Laboratory for Telecommunications Sciences University of Maryland Department

Laboratory for Telecommunications Sciences University of Maryland Department of Defense New protocol standards for wireless mobility: CAPWAP and HOKEY T. Charles Clancy, Ph. D. Senior Researcher & Adjunct Professor tcc@umd. edu IEEE Globecom, 2 December 2008 D&D Forum: Security for Seamless Mobility

Secure Mobile Handover • Key properties of commercial 4 G networks – Infrastructure Topology • Can’t guarantee availability of mesh topologies → can’t sell service – Mobile Devices – Adaptive, Intelligent • In infrastructure networks, secure mobile handover between base stations is necessary IP Network IEEE Globecom Authentication Server (AAA) 2 December 2008

Secure Mobile Handover Case Study in Handover Standards • Use current WLAN handover standards to illustrate different approaches • Standards – IEEE 802. 11 r • Fast Roaming / Fast BSS Transition for WLAN – CAPWAP • Control and Provisioning of Wireless Access Points – HOKEY • Handover Keying IEEE Globecom 2 December 2008

Secure Mobile Handover IEEE 802. 11 r • Fast roaming in an enterprise WLAN network • Superimposes hierarchy over flat topology R 0 KH IP Network Authentication Server (AAA) R 1 KH IEEE Globecom 2 December 2008

Secure Mobile Handover CAPWAP • Control and Provisioning of Wireless Access Points • Splits Access Point into two physical devices, separating PHY/MAC from LLC Authentication Server (AAA) Access Controller (AC) IP Network WTP Wireless Termination Points (WTPs) AC L 2/L 3 Network IEEE Globecom LLC MAC PHY Data Link Physical 2 December 2008

Secure Mobile Handover 802. 11 r & CAPWAP • Both provide secure mobile handoff for WLANs • Some limitation from security perspective – Only work within single AAA domain • Cannot handover from one carrier to another – i. e. TMobile hotspot to Verizon hotspot • Must reauthenticate completely to roam – Only 802. 11 (CAPWAP could support other bindings) • More general solution: HOKEY IEEE Globecom 2 December 2008

Secure Mobile Handover Keying (HOKEY) • Extensions to EAP and AAA to natively support fast handover between access points • 4 G gets it for free if they use AAA Home AAA Server L 3 Network IEEE Globecom Local AAA Server IP Network L 3 Network 2 December 2008

Secure Mobile Handover HOKEY Features • L 2 medium independent – Usable by any L 2 that uses AAA (e. g. IMS) – Useful for handover between L 2 media (802. 21) • Support for cross-domain handover • Part of a secure authentication scheme for 4 G • HOKEY Status – EAP keying and protocol extensions documented as RFCs • RFC 5295, RFC 5296 – Currently working on AAA key delivery protocol document IEEE Globecom 2 December 2008