TCP Experiment

First, we see the different handoff time between original Mobile IP and HMIPv6 with Fast handover, as shown in Figure 4.2. The original flat Mobile IP takes approximately 4 seconds to perform the handoff from 50 to 54 sec. This time is too long so it interrupts the TCP connection between CN and MN, hence it can’t provide good services such as Multimedia streaming or VOIP. HMIPv6 with Fast handover encounters handoff at 40.6 sec and it takes 100ms to continue the reception of the packets from new access router at 40.7sec. So, this handoff time is better for providing Multimedia streaming or VOIP service. Based on this advantage of Fast handover, we try to add an extra authentication mechanism on it. If authentication mechanism is added to the fast handover mechanism, we should control the overhead time in 50ms. Next, we show three cases under fast handover, including original fast handover, fast handover without transient authentication, and fast handover with

transient authentication. These three cases feature differences on handoff as shown in

MN Recv TCP Sequence Number

orig-fhmip orig-flat

Figure 4.2 FHMIP and Flat Mobile IP without Authentication.

6000

MN Recv TCP Sequence Number

transient no-transient no-auth

Figure 4.3 Original & with & without Transient Auth. under Fast Handover.

We know that transient authentication reduces the handoff time, this is same as original structure under fast handover as shown in Figure 4.3. Also, the data curve for fast handover with transient authentication is almost the same as fast handover without extra authentication mechanism, this result matches our expectation.

6000

MN Recv TCP Sequence Number

transient no-transient

Figure 4.4 Authentication Processing Time 100ms.

The mobile node can’t receive any data packets from 40.51 second to 41.14 second during fast handoff and re (user) authentication as shown in Figure 4.4. It takes a mobile node 630ms penalty for continuing to receive the data packets destined for itself. The time penalty may break the TCP connection if the delay increases. The delay time causes the mobile node to defer the reception of data packets. The new Access Router drops 22 data packets destined for the MN during authentication period, and 8 data packets are lost during fast handoff period. So, the total lost packets toward the mobile node are 30 data packets. In this experiment, we set the L2 handoff time value to 20ms. If we add more delay time, more packets will be dropped, these data packets dropped due to handoff and authentication will be retransmitted by the

correspondent node.

Performing transient authentication mechanism could decrease the packet loss rate during the authentication process as shown in Figure 4.4. Transient authentication mechanism can alleviate the delay time as well, this allows a mobile node to receive data packets earlier. Transient authentication mechanism offers a buffering time for a mobile node to pass temporary authentication and receive data packets quickly. Also, the mobile node uses temporary certificate to extend the authentication time not to expire when the mobile node doesn’t complete the re (user) authentication. So, no data packets will be dropped during authentication process. The mobile node gets a temporary access right to keep receiving data packets in the new domain such as NAR.

Compared with the scheme without transient authentication as shown in Figure 4.4, formal authentication indeed increases or enlarges the delay time and packet loss rate.

If we perform transient authentication prior to handoff, the performance will be improved. Next, we show the growth of lost packets if we increase the authentication process time.

MN Recv TCP Sequence Number

transient no-transient

Figure 4.5 Authentication Processing Time 200ms.

6000

MN Recv TCP Sequence Number

transient no-transient

Figure 4.6 Authentication Processing Time 300ms.

The delay of receiving packets is indeed higher depends on processing time as shown in Figure 4.4, 4.5 and 4.6. We combine three different cases including with and without transient authentication into two graphs shown below. The authentication processing time is 100ms, 200ms and 300ms, so the total completion time is 330ms, 700ms and 1sec respectively, as shown in Figure 4.8.

Authentication processing time Number of lost packets

100 ms 30

200 ms 31

300 ms 32

Table 4.1 Authentication Processing Time & Lost Packets Relationship.

We can observe that the number of lost TCP packets increases slowly if we increase authentication processing time quickly. This result is due to TCP sliding

window effect. The mobile node can’t receive the packets dropped by Access Point if it doesn’t authenticate with that Access Point. Therefore, the sender can’t receive the ACKs from receiver. The packets of offered window may be dropped by Access Point due to authentication mechanism. Figure 4.7 shows the TCP sliding window.

Figure 4.7 TCP Sliding Window.

Sender will retransmit the first packet of offered window if the packets of usable window are sent and the sender doesn’t receive any ACKs from receiver. The authentication processing time increases the delay for the mobile node to receive the packets and it may interrupt the TCP connections between the CN and the MN.

6000

MN Recv TCP Sequence Number

100ms-no_transient 200ms-no_transient 300ms-no_transient

Figure 4.8 100ms – 300ms Cases without Transient Authentication.

6000

MN Recv TCP Sequence Number

100ms-transient 200ms-transient 300ms-transient

Figure 4.9 100ms – 300ms Cases with Transient Authentication.

4.2.2 UDP Experiment

We can observe the performance on TCP as mentioned above. Now we change the service to UDP, the result is presented as follows. We set the UDP related traffic value in the following:

$cbr set type_ CBR

$cbr set packet_size_ 1000

$cbr set rate_ 1mb

$cbr set random_ false

We will discuss and compare the effect of various data rates on UDP services.

UDP service is different from TCP service because it is a connectionless service, so the lost UDP packets will not be retransmitted again. If the packet loss rate is high, there will be a noticeable gap, as shown in the following figures.

4300

MN Recv UDP Sequence Number

no-auth no-transient transient

no-auth

transient

no-auth & no-transient & transient

no-transient & transient

Figure4.10 Original & with & without Transient Auth. under Fast Handover.

Figure 4.10 shows the difference between three cases under UDP services. We could observe that the transient authentication curve is similar to the original fast handover. So, the packet loss rate is almost equal, while the packet loss rate of fast handover without transient authentication is high.

400

Figure 4.11 UDP with 100Kbps Data Rate.

no-transient timestamp no-transient udp seqno 40.429763 442 41.069763 450 Table 4.2 No-transient with UDP 100Kbps during Handoff.

In order to analyze the UDP packet loss rate, we add a sequence number to each packet to observe the growth of packet loss. First, we set the UDP data rate to 100kbps as shown in Figure 4.11, and there are 8 lost packets during re (user) authentication without transient authentication in 640ms. This elapsed time is too large to offer a good Multimedia Streaming or VOIP service. Actually, when users of a multimedia streaming application move from the coverage area of an AP (access point) to the other, the connection must be handed off in approximately 150 milliseconds, otherwise the user will feel the jitter affect. So, we use the transient authentication during handoff to reduce the authentication time in 150ms, as shown in Figure 4.11. It can improve the QoS for multimedia streaming application.

4000

Figure 4.12 UDP Data Rate 1Mbps.

no-transient timestamp no-transient udp seqno 40.725603 4428

41.33824 4532 Table 4.3 No-transient with UDP 1Mbps during Handoff.

We increase the data rate to 1Mbps to observe the difference. First, we address the fast handover without transient authentication case. At 40.73sec, the mobile node receives UDP sequence number 4428 and continues to receive UDP packets at 41.34sec with UDP sequence number 4532. So, the total number of lost packets is 104 in 0.6sec, we can see that there is a very large gap shown in Figure 4.12. Compared with TCP experiment, the packet loss rate of UDP experiment is higher because TCP will adjust its window to slow down its sending rate. UDP keeps its constant sending rate at 1Mb, so the packet loss rate is higher if the mobile node doesn’t perform transient authentication mechanism to get a temporary certificate to pass the authentication in the new domain. We try to use the fast handover protocol to reduce the handoff time, however the authentication process still causes a significant delay which is approximately 330ms or even higher. We can realize that the authentication process does affect the handoff performance drastically if we use more complex authentication mechanism. Then, we calculate the packet loss rate in 2 seconds during handoff period as follows.

%

Sending rate Packet drops Packet loss rate

100kbps 8 2 32%(no-transient) 8%(transient)

1Mbps 104 34 41.6%(no-transient) 13.6%(transient) Table 4.4 UDP Packet Loss Rate (no-transient & transient).

8% (transient)

Figure 4.13 Packet Loss Rate with Different UDP Data Rate.

Figure 4.13 show that the UDP data rate and transient authentication indeed affect the packet loss rate. Next, we show the final figure regarding increasing the authentication time in 300ms under UDP service in data rate 1Mbps.

4300

Figure 4.14 Authentication Processing Time 300ms, UDP Data Rate 1Mbps.

Figure 4.14 shows that the authentication processing time also increase the packet loss rate.

Sending rate is 1Mbps:

Auth. processing time Packet drops Packet loss rate

100ms (no-transient) 104 41.6%

100ms (transient auth) 34 13.6%

300ms (no-transient) 258 100%

300ms (transient auth) 86 34.4%

Table 4.5 Packet Drops with Auth. Processing Time 100ms & 300ms.

Two main factors to increase the packet loss rate are authentication processing time and UDP data sending rate.

Chapter 5

Conclusion and Future Work

In this thesis, we proposed a two-stage authentication scheme which includes transient authentication and re (user) authentication mechanism. The user authentication is called re authentication and is addressed in Chapter 3. The re authentication signaling consists of 4-way handshaking and we use it to simulate the authentication time during handoff period. In the original structure of Mobile IP, it needs approximately 3-4 sec to complete the handoff process excluding authentication.

If we add authentication process on it, the handoff time will increase drastically due to the complex authentication mechanism. Since a more complex authentication mechanism needs longer time to process, the transient authentication becomes important if we try to reduce the authentication time during handoff period. In our experiment as discussed in Chapter 4, we demonstrate that the packet loss rate increases when UDP sending rate increases. Packet loss rate is reduced to 8% with transient authentication when UDP sending rate is 100Kbps. Packet loss rate is reduced to 13.6% when UDP sending rate is 1Mbps. If we combine transient authentication with fast handover protocol, it is able to reduce the packet loss rate and perform well as original fast handover protocol without authentication mechanism. It has no protocol overhead and is feasible to implement. The re-authentication signaling is mainly to simulate an authentication process, and we can understand how the packet loss rate will change if we add the authentication mechanism in this thesis.

Finally, the proposed transient authentication method piggybacks on authentication information through fast handover protocol without additional signaling overhead.

As mentioned in Chapter 2, we know that IEEE 802.1x is a MAC layer

authentication mechanism. It takes more than 1200ms to complete the authentication process. If we count the total disconnection time such as scan, authentication and association, the time value is too large to be acceptable for certain applications.

Nowadays, many proposed methods are trying to improve the performance in different phases. Even if we use the best available method in each phase, the total disconnection time is still too large to offer a high Quality of Service for VOIP or Multimedia streaming. So, the tradeoff between authentication and fast handoff is difficult. In this thesis, we perform the user authentication to open the filtering table for MN on new access router, which will drop or forward the packets toward MN according to the authentication table. We use transient authentication concept early to get the access right in the new domain when MN roams to it based on fast handover protocol.

Future Work

In order to provide the functions of authentication and security, definitely, the original handoff time will be increased, this in turn increases packet loss rate and degrades the quality of service. So, how to maintain good service under the framework of providing authentication and security will be an essential issue in the future.

The proposed method in this thesis is designed under Mobile IP architecture. It is a user authentication mechanism in which we send the identity of the mobile node and user authentication information before handoff really starts, this could reduce the total authentication time during the handoff process. Also, we may modify the layer 2 authentication of IEEE 802.1x to support the pre re-authentication function or enhance its security and key distribution, this will be studied in the future research.

Reference

[1]. Nicolas Montavont and Thomas Noël LSIIT, “Handover Management for Mobile Nodes in IPv6 Networks,” IEEE Communications Magazine, August 2002

[2]. Robert Hsieh, Aruna Seneviratne, Hesham Soliman, Karim El-Malki, “Performance analysis on Hierarchical Mobile IPv6 with Fast-handoff over End-to-End TCP,” Proceedings of GLOBECOM, Taipei, Taiwan 2002.

[3]. Arunesh Mishra, Minho Shin, Willian Arbaugh, “An Empirical Analysis of the IEEE 802.11 MAC Layer handoff process”, University of Maryland Technical Report, UMIACS-TR-2002-75, 2002 [4]. Sangho Shin, Anshuman Singh Rawat, Henning Schulzrinne, “Reducing MAC Layer Handoff

Latency in IEEE 802.11 Wireless LANs,” MobiWac'04, October 1, 2004

[5]. Fang Feng, Douglas S. Reeves, “Explicit Proactive Handoff with Motion Prediction for Mobile IP,” WCNC'04, 2004

[6]. S. Pack and Y. Choi, “Fast handoff scheme based on mobility prediction in public wireless LAN systems,” IEE Proceedings, Vol. 151, No.5, October 2004

[7]. M.S. Bargh, R.J. Hulsebosch, E.H. Eertink, A. Prasad, H. Wang, P. Schoo, “Fast Authentication Methods for Handovers between IEEE 802.11 Wireless LANs,” WMASH’04, October 1, 2004 [8]. Jyh-cheng chen et al., “Wireless LAN Security and IEEE 802.11i,” IEEE Wireless

Communications, February 2005

[9]. IEEE Trial-Use Recommended Practice for Multi-Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation, IEEE Std 802.11f, Jul. 2003.

[10]. Wei-Min Yao, Yaw-Chung Chen, “An Enhanced Buffer Management Scheme for Fast Handover Protocol.” Proceedings of 24th International Conference Distributed Computing Systems Workshops, Pages: 896 – 901, 23-24 March 2004

[11]. S. Seshan et al., “Handoffs in Cellular Wireless Networks: The Daedalus Implementation and Experience,” Kluwer J. Wireless Personal Communication, vol. 4, No. 2, pp. 141-162, March 1997 [12]. E. Shim et al., “Low Latency Handoff for Wireless IP QoS with Neighborcasting,” in Proc. ICC

2002, April 2002.

[13]. K. Malki et al., “Low Latency Handoffs in Mobile IPv4,” Internet Draft, IETF, draft-ietf-mobileip-lowlatency-handoffs-v4-04.txt, June 2002.

[14]. C. Blondia et al., “Performance Evaluation of Layer 3 Low Latency Handoff Mechanisms,”

Mobile Networks and Applications, pp. 633-645, 2004

[15]. Robert Hsieh, Zhe Guang Zhou, Aruna Seneviratne, “S-MIP: A Seamless Handoff Architecture for Mobile IP,” IEEE INFOCOM 2003

[16]. Ali Diab, Andreas Mitschele-Thiel, Esam Al Nasouri, René Böringer, Jingan Xu, “Mobile IP Fast Authentication Protocol,” Ilmenau University of Technology

[17]. Ali Diab, Andreas Mitschele-Thiel, Jingan Xu, “Performance Analysis of the Mobile IP Fast Authentication Protocol,” MSWiM’04, October 4–6, 2004

[18]. C. Rigney et al., “Remote Authentication Dial In User Service,” RFC 2865, IETF, June 2000 [19]. Zhang Hong, He Rui, Yuan Man, Kan Zhigang, “A Novel Fast Authentication Method for Mobile

Network Access,” International Conference for Young Computer Scientists (ICYCS), August 2003 [20]. Pat R. Calhoun et al., “Diameter Mobile IPv4 Application,” Internet Draft, IETF, August 2004,

draft-ietf-aaa-diameter-mobileip-20.txt

[21]. Jörg Widmer, “Extensions to the ns Network Simulator (NOAH),”

http://www.informatik.uni-mannheim.de/pi4/projects/MobileIP/ns-extension/

[22]. Robert Hsieh, “fhmip ns2-extension,”

http://mobqos.ee.unsw.edu.au/~robert/nsinstall.php#beginning [23]. C. Perkins, “IP Mobility Support,” RFC 2002, IETF, October 1996