Mobile Enterprise Network Services Middleware Exploring the

advertisement
Bringing Cellular Service to Wireless
Habitat Networks
Understanding, evaluating & extending the
Unlicensed Mobile Access (UMA) architecture
Anshuman B. Saxena
anshuman.saxena@dk-tcs.com
TCS Euro-labs
{anshuman.saxena@dk-tcs.com}
Diversity : Cellular and Wireless LANs
Features
Cellular Networks (GSM/GPRS)
Personal Wireless Networking (WLAN)
•Coverage
Wide, available in most parts
Limited, typically homes and offices
•Administration
Registered (licensed) service provider
Widely self administered
•Network Identity
License based – network code
MAC based - Access point
•MS Identity
SIM based – IMSI
MAC based - WLAN card
•User Identity
IMSI based – globally verifiable and valid
Non verifiable, valid within the local network
•Critical Resource
Licensed Radio Spectrum
Unlicensed spectrum – no such critical resource
•Deployment
Often lose signal strength indoors due to
absorption of RF signals
Better suited for indoor communication and can be
easily deployed within buildings.
•Operation modes
Infrastructure mode
Both Infrastructure and adhoc (p2p) mode
•Access Cost
Shared Public Network – high access cost
Devoted Network, no contention – low access cost
•Power consumption
Standby lifetimes of up to several days
Standby lifetimes of up to only a few hours
•Service Capacity
Bounded reuse (cell constraints) – limited
capacity
Coverage limitation – unlimited reuse
•Service Quality
Restricted – low data rates
Comparatively high data rates
•Billing ($ cost)
High - Dominant part attributed to recurring
critical resource consumption in the last
mile
Low - Home Broadband Access involves one time
cost (cable laying + hardware equipment cost) for
last mile solution
•Hotspots
Uniform availability in all areas
Availability only in areas significantly longer and
more frequently inhabited – home and office
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
Motivation for Convergence
Wireless Habitat Networks represent the notion of Wireless
networks in regions of dominant habitat e.g. home & office
WLANs. Availability of such low cost wireless networks in
areas significantly longer and more frequently inhabited by a
user provides a lucrative opportunity to forward the services
associated with the global identity of a GSM/GPRS network.
GSM/GPRS
Global Identity
WLAN
Low Cost
A Unified Architecture
Use Case Scenario
GGSN
SGSN
BTS
BTS
BSC
VLR
MSC
BT
S
HLR
Convergence
Block
GSM/GPRS
AP
AP
Broad
band IP
N/W
AP
AP
WLAN
A cellular service subscriber while in active
GSM/GPRS session enters one of it’s many
wireless habitat networks, e.g. his home/office
WLAN. The same session (without any
perceivable disruption) is now routed to his
WLAN. All services associated with his
subscription with the cellular network are
delivered to him at a lower cost through the
currently available Wireless Habitat Network.
As a result the user remains reachable through
his global IMSI identity; however, while in home
or office he can avail the same services (voice
calls, SMS service, and other location
dependent services) at a much reduced cost
through his home or office WLAN.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
Foreseen Challenges
•
Issues of discovery and Registration of WLAN APs – trust issues
•
Issues related to incorporating these WLAN APs with the cellular infrastructure probably providing a BSS like abstraction
•
Delivery of cellular signalling information to WLAN APs like paging, flow control,
SMS etc.
•
Notion of cell to assist the delivery of location dependent services – may be some
kind of overlay of cells on the WLAN network.
•
Support for seamless handover of ongoing voice/data sessions back and forth
•
Security of user data – issues related to maintaining the confidentiality, integrity and
accountability of data routed over self administered WLANs.
•
Support for personalized network table for each user – context based network
lookup.
•
Dynamic association and disassociation of user specific wireless habitat networks.
•
Battery lifetime of mobile stations equipped with additional WLAN radios must be
comparable to those with a single 3G radio.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
Outlining the remaining presentation
•
Overview of individuals involved
>> GSM/GPRS
>> WLAN (not included)
>> Bluetooth (not included)
•
Related Work : candidate architectures
>> Unlicensed Mobile Access (UMA)
>> Underlying Assumptions
>> Thoughts and Concerns
•
An alternate proposition
>> The approach
>> Rationale
>> Architecture
>> Network Discovery and GERAN interaction
•
Action Plan (TBD)
>> Simulation
>> Prototyping
>> Dissemination
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
GSM: Architectural overview
GMSC
BTS
BTS
EIR
MSC
BSC
VLR
BTS
HLR
MS
BSS: Base Station Subsystem
AuC
NSS: Network and
Switching Subsystem
PSTN,
PSPD
N,
CSPD
N,
ISDN
GSM operates in circuit switched
mode i.e. a channel is allocated to
a single user for the entire
duration of the connection. This
exclusive access to radio resource
is not necessary for data
applications with the use of packet
switched techniques.
GSM Network Architecture
Network Switching Sub-system responsible for call control, service control and subscriber mobility management fns.
HLR: Home Location Register is a database used to store and manage permanent data of subscribers such as service
profiles, location information, and activity status.
VLR: Visited Location Register is a database used to store temporary information about the visiting subscribers.
MSC: Mobile Switching Centre is responsible for telephony switching functions.
AuC: Authentication Center assists MSC in performing various authentication functions.
EIR: Equipment Identity Register is a database that contains list of blacklisted mobile equipments.
GMSC: Gateway Mobile Switching Center is a gateway to external networks, such as ISDN or wire line networks.
Base Station Subsystem performs radio related functions
BTS: Base Transceiver Station handles the radio interface to the MS. It consists of radio equipment (transceivers and
antennas) required to service each cell in the network.
BSC: Base Station Controller provides the control functions and physical links between the MSC and the BTS. A number
of BSCs are served by one MSC while several BTSs can be controlled by one BSC.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
GSM Network Service Areas
SA5
BTS
LA2
BTS
BTS
BTS
BTS
BSC
BSC
BTS
LA3
SA4
LA1
MSC/
VLR-1
BTS
BTS
BTS
BTS
BTS
BSC
BSC
BTS
SA1
SA3
SA2
SA1 (MSC/VLR-1) = LA1+LA2+LA3
LA: Location Area SA: Service Area
Cell < LA < SA
Representative GSM Network Service Areas
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
GPRS: Architectural Overview
BSS: Base Station
Subsystem
NSS: Network and
Switching Subsystem
SGS
N
PCU
BT
S
MS
BT
S
BSC
PD
N
GGS
N
SGS
N
MSC
BT
S
VLR
HLR
GPRS Network Architecture
GPRS has minor impact on the existing GSM BSS
because it uses the same frequency bands and
hopping techniques, the same TDMA frame structure,
the same radio modulation and burst structure as
GSM. However, unlike the GSM circuit switched
connections, connections in GPRS have to be
established and released between the BSS and the
MS only when data needs to be transported over the
air interface.
PCU (Packet Control Unit) supports the handling of
data packets.
GPRS NSS can be viewed as an overlay network
GSN (GPRS Support Node) can be of two types a SGSN
(Serving GSN) or a GGSN (Gateway-GSN).
SGSN controls a service area and is primarily responsible for
keeping track of the MSs it serves, and for access control to
data services.
GGSN provides the interface to external PDNs (Packet Data
Networks). The SGSN is connected to the BSS by Frame Relay
and to possibly several GGSNs via a GPRS backbone n/w.
•There may not be a direct mapping between SGSN and
MSC/VLR areas.
•Introduction of RAs allows signalling and paging over
geographically smaller areas and thus a better optimization of
radio resources.
RA3
RA9
RA8
RA4
LA3
LA5
SGSN (2)
MSC/VLR
SGSN (1)
LA4
RA1
RA6
RA7
MSC/VLR
RA2
RA5
LA2
LA1
SGSN (3)
SGSN(1) service area = RA6 + RA7+ RA8+ RA9
SGSN(2) service area = RA1+ RA3+ RA4
SGSN(3) service area = RA2 + RA5
Cell<Routeing Area (RA) <Location Area (LA) <Service Area (SA)
Representative GPRS Network Service Areas
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
GPRS Subscription and Attach
Precondition
•Each user must have at least one GPRS
subscription record containing
information such as a list of networks to
which access is required and the
subscribed Quality of Service (QoS).
•Further optional information may be
available such as the user's static IP
address.
Sequence of procedures for GPRS attach
•MS requests for enough radio resources to send the Attach Request signaling message
•MS uses the assigned radio channel to send the Attach Request message which includes
user’s identity, MS capabilities and current location.
•The SGSN sends an Update Location message to the appropriate HLR
•HLR is updated and the users’ GPRS subscription record is provided to the SGSN.
•The SGSN signals the attach completion to the MS.
The network is now able to track the MS (via subsequent location updates) and is aware of
the services and networks that the user has access to. However, at this point the user is not
able to send or receive data.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
GPRS PDP context activation
•In order for the user to be able to
transfer data, a Packet Data Protocol
(PDP) Context must be activated in
the MS, SGSN and GGSN.
•The user initiates this procedure,
which is similar to logging on to the
required destination network.
• On completion, a virtual connection
is established between the MS and the
GGSN.
• MS requests sufficient radio resources to support the Context Activation procedure.
• MS uses the assigned radio channel to send the Activate PDP context request to the SGSN
which includes the user's static IP address (if applicable), the QoS requested for this context, the
APN of the external network to which connectivity is requested, the user's identity and any
necessary IP configuration parameters (e.g. for security reasons).
• The SGSN then checks the received request against the user's subscription record and, if valid,
queries the DNS server for the IP address of the requested APN.
• The DNS server responds to the SGSN with the IP address of at least one GGSN that will provide
the required connectivity to the external network (the APN).
• The SGSN requests a connection Tunnel to that GGSN.
• GGSN establishes the tunnel and returns an IP address to be conveyed to the MS. The GGSN
associates this tunnel with the required external network connection.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
GPRS: Security
•GPRS users expect the data they
transmit and receive to be protected
against eavesdropping and
tampering.
•Also GPRS operators will need to
prevent unauthorized subscribers
gaining access to the GPRS network.
•The GPRS Subscriber Authentication and service request validation. These controls
(which use existing GSM mechanisms) request validation when users connect to the GPRS
network.
•A Restricted Access Point Control facility. This ensures that only terminals authorized by
an individual company are able to access that company's network from the GPRS network.
This is under the direct control of the GPRS network.
•A Non transparent access technique, linking the GPRS session/bearer set-up with
standard IP access and authentication servers such as RADIUS (Remote Authentication
Dial-In User Service).
•Network encryption.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
GPRS QoS support: Reliability and Latency
Integrity of received data is ensured through two reliable modes of operation:
• RLC acknowledged mode is used by default to ensure that the data received by/from the MS is
without error.
• LLC acknowledged mode is an optional feature which ensures that all LLC frames are received
without error. However, use of this protocol has an impact on throughput since the correct receipt
of all LLC frames has to be acknowledged.
Factors contributing to the overall latency in GPRS include:
• Mobile Station (MS) delay - time taken by the MS to process an IP datagram and request radio
resource. Specific off MS, and hence the supplier.
• Radio resource procedures are the major source of delay in GPRS. For the MS to be capable
of sending or receiving data, radio resource known as a Temporary Block Flow (TBF) must be
made available to the MS. Establishing a TBF from scratch is entails exchange of signaling
messages and depends on the availability of radio resources. Also it will be different for the uplink
and downlink directions. Once established, the TBF generally remains active for as long as data
is made available to the layer (i.e. for as long as there are LLC frames to transmit).
• Effective data throughput (over-the-air delay) is the rate at which user data is physically
transmitted between the MS and the SGSN over an active TBF. The delay associated with this
throughput is directly related to the size of the IP datagram being sent. Smaller packets cause
less delay. The delay is proportionally reduced when multiple timeslots are used. The effective
throughput is also dependent on the number of re-transmissions resulting from the hostile radio
environment (i.e. the RLC Block Error Rate).
• Core network delay occurs as packets transit through the SGSN and GGSN. These nodes
effectively operate as IP routers and as such will have a relatively low impact on the overall
latency. However, under high load conditions the transit delay may increase.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
GPRS: Latency Breakdown
Latency Element
Uplink TBF
Establishment
1TS
Ongoing Uplink
Latency 1TS
Downlink TBF
Establishment
2TS
Ongoing Downlink
Latency 2TS
MS Delay
Average
215 ms
110 ms
65 ms
65 ms
Average
530 ms
0
1000 ms
0
Variability
320 - 750 ms
0
290 - 1700 ms
0
480 ms
480 ms
260 ms
260 ms
Average
20 ms
20 ms
20 ms
20 ms
Total (average)
1.3 seconds
0.6 seconds
1.3 second
0.4 seconds
TBF establishment
Over the Air Delay
Average
SGSN/GGSN Latency
This table illustrates a breakdown of the round-trip latency associated with the transmission
and reception of a 500 byte IP packet in a system employing 1 uplink and 2 downlink
timeslots. Note that any delay associated with external servers (i.e. the Internet) is not
included.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
Unlicensed Mobile Access (UMA) Architecture
GERAN: GSM/GPRS radio access N/W
MSC
UNC
AP
AP
TUNNEL
AP
AP
UMA N/W
VPLMN/HPLMN
Broad
band
IP
N/W
SECURE
MS
A
Up
SGSN
Gb
SGW
Wm
A: Interface for circuit switched services
Gb: Interface for packet switched services
Wm: Interface for AAA server
AAA
SERVER
AAA
VLR /
HLR
HLR
Roaming HPLMN
Mobile Station (MS)
•
includes dual mode (GSM and unlicensed) radios and the capability to switch between them
•
supports an IP interface to the access point
Access Point (AP)
•
provides the radio link towards the mobile station using unlicensed spectrum.
•
connects through the broadband IP network to the UNC
UMA Network Controller (UNC)
•
allows the MS to obtain all GSM services (via the ‘A’ interface) that it can obtain from direct connection to the
GERAN MSC
•
allows MS to obtain all GPRS services (via the ‘Gb’ interface) that it can obtain from direct connection to the
GERAN SGSN
•
includes a Security Gateway (SGW) that terminates secure remote access tunnels from the MS, providing
mutual authentication, encryption and data integrity for signaling, voice and data traffic
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UNC: coupling between the UMA N/W and GERAN - I
A interface
Up interface
GSM signalling
• GSM protocols MM and above
are carried transparently between
the MS and MSC.
• GSM-RR protocol is replaced
with a UMA-RR protocol which is
specific to Unlicensed Radio
access. The UNC, acting like a
GERAN BSC, terminates the
UMA-RR protocol and inter-works
it to the A-interface using BSSAP
messaging.
CC/SS/S
MS
CC/SS/S
MS
MM
MM
UMA RR
UMA RR
BSSAP
TCP
TCP
SCCP
Remote IP
Remote IP
IPSec ESP
IPSec ESP
Transport
IP
Transport IP
Unlicensed
Lower
Layers
Unlicens
ed Lower
layers
MS
Transport
IP
Transport
IP
MTP 2
Access
Layers
Unlicensed
Lower
Layers
MTP 1
Access
Layers
Standard AP
MTP 3
Broadband IP
N/W
UNC
BSSAP
SCCP
MTP 3
MTP 2
MTP 1
MSC
Up interface
Transcoding (if reqd.)
A
interface
GERAN
Codec
GERAN
Codec
RTP/UDP
RTP/UDP
Remote IP
Remote IP
IPSec ESP
IPSec ESP
Transport
IP
Unlicensed
Lower
Layers
MS
Transport IP
Unlicens
ed Lower
layers
Access
Layers
Standard AP
Transport
IP
Transport
IP
Access
Layers
Unlicensed
Lower
Layers
Broadband IP N/W
AUDIO
AUDIO
PHYSICAL
LAYERS
UNC
PHYSICAL
LAYERS
GSM speech bearer
• Audio transported as RTP
frames
• Support for GERAN codecs
• When operating in UMA
mode AMR FR is the preferred
codec type.
MSC
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UNC: coupling between the UMA N/W and GERAN - II
Up interface
Gb interface
UPPER
LAYERS
Upper
Layers
LLC
LLC
RELAY
UMA RLC
UMA RLC
TCP
TCP
REMOTE
IP
IPSec ESP
Remote IP
BSSGP
TRANSPO
RT IP
Unlicensed
Lower
Layers
MS
NETWORK
SERVICE
IPSec ESP
TRANSPORT IP
Unlicens
ed Lower
layers
Access
Layers
Standard AP
TRANSPO
RT IP
Transport
IP
ACCESS
LAYERS
Unlicensed
Lower
Layers
Broadband IP N/W
PHYSICAL
UNC
BSSGP
NETWORK
SERVICE
PHYSICAL
SGSN
Up interface
Gb interface
IP
To GGSN
SNDCP
SNDCP
LLC
LLC
UMA RLC
UMA RLC
UDP
UDP
REMOTE IP
IPSec
REMOTE IP
IPSec
BSSGP
TRANSPO
RT IP
Unlicensed
Lower
Layers
MS
TRANSPORT IP
Unlicens
ed Lower
layers
Access
Layers
Standard AP
TRANSPO
RT IP
TRANSPO
RT IP
ACCESS
LAYERS
Unlicensed
Lower
Layers
Broadband IP N/W
BSSGP
NETWORK
SERVICE
NETWORK
SERVICE
PHYSICAL
PHYSICAL
UNC
SGSN
GPRS signalling
• GPRS LLC PDUs for signalling and higher
layer protocols are carried transparently
between the MS and SGSN.
• GPRS-RLC protocol is replaced with an
equivalent UMA-RLC protocol. Given the
transport characteristics over Up interface the
GPRS TBF abstraction is not applicable and
reliability is ensured by TCP. Therefore the
UMA-RLC is significantly lighter than GPRSRLC. As in a GERAN BSS, the UNC, acting like
a BSC, terminates the UMA-RLC protocol and
inter-works it to the Gb-interface using BSSGP.
GPRS data
• GPRS LLC PDUs carrying data, and
higher layer protocols, are carried
transparently between the MS and the
SGSN.
• GPRS LLC PDUs are carried over UMARLC from the MS to the UNC, which
relays it over the SGSN using BSSGP
messaging.
• UMA-RLC runs directly over UDP to
leverage the IP bearer service.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Protocols Involved
Standard 3GPP Protocols
(requires no changes in MS or MSC/SGSN)
- Existing GSM MM, CM and higher layer protocols
- GSM voice encoding carried over IP between the MS and UNC.
- Existing GPRS LLC and higher layer protocols
- Existing A-interface protocols
- Existing Gb-interface protocols
- Existing Wm interface protocols
Standard IP based protocols
- IP over standard lower layers
- TCP to provide a tunnel for GSM/GPRS signaling and SMS
- IPsec ESP to provide a secure tunnel for GERAN bearer
(speech and data) and signaling traffic.
- IKEv2 [IKEv2] and EAP-SIM [EAP SIM] for authentication and
establishing and maintaining a SA between MS and UNC
- UDP for IPsec NAT traversal
- UDP for GPRS data transfer
- RTP/UDP for transfer of GSM vocoder frames over IP transport
Standard Unlicensed Radio Access Protocols
- 802.11 protocols for PHY and MAC, including functions for
association, authentication, encryption, data transfer and traffic
prioritization.
- Bluetooth protocols for PHY, Baseband, LMP, L2CAP and SDP,
including functions for discovery, paging, pairing (authentication),
encryption, ACL and data and voice traffic transfer. Additionally,
BNEP is used to provide Ethernet emulation over Bluetooth ACL
links as per the PAN profile.
UMA specific protocols
UMA-RR (peer of GSM-RR)
A protocol specific to the characteristics of the
unlicensed radio link which are quite different from that
of the GERAN radio link. Provides the following
services:
• registration with UNC
• setup of bearer path for CS traffic between the MS
and UNC
• handover support between GERAN and UMA; e.g.
functions such as GPRS suspension, paging, ciphering
configuration, classmark change, application level keepalive etc.
• support for identification of the AP being used for UMA
access.
UMA-RLC (peer of GSM-RLC)
protocol provides the following services:
• delivery of GPRS signaling, SMS messages over the
secure tunnel
• paging, flow control, GPRS transport channel
management
• transfer of GPRS user plane data.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Security Mechanisms
MS
AP
IP
N/W
UNC
1. Unlicensed
Interfaces
A, Gb
MSC/
VLR &
SGSN
IP
N/W
APP
SERVER
Interface Security
2. Up Interface Security
3. CN authentication, GPRS ciphering
4. Data Application Security (e.g. HTTPS)
1. Security mechanisms over the unlicensed radio interface (between the MS and the AP)
– Include the authentication and encryption functions defined for the unlicensed mode radio
interface protocols applied.
– Apply to voice, data and signaling over the radio interface.
2. Security mechanisms over the Up interface (between the MA and UNC)
– include both authentication and encryption functions to protect signaling, voice and data
traffic flows.
3. Authentication of MS by the core network (between MS and the MSC/VLR or MS and SGSN)
– remains transparent to the UNC
– a cryptographic binding between the MS-CN authentication and the MS-UNC authentication
to prevent man-in-the-middle attacks.
– GPRS ciphering (a LLC layer ciphering scheme) operates between the MS and the SGSN.
4. Application level security mechanisms (between the MS and the application server or gateway)
– can be employed to secure the end-to-end communication, e.g. the MS may run the HTTP
protocol over an SSL session for secure web access.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Addressing Issues – MS and AP
MS addressing parameters
•
The IMSI associated with the SIM in the terminal
This identifier is provided by the MS to the UNC when it registers to a UNC. The UNC
maintains a record for each registered MS. For example, IMSI is used by the UNC to find
the appropriate MS record when the UNC receives a BSSMAP PAGING message.
•
Public IP Address of the MS
The Public IP address of MS is the source IP present in the outermost IP header of packets
received from the MS by the UNC-SGW. If available, this identifier may be used by the
UNC to support locations services and fraud detection. It may also be used by service
providers to signal Managed IP networks IP flows that require QoS treatment.
AP addressing parameters
•
The “Access Point (AP) ID”
The AP-ID is the MAC address of the unlicensed mode access point through which the MS
is accessing UMA service. This identifier is provided by the MS (obtained via broadcast
from the AP) to the UNC via the Up interface, when it requests UMA service. The AP-ID
may be used by the UNC to support location services. The AP-ID may also be used by the
service provider to restrict UMA service access via only authorized APs.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Cell Identifiers
Why maintain the GERAN notion of cell in UMA network?
(a) Support for location dependent services such as emergency calling, operator announcements
and free phone numbers.
(b) Help identify the location of the call for billing purposes.
(c) Handover assistance
In UMA the notion of a “cell” is defined by some logical grouping of MSs being served by a UNC.
The cell assignment can be based on the
•
overlapping GSM cell that the MS is located in.
•
identity or location of the AP, or GPS co-ordinates of the MS
Determining cell-id for handover (ARFCN allocation to UMA cell)
•
Handover makes use of an RF channel number (ARFCN) and BSIC (base station identity
code) to identify the target cell.
•
UMA operates in a different frequency band hence a virtual ARFCN is assigned to each UMA cell
(i.e. each UNC; assuming each UNC forms a separate UMA cell). This ARFCN/BSIC is indicated
to the MS by the UNC during registration.
•
This assigned ARFCN is never used it should not be allocated from the operator’s BCCH pool.
Also same ARFCN number is preferred across the entire network to avoid BSS configuration.
Can be assigned from the frequency band not used by the operator.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Network Discovery and Registration
SERVING UNC
MS
DNS
SGW
UNC
DEFAULT UNC
DNS
SGW
UNC
PROVISIONING UNC
DNS
SGW
UNC
DNS
1. DNS query (provisioned or derived SGW FQDN)
2. DNS
3. Establish secure tunnel
4. DNS query (provisioning UNC FQDN)
5. DNS response
6. URR Discovery Request (CID, LAI, IMSI)
7. URR Discovery Accept (Default SGW IP address, Default UNC IP address)
8. URR Discovery Reject (Cause)
9. Establish secure tunnel
10. URR Register Request (CID, LAI, IMSI)
11. URR Register Redirect (SGW IP address, Serving UNC IP address)
12. Establish secure tunnel
13. URR Register Request (CID, LAI, IMSI)
14. URR Register Accept
15. URR Register Reject/URR Register Redirect
MS initiates the discovery and serves the following purpose
•
informs the UNC that a MS is now connected through a particular AP and is available at a particular IP
address; required for providing GERAN services, e.g. mobile-terminated calls.
•
provides the MS with the operating parameters associated with the UMA service.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Registration Update and De-register
De-registration
Registration Update
MS
MS
S-UNC
S-UNC
1. URR DEREGISTER
1. URR REGISTER UPDATE UPLINK
2. URR REGISTER REDIRECT
3. URR DEREGISTER
Registration Update Uplink
MS updates the UNC with changes about the AP
or the identity of the overlapping GSM cell.
De-Registration initiated by the MS
MS explicitly informs the UNC about leaving the UMA
mode; the UNC frees the resources assigned to the
MS. The UNC may also implicitly deregister the MS
when the TCP connection to the MS is abruptly lost.
MS
MS
S-UNC
S-UNC
1. URR DEREGISTER
1. URR REGISTER UPDATE DOWNLINK
Registration Update Downlink
UNC updates MS with changes in related to
system information or status of location services.
De-Registration initiated by the UNC
The Deregistration procedure can also be initiated by
the Serving UNC.
Keep Alive Messages
The Keep Alive messages indicate
to the peer URR entities that the MS
remains registered to the UNC.
MS
S-UNC
1. URR KEEP ALIVE
The MS in turn remains informed that the
UNC is still available using the currently
established lower layer connection.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: EAP-SIM authentication
MS
AP
UNC-
AAA
SGW authentication procedure
EAP-SIM
HLR
1. Unlicensed link establishment
•EAP-SIM mechanism
authenticates the MS with
the UNC using GSM
credentials.
2. IKE_SA_INIT
3. Select appropriate AAA server
4. EAP Response/Identity
[NAI based on IMSI]
5. EAP Request/SIM Start
6. EAP Request/SIM Start
7. EAP Response/SIM Start [NONCE_MT]
8. EAP Response/SIM Start [NONCE_MT]
9. Send Auth Info
11. EAP Request/SIM-Challenge [RAND,
MAC, Next re-auth ID]
10. Response (triplets)
12. EAP Request/SIM-Challenge
[RAND, MAC, Next re-auth ID]
13. Execute EAP/SIM
14. EAP SIM/Response-Challenge [MAC]
15. EAP SIM/Response-Challenge [MAC]
16. Verify MAC
17. EAP Success + keying material
18. EAP Success
19. Complete IKE signaling
20. UMAN REGISTRATION
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
•EAP-SIM procedure is
performed between the
MS and the AAA and the
UNC-SGW relays the
associated messages
• When the EAP-SIM
procedure has completed
successfully, the IKEv2
procedure can be
continued to completion
and the signaling channel
between MS and UNCSGW is secured. The MS
and UMAN can then
continue with the
discovery or registration
procedure.
{anshuman.saxena@dk-tcs.com}
UMA: EAP-SIM Fast Re-authentication
MS
UNC
1. IKE_SA_INIT
4. EAP Request/SIM/Re-authentication
[Counter, NONCE, MAC, Next re-auth ID]
HLR
2. EAP Response/Identity
[Re-authentication ID]
3. EAP Request/SIM/Re-authentication
[Counter, NONCE, MAC, Next re-auth ID]
5. Verify
Counter, MAC
6. EAP SIM/Response-Challenge
[Counter, MAC]
7. EAP SIM/Response-Challenge
[Counter, MAC]
8. Verify
Counter, MAC
9. EAP Success
10. EAP Success
• In Fast re-authentication, the AAA server and MS re-authenticate each other based on the keys derived on
the preceding full authentication.
• Fast re-authentication is provided by EAP-SIM, and does not make use of the GSM A3/A8 procedures. The
decision to make use of the fast re-authentication procedure is taken by the AAA server.
• The MS initiates a new SA with a UNC-SGW that it was previously connected to and uses the reauthentication ID (received during the previous full authentication procedure) in the IKE_SA_INIT exchange.
Suitability of fast re-authentication can be demonstrated in a number of scenarios for e.g. when setting up a
new SA because the IP address of the MS has changed as a result of a handover between APs connected to
different IP subnets. In the presence of large number of mobile stations, the network load (more specifically
the authentication related network load) reduced by avoiding such frequent re-keying can be significant.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Encryption
•
•
•
•
During a GERAN to UMAN handover, the MS first authenticates with the UMAN using EAP-SIM
authentication and then acquires an IP address on the subnet protected by the UNC-SGW (acts as a
NAT) and initiates creation of SA between itself and the UNC-SGW.
Various security configuration parameters are negotiated while connection establishment e.g. ciphering
mode, specific encryption algorithms etc.
During a handover from UMAN to GERAN, MS authenticates with the core network using established
GERAN procedures.
During an intra UMAN handover i.e. when the point of attachment of MS changes from one subnet to the
other (hence acquiring new IP address), EAP-SIM based fast re-authentication procedures are used.
Ciphering Configuration
MS
UNC
GERAN
Cipher mode command
URR-CIPHERING-MODE-COMMAND
[algorithms, cipher response, rand, …]
URR-CIPHERING-MODE-COMPLETE
[algorithm, IMEI, MAC(rand, …) ]
Verify
MAC
Cipher mode complete
CN
•The Cipher mode command from CN contains the
cipher key Kc, and the encryption algorithms that the
UNC may use.
•UNC indicates to the MS whether stream
ciphering shall be started or not (after handover to
GERAN) and if so, which algorithm to use, and a
random number.
•The MS computes a MAC based on the random
number, the MS IMSI, the FQDN of the UNC and the
key Kc. MS then sends a message to signal its
selected algorithm, the computed MAC, and the IMEI.
•UNC verifies the MAC, if found correct sends Cipher
mode complete message to the CN.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Mobile Originated Speech Call
MS
UNC
CN
1. URR UPLINK DIRECT TRANSFER (CM
Service Request)
2. Complete Layer 3 Info
3. Authentication
4. Cipher-Mode Command
5. URR CIPHERING MODE COMMAND
6. URR CIPHERING MODE COMPLETE
7. Cipher-Mode Complete
8. URR DOWNLINK DIRECT TRANSFER
(CM Service Accept)
9. URR UPLINK DIRECT TRANSFER (Setup)
10. URR DOWNLINK DIRECT TRANSFER (Call Proceeding)
12. URR ACTIVATE CHANNEL
11. Assignment Request
13. Uplink user plane RTP Stream
14. URR ACTIVATE CHANNEL ACK
15. Downlink user plane RTP Stream
16. Assignment Complete
17. URR ACTIVATE CHANNEL COMPLETE
18. URR DOWNLINK DIRECT TRANSFER (Alerting)
19. URR DOWNLINK DIRECT TRANSFER (Connect)
20. URR UPLINK DIRECT TRANSFER (Connect Ack)
21. VOICE TRAFFIC
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Mobile Terminated Speech Call
MS
UNC
CN
1. Paging Request
2. URR PAGING REQUEST
3. URR PAGING RESPONSE
4. Complete Layer 3 Info
5. Authentication
6. Ciphering Configuration
7. URR DOWNLINK DIRECT TRANSFER (Setup)
8. URR UPLINK DIRECT TRANSFER (Call Confirmed)
9. RTP stream setup
Assignment Procedure
10. URR UPLINK DIRECT TRANSFER (Alerting)
11. URR UPLINK DIRECT TRANSFER (Connect)
12. URR DOWNLINK DIRECT TRANSFER (Connect Ack)
13. VOICE TRAFFIC
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Handover to UMAN
MS
UNC
BSC
CN
UMAN
Registered
1. Um: Measurement Report
2. Handover Reqd.
3. Handover Request
4. Handover Request Ack
5. Handover Command
6. Um: Handover Command
7. URR HANDOVER ACCESS
8. RTP stream setup
9. URR HANDOVER COMPLETE
10. Handover Detect
11. VOICE
12. Handover Complete
13. Clear Command
14. Clear Complete
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Handover to GERAN
MS
UNC
BSC
CN
Ongoing
UMAN
Connection
1. URR UPLINK QUALITY INDICATION
2. URR HANDOVER REQUIRED
3. Handover Required.
4. Handover Request
5. Handover Request Ack
6. Handover Command
7. URR HANDOVER COMMAND
8. Um: Handover Access
11. Um: Physical Information
12. Um: Handover Complete
9. Handover Detect
10. VOICE
13. Handover Complete
14. VOICE
16. URR RELEASE
18. URR RELEASE COMPLETE
15. Clear Command
17. Clear Complete
19. URR DEREGISTER
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Unlicensed Radio Link Control for GPRS data
Whenever GPRS data transfer is initiated a UDP based URLC connection is established between the
MS and the UNC. Following are required for URLC connection establishment.
• The MS knows the destination IP address, destination UDP port to be used for GPRS related data
and value of the URLC-CHANNEL-TIMER.
• The UNC knows the destination UDP port to be used for GPRS data transfer for a specific MS.
URLC can be in the following two states:
In URLC-STANDBY state
•
the MS is not able to send or receive GPRS data to and from the UNC. The UNC or the MS needs
to activate the URLC Transport Channel before sending any GPRS data.
• the corresponding URLC Transport Channel does not exist. When the URLC Transport Channel is
activated, the MS enters the URLC-ACTIVE state.
In URLC-ACTIVE state
• the MS is able to send and receive GPRS data to and from the UNC.
A URLC channel timer controls the transition from URLC-ACTIVE to URLC-STANDBY state as
follows:
The MS URLC layer implements a timer that is started when the MS enters URLC-ACTIVE state
and restarted each time a non-NULL LLC-PDU is transmitted to or received from the network.
When the timer expires, the MS deactivates the URLC Transport Channel and the MS URLC
enters URLC-STANDBY state.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: GPRS Data Transport
MS
AP
UNC
•
1. URLC Transport Channel
activation
URLC channel timer
started
User Data Transport
CN
2. URLC-UNITDATA (QoS,
priority, TLLI, PFI, LLC-PDU)
3. BSSGP (LLC-PDU)
URLC channel timer
started
URLC channel timer
started
URLC channel timer
expires
5. URLC-UNITDATA (TLLI, PFI,
LLC-PDU)
4. BSSGP (LLC-PDU)
•
6. Additional URLC user data
transport
7. URLC Transport Channel
deactivation
•
MS sends an uplink LLC PDU to the UNC
(relayed to CN) with parameters required for Gb
interface and TLLI as MS identifier. Restarts the
URLC channel timer.
CN sends the downlink LLC PDU to the UNC
(relayed to MS) that contains GPRS user data
via the Gb interface. The MS is identified with
the TLLI and restarts the URLC channel timer on
data reception.
In the absence of any link level data, the URLC
channel timer expires and the corresponding
URLC TC is deactivated.
Signalling and SMS Transport
•
•
•
The MS LLC requests the URLC layer to transfer an
uplink GMM/SM signaling message or SMS Message
(e.g. a GMM attach request or SM PDP context activation
message).
The MS URLC sends a LLC PDU encapsulated within a
URLC-DATA message via the Gb interface to the UNC
(relayed to the CN).
The CN replies with a GMM/SM signaling or SMS
message (e.g. GMM attach accept or SM PDP context
activation accept message) – relayed via the UNC
(encapsulated within a URLC-DATA message) to the MS.
MS
AP
UNC
CN
1. URLC- DATA (QoS, priority, TLLI, PFI,
LLC- PDU)
2. BSSGP (LLC- PDU)
2. BSSGP (LLC- PDU)
4. URLC-DATA (TLLI, PFI, LLC-PDU)
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Packet Paging Support
Packet Paging for GPRS
MS
AP
UNC
CN
•
1. BSSGP (Paging-PSPDU)
•
2. URLC-PS-PAGE (Mobile Identity)
3. LLC_PDU Transport
4. BSSGP (LLC-PDU)
•
CN sends a PS page (identified by PTMSI or
IMSI) via the UMAN for a GPRS attached
MS.
The UNC (after verification for MS
registration) forwards the corresponding
URLC-PS-PAGE msg. to the MS using the
TCP signaling connection.
The MS sends any LLC PDU (forwarded to
the UNC) to respond to the page, activating a
channel as needed.
Packet Paging for Circuit Mode service
• CN sends a CS page (identified by PTMSI or IMSI)
for a UMA registered and currently GPRS attached MS
via the Gb interface. The mobile station is currently
GPRS attached via the UMAN.
• The UNC (after verification for MS registration)
forwards the corresponding URR PAGING REQUEST
msg. (channel needed and IMSI/TMSI id) to the MS
using the signaling TCP connection.
MS
AP
UNC
CN
1. BSSGP (Paging-CSPDU)
2. URR PAGING REQUEST
3. URR PAGING RESPONSE
4. BSSMAP (Complete
L3 Info)
• The MS initiates the standard CS page response
procedure via the UMAN.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA: Flow Control
MS
AP
UNC
MS Initiated Downlink Flow Control
CN
•
The MS sends a flow control request message
(URLC-FC-REQ, specifying the required data
rate correction) to the UNC via the URLC TC
and starts a URLC DL FC timer to continue
monitoring the flow control condition.
The UNC calculates the adjusted flow control
parameters for the MS and sends the
corresponding request to the CN to reduce the
downlink data rate for the MS.
If the CN does resolve the downlink data rate
before the expiry of the URLS DL FC timer at the
MS, MS forwards another request to the UNC.
1. Flow control condition detected
2. URLC-FC-REQ (FC Adjustment)
3. BSSGPFlow-Control
4. URLC-FC-REQ (FC Adjustment)
5. BSSGPFlow-Control
URLC DL
FC timer
•
URLC DL
FC timer
6. URLC DL FC timer expires
•
7. Flow control condition resolved
UNC Initiated Downlink Flow Control
•
•
•
The UNC sends a flow control request message
(URLC-FC-REQ, specifying the required data rate
correction) to the MS via the URLC TC and starts a
URLC DL FC timer to continue monitoring the flow
control condition.
Upon receiving the message, the MS adjusts the
uplink data rate accordingly.
If the MS does resolve the downlink data rate before
the expiry of the URLS DL FC timer at the UNC, UNC
forwards another request to the MS.
MS
AP
UNC
CN
1. Uplink Flow control
condition detected
2. URLC-FC-REQ (FC Adjustment)
3. URLC-FC-REQ (FC Adjustment)
4. URLC-FC-REQ (FC Adjustment)
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
5. Flow control
condition resolved
{anshuman.saxena@dk-tcs.com}
UMA: GPRS Suspend and Resume Support
GPRS Suspend
MS
AP
UNC
CN
•
While transitioning to dedicated mode and if
unable to support simultaneous voice and
data services, the MS sends a URR-GPRSSUSPENSION-REQUEST message to the
UNC to suspend downlink GPRS traffic. The
request is transferred via the signaling TCP
connection and includes TLLI and
suspension cause parameters.
•
The UNC initiates and completes the
BSSGP GPRS suspend procedure.
1. URR-GPRS-SUSPENSION-REQUEST
2. BSSGP GPRS
Suspend
GPRS Resume
MS
AP
Initially, the MS is in the dedicated mode and the GPRS service
is suspended.
•On receiving a resume instruction from the CN, the UNC
releases the resources associated with the dedicated mode and
sends a URR-RELEASE message to instruct the MS to release
the RR connection.
•The MS replies with a URR-RELEASE-COMPLETE message
and resumes GPRS service internally.
•Optionally, if the CN indicated unsuccessful resumption, the
MS initiates GPRS service resumption as per standard GPRS.
UNC
CN
1. Clear Command
2. Clear Complete
4. URR-RELEASE
(GPRS_resumption)
3. BSSGP GPRS Resume
5. URR-RELEASE-COMPLETE
6. Resume GPRS service if required
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
UMA : Underlying Assumptions
GERAN: GSM/GPRS radio access N/W
MSC
AP
AP
Broad
band
IP
N/W
SECURE
TUNNEL
MS
UNC
AP
AP
A
VPLMN/HPLMN
Up
SGSN
Gb
SGW
Wm
AAA
SERVER
VLR /
HLR
UMA N/W
AAA
HLR
Roaming HPLMN
•
Two radios: The proposed UMA architecture assumes that there are two radios (one each for GERAN
and WLAN) and hence a scheme on the lines of ‘make before break’ paradigm is proposed.
•
WLAN detection: Detection of Unlicensed Mobile Coverage is the sole responsibility of the Mobile
Station. It is expected that while in GSM mode, the MS would periodically scan for 802.11 coverage and
any successful unlicensed link establishment can be reported back to the UMAN controller (UNC) for
initiating a handover from the GSM/GPRS network to the newly registered WLAN.
•
MS reported IP address: Once the MS joins the WLAN, it reports the IP address assigned by the AP to
the UNC. A security association is subsequently established between the MS and the UNC. UNC
assumes the IP address reported by MS to be trust worthy and does not require any prior trust
relationship between itself and the WLAN.
•
Resource availability : Unlicensed link establishment is assumed to have negotiated enough and
sustainable resources required to support the session.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
Thoughts/Concerns
•
Authorized GERAN WLAN: Periodic scanning for WLAN availability throughout the operating (battery) life
time would be beneficial if there are prospects of finding hotspots very often. Even with almost an exponential
increase in the WLAN hotspot deployment, it remains doubtful if the user would be willing to offload critical and
delay sensitive voice calls to any or all WLANs that he might successfully authenticate without co-authorization
from the GERAN service provider. The quality/security of session will be the main concern.
•
Soliciting Attacks: Also frequent scanning provides more opportunity for attacks, more significantly resource
consuming authentication process which is initiated only to be discarded in the end when the prospective WLAN
identity cannot be verified.
•
Exploiting Low Power Modes: An obvious approach towards keeping the WLAN radio in low power mode
only to wake up periodically for quick scanning might reduce the associated power consumed but still the
overhead involved from a second radio point of view would be too large.
•
Trusting the weakest link: WLAN security is weak and easy to compromise when compared to cellular
access schemes. Easy to befool a MS to believe it has found an authenticated WLAN to request session
transfer from GERAN to newly found UMAN. GERAN blindly accepts the request without having any trust
relationship of it’s own.
•
Resolving accountability: As per the new architecture, two (mutually un trusted) parties (GERAN and
UMAN) will be involved in carrying the voice/data session to the end user. It is unclear how call related disputes
would be resolved. GERAN can argue that it’s responsibility ends at the UNC while UMAN would view this as
any other broadband service provided to the subscriber with best effort delivery. For the UMAN to guarantee
accountable call handling it is necessary to have some arrangement binding on both the parties.
•
Secure tunnel carrying TCP over wireless link: It is well established that TCP performs poorly on wireless
links since it interprets any packet loss (even those occurring due to bit errors and handoffs) as a sign of
congestion and responds by invoking the congestion control and avoidance algorithm, resulting in degraded
end-to-end performance in wireless and lossy systems. It is unclear how this problem can be addressed with the
proposed UNC to MS IPSEC tunnel that encrypts the IP payload and hence none of the proposed
enhancements (Splitting TCP connections, Snooping TCP at Base Stations, Selective acknowledgement and
Transport aware Link Layer protocols) can be applied.
•
Working with a single configurable radio: H/W developments bring along single radio then how do they
work, such periodic radio switching without any hint about possibility of preferred WLAN nearby would result in
extremely high switching overheads .
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
An Alternate Approach
The notion of Wireless Habitat Network (WHN) is based on the observation that integration of unlicensed
mobile access (WLAN or Bluetooth) is both pressing and practical for regions where the user spends
considerable time. To begin with we include the following in WHN.
(a) Office WLAN
(b) Home LAN
WHN Characterisation:
(a) Areas significantly longer and more frequently inhabited by a user (Regions of dominant habitat e.g.
home & office WLANs)
(b) Indoor environment where unlicensed low power radios like blue-tooth work effectively.
(c) Not necessarily well administered, e.g. home WLANs.
Opportunities/Challenges:
(a) Current mobile devices (PDAs, cell phones) already come with an inbuilt (alternate) radio (Bluetooth or
Infrared) primarily for synchronization with desktops or notebooks. We view this as a low power radio which
can be used to wake the more power consuming WLAN radio only when a trusted WLAN has been
identified within range.
(b) The Unlicensed Networks will have to be made more secure.
(c) Access Points will have to be integrated with an additional low power radio e.g. blue-tooth.
Motivation:
The primary objective of the proposed approach is to reduce the energy consumed in locating a trusted WLAN.
Rationale:
WLAN even in power save mode consumes far more energy than say Bluetooth in power save mode.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
Rationale: Low Power Modes of Unlicensed Radio
Bluetooth low-power mode
Transition time (ms)
Active Mode
Hold Mode
Hold mode entry
Hold mode exit
Park Mode
Park mode entry
Park mode exit
Sniff Mode
Sniff mode entry
Sniff mode exit
1.68
11.62
2.16
4.12
0.94
7.36
Avg. power (W)
0.09 – 0.24
0.061
0.068
0.216
0.061
0.077
0.126
0.061
0.078
0.194
Hold mode: stop data transfer by the
requested device for a negotiated interval
Sniff mode: useful for low data rate links
where a quick response is required whenever
data is present.
Park Mode: used to enhance the number of
simultaneous connected slaves. No data
transfer takes place as it gives up it’s
connection id but remains synchronized link
(setup takes about 10s in blue-tooth)
802.11b low-power mode
Doze: In 802.11b a synchronization beacon is
transmitted by a central access point (AP) every
100ms. The beacon is followed by a traffic indication
map (TIM) indicating any required data transfers.
Doze mode is activated until the next beacon if no
data transfer is required.
Off: Transitions to the off mode either from active or
doze mode
Transmit state
Receive state
Doze state
Doze state entry
Doze state exit
Off state
Off state entry
Off state exit
Transition time (ms)
0.1
1
1
300
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
Avg. power (W)
2.25
1.4
0.75 – 1.4
1.4
1.6
1.7
2.3
{anshuman.saxena@dk-tcs.com}
The architecture
MSC
U
N
C
A
VPLMN/HPLMN
SGSN
Gb
IP NW
S G W
AAA
HLR
AAA
HLR
Wm
Roaming HPLMN
WLAN
Bluetooth
• MS joins the existing blue-tooth PAN and polls for any GERAN related signalling.
• On receiving a relevant event, the blue-tooth interface wakes the WLAN radio in the MS and a WLAN
specific connection is established with the access point.
• The procedures of UMA specification are followed.
• The blue-tooth radio goes back to periodic polling mode i.e. hold (low power mode) – scan – hold.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
Network Discovery and GERAN interaction
MS
WLAN
GERAN
Wake up
WLAN
radio ON
WHN
BLUE
TOOTH
BLUETOOTH
PAN
GERAN
WLAN
AP
UNC
AAA
HLR
Bluetooth Link
Establishment
WLAN Link Establishment
EAP-SIM based authentication and UMA registration
WLAN
radio OFF
Bluetooth
radio ON
Bluetooth
radio
HOLD
mode
Bluetooth
Radio
Scan
mode
Incoming call request
Incoming
Resource
Call
Allocation
WLAN re-establish and Ready Accept signal to UNC
Call ends
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
Action Plan (TBD)
>> Simulation
>> Prototyping
>> Dissemination
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
References
[1] Qadeer W., Rosing T. S., and Ankcorn J. “Heterogeneous Wireless network management”, PACS
`03, San Deigo, December 2003.
[2] Venkitaraman N., Almaula J., Haneef A. and Mysore J., “Session Aware Network Controlled
Interface Selection for Multi-homed hosts”, WCNC 2004 IEEE Communications Society.
[3] Engelstad P., Egeland G., and Thanh D. V. “Investigating Race Conditions in Multi-homed On
Demand Ad-hoc Networks”, WCNC 2004 IEEE Communications Society.
[4] Smith M., and Hunt R. “Network Security using NAT and NAPT”, 2002 IEEE
[5] Unlicensed Mobile Access Specifications, http://www.umatechnology.org/, September 2004.
[6] Shih E., Bahl P., and Sinclair MJ., “An Event Driven Energy Saving. Strategy for Battery Operated
Devices”, Proceedings of ACM MOBICOM, 2002
[7] Ghribi B., and Logrippo L., “Understanding GPRS: the GSM packet radio service”, Computer
Networks, 2000.
[8] Balakrishnan H., Padmanabhan VN., Seshan S., and Katz RH., “A Comparison of Mechanisms
for Improving TCP Performance over Wireless Links ”, IEEE/ACM Transactions on Networking,
1997.
[9] Woesner H., Ebert JP., Schlager M., and Wolisz A., “Power Saving Mechanisms in Emerging
Standards for Wireless. LANs: the MAC Level Perspective”, IEEE Personal Communications,
1998.
[10] Potlapally NR., Ravi S., Raghunathan A., and Jha NK., “Analyzing the Energy Consumption of
Security Protocols”, Proc. Int. Symp. Low Power Electronics & Design, 2003.
Background > Motivation > Index > GSM > GPRS > UMA > UMA assumptions > UMA concerns > Alternate Approach
{anshuman.saxena@dk-tcs.com}
Download