November 2004 doc IEEE 802 11 04 1180

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Fast Roaming Using Multiple Concurrent Associations Bob Beach Symbol Technologies Submission 1 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Abstract This proposal enables fast roaming between Access Points by allowing Mobile Stations to establish “local”associations with multiple Access Points concurrently and providing a means for the mobile stations to quickly select which AP they want to use to access the DS. Submission 2 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Agenda • • • Background Basic Model Proposed Protocol Enhancements Mobile Station Issues Summary Submission 3 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Associations in 1999 IEEE 802. 11 • When a STA associates with a “ 1999” AP, four major actions result: – – (A 1) The AP allocates data structures for the STA (A 2) The AP accepts additional types of packets for the STA (A 3) The AP begins forwarding data to/from the DS for the STA (A 4) The AP notifies other APs and the wired infrastructure of the new “location” of the STA • Two of these actions (A 1 and A 2) are “local” to the AP and two are visible to the “DS” (A 3 and A 4) • For a 1999 AP, all of these actions take place at virtually the same time • A STA may be associated with only one AP at time Submission 4 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r The Effect of TGi and TGe on Roaming • Tgi introduces new tasks that occur between the association step and the enabling of data transfer – Authentication and Key Derivation – These can significantly delay start of data transfer • Tge introduces TSPEC negotiation – Cannot negotiate TSPEC until after association and Tgi tasks are complete – AP may not be able to grant TSPEC – STA may need to find yet another AP and try again – This process can further delay the start of data transfer Submission 5 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Associations with Tge and TGi • There are now 6 actions involved in an association – – – (A 1) The AP allocates data structures for the STA (A 2) The AP accepts additional types of packets for the STA (A 3) Authentication/key derivation (A 4) Negotiation of TSPEC (A 5) The AP begins forwarding data to/from the DS for the STA (A 6) The AP notifies other APs and the wired infrastructure of the new “location” of the STA • Actions A 1 to A 4 are Local to the AP and do not involve the DS, Actions A 5 and A 6 involve the DS • One could conceivably perform steps A 1 to A 3 with multiple APs without any impact to DS or current AP Submission 6 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Proposed Model • The roaming problems caused by Tge and Tgi can be solved by allowing STAs to establish multiple “local” associations with different APs • A “Local” association consists of actions A 1 to A 3 – The association is just between the AP and STA – The DS is not aware of the association – These are established as a background activity by the STA • Actions A 5 and A 6 are triggered by the STA sending either an Action Frame or a Data Frame – Action Frame with Tspec allows conditional roaming – Data Frame allows secure roaming • Action A 4 may occur anytime after A 3 Submission 7 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r From the STA’s Perspective • The STA identifies “interesting” APs and performs actions A 1 to A 3 with them – This may take place once or on an ongoing basis • The STA thus has a collection of ‘N’ ports to the DS with N-1 of them in “hot standby” • A roam simply consists of a two data packet exchange with the AP of choice • The STA maintains as many APs in this state as it desires. It may add or drop APs over time. Submission 8 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Proposed Protocol Enhancements • • Definition of “Data Transfer Gate (DTG)” Multiple Types of Associations Mechanisms for Enabling and Disabling the DTG Security Issues Submission 9 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Data Transfer Gate (DTG) • Conceptually it controls transfer of data frames between DS and a STA • Similar to, but distinct from, the data gate in 802. 1 x – 802. 1 x data gate is controlled by the authentication process – The DTG is controlled by the STA – The two gates operate in “series”, both must be enabled to transfer data between DS and STA • Enabled by frames sent from STA • Disabled either by frame from STA or by an indication from another AP that the STA has roamed to it. Submission 10 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Multiple Types of Associations • Two Types of Associations: Type 1 and Type 2 • Type 1 Associations are identical to current Associations – DTG is automatically enabled – STA may establish it with only one AP at a time • Type 2 associations are similar to current Associations except: – DTG is not automatically enabled – STA may establish it with many APs at a time – May have a defined lifetime Submission 11 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Obtaining Type 2 Associations • AP advertises support for Type 2 associations via bit in Capability field in Beacons and Probe Responses • STA uses Association and Reassociation Frames – Add a new Element that indicates a Type 2 association is being requested – Absence of this element results in a Type 1 association • AP may accept or reject Type 2 association • If the AP accepts the Type 2 Association request, it may impose a lifetime on it via an new Element included in the Association Response Submission 12 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Enabling the DTG (1) • Always enabled with Type 1 associations • For Type 2 associations, the STA requests the DTG to be enabled by either of two mechanisms – Data Packet or Action Frame with TSPEC • Data Frame – A 3 must contain an address other than the AP – Must be encrypted using algorithm and key that the STA previously negotiated with the AP Submission 13 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Enabling the DTG (2) • Action Frame with TSPEC – If the AP can meet the TSPEC, it will indicate this to the STA and open the DTG – If the AP cannot meet the TSPEC, it will indicate this to STA and the DTG will remain disabled – Permits “Conditional Roaming” • If the DTG is opened, the AP will – Send the current broadcast key to the STA – Notify other APs of the roam – Begin forwarding data frames between the DS and STA Submission 14 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Disabling the DTG • May be done by STA or by another AP • STA sends Disassociate Frame with “Type 2 Element” • Another AP as a result of a roam indication • When the DTG is disabled, the AP will – Discard all buffered frames for the STA – Release all Qo. S reservations Submission 15 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Security Issues • AP may reissue broadcast key at any time • AP attempts to individually update each STA with the new key • A STA with a Type 2 association and a disabled DTG will not listen to updates • Change to AP Behavior – An AP will not attempt to update the broadcast key to a STA with a Type 2 association and a disabled DTG – The AP will pass the current broadcast key/key index to the STA when the STA enables its DTG Submission 16 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Mobile Station Issues (1) • STA discovers and performs Type 2 associations and Tgi tasks with multiple APs as a background activity. – Can be done easily when no application or a non real-time application is running (FTP, email, web browsing) • When an application starts that needs fast roaming, the STA has a pool of APs to which it can roam quickly • While such an application is running the STA will perform scans APs interleaved with real-time data exchanges – Need to discover which APs can be heard and hence are candidates for roaming – This is done currently by Stations that run real-time applications – This kind of interleaving is not something new Submission 17 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Mobile Station Issues (2) • Should the STA discover a brand new AP, it can perform association and other related tasks with the new AP using PSP techniques so as not to miss real-time traffic on its current AP – The new AP will buffer all authentication and key derivation packets until the STA asks for them – The STA need not wait for beacons in order to poll the new AP Submission 18 Bob Beach, Symbol Technologies

November 2004 doc. : IEEE 802. 11 -04 -1180 -02 -000 r Summary • This approach allows mobile stations to maintain multiple associations with different APs • Roaming with this approach is very fast since all the time consuming work is done before the roam occurs. • A roam can occur in as little as two packets • Roams can be performed conditionally based upon the ability of an AP to grant a TSPEC • The approach uses existing mechanisms in 802. 11 rather than replacing them. • The proposed changes to the 802. 11 specification are very simple and very limited. Submission 19 Bob Beach, Symbol Technologies