The Location of Header The Location of Header Compression (HC) and Compression (HC) and

User Data Ciphering (UDC)User Data Ciphering (UDC)

Lucent TechnologiesNortel NetworksQualcomm Inc.

NoticeNoticeContributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. Contributors are also willing to grant licenses under such or the resulting Organizational Partner’s standards publication. Contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. Organizational Partner’s standard which incorporates this contribution. This document has been prepared by the contributors to This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. Contributors specifically reserve the right to amend or modify the material construed as a binding proposal on the contributors. Contributors specifically reserve the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above.property of the contributors other than provided in the copyright statement above.

OutlineOutline• Background• System Overview• Impacts to HC in case of Radio Link

Congestion• Impacts to UDC in case of Radio Link

Congestion• Security Implementation Cost• Conclusions

BackgroundBackground

• Two major categories of network evolution architecture have been proposed

• A lot of commonalities between these two proposals• The differences between these two proposals include:

– Location of Header Compression (HC) and User Data Ciphering (UDC)

– Paging Management and Location management– Location of EAP Authenticator

• This slide only addresses location of HC and User Data Ciphering issue:– Assumes HC and UDC are collocated for simplicity– Two alternatives:

• HC and UDC located in the central node (AG); or • HC and UDC located in the edge node (BS)

System Overview (1)System Overview (1)• UDC is part of link layer:

– UDC can not be shared across different technologies anyhow: • Different technologies use different ciphering algorithms • Different mechanisms for generating cryptosync• Different mechanisms for OTA session key generating and

exchanging• HC is a function applied over link layer• If HC/UDC is located in the edge node, link layer can be

completely terminated at the edge node– Makes AG fully Access Agnostic and easily upgradeable to

support further radio evolution without impacting the core IP network

– Can fully use all IP networks behind the Edge Node • If HC/UDC is located in the central node, link layer has to

be extended to the central node– Need 3GPP2 Specific interface (A10/A11 similar interface)

between AG and BS      

System Overview (2)System Overview (2)

• There is inter-dependency between HC and link scheduling• HC State Machine can not be shared across different

technologies anyhow:– Different Link has different HC Configuration Parameters, e.g.:

• RoHC over EV-DO requires the link layer (DO) to convey a TimerBasedCompression parameter from AN to AT.

• FEEDBACK_FOR must describe the channel as provided by the link. e.g. in DO, FEEDBACK_FOR is set to the DO Link flow number

– Different Link has different HC instance– Different Link has different QoS requirement

• HC in the BS opens possibilities for further system enhancements based on the IP flow awareness at the BS:– The BS could inspect the higher layer headers and used IP aware

scheduling– The BS can optimize HC based on radio link knowledge

User Data CipheringUser Data Ciphering• If ciphering is performed on IP packets at the AG (rather

than after RLP fragmentation), AT must re-assemble the packet in memory before deciphering:– Ciphering in the AT is performed in hardware,– Packet reassembly must be performed under control of Central Processor– Requires transferring packets out of and into hardware– Significantly increases AT complexity:

• Impact on hardware design • Required bus bandwidth

– See Via contribution (C22-20060911-025) on the details• If cryptosync is not generated from RLP sequence number,

the explicit cryptosync must be included in each ciphered packet:– Add two more octets overhead to each VoIP packet, – Significantly impact on capacity and link budget.

• If RLP sequence numbers are used for generating cryptosync, RLP sequence numbers must be generated at the AG:– If RLP sequence number is in units of RLP payloads (e.g. VoIP), packet

fragmentation must be performed in the AG.– Even for VoIP, packet fragmentation is needed for full header packets – AG has to perform RLP function

Impacts to HC in case of Radio Link Impacts to HC in case of Radio Link CongestionCongestion

• If HC is located in the central node (AG):– Require flow control mechanisms between BS and AG– The BS have to drop the compressed packets– Will impact on HC state (HC state between compressor and

decompressor will be out of sync more often)– Will drop more packets due to waiting for feedback from the

decompressor (1 round trip delay)– HC state resync procedures take longer– At HC resync, the already buffered data at BS is still sent over

the air and it is totally wasted • Require mechanisms to delete buffered packets at the BS buffer

by AG – Need in sequence delivering between the AG and BS

• ROHC out of order delivery capability is limited. – Need HC negotiation mechanisms between the AG and BS (since

PPP is removed)• If HC is located in the edge node:

– IP Packets can be dropped at the AG or at BS without impact to HC State

– HC resync procedure is performed immediately– No flow control is needed between BS and AG

Conclusion: HC in the AG creates significant unnecessary complexity and performance degradation to he whole system

Impacts to UDC in case of Radio Impacts to UDC in case of Radio Link CongestionLink Congestion

• If UDC is located in the central node (AG):– Require flow control mechanisms between BS and

AG for handoff– The BS can not drop the packets beyond the

replay window – Impact RLP retransmission operation due to RLP

packets are dropped

• If UDC is located in the edge node:– IP Packets can be dropped at the AG or at BS

without impact to RLP operation– No flow control is needed between BS and AG

Security Implementation in BS is Security Implementation in BS is Cost EffectiveCost Effective

• Edge devices protection can be done without much incremental cost– Examples:

• A leading home/office router manufacturer offers a 4-port gigabit Ethernet router with address translation (NAT), firewall and IPSEC VPN functionality with a throughput of 800Mbps at under $130.

• Also typical consumer WiFi access points products at price range of $30-50 are able to handle advanced encryption for data rates up to 56Mbps.

• If concerned about physical security of base station, should be addressed using tamper resistant storage/processors– Executing encryption and decryption inside a secure domain– Example 1: DRM is in TPM (tamper proof module) in the AT and

the similar capability can be put in BS as well– Example 2: Secure domain capability to allow execution of

encryption and decryption in an secure area is also becoming commonplace in processing cores and architectures e.g. by ARM family of processors

Other ConsiderationsOther Considerations• It is not desirable to have signaling

encryption/integrity and user data ciphering in the different locations:– Need key distribution mechanism to the BS for signaling

encryption/integrity– If both are performed in the edge, no key distribution

mechanism needed from AG to BS (assume EAP authenticator is in the BS as well)

• Transport Capacity Efficiency between AG and BS:– It might be claimed that if HC is located at AG, it provides

transport capacity savings for the BS-AG interface. – However, If a transport link of BS-AG interface is a true

bottleneck, the mobility tunnel UDP/IP headers also need to be compressed over that congested link.

– This mobility tunnel UDP/IP header compression requires a separate header compression function over the congested link anyhow.

– This separate header compression entity could at the same time handle the compression of both user data IP header and mobility tunnel IP header without significant increase in the complexity

ConclusionsConclusions

• Having HC and UDC in the AG:– L2 and L3 has no clean separation (L2 is extended to AG) – Causes a lot of unnecessary design challenges– Make inter-operability more difficult by introducing a complex

BS-AG interface – Increases the system complexity and cost– Decreases the system performance– Endangers the long term competitiveness of the 3GPP2 system

• Having HC and UDC in the BS:– L2 is fully terminated at BS– Simplify the system design– Enabled better system performance with decreasing network

complexity – No 3GPP2 specific Interface required between BS and AG– More competitive to other technologies

• HC and UDC functions should be located in the BS