A Quantitative Study of Authentication and QoS in Wireless IP
advertisement
A Quantitative Study of Authentication and QoS
in Wireless IP Networks
Wenye Wang
Wei Liang
Department of Electrical and Computer Engineering
North Carolina State University, Raleigh, NC 27695
Abstract- With the increasing demand fur secure and
high-quality communications in public access wireless
IP networks, it is very important to have a n in-depth
understanding of the relationship between the security and
quality of service (QoS). In wireless networks, authentication can provide secure communications by preventing
unauthorized usage and negotiating the credentials for
data transmission. Nevertheless, it induces heavy overhead
to data transmission, further deteriorating overall system
performance. Thus, we analyze the impact of authentication an the security and QoS quantitatively in this
paper. First, we introduce a system model based on a
challeng4response authentication, which is widely used in
many mobile environments. Then, a concept of security
level is proposed to describe the protection of communications according to the nature UP security, i.e., information
secrecy, data integrity, and resource availability. By taking
traffic and mobility patterns into account, our approach
establishes a direst and quantitative connection between
the security and QoS through the authentication. Finally,
numerical results are provided to demonstrate the impact
of security levels, mobikity and traffic patterns on overall
system performance in terms of authentication delay and
call dropping probability.
Key Words: Wireless IP networks, challenge/response authentication,secwit)! associafion.
I . INTRODUCTION
The tremendous advance of wireless communication technoloeies has facilitated the ubiquitous Internet service,
whereas inducing more challenges to security due to open
medium [l]. In order to provide security services in wireless
IP networks, authentication is used as an initial process to
authorize a mobile user (MU) for communications through
secret credentials [2]. In an authentication process, an M U
is required to submit secret materids such as certificates
and challenge/response values for verification and encryptioddecryption with session keys and algorithms [31-[61. By
rejecting unsuccessfully authenticated users, authentication
can protect the network resources. The information secrecy
This work was supported in part by the National Science Foundation
tNSF) under award ANI-0322893 and in party by the Center for Advanced
Computing and Communication (CACC) 03-06 and 04-08.
0-7803-8968-9/05/$20.00 (C)z005 IEEE
and data integrily can also be guaranteed by using the negotiated credentials €or encryption and message authentication.
Meanwhile, authentication also affects the quality of service (QoS) greatly. When public-key based authentication
mechanism is applied, the computation complexity of encryption/decryption consumes more time and power [7]. For secretkey based challengehesponse authentication, the credentials of
the MU are encrypted and transmitted for remote verification
hop-by-hop among authentication servers [SI-[ IO]. The transmission and encryptionldecryption of credentials affect many
QoS parameters such as delay, call dropping probability, and
throughput. Therefore. in some scenarios, a uadeoff between
security service and system performance should be considered
because users may have different preferences with respect to
security and performance.
Moreover, authentication requests are closely related to
mobility and traffic patterns of MUS because these requests
are generated when an MU either initiates a call, or crosses a
boundary of subnets. Therefore, the impact of authentication
on QoS parameters is far more sophisticated when mobility
and traffic patterns are taken into account.
Since the authentication affects both of security and QoS,
many authentication schemes are proposed, focusing on the
security and efficiency [ 2 ] , [5], [8]-[15]. However. none of
them provide quantitative analysis of security and system
performance, simultaneously, and nor do they show the connection between security and system performance. Furthermore, mobility and traffic patterns are not considered in the
evaluation of authentication, which are important features in
wireless networks. Therefore, new authentication solutions
may not be adaptive to mobile environments with the concerns
of security. performance, and mobility patterns.
In this paper, we investigate the performance of authentication in wireless IP networks. First, a system model is proposed
to analyze the challengelresponse based authentication, which
is highly consistent with various wireless IP networks such
as Mobile IP and wireless local area network (WAN). This
consistency guarantees that our analytical results are applicable
in r e d mobile environments. Security levels are classified with
the nature of security, i.e., information secrecy, data integrity,
and resource availability, and are introduced to indicate the
protection of communications. Moreover, we analyze authentication delay and call dropping probability at different security
levels in combination with mobilify and truflc parterns. Thus,
our work builds a solid ground far understanding the impacl
1478
of authentication on security and QoS with the concern of
adaptation to various mobiIe environments.
The rest of our paper is organized as follows. In Section 11.
we discuss the effect of authentication on security and QoS
with respect to challengelresponse authentication. In Section
111, we describe a system model and define meuics used for
performance evaluation in the paper. We analyze these mewics
at different security levels with the consideration of mobility
and traffic patterns in Section IV. Then, we provide numerical
results on delay and call dropping probability in Section V.
Finally, we draw a conclusion in Section VI.
11. EFFECTOF AUTHENTICATION ON SECURITY AND Q O S
In this section, we introduce challenge/response authentication, and describe the effects of authentication on security and
QaS with challengelresponse authentication,
A. Oven&w of Challenge/Response Authentication
shared SA with the LAS and replies the response value to the
LAS. After decrypting the replied value and comparing il with
original challenge value, the LAS can authenticate the MU
when the decrypted value matches original challenge value.
Session authentication: When an MU starts a communication
session in a subnet of a foreign network, a session authentication is initiated. At this time, session SA does not exist
between the MU and the AP. Thus, i t is necessary to contact
the HAS of the MU for authentication. As shown in Fig. 1.B,
when an LAS receives the authentication request, it sends a
challenge value to the MU. The MU encrypts the challenge
value with the SA shared with the HAS, and replies the
response value to the LAS, which relays the challenge and
response values to the HAS of the MU for verification due to
lack of SA to decrypt the response value. After authentication
at the HAS, the secret credentials such as keys to protect the
communication may be generated and sent to the LAS.
The authentication in wireless networks is a process to Inter-domain handoff authentication: When an MU is crossidentify Mus and to negotiate credentials for communications. ing the boundaries of different foreign network domains with
In a challenge/response-based authentication, a user is iden- an on-going service, an inter-domain handoff authentication
tified with a shared security association (SA), which is a occurs. Without an existed SA between the MU and the LAS,
trust relationship with many parameters such as keys and the signaling diagram shown in Fig. 1.C is similar with that in
algorithms for secure services [ 161, between an authentication the case of session authentication, except that the MU needs
server. During the process, the server sends a challenge value, registration to its HA via the HAS because we assume that
a random number, to the user for encryption, and verifies the MU needs registration when it is crossing the boundaries
the returned value, called response vuhe, with decryption. of different network domains.
In a foreign network, a visiting MLJ sends an authentication
request to an access point (AP). The AP relays the request to B. Effecfof Authentication on Security
a local authentication server (LAS), which only takes charge
Security services are to provide information secrecy, data inof authentication for visiting M u s from foreign networks. If tegrity, and resource availability for users. Information secrecy
the LAS has no information to verify the MU, it contacts means to prevent the improper disclosure of information in the
the home authentication server (HAS) of the MU through communication, while data integrity is to prevent improper
an authentication architecture. An HAS is an authentication modification of data and resource availability is considered to
server to identify the MUS who subscribe the service in its preventing improper denial of services [16].
network. And, an authentication architecture is composed of
In order to provide security services in wireless networks,
many authentication servers that share SAS with the LAS and challenge/response-based authentication adopts several techHAS. If the request is an inter-domain authentication request, niques. First, it requires the MU to share an SA with its HAS.
the HAS sends a registration request to the MU’s home agent The SA is unique and secret to other users. Therefore, the iden(HA): which maintains the current location of the MU, to tification of the MU is unique, which can prevent unauthorized
update the MU’s location.
Mus from accessing the network resource. Second, session
7Arordghou6 this papec we assume that an MU is roaming keys may be generated and sent to communication partners
inlo a foreign nemork domain. Then, the challengelresponse during authentication, which are used to encrypt the data of
authentication for an Mu in a foreign network can be classified communication and provide message authentication code for
into three types: intra-domain handoff authentication; session data integrity check. Therefore, the authentication mechanism
authentication; and inter-domain handoff authentication.
plays a key role to protect the data secrecy and integrity.
Intra-domain handoff authentication: When an MU crosses
the boundary of subnets in the foreign network domain with C. Effect of Aiifhentication on QoS Metrics
Besides the effect on the security. authentication also influan on-going service, an intra-domain handoff authentication
is initiated, Since there is an on-going communication session ences QoS metrics, such as authentication delay, cal1 dropping
between the MU and an AP, one session SA exists between the probability and throughput of communications.
MU and the LAS in the visiting network domain. Therefore, it
The authentication delay is defined as the time from when
is unnecessary to contact the HAS of the MU for authentica- lhe MU sends out an authentication request 10 when the MU
tion. In the case shown in Fig. I . A , the LAS, which receives receives the authentication reply. During this authentication
the authentication request from an MU, sends a challenge delay, no data for on-going service can be transmitted, which
value to the MU. The MU encrypts the challenge value using may interrupt the connections. Therefore, the call dropping
1479
Authentication
Aurheniication
B. Session Authenrlcmion
A. Inrra-domam Handoff Authentication
LAS: Local Authentication Server
C.her-domain Handoff Authentication
HAS: Home Authentication Servzr
HA:Home Agent
AP: Access Point
MU: Mobie User
Challenge/Response
Authentication
in
Public
Wireless
Access
Networks.
Fig. 1.
probability may be increased because of the extended authentication delay,
The throughput is defined as the h e effective data transmitled per unit lime. It can be greatly decreased in authentication
because of several reasons. First, the authentication delay
may cause a pause for data transmission, which decreases the
throughput. Second. the key size and complex algorithms used
in authentication affect the processing time of authentication
messages, and the attachment of message authentication code
for data integrity check will affect the payload of messages.
In summary. authentication in wireless networks has great
effects on both security and quality of service such as authentication delay, call dropping probability, and throughput.
In order lo improve the security and performance of wireless
networks, it is necessary to analyze the authentication effects
on both security and QoS metrics by taking into account
mobility and traffic patterns. To this end, we propose a
system model with assumptions and definitions of performance
meuics in the next section.
111. SYSTEM MODEL A N D METRICS
In this section. we introduce a system model to analyze
the impact of challengehesponse authentication in wireless
networks. We consider the security and system performance,
in which the security is defined with regard to security levels,
and the system performance are evaluated with authentication
delay and call dropping probabilities.
A. System Model
We consider a generic system model for wireless networks
fiom two aspects. One is to describe the authentication inter-
action between autonomous wireless networks; the other is to
illustrate the authentication within a wireless network.
The system model to describe the authentication interaction
between inter-connected wireless nelworks is shown in Fig. 2.
In this model, there are a number o f n autonomous wireless
networks. Each network domain has an LAS and an HAS,
which are cenual authentication servers in a network domain.
The trust relationships between these LASS and HASs are
maintained through an authentication architecture [14]. The
functions of the LAS, HAS, and authentication architecture are
introduced in Section 11-A. We m u m e that the LAS and HAS
are integrated together. and the authentication architecture
shares an SA with the LAS/HAS of a network domain.
We further assume that a network domain is composed of
Ad subnets of equal size, and each subnet is controlled by an
-
I
:Access Paint
SN: SubNetwork
LAS: Local Authentication Server
/
-
-
: Movement of MU
MU: Mobile User
HAS: Home Authentication Server
Fig. 2. System Model of Authentication in Wireless Networks.
AP. An LAS/HAS shares SAS with A4 APs and controls the
authentication requests from them.
The generic system model in our paper is consistent with
many practical wireless networks such as the authentication,
authorization, and accounting (AAA) architecture in Mobile
IP networks and wireless local area networks ( W A N ) E141.
Based on this system model, in order to evaluate the performance of authentication, we need to describe specific
conditions such as authenticaLion mechanism, mobility and
traffic patterns clearly .
Scenario: Assume that the challengelresponse authentication
is implemented on the generic system model with signaling
diagrams shown in Fig. 1. In this paper, we focus on the
scenario that an MU is roaming into foreign network domains.
Then, the intra-domain handoff authentication, session authentication, and inter-domain handoff authentication in foreign
networks are illustrated in Fig. 1.A, 1 .B, and 1,C, respectively.
Mobility pattern: The mobility pattern of an Mu in our paper
is represented by the residence time of the MU in one subnet,
denoted as T,. We assume that Tr i s a random variable and the
probability density function (PDF) of T,, denoted as f~,(t).
is Gamma distribution with mean l / p r and variance V [171.
Then, the Laplace transform of fT, ( t ) ,F,. (s), is:
Furthermore, if the number of subnets passed by an Mu is
assumed to be uniformly distributed between [l,MI. the PDF
of the residence time in a network domain, denoted as f ~ ,( t ) ,
1480
MU
can be expressed with a Laplace transform F M ( s )as:
AP
Resource-Req
Resource-Res
MU: Mobile User
Then, the mean vahe of residence time in this network
domain, denoled as T M ,can be expressed as:
Fig. 3. Intra-domain Handoff & Session Authentication at Security Level 1.
(3)
Security Level 1: Any MUS can send data through an
AP without authentication. When an AP receives an
authentication request, it checks the resources for this
request. In intra-domain and session authentication shown
in Fig. 3, if the resources for this service is available, the
resource approval is replied to the MU to authorize the
service. The signaling diagram for inter-domain handoff
authentication is very similar to Fig. l.C. The difference
is that the LAS needs to send registration messages lo the
HA and the HAS of the Mu through the authentication
architecture, instead of replying a challenge value to
the MU. After registration, the service is authorized
to the MU. At security level 1, the integrity, secrecy,
and resource availability cannot be protected without
cryptographic techniques.
Securidy Level 2: Authentication is implemented through
a predefined list of Media access control (MAC) addresses, and no keys are generated for subsequent communications. In this case, when an AP receives an authentication request, it requests the MAC address of the MU
and relays the MAC address to the LAS or HAS for verification, as shown in Fig. 4.If the received MAC address
matches one entry in the list, the MU is authenticated.
For intra-domain handoff authentication, the LAS has the
session SA of the MU, thus, the MLJ can be verified
at LAS. For inter-domain and session authentication, the
MU needs to be authenticated at HAS because no SA
exists at the LAS. In particular, registration is required
during inter-domain authentication. There is no protection
for data integrity and secrecy without keys distributed to
the MU. But !he network resource is slightly protecled by
.,identifying the MAC address although il can be forged
Traffic pattern: In this paper, we use call arrival rate and call
duration time to indicate traffic patterns. We assume that the
call arrival rate of an MU, which includes the incoming calls
and outgoing calls, is Poisson process with average rate A,,
and a call duration time, denoted as TD,has an exponential
distribution with mean value 1/11, Then, the PDFs of the call
inter-arrival time and call duration time, denoted as
( t )and
f ~ ,(1). respectively, become:
f T A ( t )= X ~ ~ C ’ , ~ ,
and
f T a ( t ) = qepqt,
(4)
Based on these assumptions on the mobility and traffic
patterns of the MU, we evaluate the security and QoS metrics
during authentication, which are defined next.
E. Peflormance M e t r i a
We categorize the performance meuics into security and
QoS parameters. The security parameter is represented by
security levels, at which different levels of protection are provided. Meanwhile, we consider authentication delay and call
dropping probability as the system performance for evaluation.
1 ) Security Levels: There are much quantitative analysis
of QoS in networks [IS]. [19], whereas less analysis of
security exists. This gap between the QoS and security analysis
demands quantization of security for the engineering research.
Therefore, the concept of security level becomes widely used
for security evaluation [20], [21]. The classification of security
levels in these papers is either based on the information
sensitivity, or based on the key length. In the cIassification
with the information sensitivity, if a group of users are allowed
to access most sensitive data, and the data in this group is
prohibited to expose to ocher groups, then, the security level
of this group is the highest. In the classification with respect to
key length, if an encryption/decryption process uses a longer
key than other processes, this process is assigned a higher
security level. As we can see, however, all of them do not
consider the nature of security, i.e., data integrity, secrecy, and
availability. Therefore, we argue that the nature of security
should be involved to classify the security levels.
In our paper, the securi@ level is to indicate the level of
protection provided by the authentication for quantitative analysis of security. The classification of security levels is shown
in Table I according to the security functions described in
Section 1143, i.e., protection for integrity, secrecy and resource
availability. Because of different actions in challenge/response
authentication, the protection of data integrity, secrecy, and
availability are different at different security levels.
AP: Access Point
.
?-. .easily.
1481
1
Security Level 3: Authentication is implemented with
credentials encrypted with a shared SA, and no keys are
generated for subsequent communications. In this case,
an SA between the MU and its HAS is used for interdomain handoff and session authentication as shown in
Fig. 5 . The signaling process at security level 3 is almost
the same as that at security level 2. The difference is that a
pair of challenge/response values are used to authenticate
the MU instead of the MAC address. The MU that
receives a challenge value from the LAS encrypts the
challenge value with corresponding SA. In the intradomain handoff authentication, the corresponding SA
is shared with the LAS during communication session.
Then, the LAS verifies the challenge value replied from
the MU by decrypting the response value with the SA.
TABLE I
Security Level i
Security Service
1
Integrity I Secrecy I Confidentiality I Availability Protection
No
I No I
No
I
No
I
4
MU
AP
]
Yes
Yes
I
LAS
I
1
Auh-Appr
A Intra-dontun Handoff Aulhenucauon
AP
MU
LAS
HAS
I
I
HA
Resource-Req
I
J
Session Auihenticanm
Inm-domain HandoB Authentirtion
B. Session and Inm-domn HandoffAuthcnlrcauon
LAS: Local Authentication Server MU: Mobile Usel
HAS: Home Authentication Server AP: Access Point
HA: Home Agent
Fig. 4. Signahng Diagram at Security Level 2.
A. Lnrra-domain Handoff Aulhenticauan
MU
LAS
AP
Resource-Rcq
-I
HAS
High
during inter-domain authentication. At security level 3,
the network resources can be protected by only allowing
the access of legitimate users. However, since no key is
dislributed for data transmission, the integrity and secrecy
are not guaranteed. Furthermore, the network resource
may be compromised due to lack of data integrity and
secrecy.
Securie Level 4 : Authentication is implemented with
shared SA, and keys are generated for data communication. The signaling diagram at security leveI 4 is shown
in Fig. 5 , which is similar with that at security level 3.
The difference is that keys are generated, encrypted, and
transmitted to communication partners such as the MU,
home and foreign agents. After the keys are decrypted
by the communication entities, the keys will be used to
provide encryption and message authentication code to
protect the communication. Therefore, the integrity of
data can be guaranteed, and the secrecy is protected with
data encryption. The network resource is also protected
since the identification cannot be compromised due to the
protection of data integrity and secrecy.
From Table I and description above, we can see that
the higher the security level, the better security services
the authentication provides. However, higher security levels
are achieved by applying more complicated cryptographic
techniques in the authentication process. The extra operations induce overhead that affects the QoS metrics, such
as authentication delay and call dropping probability during
authentication.
2) Average Authentication Delay: We define authentication
delay as the time from when an MU sends an authentication
request to when the MU receives the authentication reply. The
average authentication delay, T (i ) . is defined as the sum of an
authentication delay over a number of authentication requests
per unit time at security level i, i.e.,
Rmourm-Rcq
Resource-Res
High
HA
Auth-Req
3
Sesslon Aurhentication
-I
Inter-domain Handoff Auihenhcation
B. Sesam aod Ioter-domain Handoff Authenticatim
LAS:L x a l Authentication Server MU:Mobile User HA:Home Agent
HAS: Home Authentication Server AP: Access Point
Fig. 5. Signaling Diagram at Security Levels 3 and 4.
However. in inter-domain handoff and session authentication, there is no SA between the MU and the LAS. The
MU must be authenticated by the HAS. After verifying
the Mu at the HAS, the authentication approval is sent
back to the LAS. Specially, the registration is required
p= 1
where Tp(i)
is the authentication delay per operation at security level i for authentication type p, and X p is the arrival rate
of authentication requests with type p. There are three types of
authentication requests: ,13 = 1 means that the authentication
request is an intra-domain handoff authentication; ,1!3 = 2
denotes the session authentication; and, /3 = 3 represents interdomain handoff authentication.
3) Average Call Dropping Probubiliiy during Aurkentication: When an extended waiting time for authentication is
1482
induced and greater than a threshold time, the connection
will be broken [221. On the other hand, even though the
authentication delay is small and the MU is a valid user,
an authentication failure may happen regardless of security
level because of damaged credentials caused by transmission
error, packet drop at queues, attack of intruders and software
application failure.
Therefore, we define the call dropping prababiZi@ as the
probability that the service of an MU is dropped during one
authentication operation because of either extended authentication delay, or an authentication failure. When an MU roams
among subnets in a network domain, the avemge call dropping
probability, P ( i ) ,is defined as the ratio of the sum of the call
dropping probability per authentication in a unit time over
the number of authentication requests sent by the MU within
unit time at security level i. Let P ( i )denote the average call
dropping probability at security level i, it can be written as:
P ( i )=
E;=,
b[P,(i)+Pel
E;=,
XP
1
tip = 1,2,3 and i
1
Symbol
I
T,,
I Messare Drooaoation time on one hoD
Y;?
T,,
I Messnee transmission time on one hou
1 Message encryption/decryption tune on one bop
I Authentication request service and
T,,
I Authentication request service and waiting time
T,,
I
I
Ted
I
I
1,2,3,4.
:
(7)
I
T,:
II
Desaiption
I
I at the proxy authentication server
I
I
Tu,
To I
T,,
i
1
I
Authentication request service and
waiting time at th;. HAS
a pair of encryption and decryption time for 9 value
Key. generation
time at the HAS
Transmission time for the session kev
to the other communication identities such as HA
Registration request service and waiting time at HA
Y
I
Here. gt is a vector defined as:
2;
I
and q ? ( i ) = PT,(i)tT@(i)> T t h ) ,
(6)
where Tth is a threshold time, f'~~(~,(Tp(i)
> '&) is
the probability that an authentication delay is greater than
TtjLin authentication type p. P' is the probability that one
authentication faiIs due to unknown effects. Since the factors
that affect P, include many unknown factors and there is no
evidence on the pattern of attacks currently, we will use a
mean value from experiments to represent P, in the numeric
results of our paper 1231.
In summary, in order to evaluate T ( i ) and P(i) in (5)
and (6). we n e d to analyze Ao, Tp(i),
and Pp(i).
Next, we
derive these parameters based an the system model shown
in Fig. 2, assumptions described in Section 111-A, and the
definitions of the performance metrics in Section 111-B.
IV. PERFORMANCE
ANALYSIS
In this section, we analyze the impact of authentication on
security and QoS in terms of authentication delay and call
dropping probability from two key aspects, First is to observe
the relationship between the security levels and the QoS for
each authentication. Second is to obtain the arrival rates of
authentication requests. After hat, the average authentication
delay and call dropping probability defined in ( 5 ) and (6) can
be evaluated.
A. Perfonnancd Analysis per Authenticofion
At different security levels, the authentication has different
effects on the authentication delay and call dropping probability of different types of authentications.
1 ) Delay per Aiithentication: To derive the delay for different types of authentications on different security levels, we
use the signaling diagrams shown in Figs. 3, 4, and 5. We
also define a set of time parameters shown in Table I1 for
convenient description.
Then, T , ( i )can be expressed as:
Tp(i) = dp,i . Z t ,
TABLE I1
TIMEPARAMETERS
AUTHEKTICATION
= [Tpr +Tt,.
Ted,To,
T!q, T,,
TUSI
Tg,Tt,,
(8)
Z,'.g].
where all the time components are defined in Table 11. And,
dp,* are the vectors defined as follows:
= [2, 0 , 1, 0 , 0, 0. 0 , 0, 01,
[6, 2, 3, 0. 1, 0, 0 , 0 , 01,
d1,3= d1,e = [8, 4, 4, 0, 2, 1, 0, 0 , 01,
&,I = [a, 0, 1 , 0, 0, 0, 0, 0, 01.
d2,2
['2(Nh I), 2(Nh - 11, 3, 2(Nh - 2 ) ,
:2,3
[ ' l ( N h 3- 2 ) , 2 N h , 4, 2(Nh - 2 ) j
1, 1,
a2,4
[z(Nhf 2), 2Nh7 4, 2(Nh - 21, 1, 2.
& , I = [2(Nh+ l), 0 , 2. 2(Nh - l), 0 , 0 , 0.
&,2 = [ ~ ( N A
2). 2 h ' h , 3, 2(Nh 2), 2, 0,
d3,3
[z(Nh 3), 2 ( X h f I ) , 4, 2(Nh - 21,
a3,4 = [ 2 ( N h
3)) 2(Nh f I ) , 4, 2(Nh - 2 ) ,
d1,2=
+
+
+
-
+
1, 0, 0, 0, 01,
0, 0 , 01,
1, 1, 01,
0 . 11,
0, 0, 11,
2, 1, 0, 0%I],
2 , 2, 1, 1 1 11.
The coefficients in front of the time variables in & denote
!he number of time variables for each authenlicatzon. For
example, in the case of ,3 = 3 and i = 4 as shown in Fig 5,
the message for an MU to request challenge value from an
LAS must traverse through an AP on two hops first. Then,
the response value needs to be transmitted to the HAS via
N h hops since there is no shared SA between the MU and
the LAS in the case of inter-domain handoff authentication.
At this moment, a registration process is needed. Thus, a
distance of one hop between the HAS and the HA needs to
be passed by the message. Therefore, the number of hops that
the round-trip signaling messages traverse in the authentlcation
process is 2 ( N h 3). The coefficient in front of TPT Tt,
is 2(Nh -t 3 ) . On this path for authentication, there is no
encryption and decryption of messages on the hop between the
MU and the AP before authentication. Since the authentication
message traverses this hop four times, the number of hops
that we should consider the encryptionldecryption during the
authentication process is 2(Nh + 3 ) - 4 = 2(Nh + 1). Thus,
the coefficient in front of T e d is 2(Nh 1).
Similarly, since the authentication process in the case of p =
3 and t = 4 needs to pass the AP four times. the coefficient of
T,, i.e., authentication request service and waiting time, is 4,
Because the authen ticauon message crosses the intermediate
1483
+
+
+
(9)
authentication servers 2(Nh - '2) times, the coefficient of Tsq,Recall that the PDFs of Tsq.T', T,,. and TTgare assumed to
i.e., authentication request service and waiting time at a proxy be iid with the same definition as shown in ( 10). and the other
authentication server. is 2jNh -2). The authentication message
also traverses the HAS twice when registration is needed.
'Thus, the coefficient of T,, i.e., authentication request service Furthermore, with these PDFs f p ( i ) , Pp(i)can be o b t b e d in
and waiting time at the HAS, is 2.
different cases.
Since the authentication in this case also needs one lime
To summarize, we have obtained authentication delay and
registration at the HA, the coefficient for Trg,i.e., registration
call
dropping probability for one authentication operation.
request service and waiting time at an HAS? is 1. Because
However,
in order to obtain the average authentication delay
a key is generated at the HAS for the communication o f the
and
call
dropping
probability defined in ( 5 ) and (6). we need
MU, the coefficient of Tg, i.e.? key generation time at the
to
evaluate
the
arrival
rates of different types of authentication
HAS, is 1. The HAS also needs to transmit a corresponding
requests,
i.e.,
Xp,
(
p
=
1,3,3).
key to the MU'S communication partners, thus the coefficient
of T,,, i.e., transmission time for the session key to the other
communication identities such as HA, is I . In addition, two B. Arrival Rates of Aiitlienticution Requests
pairs of encryption and decryption time are needed between
Since the authentication requests are categorized into three
the MU and its HAS. One pair is for encrypting and decrypting types: intra-domain handoff authentication. session authenticathe challenge/response values; the other is for encrypting and tion, and inter-domain handoff authentication, we analyze the
decrypting the session key. Thus, the coefficient of Tu,, i.e., arrival rates of different types of authentication, i.e., Ap! (P=
a pair of encryption and decryption time for a value, is 2.
1;2 , 3 ) , based on the mobility and traffic patterns of the Mus.
For the other cases of authentication processes, they follow
1) Arrival Rate of Intra-Domain Handof Aurkentication,
the same analysis and can be obtained From Figs. 3,4, and 5 . XI: The intra-domain handoff authentication happens when
2) Call Dropping Prubabilip: In Section 111-B.3, we con- an MU crosses the boundaries of subnets in a network domain
sider a call is dropped during authentication if the waiting with an on-going service. In order to calculate the arrival rate
time for authentication is greater than a threshold value of intra-domain handoff authentication requests, we define four
Tth, or an authentication failure happens. In (6), we use a events, in which calls will happen:
mean value from an experiment for P,, due to the unknown
YI is the event that an MU starts a connection before
distribution model. Therefore, in order to evaluate P'(i), ( p =
entering the network domain, enlers the network domain
1; 2 , 3 and i = 1,2,3,4). the PDF of the authentication delay
with the on-going connection and this connection ends
shown in (7) needs to be evaluated.
before the MU moves out of the network domain.
In (7), we only consider the time variables, Tsp,T,, Tu,
Yz is the event that an MU starts a connection within
and TTgas the random variables because the variance of the
current network domain and this connection ends before
other time variables are small. Thus, to find Pp(i) becomes
the MU moves out of the network domain.
to find the PDFs of the different combinations of Tsg,
T,,
Y3 is the event that an MU starts a connection within
T,, and Trgin To(;).For simplification, we consider that: (1)
current network domain and this connection ends after
M / A 4 / 1 queues are applied at APs, authentication servers, and
the MU moves out of the network domain.
HAS; (2) The PDFs of Tsq,T,, T,, and Trs are independent
y4 is the event that an MU starts a connection before
identical distribution (iid). Then, the PDF of TsqrT,, T,, and
entering the network domain, enters the network domain
Trg, i.e., w ( t ) ,can be shown as [24]:
with the on-going connection, and the connection ends
w ( t )= (ps - A S ) , - ( ~ s - y
(10)
after moving out of the network domain.
where ps and A, are the service and arrival rates of authenmen, the arrival rate of intra-domain handoff authenlication
tication requests, respectively. Furthermore, the PDFs of the requests, AI, can be written as:
4
different combinations of T,,, T,, T,,, and T,, in T p ( i ) , i.e.,
f p ! i ( t ) , can be expressed in (1 11, shown on next page, as the
L p r j ( r x a j l - 1))
(13)
j= 1
components of a matrix f ( t ) .
In (1 l), the row represents the index of authentication type where A, is the call arrivd rate defined in (4),Prj is the
A
p, and the column is the index of security level i. r(5) =
is the average number
probability that event y3 happens,
s x - I e -a ds, and = ps--Xs. Thus, f p , $ ( t ) can be obtained
of subnets passed by an MU in current network domain in
from the combination of Tsq,T,, Tu,
and T,, in Tp(i).
For event q, (j = 1 , 2 , 3 ,4). [Xajl - 1 represents the average
example, in the case of p = 3 and i = 4, according to (7), (X), number of intra-domain handoff authentication in event Yj.
and (9), T3(4) can be written as:
Since the intra-domain handoff authentication only happens
when
an MU crosses the boundaries of subnets inside a
T3(4)= 2(Nh 3)(Tp, Z,)
2(Nh I)&
4Ta
network
domain with an on-going service, the average number
2(Nh - 2)T&f 2Tvf 2Tus Tg T t a -k T T g . (121
of intra-domain handoff authentication is equal to the average
number of subnets passed by an MU minus one.
raJ
so"
+
+
+
+
+ +
+
+
1484
The time diagrams of the events, 15, (j= 1 , 2 , 3 , 4 ) , are
shown in Fig. 6, where 1; is the call beginning time, ta is
the call ending time, t: is the time when an MU enters the
network domain we are investigating, t:l is the time when
an MU leaves the network domain we are investigating, and
tkr is the beginning time of the residual time of the residence
time in a network domain. Therefore, the probabilities of these
events, P,j, (j= 1:2; 3; 4), can be derived as follows.
defined in (2),
have the Laplace transform of the PDF of TA,~
Pr(T,,. 5 T,If)can be determined by:
1
W
pv(TDr
where XI
5 TA$)
(17)
fS,( t ) d t :
5 TA!- Tor, and f ~( t ,) can
be computed from:
+
B. Event Y 2
A. Event Y I
I
Here, l / v is the average call holding time, q / ( q s) is the
Laplace transform of the PDF of T D ~and
, F A J ( S is
) the
Laplace transform of the PDF of TA4 defined in (2).
Thus, PT1can be calculated by substituting (15), (I6), (17)
into (14). Next, we need to derive Pr2 from Fig. 6.B as:
Thfr
Pr2 = P,(TD
=
(19)
where X2 T M-~T D ,fx,(t)and f ~ , . ( t )are the PDFs of
Xz and T M ~respectively,
,
which can be obtained by:
D : Leave a Network Domain
b : Enter a Network Domain
: Start a Call
TD: Call Duration Time
0 : End a Call
Tb :Residual Time of Call Duration Time
Tu : Residence Time in a Network Domain
TM,: Residual Time of the Residence T i m in a Network Domain
fX-2
(t)
2 - 1
{
F M r (SIT}
7
f ~ r ( t ) 2-' {FMriS)},
Fig. 6. Time Diagrams of Events
tz
Jrf s , ( t ) d t . JrX,te-X-tfiMr(t)dt,
e
D.Event Y4
C. Event Y 3
< TMTj . KjtL, 5 t : < tkT+ T M r )
According to the time diagram in Fig. 6.A, and denote At =
- t:, we have:
(20)
where l / q is the average cat1 holding time, and F M , ( s ) is the
Laplace transform of the PDF of TA!,.,
the residual time of the
residence time in a networkdomain. FM,(s) is determined by:
is defined in (3), and F M ( s )is defined in (2).
Moreover, we can obtain Pr3 from Fig. 6.C:
(14) where
where I(t: + At, t:) is the number of calls that arrive in
the time interval [I$ t! At). Since we assume that the call
arrival rate is a Poisson process, P,-[I(tz At, t:) = I ] can
be determined by:
+
+
P,[l(t: + At, t:) = 11= A,AtepxuAt,
(15)
where A, is the average arrival rate of the calls. In (141, TDis
the call duration time with PDF defined in (4), and T ~ .isI the
residence time of an MU in the network domain with Laplace
transform of PDF in (2). Thus, we have:
P,(TD > At) =
Pr3
s9:
&,(t)dt = e -7At ,
=
Furthermore, TD, is the residual time of the call duration
time with the same PDF as TO defined in (4) due to the
memoryless property of exponential distribution. Since we
2 t: < t:, 4-hT)
Jrfx.,(t)dt JrX,te-x-tjMr(t)dt,
(22)
f
) PDF of T M defined
~
where X3 2 TD - TMr,f ~ ~ (is tthe
in (20): fj;,(t) is the PDF of X3, which can be obtained by:
where f;;r.rr(s) is defined in'(21), q is defined in (4).
Finally. Pr4 can be determined from Fig. 6.D as follows:
(16)
where f ~ (,t )is defined in (4), 1/0 is the average call holding
time and At = t: - t,".
= P,(TD > T h T ). P,(tk,
Pr4
So"
Pr[l(t:+ At;t,")= 11 Pr(TD > At)d(At)
'
(24)
.pT(Tor > T I M ) ,
where P, [I(tz+ At: tz) = 11 is shown in ( 1 9 , P,(TD > At)
defined in (16). and ~,(TD,
> TM)= 1 -Pr(TDr I
TIM),
where P,(TD, 5 TA<)
is defined in (17).
IS
1485
I t. I
k TD 4
i-TTIkA
TD
b u - - - -
-1
tI
I:
The Laplace transform of the PDF o f t , , Ft,-(s). is:
tNal
tl
t?
(Ns2-1
.
tl
-
t2
-
1U
tb3-l
4
TD
D
tt
tNa3
C. Time Diagram for Na 3
t?
tNa4-I
tNp4
D. l i m e Diagram for Naa
FAf r ( S )
TD: One Call Duration Time t i : Residence Time in a Subnet i
TM,: Residual Time of the Residence Time in a Network Domain
D : Leave a Network Domain
b : Enter a Network Domain
Fig. 7.
1 - Fr(s)
(28)
1
S
where 1/pT is the average residence time of an MU in a
subnet. F,(s) is defined in (1). In (27), ti is the residence
time of an MU in subnet i , which is assumed to be Gamma
distribution with Laplace transform of PDF defined in (1): and
Na3 is the random number of the subnets passed by an MU
in the current network domain for the event 15.
Based on the relationship in (27): we can obtain:
I-TMA
k+---~~ I-
pr
tNaZ
3.Time Diagram for Naz
A. Time Diagram for Nai
I
%(s)
U----
tad-1
e
Ft, (S)GIVo~
- 1( z1(2=Fp(s)
1
(29)
where pAIT
( s ) is defined in (211, 17tT( s) is defined in (281,
G,R,-~~--~(,Z)
is the generating function of the PDF of ArR3- 1.
Then, N a 3 can be obtained by:
Time Diagram for Number of Subnets Passed by for On? Call.
-
+1
~GX,~-I(~)
l~=i
ATR3=
Therefore, we have calculated P T j ,( j = 1,2?3,4). In order
to evaluate AI.we will evaluateFUj, ( j = I, 2: 3,4). The time
diagrams to evaluate Ea3are shown in Fig. 7.
In order to evaluate Taland F a 2 , we consider a theorem
in [25].Given call holding time and subnet residence time with
Gamma distribution, the average number of subnets passed by
an MU within a call, E, is determined by:
where 1/a is the average residence time of an MU in a subnet,
pf is the probability that a handoff call is blocked, f*(s) is
the Laplace transform of the PDF of the residence time of an
MU in a subnet, f:(s) is the Laplace transform of the PDF
of the call holding time, 6, is the singular points of fz(-s),
and Res,,, denotes the residue at a singular point s = p .
In the events Y1 and Yz,
the call duration time in a network
domain are TD, and TO,respectively, which are exponential
distribution, one special case of Gamma distributions. Therefore, Taland Tazcan be calculated with (25). By assuming
that p f = 0, we can carry out pal and Waz as:
where 1/77 is the average call duration time of h e MU and pr
is the average residence time of the MU in a subnet.
On the other hand, note that T M and
~ TA{are not Gamma
distributions, we cannot obtain ma3 and radwith (25). Thus,
we derive mu3 and na4next.
From Fig. 7.C, the relationship between different time
components can be written as follows:
i=2
where T'f, and t , are the residual time of the residence time
of an MU in a network domain and in a subnet, respectively.
-
2M2-M-1
12TMClT
(M;l)(T+l)
I 1,
(30)
Y
where T K is
, ~defined in ( 3 ) , M is the number of subnets in
current network domain, l / p r is the average residence time
that an MU stays in a subnet, and y is defined in (I).
According to Fig.7.D, x,4 is equal to the average number
of subnets that an MU passes in a foreign network domain.
Recall that the number of subnets that the MU passes by in a
is assumed to be uniformly distributed
network domain, hrsn,
between 1 and Ad, i.e.,
1
P(N,, = m )= -,
M
m. = 1: 2 , . . . , M .
(31)
Thus, we have:
maj
Now we have obtained all
at event 15, j = 1,2, 3; 4.
Since we have calculated P,j, j = 1,3,3,4, in (14), (19), (22),
and (241, respectively, we can evaluate XI by substituting the
values of Prj and N a j , j = 1,3,3,4,into (13). Next, in order
to obtain T ( i )and P ( i ) defined in (5) and (6), we need to
evaluate A? and X3.
2) Arrival Rate of Session Authentication, X2: After an MU
has moved into a network domain, a session authentication is
initiated whenever a call arrives. Therefore, the arrival rate of
session authentication requests for one MU, i.e., X2, is equal
to the call arrival rate of an MU,
A2
= A.,
(33)
3) Arrival Rare of Inter-Domain Handoff Authentication.
Ay: The inter-domain handoff aurhentication requests happen
when an MU enters the network domain with an on-going
service. Therefore, the arrival rate of inter-domain handoff
authentication requests, AY, can be obtained by:
1486
A3
=
X,(P,l
4-P r 4 1 ,
134)
where A, is the calt arrival rate assumed in (4), P,I and
Pr4 are the probabilities that events 1; and Y* occur, which
are defined in Section IV-B.l and evaluated in (14) and (24),
respectively.
B. Efects of Mobiliy Partern at DifSerent Security Levels
The effects of mobility pattern on the authentication delay
and call dropping probability are shown in Figs. 8 and 9.
In these figures, we illustrate the relationships between the
Thus, we have obtained the arrival rates of authentication residence time of an Mu in a subnet, authentication delay,
requests for intra-domain handoff authentication, session au- and call dropping probability, respectively.
thentication, and inter-domain handoff authentication. Since all
Fig. 8 reveals the effect of residence time on the authenthe paramcters in ( 5 ) and ( 6 ) have been evaluated, the impact tication delay. As we can see. authentication delay decreases
of authentication on security and the system performance can with the increase of the residence time of an MU in a subnet.
be observed clearly through T ( i )and P ( i ) .
This trend is due to the decrease of the intra-domain handoff
authentication requests. The higher security levels cause more
V. NUMERICALRESULTS
authentication delay because of more operations needed for
In this section, we evaluate the effects of mobility and secure services. The improvement of authentication delay by
traffic patterns on authentication delay, T ( i ) ,and call dropping changing security levels from 4 to 3 is around 0.1 seconds,
which is about 18% of the delay at security level 4 when the
probability, P(i),at different security levels.
residence time of an MU in a subnet is 27 minutes.
A. Assrimprions and Parameters
The effect of call dropping probability in authentication is
shown
in Fig. 9. The call dropping probability increases with
The numerical results are calculated based on the assumptions introduced in Sections 111 and IV-A.2. In Section 111, we the increase of the residence time of an MU in a subnet. When
consider an MU roaming in a foreign network shown in Fig. 2. the residence time of an MU in a subnet increases, the arThe residence time of the MU in a subnet of the network rival rate of intra-domain handoff authentication requests wilI
domain is assumed to be Gamma distribution with the mean decrease. Then, the session authentication requests become
value l/py. The call arrival rate of the MU is assumed to be the major part of authentication requests. Note that the call
Poisson process with mean value l / A u , and the caII duration dropping probability for session authentication is much higher
time of the MU is assumed to be exponential distribution with than that in intra-domain handoff authentication due to the
longer authentication delay caused by remote authentication.
mean value 1/77.
In Section IV-A.2, we further assume that M / M / 1 queues The call dropping probability will approximate that in session
are used at APs, authentication servers, and HAS with service authentication if the residence time of an MU approaches
rate pLsand arrival rate of authentication requests A$, Let infinity. In other words, the upper bound of the call dropping
[ = ps - A., According to (lo), the service and waitlng time probability can be achieved when the authentication requests
at an AP, authentication server, and HA, i.e.. T,, T,,, and Tu, are all session authentication requests. Similar with the delay,
become random variables of identical exponential distribution call dropping probability is greatly affected by the security
with mean value of l/[. The parameters to evaluate the levels. When the security level is leveraged from 3 to 4, call
dropping probability increases around 0.0045, which is about
authentication delay are shown in Table 111.
50% of the call dropping probability at security level 3 when
TABLE 111
the residence time of an MU in a subnet is 27 minutes.
PARAMETERS FOR EVALUATIONON
Q O S METRICS
Parameters for Authentication Delay
Tth
I
Tpr
3s I 40 us
I
Tt, 1 T e d I Tg I M I “I
I 20ms I Zms I 2ms I 120 I 10
Parameters for Random Variables
ir Authenticatim Time at Security Level 1
-t
o
AuthenbcatimTime at Secumiy Level 2
Authentdcation Time at Securily Level 3
0 &55, +- AuthenhcattmTrmeatSecurilyLevel4
i
In this table, the values of the time variables are critical
because they are related with the call dropping probability.
When the maximum authentication message size is 4096
bytes [3], [26], the transmission delay is about 20 milliseconds
with the assumption of 2 Mbps link capacity [27]. The values
of Ted and Tg are obtained from existing research [27], [ZSI.
By assuming one network domain is about 100km2 with
radius 6 k m , the value of the propagation time, T,,, can be
determined by the distance between two LASS as shown in
Table 111.
1487
0.45 . ..
.....:.
1 :
04l
6
g
;
A
..... .... ........., .r .. . ... .
... . .... .*
...... .
.f
........, . c. .. . .. -’
I
12
15
18
21
24
27
30
Residenw Time in a Subnet (minules)
Fig. 8. Authentication Time vs. Residence Time in a Subnet.
Call Dropping Probablity vs Residence Time
x
to A,. Thus, A, disappears in (6), which is P(i)’s definition
equation. Then, once the PDFs of the call duration time and
the mobility patterns of the MU are known, the call dropping
probability of the MU is a constant at varied call arrival rates
as shown in Fig. 11. The call dropping probability at higher
security levels is more than that at lower security levels. For
example, the call dropping probability at security level 4 is
about 56% more than that at security level 3.
Securliy Level 1
Catt Dropping Probability at Security Level 2
Call Dropping Probability ai Security Level 3
4Call Dropping Probabiiity at
16
-+
o
.. .
. ...
:
.
..
‘6
0
,-.- -.+-.- --?--
-.d
Ad.-’
,
12
15
21
18
24
27
30
Resldence Time in a Subnel Iminutesj
Fig. 9.
Call Dropprng Probability vs. Residence Time in a Subnet.
C. Eflect of Traflc Load at Dinerent Secwiry Levels
The effects of traffic pattern on the authentication delay
and call dropping probability at different security levels are
demonstrated in Figs. 10 and 11.
Fig. 10 shows that the authentication delay increases with
the call arrival rate of an MU. As shown in (3,the authentication delay is proportional to the call arrival rate A,
since Xp, ( p = 1 , 2 , 3 ) are proportional to .A, Moreover, a
higher security level causes longer delay than a lower one.
For example, if the security level is changed from 1 to 2, the
authentication will need about 29% more delay than that at
security level 1 .
Auttmnticatm Time vs. Call ArrNal Rate
w21
,
,
‘$05
006
007
,
,
1
3
4
Securrty Levels, i
Fig. 11.
Call Dropping Probability vs. Security Levels.
VI. CONCLUSION
In this paper, we investigated the impact of authentication
on security and quality of service (QOS) in combination of
mobility and traffic patterns, which are critical to deliver secure
and efficient services in wireless IP networks. We analyzed
the system performance with respect to authentication delay
and call dropping probability at different security levels based
on a system model and challengelresponse authentication
mechanism. To our best knowledge, our study is the first work
on providing a quantitative analysis of the security and quality
of service, which is of extreme importance to the adaptation
of new security solutions EO various mobile environments.
Therefore, this work provides an in-depth understanding of
the authentication impact and reveals a framework for future
design of efficient authentication schemes.
,
008 0 0 9 010 0 1 1 012
Call Anrval Rats (L”,tlmedminme)
2
REFERENCES
013
[I] A. Arumugam, A. Dwfexi. A. Nix, and P. Fletcher, “An Investigation
014
Fig. 10. Authentication Time vs. Call Arrival Rate.
As for the call dropping probability at different call arrival
rates, the call arrival rate of an MU does not affect the call
dropping probability. As we can see in (6), P(i) for security
level i is average call dropping probability computed in the
cases of intra-domain handoff authentication, session authentication, and inter-domain handoff authentication. As shown
in (131, (33, and (34, X p , ( P = 1 , 2 , 3 ) are all proportional
121
[3]
[4]
151
1488
of the Coexistence of 802.11g WLAN and High Data Rate Bluetooth
Enabled Consumer Electronic Devices in I n d m Home and Office Environments,” IEEE Transuctiam an Conrumer Electronics, vol. 49, pp. 587596,August 2003.
L. Salgarelli. M. Buddhikot. J . Garay, S. Patel. and S . Miller, “The
Evolution of Wireless LANs and PANS *Efficient Authentication and Key
Distdbution in Wireless IP Networks,” IEEE Persoml Communications
on Wireless Comrmtnicarions, vol. 10, pp. 32-61, December 2003.
P. Calhcun, 1. Loughney, E. Guttman. G. a m ,and J. Arkko, “Diameter
3ase Protocol,” drqF-ie$aan-diameteer-17.rrt, December 3002.
S. Jacobs, “Mobile IF Public Key Based Authentication:’ dr@-jmobsmo~ileip-pki-~~ucrh-o?.rxr,
Milrch 1999.
C. Perkins and P. Calhoun, ”Mobile lPv4 ChallengeRespnse Extensions,” RFC3012. November 2ooO.
161 IEEE 802.I 1 Workkg Group. http://grouper:ieee.arg/groups/ga2/1 I /
i d e x hrmi.
[7] V. Gupta, S . Gupta, and S. Chang. “Performanm Analysis of Elliptic
Curve Cryptography for SSL.” in WSe’02-ACM Workshop on Wireless
Securzty. September 2002.
[RI W. Kim and H.Afifi. “Improving Mobile Authenticadon with New AAA
Protocols.” in IEEE lnremational Confermce on Cumunicariarzs. vol. 1,
pp. 497-501, 2003.
[9] W. Simpson, “PPP Challenge Handshake Authentication Protocol
(CHAP),” RFC1334. August 1996.
[lo] S. Shieh, E Ho. and Y . Huang, “An Efficient Authentication Protocol
for Mobile NetwMks,” Joumal of Informarion Science and Engineering.
vol. 15. pp. 505-520. 1999.
[ I l l W. Liane and W. Wang. “A Cost-Aware Control Scheme for Efficient Authentication in Wireless Networks.” in I j t h IEEE Inremrional
Sqmposiuni on Persond. Indoor and Mobile Radio Communications,
PIMRC’OJ., December 2004.
[12] B. Aboba and D. Simon, “PPP EAP TLS Authentication Protocol.”
RFC2716, October 1999.
1131 L. Dell’Uomo and E. Scarrone, “The Mobility Management and Authentication/Authorization Mechanisms in Mobile Networks beyond 3‘3.’’
in Personal, Indoor and Mobile Radio Communications. 2001 l?fh IEEE
InJernalionnl symposium on. vol. 1. p p ~~ 4 4 4 4 8 .September 7001.
[14] S. Glass. T. Hiller, S. Jacobs, and C. Perkins. “Mobile IP Authenticahon.
Authorization and Accounting Requirements.” RFC2977. October 2000.
[! SJ hltp://sbandar~.ieee,org/getieee8Ol/do~~tn/oad/80,7.
JX-2001.pdf.
[ 161 W. Stallings, “Network Security Essentials.” Applications rmd Smndurds,
’
2000.
[17] W. Wang and I. Akyildiz. “Intersystem Location Update and Paging
Schemes for Multitier Wireless Networks,” in Proc. of ACWIEEE MobiCom’ZODO. pp. 99-109. August 2000.
[18] S . Das. E. Lee. K. Basu. and S . Sen. “Performance optimization of
VoIP calls over wireless links using H.323 protcco~,”IEEE Trmtsacfiom
on Cumpurers, vol. 52. pp. 742-752. June 1003.
[I91 Y. Xiao and 3. Rosdahl. “Performance Analysis and Enhancement for
the Current and Future EEE 802.11 MAC Protocols,” ACM SIGMOBILE
Mobile Compuring and Communications Revim (MCCR). special issue
on Wireless Homc Networks. vol. 7. pp. 6-19. April 2003.
[201 E. Berho+ S. Jajodia. L. Mancini, and I. Ray, ”Advanced Transaction
Processing in Multilevel Secure File Stores,” IEEE Trmsacfiunr on
Knowledge a d Data Engineering. vol. 10, pp. 120-135. Feburary 1998.
[21] S . Sutikno and A. Suva, “An Architecture of F(22N) Multiplier for
Elliptic Curves Cryptosystem,” in Proceedmgs. ISC4S zoo0 Geneva on
Circru‘rs and Systems. vol. 1 , pp. 279-282. May 2000.
[22] W. Wang and 1. Akyildiz. “A New Signahng Protocol for Intersystem
Roaming in Next-Generation Wireless Systems,” IEEE J o u m l on Selecfed A r e a zn Communicnlions. vol. 19, pp. 2040-2052, October 2001.
[23] h t t p : / / ~ . p a g a n i n i . n e ~ ~ ~ p e r l n o d e - l . h f m l .
1241 D~Gross and C. Harris in F ~ a m e ~ofl Queldeing
s
n2eav, 1974.
[25] Y. Fang, I. Chlamtac, and Y.Lin;, “Channrt Occupancy Times and Handoff Rate for Mobile Computing and PCS Networks.” IEEE Trmrsuctions
on CompuKer, vol. 17, pp. 679-692, June 1998.
[26] P. Calhoun, T. Johansson, and C. E. Perkins, “draft-ietf-aaa-diametermobileipl3,txt,” IETF AAA Working Group, October 2002.
(271 A. Hess and G. Schafer, “Performance Evaluation of
AAA I Mobile IP Authentication,” in http://w-tknee.tub e r l i n . d e ~ u b l i c a t i ~ ~ ~ ~ e2002.
rs~~~Z~2~~~
[28] K. Michael, C. Robert, and D. Gary, “Harris 2G Encrgtion Engine
Psrformance Measurements,” in Harris Corporatiom R F Communicalions
Division Technical Reparr, RFCD MDO4. October 2004.
1489
