Embed Size (px)
Citation preview
21-07-0401-02-0000 1
IEEE 802.21 MEDIA INDEPENDENT HANDOVER
DCN: 21-07-0402-02-0000
Title: Performance analysis of authentication signaling schemes for media independent handovers.
Date Submitted: November 1, 2007
Presented at IEEE 802.21 session #23 in Atlanta
Authors or Source(s): Antonio Izquierdo, Lily Chen, Katrin Hoeper, Nada Golmie
Abstract: In this contribution different authentication signaling schemes including full authentication, re-authentication, and indirect pre-authentication are evaluated for media independent handovers. Simulation results are obtained with IEEE 802.16 and IEEE 802.11 handovers.
21-07-0401-02-0000 2
IEEE 802.21 presentation release statementsThis document has been prepared to assist the IEEE 802.21 Working Group. It is
offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.21.
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/guide.html>
IEEE 802.21 presentation release statements
• This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
• This is a contribution by the National Institute of Standards and Technology and is not subject to copyright in the US. The contributors do not have the authority to override the NIST policy in favor of the IEEE 802.21 policy.
• The contributor is familiar with IEEE patent policy, as stated in Section 6 of the IEEE-SA Standards Board bylaws <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and in Understanding Patent Issues During IEEE Standards Development http://standards.ieee.org/board/pat/faq.pdf>
21-07-0401-02-0000 3
Outline• Goals and motivation
• Review of authentication signaling schemes
• Simulation environment
• Performance metrics
• Simulation parameters
• Performance results• Security signaling latency• Cryptographic processing time• Impact of network topology on indirect pre-authentication• Transmission delay• Handover latency
• Summary
21-07-0401-02-0000 4
Goals and motivation• The main goals of this contribution are to analyze the
performance of different authentication signaling mechanisms in the context of heterogeneous handovers
• Simulation models are developed to evaluate the performance of the following three authentication signaling schemes:
• Full authentication• Indirect pre-authentication• Re-authentication
• Heterogeneous handovers are considered in the context of IEEE 802.16 and IEEE 802.11 networks.
21-07-0401-02-0000 5
Full authentication
21-07-0401-02-0000 6
Indirect pre-authentication
21-07-0401-02-0000 7
Re-authentication
21-07-0401-02-0000 8
• Used NS-2 with IEEE 802.16 and 802.21 module extensions (available from http://www.antd.nist.gov/seamlessandsecure.shtml#software_tools)
• Developed extensions to model authentication in IEEE 802.11 and IEEE 802.16 networks using EAP:
• Implemented EAP framework as defined in RFC 3748 including TTLS-MD5 and GPSK methods
• Developed an IEEE 802.16 authentication module to support full authentication, re-authentication and Handover Process Optimization as defined in IEEE 802.16e
• Developed an 802.11 authentication module to support full authentication in RSN and re-authentication in the mobility domain
• Developed support for pre-authentication using the IEEE 802.21 extensions
• Developed a limited RADIUS implementation for Key and EAP message transfers
Simulation environment
21-07-0401-02-0000 9
802.11 Authentication
21-07-0401-02-0000 10
802.11 Authentication
21-07-0401-02-0000 11
802.16 Authentication
21-07-0401-02-0000 12
• EAP latency denotes the time elapsed between the sending of the EAP Start message until the receipt of either the EAP SUCCESS / EAP FAILURE message. It is included in the Full authentication signaling latency, but not in the pre-authentication signaling latency.
Performance metrics (1)
21-07-0401-02-0000 13
• Security signaling latency is defined as the time elapsed between the sending of the first authentication message until the reception of the ACK for the last message:
Performance metrics (2)
802.11
802.16
21-07-0401-02-0000 14
• Transmission delay is the time it takes a packet to reach its destination.
Performance metrics (3)
21-07-0401-02-0000 15
• Handover delay represents the time elapsed between when a decision to handover is executed until the traffic is redirected to the new interface.
• The decision to perform a handover is made when a new link is detected and if the new link is better than the current link or if the current link is disconnected.
• The cryptographic processing delay is the time spent by the mobile node to perform different cryptographic operations during the authentication.
• Note that the results obtained represent mean values averaged over 100 simulations.
Performance metrics (4)
21-07-0401-02-0000 16
Simulation parameters (1)• The traffic flows from a corresponding node in the backbone
network to the mobile node
• 802.11 networks configuration• Data rate: 11 Mb/s• Coverage area radius: 50 m
• 802.16 • Coverage area radius: 500 m
• The mobile node does not use MIH triggers
• The 802.11 interface is preferred over the 802.16 interface.
21-07-0401-02-0000 17
Simulation parameters (2)• Key lifetimes are longer than the simulation time, so the mobile
node does not need to refresh them or re-authenticate with the current PoA
• The authentication lifetime is larger than the simulation time
• The size of the DH authentication keys is 1024 bits
• The size of the symmetric authentication keys is 128 bits
• The size of the IDs is 64 bytes
21-07-0401-02-0000 18
Network topology 1
21-07-0401-02-0000 19
• In this case full authentication was performed
• Note that the cryptographic processing (computed as an example on a Palm tungsten) is 17.48 ms which is equivalent to 9.08 % of the EAP time in 802.11 or 7.72 % of the EAP time in 802.16
802.11 802.16
Open Authentication 1.98 ms 0.99 % EAP Authentication 226.37 ms 96.16 %
Association 1.62 ms 0.81 % TEK Request 9.05 ms 5.84 %
EAP Authentication 192.47 ms 96.28 %
4-Way Handshake 3.84 ms 1.92 %
Simulation results: Security Signaling Latency using EAP GPSK
Authentication time %
Authentication time %
21-07-0401-02-0000 20
• In this case full authentication was performed
• Note that the cryptographic processing (computed as an example on a Palm tungsten) is 30884.22 ms which represents 98.49 % of the EAP time in 802.11 or 98.25 % of the EAP process in 802.16
• Note that DH Agreement takes 30813 ms measured on the same platform.
802.11 802.16
Open Authentication 1.98 ms < 0.01 % EAP Authentication 31436.18 ms 99.97 %
Association 1.62 ms < 0.01 % TEK Request 9.05 ms 0.03 %
EAP Authentication 31350.49 ms 99.98 %
4-Way Handshake 3.84 ms 0.01 %
Simulation results: Security Signaling Latency using EAP TTLS-MD5
Authentication time %
Authentication time %
21-07-0401-02-0000 21
Comparing different authentication schemes’ latency EAP GPSK
802.16FullAuth
Re-AuthImprov. over
Full Auth.Indirect Pre-Auth
Improv. over Full Auth.
Sign.Laten.
235.42[0.013]
70.42[0.001]
70.09%10.42[0.171]
95.57%
EAPlaten.
226.37[0.001]
61.37[0.001]
72.89%422.42[0.136]
-86.61%
802.11 Full Auth Re-AuthImprov. over
Full Auth.Indirect Pre-Auth
Improv. over Full Auth.
Sign.laten.
194.33[0.672]
46.59[0.510]
76.03%3.01
[0.371]98.45%
EAPlaten.
192.47[0.608]
45.07[0.417]
76.59%422.42[0.136]
-117.37%
These are mean values in milliseconds, with the standard deviation in brackets
21-07-0401-02-0000 22
802.16Full Auth
Re-AuthImprov. over
Full Auth.Indirect Pre-Auth
Improv. over Full Auth.
Sign.laten.
31445.42[0.001]
70.42[0.014]
99.78 %10.42[0.171]
99.96 %
EAPlaten.
31436.18[0.001]
61.37[0.001]
99.80 %31892.35
[0.366]- 1.16 %
802.11 Full Auth Re-AuthImprov. over
Full Auth.Indirect Pre-Auth
Improv. over Full Auth.
Sign.laten.
31352.37[0.751]
46.59[0.450]
99.85 %3.01
[0.371]99.99 %
EAPlaten.
31350.49[0.705]
45.07[0.395]
99.85 %31802.67
[0.366]- 1.15 %
Comparing different authentication schemes’ latency EAP TTLS-MD5
These are mean values in milliseconds, with the standard deviation in brackets
21-07-0401-02-0000 23
Transmission delay(Network topology 1)
21-07-0401-02-0000 24
Transmission delay (Network topology 1)
21-07-0401-02-0000 25
Observations on the security signaling latency
• Both re-authentication and indirect pre-authentication schemes reduce the security signaling latency by more than 70%
• EAP latency in indirect pre-authentication increases as a result of the longer path used by the EAP messages
• This would force the mobile device to make the handover decision sooner than when performing a normal network entry
• With re-authentication the EAP latency is reduced
21-07-0401-02-0000 26
802.16 Full Auth Re-Auth
EAP latency 226.37 61.37
Cryptographic delay 17.48 1.02
7.72 % 1.66%
802.11 Full Auth Re-Auth
EAP latency 192.47 45.07
Cryptographic delay 17.48 1.02
9.08% 2.26%
Impact of cryptographic processing delay EAP GPSK
Note that an indirect pre-authentication requires the same cryptographic operations as a full authentication.
21-07-0401-02-0000 27
802.16 Full Auth Re-Auth
EAP latency 31436.18 61.37
Cryptographic delay 30884.22 1.02
98.24 % 1.66 %
802.11 Full Auth Re-Auth
EAP latency 31350.49 45.07
Cryptographic delay 30884.22 1.02
98.51% 2.26 %
Impact of cryptographic processing timeEAP TTLS-MD5
Note that an indirect pre-authentication requires the same cryptographic operations as a full authentication.
21-07-0401-02-0000 28
Observations on the cryptographic processing delay
• Pre-authentication does not reduce the amount of cryptographic processing delay of a full authentication
• The cryptographic processing delay may in fact increase due to secure tunnel negotiations
• Re-authentication reduces the time spent in cryptographic processing since the number of messages exchanged is reduced and cryptographic key material is reused
• Re-authentication may be alternative to a full authentication when the time to do a full authentication is a cause of concern (other concern considerations include battery life and power consumption)
21-07-0401-02-0000 29
Handover delay
802.16Full
AuthenticationRe-Authentication
Indirect Pre-Authentication
GPSK 1160.84 990.84 930.84
TTLS-MD5 32365.84 990.84 32365.84
802.11Full
AuthenticationRe-Authentication
Indirect Pre-Authentication
GPSK 921.93 717.84 677.87
TTLS-MD5 32084.81 717.84 32084.81
These are mean values in milliseconds
21-07-0401-02-0000 30
Observations on the handover delay
• Re-authentication reduces the total handover delay, independently of the EAP used
• Indirect pre-authentication reduces the handover delay as long as it is possible to fully run the authentication method before the network entry takes place
• If the pre-authentication is not completed at the time of the network entry, a new full authentication starts. In this case the situation is the same as in a full authentication
21-07-0401-02-0000 31
Network topology 2
21-07-0401-02-0000 32
802.16 - GPSK Full AuthIndirect Pre-
AuthenticationImprov. over Full
Auth.
Security SignalingLatency
275.42[0.013]
10.42[0.171]
95.57%
EAP Latency266.37[0.001]
621.32[0.156]
-117.36%
802.11 - GPSK Full AuthIndirect Pre-
AuthenticationImprov. over Full
Auth.
Security SignalingLatency
234.33[0.672]
3.01[0.371]
98.45%
EAP Latency232.47[0.608]
621.32[0.156]
-157.25%
Indirect pre-authentication (Network topology 2)
These are mean values in milliseconds, with the standard deviation in brackets
21-07-0401-02-0000 33
802.16 – TTLS-MD5 Full AuthIndirect Pre-
AuthenticationImprov. over Full
Auth.
Security SignalingLatency
31807.42[0.127]
10.42[0.171]
99.97 %
EAP Latency31796.18
[0.126]32161.83
[0.277]- 1.15 %
802.11 – TTLS-MD5 Full AuthIndirect Pre-
AuthenticationImprov. over Full
Auth.
Security SignalingLatency
31716.37[0.241]
3.01[0.371]
99.99 %
EAP Latency31712.49
[0.237]32029.67
[0.305]-2.16 %
Indirect pre-authentication (Network topology 2)
These are mean values in milliseconds, with the standard deviation in brackets
21-07-0401-02-0000 34
Observations on indirect pre-authentication for network topology 2
• EAP latency in indirect pre-authentication depends heavily on the network topology considered
• The impact is greater for fast authentication methods.
• Topology information must be available beforehand in order to perform the pre-authentication on time
21-07-0401-02-0000 35
Summary
• Re-authentication and indirect pre-authentication reduce the time required for authentication during a handover
• Indirect pre-authentication allows for a shorter security signaling latency during the network entry, at the expense of requiring more time in advance for handover preparation
• Re-authentication reduces the cryptographic processing time and its performance does not depend so much on the network topology considered
• Either the indirect pre-authentication or re-authentication technique can be used. Deciding which technique to use depends on the scenario considered
21-07-0401-02-0000 36
Backup
21-07-0401-02-0000 37
Cryptographic processing delay assumptions
Examples for cryptographic processing time used are real values in milliseconds obtained from a Palm Tungsten T3:
* Value under the precision of the device timer
These values are dependent on the platform used and therefore should not be used as absolute values. The intention here is to compare between the different cryptographic methods available on a given platform.
Size of the encrypted data 16 bytes 128 bytes 512 bytes
AES 128 (encrypt) 3.04 7.39 32.61
AES 128 (decrypt) 3.11 7.67 33.18
MD5 0* 2.17 3.04
SHA1 0* 1.3 1.3
Key size 512 bits 768 bits 1024 bits
DH Agreement 4047.83 13224.78 30813.48
21-07-0401-02-0000 38
EAP: Generalized Pre-Shared Key
21-07-0401-02-0000 39
EAP: TTLS-MD5
