized Mobility Agent
Home Agent
Previous Access Router
Current Access Router
host
Home Address
(Older local) Care-of Address
(Regional) Care-of Address
(Current local) Care-of Address
Fast Handovers
Localized Mobility Management
Mobile IP
30
Impact on Internet

• Address consumption
• Always-on hosts
• Purpose-specific address usage (home address,
  care-of address)
• Multihomed devices (GPRS, IEEE 802.11b,
  Bluetooth)
• Sensor networks

31
Impact on Internet

• Suboptimal routing, redirect servers

host A
Home Agent A
host B
Home Agent B
32
Host Assumptions

• Can be anything

• Dynamic auto-configuration needed
• IPv6 address auto-configuration (RFC 2462)
• IPv6 prefix delegation (draft-troan-dhcpv6-opt-pre
  fix-delegation-02.txt)
• Service discovery (IPv6 anycast address support)

33
IPv6

• IPv6 benefits
• Ability to run server apps on devices (accept
  incoming connections)
• Plug-and-play
• End-to-end IPsec for thwarting first-hop and
  last-hop threats
• Mobile IPv6 Efficient, easy to deploy and
  manage, and scalable mobility protocol
• Extensibility
• Mobile and wireless Internet will expedite the
  transition from IPv4-NAT to IPv6
• www.isoc.org/briefings/014/index.html

34
Conclusion

• Wireless and mobility provide tremendous
  benefits, but they come with a price.
• Transitioning the Internet protocols,
  architectures, products, and running networks
  should be done very carefully.

35
Questions?