Bringing Cellular Service to Wireless Habitat Networks Understanding, evaluating & extending the Unlicensed Mobile Access (UMA) architecture Anshuman B. Saxena anshuman.saxena@dk-tcs.com TCS Euro-labs {anshuman.saxena@dk-tcs.com} Diversity : Cellular and Wireless LANs Features Cellular Networks (GSM/GPRS) Personal Wireless Networking (WLAN) •Coverage Wide, available in most parts Limited, typically homes and offices •Administration Registered (licensed) service provider Widely self administered •Network Identity License based – network code MAC based - Access point •MS Identity SIM based – IMSI MAC based - WLAN card •User Identity IMSI based – globally verifiable and valid Non verifiable, valid within the local network •Critical Resource Licensed Radio Spectrum Unlicensed spectrum – no such critical resource •Deployment Often lose signal strength indoors due to absorption of RF signals Better suited for indoor communication and can be easily deployed within buildings. •Operation modes Infrastructure mode Both Infrastructure and adhoc (p2p) mode •Access Cost Shared Public Network – high access cost Devoted Network, no contention – low access cost •Power consumption Standby lifetimes of up to several days Standby lifetimes of up to only a few hours •Service Capacity Bounded reuse (cell constraints) – limited capacity Coverage limitation – unlimited reuse •Service Quality Restricted – low data rates Comparatively high data rates •Billing ($ cost) High - Dominant part attributed to recurring critical resource consumption in the last mile Low - Home Broadband Access involves one time cost (cable laying + hardware equipment cost) for last mile solution •Hotspots Uniform availability in all areas Availability only in areas significantly longer and more frequently inhabited – home and office Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} Motivation for Convergence Wireless Habitat Networks represent the notion of Wireless networks in regions of dominant habitat e.g. home & office WLANs. Availability of such low cost wireless networks in areas significantly longer and more frequently inhabited by a user provides a lucrative opportunity to forward the services associated with the global identity of a GSM/GPRS network. GSM/GPRS Global Identity WLAN Low Cost A Unified Architecture Use Case Scenario GGSN SGSN BTS BTS BSC VLR MSC BT S HLR Convergence Block GSM/GPRS AP AP Broad band IP N/W AP AP WLAN A cellular service subscriber while in active GSM/GPRS session enters one of it’s many wireless habitat networks, e.g. his home/office WLAN. The same session (without any perceivable disruption) is now routed to his WLAN. All services associated with his subscription with the cellular network are delivered to him at a lower cost through the currently available Wireless Habitat Network. As a result the user remains reachable through his global IMSI identity; however, while in home or office he can avail the same services (voice calls, SMS service, and other location dependent services) at a much reduced cost through his home or office WLAN. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} Foreseen Challenges • Issues of discovery and Registration of WLAN APs – trust issues • Issues related to incorporating these WLAN APs with the cellular infrastructure probably providing a BSS like abstraction • Delivery of cellular signalling information to WLAN APs like paging, flow control, SMS etc. • Notion of cell to assist the delivery of location dependent services – may be some kind of overlay of cells on the WLAN network. • Support for seamless handover of ongoing voice/data sessions back and forth • Security of user data – issues related to maintaining the confidentiality, integrity and accountability of data routed over self administered WLANs. • Support for personalized network table for each user – context based network lookup. • Dynamic association and disassociation of user specific wireless habitat networks. • Battery lifetime of mobile stations equipped with additional WLAN radios must be comparable to those with a single 3G radio. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} Outlining the remaining presentation • Overview of individuals involved >> GSM/GPRS >> WLAN (not included) >> Bluetooth (not included) • Related Work : candidate architectures >> Unlicensed Mobile Access (UMA) >> Underlying Assumptions >> Thoughts and Concerns • An alternate proposition >> The approach >> Rationale >> Architecture >> Network Discovery and GERAN interaction • Action Plan (TBD) >> Simulation >> Prototyping >> Dissemination Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} GSM: Architectural overview GMSC BTS BTS EIR MSC BSC VLR BTS HLR MS BSS: Base Station Subsystem AuC NSS: Network and Switching Subsystem PSTN, PSPD N, CSPD N, ISDN GSM operates in circuit switched mode i.e. a channel is allocated to a single user for the entire duration of the connection. This exclusive access to radio resource is not necessary for data applications with the use of packet switched techniques. GSM Network Architecture Network Switching Sub-system responsible for call control, service control and subscriber mobility management fns. HLR: Home Location Register is a database used to store and manage permanent data of subscribers such as service profiles, location information, and activity status. VLR: Visited Location Register is a database used to store temporary information about the visiting subscribers. MSC: Mobile Switching Centre is responsible for telephony switching functions. AuC: Authentication Center assists MSC in performing various authentication functions. EIR: Equipment Identity Register is a database that contains list of blacklisted mobile equipments. GMSC: Gateway Mobile Switching Center is a gateway to external networks, such as ISDN or wire line networks. Base Station Subsystem performs radio related functions BTS: Base Transceiver Station handles the radio interface to the MS. It consists of radio equipment (transceivers and antennas) required to service each cell in the network. BSC: Base Station Controller provides the control functions and physical links between the MSC and the BTS. A number of BSCs are served by one MSC while several BTSs can be controlled by one BSC. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} GSM Network Service Areas SA5 BTS LA2 BTS BTS BTS BTS BSC BSC BTS LA3 SA4 LA1 MSC/ VLR-1 BTS BTS BTS BTS BTS BSC BSC BTS SA1 SA3 SA2 SA1 (MSC/VLR-1) = LA1+LA2+LA3 LA: Location Area SA: Service Area Cell < LA < SA Representative GSM Network Service Areas Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} GPRS: Architectural Overview BSS: Base Station Subsystem NSS: Network and Switching Subsystem SGS N PCU BT S MS BT S BSC PD N GGS N SGS N MSC BT S VLR HLR GPRS Network Architecture GPRS has minor impact on the existing GSM BSS because it uses the same frequency bands and hopping techniques, the same TDMA frame structure, the same radio modulation and burst structure as GSM. However, unlike the GSM circuit switched connections, connections in GPRS have to be established and released between the BSS and the MS only when data needs to be transported over the air interface. PCU (Packet Control Unit) supports the handling of data packets. GPRS NSS can be viewed as an overlay network GSN (GPRS Support Node) can be of two types a SGSN (Serving GSN) or a GGSN (Gateway-GSN). SGSN controls a service area and is primarily responsible for keeping track of the MSs it serves, and for access control to data services. GGSN provides the interface to external PDNs (Packet Data Networks). The SGSN is connected to the BSS by Frame Relay and to possibly several GGSNs via a GPRS backbone n/w. •There may not be a direct mapping between SGSN and MSC/VLR areas. •Introduction of RAs allows signalling and paging over geographically smaller areas and thus a better optimization of radio resources. RA3 RA9 RA8 RA4 LA3 LA5 SGSN (2) MSC/VLR SGSN (1) LA4 RA1 RA6 RA7 MSC/VLR RA2 RA5 LA2 LA1 SGSN (3) SGSN(1) service area = RA6 + RA7+ RA8+ RA9 SGSN(2) service area = RA1+ RA3+ RA4 SGSN(3) service area = RA2 + RA5 Cell<Routeing Area (RA) <Location Area (LA) <Service Area (SA) Representative GPRS Network Service Areas Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} GPRS Subscription and Attach Precondition •Each user must have at least one GPRS subscription record containing information such as a list of networks to which access is required and the subscribed Quality of Service (QoS). •Further optional information may be available such as the user's static IP address. Sequence of procedures for GPRS attach •MS requests for enough radio resources to send the Attach Request signaling message •MS uses the assigned radio channel to send the Attach Request message which includes user’s identity, MS capabilities and current location. •The SGSN sends an Update Location message to the appropriate HLR •HLR is updated and the users’ GPRS subscription record is provided to the SGSN. •The SGSN signals the attach completion to the MS. The network is now able to track the MS (via subsequent location updates) and is aware of the services and networks that the user has access to. However, at this point the user is not able to send or receive data. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} GPRS PDP context activation •In order for the user to be able to transfer data, a Packet Data Protocol (PDP) Context must be activated in the MS, SGSN and GGSN. •The user initiates this procedure, which is similar to logging on to the required destination network. • On completion, a virtual connection is established between the MS and the GGSN. • MS requests sufficient radio resources to support the Context Activation procedure. • MS uses the assigned radio channel to send the Activate PDP context request to the SGSN which includes the user's static IP address (if applicable), the QoS requested for this context, the APN of the external network to which connectivity is requested, the user's identity and any necessary IP configuration parameters (e.g. for security reasons). • The SGSN then checks the received request against the user's subscription record and, if valid, queries the DNS server for the IP address of the requested APN. • The DNS server responds to the SGSN with the IP address of at least one GGSN that will provide the required connectivity to the external network (the APN). • The SGSN requests a connection Tunnel to that GGSN. • GGSN establishes the tunnel and returns an IP address to be conveyed to the MS. The GGSN associates this tunnel with the required external network connection. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} GPRS: Security •GPRS users expect the data they transmit and receive to be protected against eavesdropping and tampering. •Also GPRS operators will need to prevent unauthorized subscribers gaining access to the GPRS network. •The GPRS Subscriber Authentication and service request validation. These controls (which use existing GSM mechanisms) request validation when users connect to the GPRS network. •A Restricted Access Point Control facility. This ensures that only terminals authorized by an individual company are able to access that company's network from the GPRS network. This is under the direct control of the GPRS network. •A Non transparent access technique, linking the GPRS session/bearer set-up with standard IP access and authentication servers such as RADIUS (Remote Authentication Dial-In User Service). •Network encryption. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} GPRS QoS support: Reliability and Latency Integrity of received data is ensured through two reliable modes of operation: • RLC acknowledged mode is used by default to ensure that the data received by/from the MS is without error. • LLC acknowledged mode is an optional feature which ensures that all LLC frames are received without error. However, use of this protocol has an impact on throughput since the correct receipt of all LLC frames has to be acknowledged. Factors contributing to the overall latency in GPRS include: • Mobile Station (MS) delay - time taken by the MS to process an IP datagram and request radio resource. Specific off MS, and hence the supplier. • Radio resource procedures are the major source of delay in GPRS. For the MS to be capable of sending or receiving data, radio resource known as a Temporary Block Flow (TBF) must be made available to the MS. Establishing a TBF from scratch is entails exchange of signaling messages and depends on the availability of radio resources. Also it will be different for the uplink and downlink directions. Once established, the TBF generally remains active for as long as data is made available to the layer (i.e. for as long as there are LLC frames to transmit). • Effective data throughput (over-the-air delay) is the rate at which user data is physically transmitted between the MS and the SGSN over an active TBF. The delay associated with this throughput is directly related to the size of the IP datagram being sent. Smaller packets cause less delay. The delay is proportionally reduced when multiple timeslots are used. The effective throughput is also dependent on the number of re-transmissions resulting from the hostile radio environment (i.e. the RLC Block Error Rate). • Core network delay occurs as packets transit through the SGSN and GGSN. These nodes effectively operate as IP routers and as such will have a relatively low impact on the overall latency. However, under high load conditions the transit delay may increase. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} GPRS: Latency Breakdown Latency Element Uplink TBF Establishment 1TS Ongoing Uplink Latency 1TS Downlink TBF Establishment 2TS Ongoing Downlink Latency 2TS MS Delay Average 215 ms 110 ms 65 ms 65 ms Average 530 ms 0 1000 ms 0 Variability 320 - 750 ms 0 290 - 1700 ms 0 480 ms 480 ms 260 ms 260 ms Average 20 ms 20 ms 20 ms 20 ms Total (average) 1.3 seconds 0.6 seconds 1.3 second 0.4 seconds TBF establishment Over the Air Delay Average SGSN/GGSN Latency This table illustrates a breakdown of the round-trip latency associated with the transmission and reception of a 500 byte IP packet in a system employing 1 uplink and 2 downlink timeslots. Note that any delay associated with external servers (i.e. the Internet) is not included. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} Unlicensed Mobile Access (UMA) Architecture GERAN: GSM/GPRS radio access N/W MSC UNC AP AP TUNNEL AP AP UMA N/W VPLMN/HPLMN Broad band IP N/W SECURE MS A Up SGSN Gb SGW Wm A: Interface for circuit switched services Gb: Interface for packet switched services Wm: Interface for AAA server AAA SERVER AAA VLR / HLR HLR Roaming HPLMN Mobile Station (MS) • includes dual mode (GSM and unlicensed) radios and the capability to switch between them • supports an IP interface to the access point Access Point (AP) • provides the radio link towards the mobile station using unlicensed spectrum. • connects through the broadband IP network to the UNC UMA Network Controller (UNC) • allows the MS to obtain all GSM services (via the ‘A’ interface) that it can obtain from direct connection to the GERAN MSC • allows MS to obtain all GPRS services (via the ‘Gb’ interface) that it can obtain from direct connection to the GERAN SGSN • includes a Security Gateway (SGW) that terminates secure remote access tunnels from the MS, providing mutual authentication, encryption and data integrity for signaling, voice and data traffic Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UNC: coupling between the UMA N/W and GERAN - I A interface Up interface GSM signalling • GSM protocols MM and above are carried transparently between the MS and MSC. • GSM-RR protocol is replaced with a UMA-RR protocol which is specific to Unlicensed Radio access. The UNC, acting like a GERAN BSC, terminates the UMA-RR protocol and inter-works it to the A-interface using BSSAP messaging. CC/SS/S MS CC/SS/S MS MM MM UMA RR UMA RR BSSAP TCP TCP SCCP Remote IP Remote IP IPSec ESP IPSec ESP Transport IP Transport IP Unlicensed Lower Layers Unlicens ed Lower layers MS Transport IP Transport IP MTP 2 Access Layers Unlicensed Lower Layers MTP 1 Access Layers Standard AP MTP 3 Broadband IP N/W UNC BSSAP SCCP MTP 3 MTP 2 MTP 1 MSC Up interface Transcoding (if reqd.) A interface GERAN Codec GERAN Codec RTP/UDP RTP/UDP Remote IP Remote IP IPSec ESP IPSec ESP Transport IP Unlicensed Lower Layers MS Transport IP Unlicens ed Lower layers Access Layers Standard AP Transport IP Transport IP Access Layers Unlicensed Lower Layers Broadband IP N/W AUDIO AUDIO PHYSICAL LAYERS UNC PHYSICAL LAYERS GSM speech bearer • Audio transported as RTP frames • Support for GERAN codecs • When operating in UMA mode AMR FR is the preferred codec type. MSC Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UNC: coupling between the UMA N/W and GERAN - II Up interface Gb interface UPPER LAYERS Upper Layers LLC LLC RELAY UMA RLC UMA RLC TCP TCP REMOTE IP IPSec ESP Remote IP BSSGP TRANSPO RT IP Unlicensed Lower Layers MS NETWORK SERVICE IPSec ESP TRANSPORT IP Unlicens ed Lower layers Access Layers Standard AP TRANSPO RT IP Transport IP ACCESS LAYERS Unlicensed Lower Layers Broadband IP N/W PHYSICAL UNC BSSGP NETWORK SERVICE PHYSICAL SGSN Up interface Gb interface IP To GGSN SNDCP SNDCP LLC LLC UMA RLC UMA RLC UDP UDP REMOTE IP IPSec REMOTE IP IPSec BSSGP TRANSPO RT IP Unlicensed Lower Layers MS TRANSPORT IP Unlicens ed Lower layers Access Layers Standard AP TRANSPO RT IP TRANSPO RT IP ACCESS LAYERS Unlicensed Lower Layers Broadband IP N/W BSSGP NETWORK SERVICE NETWORK SERVICE PHYSICAL PHYSICAL UNC SGSN GPRS signalling • GPRS LLC PDUs for signalling and higher layer protocols are carried transparently between the MS and SGSN. • GPRS-RLC protocol is replaced with an equivalent UMA-RLC protocol. Given the transport characteristics over Up interface the GPRS TBF abstraction is not applicable and reliability is ensured by TCP. Therefore the UMA-RLC is significantly lighter than GPRSRLC. As in a GERAN BSS, the UNC, acting like a BSC, terminates the UMA-RLC protocol and inter-works it to the Gb-interface using BSSGP. GPRS data • GPRS LLC PDUs carrying data, and higher layer protocols, are carried transparently between the MS and the SGSN. • GPRS LLC PDUs are carried over UMARLC from the MS to the UNC, which relays it over the SGSN using BSSGP messaging. • UMA-RLC runs directly over UDP to leverage the IP bearer service. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Protocols Involved Standard 3GPP Protocols (requires no changes in MS or MSC/SGSN) - Existing GSM MM, CM and higher layer protocols - GSM voice encoding carried over IP between the MS and UNC. - Existing GPRS LLC and higher layer protocols - Existing A-interface protocols - Existing Gb-interface protocols - Existing Wm interface protocols Standard IP based protocols - IP over standard lower layers - TCP to provide a tunnel for GSM/GPRS signaling and SMS - IPsec ESP to provide a secure tunnel for GERAN bearer (speech and data) and signaling traffic. - IKEv2 [IKEv2] and EAP-SIM [EAP SIM] for authentication and establishing and maintaining a SA between MS and UNC - UDP for IPsec NAT traversal - UDP for GPRS data transfer - RTP/UDP for transfer of GSM vocoder frames over IP transport Standard Unlicensed Radio Access Protocols - 802.11 protocols for PHY and MAC, including functions for association, authentication, encryption, data transfer and traffic prioritization. - Bluetooth protocols for PHY, Baseband, LMP, L2CAP and SDP, including functions for discovery, paging, pairing (authentication), encryption, ACL and data and voice traffic transfer. Additionally, BNEP is used to provide Ethernet emulation over Bluetooth ACL links as per the PAN profile. UMA specific protocols UMA-RR (peer of GSM-RR) A protocol specific to the characteristics of the unlicensed radio link which are quite different from that of the GERAN radio link. Provides the following services: • registration with UNC • setup of bearer path for CS traffic between the MS and UNC • handover support between GERAN and UMA; e.g. functions such as GPRS suspension, paging, ciphering configuration, classmark change, application level keepalive etc. • support for identification of the AP being used for UMA access. UMA-RLC (peer of GSM-RLC) protocol provides the following services: • delivery of GPRS signaling, SMS messages over the secure tunnel • paging, flow control, GPRS transport channel management • transfer of GPRS user plane data. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Security Mechanisms MS AP IP N/W UNC 1. Unlicensed Interfaces A, Gb MSC/ VLR & SGSN IP N/W APP SERVER Interface Security 2. Up Interface Security 3. CN authentication, GPRS ciphering 4. Data Application Security (e.g. HTTPS) 1. Security mechanisms over the unlicensed radio interface (between the MS and the AP) – Include the authentication and encryption functions defined for the unlicensed mode radio interface protocols applied. – Apply to voice, data and signaling over the radio interface. 2. Security mechanisms over the Up interface (between the MA and UNC) – include both authentication and encryption functions to protect signaling, voice and data traffic flows. 3. Authentication of MS by the core network (between MS and the MSC/VLR or MS and SGSN) – remains transparent to the UNC – a cryptographic binding between the MS-CN authentication and the MS-UNC authentication to prevent man-in-the-middle attacks. – GPRS ciphering (a LLC layer ciphering scheme) operates between the MS and the SGSN. 4. Application level security mechanisms (between the MS and the application server or gateway) – can be employed to secure the end-to-end communication, e.g. the MS may run the HTTP protocol over an SSL session for secure web access. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Addressing Issues – MS and AP MS addressing parameters • The IMSI associated with the SIM in the terminal This identifier is provided by the MS to the UNC when it registers to a UNC. The UNC maintains a record for each registered MS. For example, IMSI is used by the UNC to find the appropriate MS record when the UNC receives a BSSMAP PAGING message. • Public IP Address of the MS The Public IP address of MS is the source IP present in the outermost IP header of packets received from the MS by the UNC-SGW. If available, this identifier may be used by the UNC to support locations services and fraud detection. It may also be used by service providers to signal Managed IP networks IP flows that require QoS treatment. AP addressing parameters • The “Access Point (AP) ID” The AP-ID is the MAC address of the unlicensed mode access point through which the MS is accessing UMA service. This identifier is provided by the MS (obtained via broadcast from the AP) to the UNC via the Up interface, when it requests UMA service. The AP-ID may be used by the UNC to support location services. The AP-ID may also be used by the service provider to restrict UMA service access via only authorized APs. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Cell Identifiers Why maintain the GERAN notion of cell in UMA network? (a) Support for location dependent services such as emergency calling, operator announcements and free phone numbers. (b) Help identify the location of the call for billing purposes. (c) Handover assistance In UMA the notion of a “cell” is defined by some logical grouping of MSs being served by a UNC. The cell assignment can be based on the • overlapping GSM cell that the MS is located in. • identity or location of the AP, or GPS co-ordinates of the MS Determining cell-id for handover (ARFCN allocation to UMA cell) • Handover makes use of an RF channel number (ARFCN) and BSIC (base station identity code) to identify the target cell. • UMA operates in a different frequency band hence a virtual ARFCN is assigned to each UMA cell (i.e. each UNC; assuming each UNC forms a separate UMA cell). This ARFCN/BSIC is indicated to the MS by the UNC during registration. • This assigned ARFCN is never used it should not be allocated from the operator’s BCCH pool. Also same ARFCN number is preferred across the entire network to avoid BSS configuration. Can be assigned from the frequency band not used by the operator. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Network Discovery and Registration SERVING UNC MS DNS SGW UNC DEFAULT UNC DNS SGW UNC PROVISIONING UNC DNS SGW UNC DNS 1. DNS query (provisioned or derived SGW FQDN) 2. DNS 3. Establish secure tunnel 4. DNS query (provisioning UNC FQDN) 5. DNS response 6. URR Discovery Request (CID, LAI, IMSI) 7. URR Discovery Accept (Default SGW IP address, Default UNC IP address) 8. URR Discovery Reject (Cause) 9. Establish secure tunnel 10. URR Register Request (CID, LAI, IMSI) 11. URR Register Redirect (SGW IP address, Serving UNC IP address) 12. Establish secure tunnel 13. URR Register Request (CID, LAI, IMSI) 14. URR Register Accept 15. URR Register Reject/URR Register Redirect MS initiates the discovery and serves the following purpose • informs the UNC that a MS is now connected through a particular AP and is available at a particular IP address; required for providing GERAN services, e.g. mobile-terminated calls. • provides the MS with the operating parameters associated with the UMA service. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Registration Update and De-register De-registration Registration Update MS MS S-UNC S-UNC 1. URR DEREGISTER 1. URR REGISTER UPDATE UPLINK 2. URR REGISTER REDIRECT 3. URR DEREGISTER Registration Update Uplink MS updates the UNC with changes about the AP or the identity of the overlapping GSM cell. De-Registration initiated by the MS MS explicitly informs the UNC about leaving the UMA mode; the UNC frees the resources assigned to the MS. The UNC may also implicitly deregister the MS when the TCP connection to the MS is abruptly lost. MS MS S-UNC S-UNC 1. URR DEREGISTER 1. URR REGISTER UPDATE DOWNLINK Registration Update Downlink UNC updates MS with changes in related to system information or status of location services. De-Registration initiated by the UNC The Deregistration procedure can also be initiated by the Serving UNC. Keep Alive Messages The Keep Alive messages indicate to the peer URR entities that the MS remains registered to the UNC. MS S-UNC 1. URR KEEP ALIVE The MS in turn remains informed that the UNC is still available using the currently established lower layer connection. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: EAP-SIM authentication MS AP UNC- AAA SGW authentication procedure EAP-SIM HLR 1. Unlicensed link establishment •EAP-SIM mechanism authenticates the MS with the UNC using GSM credentials. 2. IKE_SA_INIT 3. Select appropriate AAA server 4. EAP Response/Identity [NAI based on IMSI] 5. EAP Request/SIM Start 6. EAP Request/SIM Start 7. EAP Response/SIM Start [NONCE_MT] 8. EAP Response/SIM Start [NONCE_MT] 9. Send Auth Info 11. EAP Request/SIM-Challenge [RAND, MAC, Next re-auth ID] 10. Response (triplets) 12. EAP Request/SIM-Challenge [RAND, MAC, Next re-auth ID] 13. Execute EAP/SIM 14. EAP SIM/Response-Challenge [MAC] 15. EAP SIM/Response-Challenge [MAC] 16. Verify MAC 17. EAP Success + keying material 18. EAP Success 19. Complete IKE signaling 20. UMAN REGISTRATION Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach •EAP-SIM procedure is performed between the MS and the AAA and the UNC-SGW relays the associated messages • When the EAP-SIM procedure has completed successfully, the IKEv2 procedure can be continued to completion and the signaling channel between MS and UNCSGW is secured. The MS and UMAN can then continue with the discovery or registration procedure. {anshuman.saxena@dk-tcs.com} UMA: EAP-SIM Fast Re-authentication MS UNC 1. IKE_SA_INIT 4. EAP Request/SIM/Re-authentication [Counter, NONCE, MAC, Next re-auth ID] HLR 2. EAP Response/Identity [Re-authentication ID] 3. EAP Request/SIM/Re-authentication [Counter, NONCE, MAC, Next re-auth ID] 5. Verify Counter, MAC 6. EAP SIM/Response-Challenge [Counter, MAC] 7. EAP SIM/Response-Challenge [Counter, MAC] 8. Verify Counter, MAC 9. EAP Success 10. EAP Success • In Fast re-authentication, the AAA server and MS re-authenticate each other based on the keys derived on the preceding full authentication. • Fast re-authentication is provided by EAP-SIM, and does not make use of the GSM A3/A8 procedures. The decision to make use of the fast re-authentication procedure is taken by the AAA server. • The MS initiates a new SA with a UNC-SGW that it was previously connected to and uses the reauthentication ID (received during the previous full authentication procedure) in the IKE_SA_INIT exchange. Suitability of fast re-authentication can be demonstrated in a number of scenarios for e.g. when setting up a new SA because the IP address of the MS has changed as a result of a handover between APs connected to different IP subnets. In the presence of large number of mobile stations, the network load (more specifically the authentication related network load) reduced by avoiding such frequent re-keying can be significant. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Encryption • • • • During a GERAN to UMAN handover, the MS first authenticates with the UMAN using EAP-SIM authentication and then acquires an IP address on the subnet protected by the UNC-SGW (acts as a NAT) and initiates creation of SA between itself and the UNC-SGW. Various security configuration parameters are negotiated while connection establishment e.g. ciphering mode, specific encryption algorithms etc. During a handover from UMAN to GERAN, MS authenticates with the core network using established GERAN procedures. During an intra UMAN handover i.e. when the point of attachment of MS changes from one subnet to the other (hence acquiring new IP address), EAP-SIM based fast re-authentication procedures are used. Ciphering Configuration MS UNC GERAN Cipher mode command URR-CIPHERING-MODE-COMMAND [algorithms, cipher response, rand, …] URR-CIPHERING-MODE-COMPLETE [algorithm, IMEI, MAC(rand, …) ] Verify MAC Cipher mode complete CN •The Cipher mode command from CN contains the cipher key Kc, and the encryption algorithms that the UNC may use. •UNC indicates to the MS whether stream ciphering shall be started or not (after handover to GERAN) and if so, which algorithm to use, and a random number. •The MS computes a MAC based on the random number, the MS IMSI, the FQDN of the UNC and the key Kc. MS then sends a message to signal its selected algorithm, the computed MAC, and the IMEI. •UNC verifies the MAC, if found correct sends Cipher mode complete message to the CN. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Mobile Originated Speech Call MS UNC CN 1. URR UPLINK DIRECT TRANSFER (CM Service Request) 2. Complete Layer 3 Info 3. Authentication 4. Cipher-Mode Command 5. URR CIPHERING MODE COMMAND 6. URR CIPHERING MODE COMPLETE 7. Cipher-Mode Complete 8. URR DOWNLINK DIRECT TRANSFER (CM Service Accept) 9. URR UPLINK DIRECT TRANSFER (Setup) 10. URR DOWNLINK DIRECT TRANSFER (Call Proceeding) 12. URR ACTIVATE CHANNEL 11. Assignment Request 13. Uplink user plane RTP Stream 14. URR ACTIVATE CHANNEL ACK 15. Downlink user plane RTP Stream 16. Assignment Complete 17. URR ACTIVATE CHANNEL COMPLETE 18. URR DOWNLINK DIRECT TRANSFER (Alerting) 19. URR DOWNLINK DIRECT TRANSFER (Connect) 20. URR UPLINK DIRECT TRANSFER (Connect Ack) 21. VOICE TRAFFIC Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Mobile Terminated Speech Call MS UNC CN 1. Paging Request 2. URR PAGING REQUEST 3. URR PAGING RESPONSE 4. Complete Layer 3 Info 5. Authentication 6. Ciphering Configuration 7. URR DOWNLINK DIRECT TRANSFER (Setup) 8. URR UPLINK DIRECT TRANSFER (Call Confirmed) 9. RTP stream setup Assignment Procedure 10. URR UPLINK DIRECT TRANSFER (Alerting) 11. URR UPLINK DIRECT TRANSFER (Connect) 12. URR DOWNLINK DIRECT TRANSFER (Connect Ack) 13. VOICE TRAFFIC Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Handover to UMAN MS UNC BSC CN UMAN Registered 1. Um: Measurement Report 2. Handover Reqd. 3. Handover Request 4. Handover Request Ack 5. Handover Command 6. Um: Handover Command 7. URR HANDOVER ACCESS 8. RTP stream setup 9. URR HANDOVER COMPLETE 10. Handover Detect 11. VOICE 12. Handover Complete 13. Clear Command 14. Clear Complete Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Handover to GERAN MS UNC BSC CN Ongoing UMAN Connection 1. URR UPLINK QUALITY INDICATION 2. URR HANDOVER REQUIRED 3. Handover Required. 4. Handover Request 5. Handover Request Ack 6. Handover Command 7. URR HANDOVER COMMAND 8. Um: Handover Access 11. Um: Physical Information 12. Um: Handover Complete 9. Handover Detect 10. VOICE 13. Handover Complete 14. VOICE 16. URR RELEASE 18. URR RELEASE COMPLETE 15. Clear Command 17. Clear Complete 19. URR DEREGISTER Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Unlicensed Radio Link Control for GPRS data Whenever GPRS data transfer is initiated a UDP based URLC connection is established between the MS and the UNC. Following are required for URLC connection establishment. • The MS knows the destination IP address, destination UDP port to be used for GPRS related data and value of the URLC-CHANNEL-TIMER. • The UNC knows the destination UDP port to be used for GPRS data transfer for a specific MS. URLC can be in the following two states: In URLC-STANDBY state • the MS is not able to send or receive GPRS data to and from the UNC. The UNC or the MS needs to activate the URLC Transport Channel before sending any GPRS data. • the corresponding URLC Transport Channel does not exist. When the URLC Transport Channel is activated, the MS enters the URLC-ACTIVE state. In URLC-ACTIVE state • the MS is able to send and receive GPRS data to and from the UNC. A URLC channel timer controls the transition from URLC-ACTIVE to URLC-STANDBY state as follows: The MS URLC layer implements a timer that is started when the MS enters URLC-ACTIVE state and restarted each time a non-NULL LLC-PDU is transmitted to or received from the network. When the timer expires, the MS deactivates the URLC Transport Channel and the MS URLC enters URLC-STANDBY state. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: GPRS Data Transport MS AP UNC • 1. URLC Transport Channel activation URLC channel timer started User Data Transport CN 2. URLC-UNITDATA (QoS, priority, TLLI, PFI, LLC-PDU) 3. BSSGP (LLC-PDU) URLC channel timer started URLC channel timer started URLC channel timer expires 5. URLC-UNITDATA (TLLI, PFI, LLC-PDU) 4. BSSGP (LLC-PDU) • 6. Additional URLC user data transport 7. URLC Transport Channel deactivation • MS sends an uplink LLC PDU to the UNC (relayed to CN) with parameters required for Gb interface and TLLI as MS identifier. Restarts the URLC channel timer. CN sends the downlink LLC PDU to the UNC (relayed to MS) that contains GPRS user data via the Gb interface. The MS is identified with the TLLI and restarts the URLC channel timer on data reception. In the absence of any link level data, the URLC channel timer expires and the corresponding URLC TC is deactivated. Signalling and SMS Transport • • • The MS LLC requests the URLC layer to transfer an uplink GMM/SM signaling message or SMS Message (e.g. a GMM attach request or SM PDP context activation message). The MS URLC sends a LLC PDU encapsulated within a URLC-DATA message via the Gb interface to the UNC (relayed to the CN). The CN replies with a GMM/SM signaling or SMS message (e.g. GMM attach accept or SM PDP context activation accept message) – relayed via the UNC (encapsulated within a URLC-DATA message) to the MS. MS AP UNC CN 1. URLC- DATA (QoS, priority, TLLI, PFI, LLC- PDU) 2. BSSGP (LLC- PDU) 2. BSSGP (LLC- PDU) 4. URLC-DATA (TLLI, PFI, LLC-PDU) Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Packet Paging Support Packet Paging for GPRS MS AP UNC CN • 1. BSSGP (Paging-PSPDU) • 2. URLC-PS-PAGE (Mobile Identity) 3. LLC_PDU Transport 4. BSSGP (LLC-PDU) • CN sends a PS page (identified by PTMSI or IMSI) via the UMAN for a GPRS attached MS. The UNC (after verification for MS registration) forwards the corresponding URLC-PS-PAGE msg. to the MS using the TCP signaling connection. The MS sends any LLC PDU (forwarded to the UNC) to respond to the page, activating a channel as needed. Packet Paging for Circuit Mode service • CN sends a CS page (identified by PTMSI or IMSI) for a UMA registered and currently GPRS attached MS via the Gb interface. The mobile station is currently GPRS attached via the UMAN. • The UNC (after verification for MS registration) forwards the corresponding URR PAGING REQUEST msg. (channel needed and IMSI/TMSI id) to the MS using the signaling TCP connection. MS AP UNC CN 1. BSSGP (Paging-CSPDU) 2. URR PAGING REQUEST 3. URR PAGING RESPONSE 4. BSSMAP (Complete L3 Info) • The MS initiates the standard CS page response procedure via the UMAN. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA: Flow Control MS AP UNC MS Initiated Downlink Flow Control CN • The MS sends a flow control request message (URLC-FC-REQ, specifying the required data rate correction) to the UNC via the URLC TC and starts a URLC DL FC timer to continue monitoring the flow control condition. The UNC calculates the adjusted flow control parameters for the MS and sends the corresponding request to the CN to reduce the downlink data rate for the MS. If the CN does resolve the downlink data rate before the expiry of the URLS DL FC timer at the MS, MS forwards another request to the UNC. 1. Flow control condition detected 2. URLC-FC-REQ (FC Adjustment) 3. BSSGPFlow-Control 4. URLC-FC-REQ (FC Adjustment) 5. BSSGPFlow-Control URLC DL FC timer • URLC DL FC timer 6. URLC DL FC timer expires • 7. Flow control condition resolved UNC Initiated Downlink Flow Control • • • The UNC sends a flow control request message (URLC-FC-REQ, specifying the required data rate correction) to the MS via the URLC TC and starts a URLC DL FC timer to continue monitoring the flow control condition. Upon receiving the message, the MS adjusts the uplink data rate accordingly. If the MS does resolve the downlink data rate before the expiry of the URLS DL FC timer at the UNC, UNC forwards another request to the MS. MS AP UNC CN 1. Uplink Flow control condition detected 2. URLC-FC-REQ (FC Adjustment) 3. URLC-FC-REQ (FC Adjustment) 4. URLC-FC-REQ (FC Adjustment) Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach 5. Flow control condition resolved {anshuman.saxena@dk-tcs.com} UMA: GPRS Suspend and Resume Support GPRS Suspend MS AP UNC CN • While transitioning to dedicated mode and if unable to support simultaneous voice and data services, the MS sends a URR-GPRSSUSPENSION-REQUEST message to the UNC to suspend downlink GPRS traffic. The request is transferred via the signaling TCP connection and includes TLLI and suspension cause parameters. • The UNC initiates and completes the BSSGP GPRS suspend procedure. 1. URR-GPRS-SUSPENSION-REQUEST 2. BSSGP GPRS Suspend GPRS Resume MS AP Initially, the MS is in the dedicated mode and the GPRS service is suspended. •On receiving a resume instruction from the CN, the UNC releases the resources associated with the dedicated mode and sends a URR-RELEASE message to instruct the MS to release the RR connection. •The MS replies with a URR-RELEASE-COMPLETE message and resumes GPRS service internally. •Optionally, if the CN indicated unsuccessful resumption, the MS initiates GPRS service resumption as per standard GPRS. UNC CN 1. Clear Command 2. Clear Complete 4. URR-RELEASE (GPRS_resumption) 3. BSSGP GPRS Resume 5. URR-RELEASE-COMPLETE 6. Resume GPRS service if required Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} UMA : Underlying Assumptions GERAN: GSM/GPRS radio access N/W MSC AP AP Broad band IP N/W SECURE TUNNEL MS UNC AP AP A VPLMN/HPLMN Up SGSN Gb SGW Wm AAA SERVER VLR / HLR UMA N/W AAA HLR Roaming HPLMN • Two radios: The proposed UMA architecture assumes that there are two radios (one each for GERAN and WLAN) and hence a scheme on the lines of ‘make before break’ paradigm is proposed. • WLAN detection: Detection of Unlicensed Mobile Coverage is the sole responsibility of the Mobile Station. It is expected that while in GSM mode, the MS would periodically scan for 802.11 coverage and any successful unlicensed link establishment can be reported back to the UMAN controller (UNC) for initiating a handover from the GSM/GPRS network to the newly registered WLAN. • MS reported IP address: Once the MS joins the WLAN, it reports the IP address assigned by the AP to the UNC. A security association is subsequently established between the MS and the UNC. UNC assumes the IP address reported by MS to be trust worthy and does not require any prior trust relationship between itself and the WLAN. • Resource availability : Unlicensed link establishment is assumed to have negotiated enough and sustainable resources required to support the session. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} Thoughts/Concerns • Authorized GERAN WLAN: Periodic scanning for WLAN availability throughout the operating (battery) life time would be beneficial if there are prospects of finding hotspots very often. Even with almost an exponential increase in the WLAN hotspot deployment, it remains doubtful if the user would be willing to offload critical and delay sensitive voice calls to any or all WLANs that he might successfully authenticate without co-authorization from the GERAN service provider. The quality/security of session will be the main concern. • Soliciting Attacks: Also frequent scanning provides more opportunity for attacks, more significantly resource consuming authentication process which is initiated only to be discarded in the end when the prospective WLAN identity cannot be verified. • Exploiting Low Power Modes: An obvious approach towards keeping the WLAN radio in low power mode only to wake up periodically for quick scanning might reduce the associated power consumed but still the overhead involved from a second radio point of view would be too large. • Trusting the weakest link: WLAN security is weak and easy to compromise when compared to cellular access schemes. Easy to befool a MS to believe it has found an authenticated WLAN to request session transfer from GERAN to newly found UMAN. GERAN blindly accepts the request without having any trust relationship of it’s own. • Resolving accountability: As per the new architecture, two (mutually un trusted) parties (GERAN and UMAN) will be involved in carrying the voice/data session to the end user. It is unclear how call related disputes would be resolved. GERAN can argue that it’s responsibility ends at the UNC while UMAN would view this as any other broadband service provided to the subscriber with best effort delivery. For the UMAN to guarantee accountable call handling it is necessary to have some arrangement binding on both the parties. • Secure tunnel carrying TCP over wireless link: It is well established that TCP performs poorly on wireless links since it interprets any packet loss (even those occurring due to bit errors and handoffs) as a sign of congestion and responds by invoking the congestion control and avoidance algorithm, resulting in degraded end-to-end performance in wireless and lossy systems. It is unclear how this problem can be addressed with the proposed UNC to MS IPSEC tunnel that encrypts the IP payload and hence none of the proposed enhancements (Splitting TCP connections, Snooping TCP at Base Stations, Selective acknowledgement and Transport aware Link Layer protocols) can be applied. • Working with a single configurable radio: H/W developments bring along single radio then how do they work, such periodic radio switching without any hint about possibility of preferred WLAN nearby would result in extremely high switching overheads . Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} An Alternate Approach The notion of Wireless Habitat Network (WHN) is based on the observation that integration of unlicensed mobile access (WLAN or Bluetooth) is both pressing and practical for regions where the user spends considerable time. To begin with we include the following in WHN. (a) Office WLAN (b) Home LAN WHN Characterisation: (a) Areas significantly longer and more frequently inhabited by a user (Regions of dominant habitat e.g. home & office WLANs) (b) Indoor environment where unlicensed low power radios like blue-tooth work effectively. (c) Not necessarily well administered, e.g. home WLANs. Opportunities/Challenges: (a) Current mobile devices (PDAs, cell phones) already come with an inbuilt (alternate) radio (Bluetooth or Infrared) primarily for synchronization with desktops or notebooks. We view this as a low power radio which can be used to wake the more power consuming WLAN radio only when a trusted WLAN has been identified within range. (b) The Unlicensed Networks will have to be made more secure. (c) Access Points will have to be integrated with an additional low power radio e.g. blue-tooth. Motivation: The primary objective of the proposed approach is to reduce the energy consumed in locating a trusted WLAN. Rationale: WLAN even in power save mode consumes far more energy than say Bluetooth in power save mode. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} Rationale: Low Power Modes of Unlicensed Radio Bluetooth low-power mode Transition time (ms) Active Mode Hold Mode Hold mode entry Hold mode exit Park Mode Park mode entry Park mode exit Sniff Mode Sniff mode entry Sniff mode exit 1.68 11.62 2.16 4.12 0.94 7.36 Avg. power (W) 0.09 – 0.24 0.061 0.068 0.216 0.061 0.077 0.126 0.061 0.078 0.194 Hold mode: stop data transfer by the requested device for a negotiated interval Sniff mode: useful for low data rate links where a quick response is required whenever data is present. Park Mode: used to enhance the number of simultaneous connected slaves. No data transfer takes place as it gives up it’s connection id but remains synchronized link (setup takes about 10s in blue-tooth) 802.11b low-power mode Doze: In 802.11b a synchronization beacon is transmitted by a central access point (AP) every 100ms. The beacon is followed by a traffic indication map (TIM) indicating any required data transfers. Doze mode is activated until the next beacon if no data transfer is required. Off: Transitions to the off mode either from active or doze mode Transmit state Receive state Doze state Doze state entry Doze state exit Off state Off state entry Off state exit Transition time (ms) 0.1 1 1 300 Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach Avg. power (W) 2.25 1.4 0.75 – 1.4 1.4 1.6 1.7 2.3 {anshuman.saxena@dk-tcs.com} The architecture MSC U N C A VPLMN/HPLMN SGSN Gb IP NW S G W AAA HLR AAA HLR Wm Roaming HPLMN WLAN Bluetooth • MS joins the existing blue-tooth PAN and polls for any GERAN related signalling. • On receiving a relevant event, the blue-tooth interface wakes the WLAN radio in the MS and a WLAN specific connection is established with the access point. • The procedures of UMA specification are followed. • The blue-tooth radio goes back to periodic polling mode i.e. hold (low power mode) – scan – hold. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} Network Discovery and GERAN interaction MS WLAN GERAN Wake up WLAN radio ON WHN BLUE TOOTH BLUETOOTH PAN GERAN WLAN AP UNC AAA HLR Bluetooth Link Establishment WLAN Link Establishment EAP-SIM based authentication and UMA registration WLAN radio OFF Bluetooth radio ON Bluetooth radio HOLD mode Bluetooth Radio Scan mode Incoming call request Incoming Resource Call Allocation WLAN re-establish and Ready Accept signal to UNC Call ends Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} Action Plan (TBD) >> Simulation >> Prototyping >> Dissemination Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com} References [1] Qadeer W., Rosing T. S., and Ankcorn J. “Heterogeneous Wireless network management”, PACS `03, San Deigo, December 2003. [2] Venkitaraman N., Almaula J., Haneef A. and Mysore J., “Session Aware Network Controlled Interface Selection for Multi-homed hosts”, WCNC 2004 IEEE Communications Society. [3] Engelstad P., Egeland G., and Thanh D. V. “Investigating Race Conditions in Multi-homed On Demand Ad-hoc Networks”, WCNC 2004 IEEE Communications Society. [4] Smith M., and Hunt R. “Network Security using NAT and NAPT”, 2002 IEEE [5] Unlicensed Mobile Access Specifications, http://www.umatechnology.org/, September 2004. [6] Shih E., Bahl P., and Sinclair MJ., “An Event Driven Energy Saving. Strategy for Battery Operated Devices”, Proceedings of ACM MOBICOM, 2002 [7] Ghribi B., and Logrippo L., “Understanding GPRS: the GSM packet radio service”, Computer Networks, 2000. [8] Balakrishnan H., Padmanabhan VN., Seshan S., and Katz RH., “A Comparison of Mechanisms for Improving TCP Performance over Wireless Links ”, IEEE/ACM Transactions on Networking, 1997. [9] Woesner H., Ebert JP., Schlager M., and Wolisz A., “Power Saving Mechanisms in Emerging Standards for Wireless. LANs: the MAC Level Perspective”, IEEE Personal Communications, 1998. [10] Potlapally NR., Ravi S., Raghunathan A., and Jha NK., “Analyzing the Energy Consumption of Security Protocols”, Proc. Int. Symp. Low Power Electronics & Design, 2003. Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach {anshuman.saxena@dk-tcs.com}