Chapter 5 Handoff Overhead Estimation
5.2 Estimation Equations
5.2.1.1 Intra-MPP Handoff Latency
LINTRA represents the latency for an STA performing the intra-MPP handoff, which con-sists of authentication latency (LINTRA_AUTH) and 4-way handshake latency (LINTRA_4W).
Current MAP MP … MPP (Authenticator) AS STA (Supplicant)
802.11
EAPOL-Start (optional) EAP-Success (optional) Association Req. (PMKID)
Association Resp.
PMK
N_PTK PMK
*Key Distribution (PTK) 4-way Handshake #1
*PMK Veri. (PMKID)
*PMK Veri. Success
Figure 5-7 Intra-MPP handoff latency with ISD
For ISD, as shown in Figure 5-7, two messages are exchanged to verify the PMK cached by the STA. LINTRA_AUTH represents the average latency, where
ISD
y T is the single-hop transmission time.
and MPP.
y
y H is the average hop count between MAP
( )
= is calculated based on the proposed handoff model.
y x is the hop count between MAP and MPP, i.e. the type of MAP.
a.
STA and the MPP INTRA_4W
y S is the number of MAPs in the gray area with x hops to MPP.
y n is the cluster size. 1+n(n-1)/2 is the total number of MAPs in the gray are In the handshake phase, 4-way handshake messages are transmitted between the
. In addition, the PTK is distributed to the target MAP. L
represents the average latency, where
y L4W is the latency for an STA performing 4-way handshake in the single-hop network, i.e., WLAN.
RADIUS-A.-Req.
Current MAP Target MAP MPP AS
4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4
MP … STA
Association Req. (PMKID) Association Resp.
Figure 5-8 Intra-MPP handoff latency with 802.11i
For 802.11i, the intra-MPP handoff latency is shown as Figure 5-8. If the PMK is not cached by the target MAP, 802.1X authentication will be performed in the handoff.
LINTRA_AUTH represents the average latency, where
802.11i
y L1X is the latency for an STA performing 802.1X authentication in the
sin-y DIUS messages exchanged between the target
gle-hop network, i.e., WLAN.
MRADIUS is the number of RA
MAP and the AS in an 802.1X authentication.
In n WLAN Mesh and WLAN. L IN-TRA_4
(13)
y L4W is the latency for an STA performing 4-way handshake in WLAN.
INTRA
the handshake phase, the latency is the same i
W represents the latency, where 802.11i
4W,
INTRA_4W L
L =
Based on equations (8), (11), (12) and (13), L is defined as
(
PMK_MISS)
INTRA_4W PMK_MISS(
INTRA_AUTH INTRA_4W)
INTRA P L P L L
L = 1− ⋅ + ⋅ + (14)
(
1 REVISIT)
PFPMK_MISS P P
P = − ⋅ (15)
y PPMK_MISS is the probability that the PMK is not cached by the target MAP.
MPP handoff with ISD
Inter-MPP Handoff Latency
INTER rming the inter-MPP handoff, which
con-ut of th
y PREVISIT is the probability that an STA moves to a visited cell or cluster.
y PPF is the probability that 802.11i preauthentication is failed.
Since the PMK is always cached by the authenticator, the
intra-will only introduce LINTRA_4W. However, if an STA handoffs to a new MAP and fails to preauthenticate with it, LINTRA_AUTH will be introduced to the intra-MPP handoff with 802.11i.
5.2.1.2
L represents the latency for an STA perfo
sists of authentication latency (LINTER_AUTH) and 4-way handshake latency (LINTER_4W).
The inter-MPP handoff with ISD is shown as Figure 5-9. While the STA moves o e cluster, if the PMK is not cached by the new MPP, 802.1X authentication will be performed. LINTER_AUTH represents the latency, where
(
n 1 T)
, ISD ML
LINTER_AUTH = 1X + 1X ⋅ − ⋅ (16)
y M1X is the number of EAPOL messages the MPP in an 802.1X authentication.
An ST f will reassociate with another boundary
MAP is def
exchanged between the target MAP and
y n-1 is the hop count between the target MAP and the new MPP.
A performing the inter-MPP handof
in another cluster. Thus, the hop count between the target MAP and the new MPP initely n-1.
RADIUS-A.-Req.
RADIUS-A.-Challenge RADIUS-A.-Req.
RADIUS-A.-Accept (MSK) Target MAP MP … MPP (Authenticator) AS
802.11
*Key Distribution (PTK)
*PMK Veri. Req. (PMKID)
4-way Handshake #1
Association Req. (PMKID) Association Resp.
Figure 5-9 Inter-MPP handoff latency with ISD
LINTER_4W represe and PTK distribution
in the inter-MPP handoff, where
T
nts the average latency for 4-way handshake
(
1)
5 n L
LINTER_4W = 4W + ⋅ − ⋅ , ISD (17)
The inter-MPP handoff latency with 8
same as the intra-MPP handoff, except messages are forwarded via the boundary MAP.
LINTER_AUTH
02.11i is shown as Figure 5-10, which is the
represents the authentication latency, where
(
n 1 T)
, 802.11iTarget MAP MPP AS
4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4
MP … STA
Association Req. (PMKID) Association Resp.
Figure 5-10 Inter-MPP handoff latency with 802.11i
LINTER_4W repre
(19)
Based on equations (15), (16
sents the 4-way handshake latency, where
802.11i
(
1 PMK_MISS)
INTER_4W PMK_MISS(
INTER_AUTH IN)
INTER P L P L L
L = − ⋅ + ⋅ + TER_4W (20)
For ISD, only an STA moves to an unvisited ISD and fails to perform pr cation, the authentication latency is introdu
eauthenti-ced to the inter-MPP handoff. However, for 802.11i, the STA will perform 802.1X authentication in each handoff in the same condi-tion. Therefore, ISD can greatly reduce the demand for performing 802.1X authentica-tion and provide the equivalent security strength as 802.11i.
5.2.2 Handoff Traffic
Even though the handoff traffic is much lower than the data traffic, to guarantee the QoS the authentication message should avoid contending with the real-time application mes-sage for the medium access.
The proposed equations can estimate the traffic in the mesh network generated by the security mechanism for an STA roaming within the WLAN Mesh. The preauthenti-cation traffic is ignored, and the traffic is measured by the number of the normalized messages multiplied by the hop count. The handoff traffic can be classified into two types: intra-MPP handoff traffic (TINTRA) and latency inter-MPP handoff traffic (TINTER).
5.2.2.1 Intra-MPP Handoff Traffic
TINTRA represents the traffic generated by the security mechanism for an STA performing the intra-MPP handoff, which consists of authentication traffic (TINTRA_AUTH) and 4-way handshake traffic (TINTRA_4W).
Current MAP MP … MPP (Authenticator) AS
STA (Supplicant)
802.11
EAPOL-Start (optional) EAP-Success (optional) Association Req. (PMKID)
Association Resp.
PMK
N_PTK PMK
*Key Distribution (PTK) 4-way Handshake #1
*PMK Veri. (PMKID)
*PMK Veri. Success
Figure 5-11 Intra-MPP handoff traffic with ISD
For ISD, as shown in Figure 5-11, there are 7 messages transmitted via the WLAN Mesh: 2 messages for the PMK verification, 4 messages for the 4-way handshake and 1 message for the PTK distribution. TINTRA_AUTH and TINTRA_4W represent the traffic, where
ISD
y R is ratio of 802.1X authentication to 4-way handshake in average message size.
RADIUS-A.-Req.
Current MAP Target MAP MPP AS
4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4
MP … STA
Association Req. (PMKID) Association Resp.
Figure 5-12 Intra-MPP handoff traffic with 802.11i
For 802.11i, as shown in Figure 5-12, only RADIUS messages are transmitted via the WLAN Mesh. TINTRA_AUTH and TINTRA_4W represent the traffic, where
802.11i
(
PMK_MISS)
INTRA_4W PMK_MISS(
INTRA_AUTH INTRA_4W)
INTRA P T P T T
T = 1− ⋅ + ⋅ + (25)
5.2.2.2 Inter-MPP Handoff Traffic
TINTER represents the traffic generated by the security mechanism for an STA performing the inter-MPP handoff, which consists of authentication traffic (TINTER_AUTH) and 4-way handshake traffic (TINTER_4W).
RADIUS-A.-Req.
RADIUS-A.-Challenge RADIUS-A.-Req.
RADIUS-A.-Accept (MSK) Target MAP MP … MPP (Authenticator) AS STA (Supplicant)
*Key Distribution (PTK)
*PMK Veri. Req. (PMKID)
4-way Handshake #1
Association Req. (PMKID) Association Resp.
Figure 5-13 Inter-MPP handoff traffic with ISD
For ISD, as shown in Figure 5-13, all EAPOL messages and 4-way handshake messages are transmitted via the WLAN Mesh. TINTER_AUTH and TINTER_4W represent the traffic, where
For 802.11i, as shown in Figure 5-14, the traffic is the same as the intra-MPP handoff traffic. TINTER_AUTH and TINTER_4W represent the traffic, where
(
−1)
, 802.11iTarget MAP MPP AS
4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4
MP … STA
Association Req. (PMKID) Association Resp.
Figure 5-14 Inter-MPP handoff traffic with 802.11i
Based on equations (26), (27), (28) and (29), TINTER is defined as
(
PMK_MISS)
INTER_4W PMK_MISS(
INTER_AUTH INTER_4W)
INTER P T P T T
T = 1− ⋅ + ⋅ + (30)
5.2.3 Expected Handoff Overhead
Based on equations (8) (14), and (20), for an STA roaming within the WLAN Mesh, the expected handoff latency contributed by the security mechanism is defined as
[
1 ( 1) 2]
Based on equations (8) (25), and (30), the expected handoff traffic is defined as
[
1 ( 1) 2]
5.3 Experiment and Simulation
In order to obtain parameters of the equations, an experimental platform is built to measure the handoff latency, transmission time, the number of messages, etc. The ex-perimental environment is shown in Figure 5-15, where the AS, two authenticators and the supplicant reside in a LAN.
Figure 5-15 Experimental environment
The supplicant is a laptop installed Windows XP SP2, and the supplicant software is the build-in Windows Zero Configuration Service. Two authenticators are laptops controlled by the hostapd-0.5.7. The FreeRADIUS-1.1.4 is installed in the AS to pro-vide the authentication services. The encryption mechanism is WPA2/AES6, and the EAP method is PEAP/EAP-MSCHAPv2.
Parameters are measured in the experimental platform. Table 5-1 presents the av-erage measurement with 20 experiments.
6 The patch KB893357 is necessary for Windows XP to provide support for WPA2.
Table 5-1 Parameters measured in the experimental platform
T 2.44 ms
L1X 401.63 ms
L4W 20.76 ms
M1X 22 messages
MRADIUS 18 messages
R 1.049180328
PREVISIT is calculated with 1,200,000 simulations. Table 5-2 presents results from 1-subarea cluster to 8-subarea cluster.
Table 5-2 Average PREVISIT calculated in the simulation
n = 1 0.000000
n = 2 0.064579
n = 3 0.120625
n = 4 0.164704
n = 5 0.199851
n = 6 0.229387
n = 7 0.254347
n = 8 0.275391
5.4 Results
Figure 5-16 presents the relationship between PPF and LS at n = 3. Estimated results show that ISD remarkably reduces the handoff latency. At PPF = 1.0, i.e., STA does not perform preauthentication, ISD can improve the handoff latency up to 245%. Therefore, even though most of current 802.11i devices do not support preauthentication7, STAs can still take advantage of ISD. However, at PPF < 0.05, due to 4-way handshake
7 The preauthentication function in Windows XP with WPA2 is disabled in default.
sages are forwarded between MAP and MPP, ISD introduces larger LS, than 802.11i.
n = 3 0
100 200 300 400 500
0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 PPF
LS (ms)
11i ISD
Figure 5-16 Handoff latency with different PPF
Figure 5-17 presents LS with different cluster sizes at PPF = 1.0. At n = 5, ISD ap-proaches the minimal LS. Actually, the handoff latency of ISD is almost stable at n > 3.
For ISD, the burden incurred by the multi-hop transmission in the 4-way hand-shake counteracts the benefit of the larger cluster size. For 802.11i, EAP authentication is also delayed by the multi-hop transmission, and thus LS increases with the growing cluster size.
PP F = 1.0 0
100 200 300 400 500
1 2 3 4 5 6 7 8
n LS (ms)
11i ISD
Figure 5-17 Handoff latency with different n
LS of ISD with different cluster sizes and PPF are shown in Figure 5-18. Results in-dicate that the larger cluster size avail the handoff latency in all kinds of PPF. Besides,
the influence of PPF is decreasing with the growing cluster size.
ISD 0
100 200 300 400 500
1 2 3 4 5 6 7 8
n LS (ms)
PPF = 1.0 PPF = 0.8 PPF = 0.6 PPF = 0.4 PPF = 0.2
Figure 5-18 Handoff latency of ISD with different n and PPF
The improvement of ISD to the 802.11i with different L1X is shown in Figure 5-19.
Results show that the longer L1X flavors ISD. Therefore, no matter AS resides in the lo-cal or remote network, ISD can improve the handoff latency greatly.
PP F = 1.0 0%
200%
400%
600%
800%
1000%
1 2 3 4 5 6 7 8
n
Improvement
L1X = 400 L1X = 800 L1X = 1200 L1X = 1600 L1X = 2000
Figure 5-19 Improvement of ISD with different n and L1X
In the condition that ISD and 802.11i generate the equal handoff latency, Figure 5-20 represents the relationship between ISD with different cluster sizes at PPF = 1.0 and 802.11i with different PPF. Results indicate that the handoff latency of ISD is equivalent to 802.11i performing preauthentication at PPF = 0.2-0.1. It means ISD pro-vides around 80%-90% successful probability for preauthentication without any
addi-tional assistance, such as network topology information or historical handoff behaviors.
ISD, PP F = 1.0 0.0
0.2 0.4 0.6 0.8 1.0
1 2 3 4 5 6 7 8
n 11i, PPF
L1X = 400 L1X = 800 L1X = 1200 L1X = 1600 L1X = 2000
Figure 5-20 Relationship between ISD and 802.11i in the equal LS
The MP topology of WLAN Mesh may be different with the proposed handoff model. Figure 5-21 presents the handoff latency with different average hop counts be-tween MAP and MPP. Results indicate that ISD can remarkably improve the handoff latency in all average hop counts, which means ISD can be applied to varied MP to-pologies.
n = 3, PP F = 1.0 0
100 200 300 400 500 600
0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0
H
LS (ms) 11i
ISD
Figure 5-21 Handoff latency with different H
ISD essentially reduces the demand of 802.1X authentication but incurs the burden of the multi-hop latency in 4-way handshake. Since 802.1X authentication latency is much longer than the message transmission time, the benefit of ISD is certainly much
larger than the burden in terms of the handoff latency.
Figure 5-22 presents the relationship between PPF and TS at n = 3. Due to ISD is a centralized architecture, 4-way handshake messages are forwarded to MPP via the WLAN Mesh. At PPF < 0.55, ISD generates more handoff traffic than 802.11i. However, whereas PPF is low, the handoff traffic will not burden the network.
n = 3 0
5 10 15 20 25
0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 PPF
TS
11i ISD
Figure 5-22 Handoff traffic with different PPF
Figure 5-23 presents TS with different cluster sizes at PPF = 1.0. Results indicate that the handoff traffic generated by ISD is less than 802.11i except at n = 2. It means the benefit of reducing the number of handoffs in the larger cluster size exceeds the overhead of the growing hop count.
PP F = 1.0 0
10 20 30 40 50 60 70
1 2 3 4 5 6 7 8
n TS
11i ISD
Figure 5-23 Handoff traffic with different n
Figure 5-24 presents the handoff traffic with different average hop counts between MAP and MPP. Results indicate that ISD can reduce the handoff traffic in all average hop counts, which means ISD can be applied to varied MP topologies.
n = 3, PP F = 1.0 0
10 20 30 40 50 60 70
0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0
H
TS
11i ISD
Figure 5-24 Handoff traffic with different H
According to the estimated results, we can conclude that ISD provides great im-provement in the handoff latency when the cluster size is around 3 layers, i.e., 37 MPs connect to one MPP. This number accords with the scale of the 802.11s standard.
ISD is practical to use in current wireless environments. In terms of the power consumption, ISD estimates 802.1X authentication, and thus the battery-powered STA can balance the power consumption and the handoff performance. Furthermore, since the AS mostly resides in the core network, L1X would be longer than 400 ms. Estimated results indicate that ISD can further improve the handoff latency in this environment.
Even though ISD is the centralized architecture and forwards 4-way handshake messages to MPP, it does not result in the extra overhead in the handoff traffic. Actually, ISD can reduce the handoff traffic in all kinds of mesh networks at PPF = 1.0.
Chapter 6
Conclusion and Future Work
The authentication latency is a key factor for supporting the seamless handoff. To im-prove the handoff latency, ISD is proposed to remove 802.1X authentication from the handoff.
Another problem is the routing performance of WLAN Mesh. The hop-by-hop en-cryption delays the routing processing of MPs. An end-to-end security channel is pro-vided by ISD to solve this problem.
Another advantage of ISD is the compatibility to current 802.11i/11s devices. STAs can apply the proposed mechanism without any modification. Besides, ISD is an op-tional feature to WLAN Mesh. Original security and routing mechanism of the 802.11s standard can co-operate with ISD.
To evaluate the handoff latency introduced by the link layer security mechanism, we propose a handoff model to estimate the handoff latency for an STA roaming within the WLAN Mesh. Results indicate that ISD improves the handoff latency up to 245%
and provides 80%-90% successful preauthentication probability without any assistance.
Our future works focus on three portions. First, to evaluate the routing perform-ance, we need to implement ISD on the WLAN Mesh. The implementation can base on the open source software, hostapd. Second, proposed estimation equations can be used to evaluate other handoff mechanisms, such as 802.11r or 802.16e. The estimated results provide the quantitative analysis to the handoff latency, and the performance of the im-plementation can be evaluated. Finally, to achieve the goal of the seamless handoff, re-authentication mechanisms of conventional EAP methods have to be optimized. This
has been addressed by IETF, and a new working group called Handover Keying8, is composed for improving current unacceptable latency of EAP authentication in mobile wireless environments.
8 http://www.ietf.org/html.charters/hokey-charter.html
Bibliography
[1] B. Aboba, et al., “Extensible Authentication Protocol (EAP),” IETF RFC 3748, June 2004.
[2] B. Aboba, et al., “Extensible Authentication Protocol (EAP) Key Management Framework,” IETF Draft draft-ietf-eap-keying-17, January 2007.
[3] I. F. Akyildiz, et al., “Wireless Mesh Networks: A Survey,” Computer Networks Journal, vol. 47, no. 4, pp. 445-487, March 2005.
[4] I. F. Akyildiz, et al., “A New Random Walk Model for PCS Networks,” IEEE Journal on Selected Areas in Communications, vol. 18, no. 7, pp. 1254-1260, July 2000.
[5] A. Alimian and B. Aboba, “Analysis of Roaming Techniques,” IEEE 802.11 Con-tribution 802.11-04/0377r1, March 2004.
[6] M. S. Bargh, et al., “Fast Authentication Methods for Handovers between IEEE 802.11 Wireless LANs,” 2nd ACM Int. WMAS, pp. 51-60, Philadelphia, USA, October 2004.
[7] P. Calhoun, et al., “CAPWAP Protocol Binding for IEEE 802.11,” IETF Draft draft-ietf-capwap-protocol-binding-ieee80211-03, April 2007.
[8] Y. R. Chiang and C. C. Tseng, “Design and Implementation of a Topology-Aware Seamless Handover for IEEE 802.11 Wireless Networks,” National Chiao Tung University, Master Thesis, June 2006.
[9] W. S. Conner, et al., “IEEE 802.11s Tutorial: Overview of the Amendment for Wireless Local Area Mesh Networking,” IEEE 802 Plenary, Dallas, USA, Novem-ber 2006.
[10] M. S. Gast, 802.11 Wireless Networks: The Definitive Guide, Second Edition,
O’Reilly, USA, April 2005.
[11] IEEE 802.1 Working Group, “Port-Based Network Access Control,” IEEE Stan-dard 802.1X-2004, December 2004.
[12] IEEE 802.11 Working Group, “Amendment 6: Medium Access Control (MAC) Security Enhancements,” IEEE Standard 802.11i-2004, July 2004.
[13] IEEE 802.11 Working Group, “Amendment 2: Fast BSS Transition,” IEEE Stan-dard Draft P802.11r/D4.0, November 2006.
[14] IEEE 802.11 Working Group, “Amendment: ESS Mesh Networking,” IEEE Stan-dard Draft P802.11s/D1.0, November 2006.
[15] R. H. Jan and Y. C. Huang, “Fast Pre-authentication based on IEEE 802.11i,” 2nd WASN, pp. 317-324, Taoyuan, Taiwan, August 2006.
[16] A. Mishra, et al., “Pro-active Key Distribution using Neighbor Graphs,” IEEE Wireless Communication Magazine, vol. 11, no. 1, pp. 26-36, February 2004.
[17] A. Mishra, et al., “An Empirical Analysis of the IEEE 802.11 Mac Layer Handoff Process,” ACM SIGCOMM Computer Communication Review, vol. 33, pp.
93-102, April 2003.
[18] S. Pack and Y. Choi, “Fast Inter-AP Handoff Using Predictive Authentication Scheme in a Public Wireless LAN,” Networks 2002, pp.15-26, Atlanta, USA, Au-gust 2002.
[19] S. Pack and Y. Choi, “Pre-Authenticated Fast Handoff in a Public Wireless LAN Based on IEEE 802.1X Model,” IFIP Personal Wireless Communications 2002, pp.
175-182, Singapore, October 2002.
[20] M. G. Rahman and H. Imai, “Security in Wireless Communication,” Wireless Per-sonal Communications, vol. 22, pp. 213-228, August 2002.
[21] G. Xue, “An Improved Random Walk Model for PCS Networks,” IEEE Transac-tions on CommunicaTransac-tions, vol. 50, no. 8, pp. 1224-1226, August 2002.