APPENDIX A



MS#117400

Internet Roaming – An Enterprise-Oriented Wireless LAN/Cellular Data Network Integration Solution

Hui Luo, Zhimei Jiang, Byoung Jo Kim, N. K. Shankar, and Paul Henry

AT&T Labs – Research, 200 S. Laurel Ave., Middletown, NJ 07748, USA

ABSTRACT

Internet Roaming is an IP-based corporate data network architecture that provides convenient secure mobile networking across office WLANs, residential WLANs, public WLANs, and cellular data networks for corporate wireless data users. It has three building blocks: the IRC (Internet Roaming Client), the SMG (Secure Mobility Gateway), and the VSA (Virtual Single Account) server. Working with an SMG and a VSA server, an IRC can present a single sign-on authentication interface for a user to initiate a secure connection to a corporate intranet via the best available wireless network, and maintain the secure connectivity thereafter as the user moves from one wireless network to another. As a proof of concept, a software-based prototype system has been developed, which enables a Windows-based computer to seamlessly roam between WLANs attached to different subnets while maintaining an encrypted connection to a Windows-based SMG. A hardware-based IRC that looks like a network interface card is also under development. It can provide secure mobile networking for a variety of mobile devices such as PDAs. The measurements of handoff speed of the software-based prototype system and comparisons between Internet Roaming and other WLAN/cellular integration methods are also given in this paper.

Keywords: roaming, wireless data, WLAN, cellular network, VPN, enterprise, handoff, security

I. INTRODUCTION

IEEE 802.11 WLAN (wireless local area network) [1] and cellular data can be considered as complementary wireless data networking technologies. WLAN has a number of advantages such as high speed (up to 11Mbps for the most popular 802.11b WLAN [2]), low operating cost (due to the use of unlicensed spectrum), and low equipment cost (due to the extreme success of the IEEE 802.11 standard in the marketplace), but covers only a small area (< 300 feet for an 802.11b Access Point (AP)), while cellular data networks can provide wide-area coverage but at lower speed (e.g., 19.2 kbps for CDPD [3]; up to 384 kbps for 3G in large cells [4]) and much higher cost. It is logical to integrate WLAN and cellular data networks to serve users who need both high-speed wireless access as well as anytime anywhere mobile connectivity.

Currently most of WLAN/cellular network integration solutions are operator-oriented. The objective is to bundle hot-spot public WLAN service with cellular data service offered by cellular operators [5, 6], where the authentication and billing of the public WLAN service can reuse the cellular network infrastructure and resources, and thus give users the benefits of integration, such as SIM card-based authentication and a single bill [7]. Nonetheless, operator-oriented solutions are not hassle-free, especially for corporate users. After obtaining a wireless connection to the Internet through a cellular network or a public WLAN, a corporate user needs to run a VPN program to create a secure connection to the corporate intranet over the wireless connection and the Internet. Typically, if the user switches the wireless connection, for example, by moving into or out of the range of a public WLAN, the secure connection breaks and the user must re-launch the VPN program. In addition, since operator-oriented integrated solutions cover only public WLANs and cannot include office and residential WLANs, a corporate user roaming between these WLAN environments and cellular networks has to frequently change his WLAN configuration (e.g., setting SSID (Service Set Identifier), enabling/disabling/setting WEP (Wired Equivalent Privacy) key, and selecting device-level and user-level authentication methods), which is a burdensome, error-prone task [8].

To solve the problems above, we propose an enterprise-oriented WLAN/cellular network integration solution, called Internet Roaming. It is focused on providing a convenient secure wireless networking experience for corporate users. Specifically, an Internet Roaming system has the following features: (1) a corporate user can create a secure connection to a corporate intranet using the same single sign-on authentication interface, no matter which wireless network the user’s computer is connected to; the system handles all networking details and builds the secure connection over the best wireless network available to the user, including cellular networks and office/residential/public WLANs; (2) once the secure connection is created, the system produces the same office networking environment for the user by managing security and mobility networking details; the environment does not change even if the user moves from one wireless network to another. Moreover, it is designed using existing technologies as much as possible, including Mobile IP [9], IPsec [10], and wireless access methods.

II. architecture

As shown in Fig. 1, Internet Roaming addresses secure mobile networking for a corporate user’s portable computer in the context of: a corporate intranet, four types of wireless networks (i.e., office WLANs, residential WLANs, public WLANs, and cellular data networks[1]), and the Internet. The main objective is to provide secure IP mobility functions for the user’s computer, i.e., a secure connection from the user’s computer to the corporate intranet over a wireless network (and the Internet if the wireless network is not an office WLAN), and to keep the connection alive thereafter as the user moves among different wireless networks.

[pic]

Fig. 1. A high-level overview of the Internet Roaming system architecture

An Internet Roaming system consists of a VSA (virtual single account) server deployed on a corporate intranet, a SMG (secure mobility gateway) deployed between the public Internet and the corporate intranet, and many IRCs each installed on a user’s computer. The Internet Roaming architecture is designed as an “independent add-on” solution for the corporate intranet. That is, installing an Internet Roaming system is simply deploying an SMG and a VSA server at proper positions on the corporate intranet and installing the IRC on the portable computer of every user who needs secure mobile networking functions; none of existing networking equipment and none of existing networking services need to be modified. The functions of the IRC, the SMG, and the VSA server are described below.

1. Virtual Single Account Server

The VSA server provides the following functions: (1) storing every user’s authentication credentials that are used to access wireless networks and the corporate intranet, (2) serving as a backend authentication server for the SMG to authenticate users’ computers, (3) providing an interface for system administrators to manage every user’s access rights and authentication credentials, and (4) providing authentication credential updating services to the IRCs.

The VSA server stores every user’s authentication credentials that are used to access wireless networks and the corporate intranet in a VSA record. A user's VSA record contains the user’s VSA username and password, an intranet profile, a cellular profile, and a number of WLAN profiles. The intranet profile contains the user’s authentication credential used to access the corporate intranet. The cellular profile contains necessary commands and parameters that are used to establish a cellular data connection. A WLAN profile is identified by an SSID and contains configuration parameters, access parameters, and an authentication credential. The configuration parameters include the WLAN type (office WLAN, public WLAN, or residential WLAN), the device-level authentication method (open authentication or shared key authentication), the WEP key status (on or off), the WEP key value (fixed or dynamically assigned), the WEP enhancement mode (40-bit WEP key, 128-bit WEP key, TKIP [11], or 802.11i), the IP initialization method (DHCP or static IP), the IP configuration (the IP address, the DNS server’s IP address, and the default router’s IP address). The access parameters include the access method (WEP-based, 802.1x-based [12], IPsec-based, or browser-based [13]) and the authentication protocol. The authentication credential is dependent of the access method and the authentication protocol. For example, if the access method is WEP-based, it is the WEP key value.

In all profiles, the authentication credential is encrypted using a key derived from the VSA password. Only random data can be used as authentication credentials and only the random portion of authentication credentials are encrypted. For example, if an authentication credential is a security certificate, it cannot be directly encrypted because it contains descriptive text; instead, only the public key value in the security certificate and the corresponding private key, which are random sequences, are encrypted. The purpose is to avoid offline dictionary attacks against the VSA password in case a user’s computer containing his/her VSA record is lost. If the encrypted authentication credentials are random, a hacker can test if the attack has succeeded only by trying it online, which is time-consuming and can easily trigger an alarm.

A user’s VSA record is established by a system administrator based on the job requirement of the user. For example, if a user is not authorized to access a cellular network, no cellular network profile is configured in the user’s VSA record. In addition, all authentication credentials, including usernames and passwords, are generated using random numbers when the system administrator creates them. The user does not need to remember or know them.

The VSA concept is the foundation of the single sign-on function. It is jointly supported by the IRC and the VSA server. Initially, the IRC has only an empty VSA record, and the user is given a VSA username and a temporary VSA password. The user must use this temporary password to start the IRC over a wired connection in an office network inside the corporate intranet, and the IRC will download the user’s VSA record from the VSA server. Afterwards, whenever the user successfully connects to the corporate intranet, the IRC contacts the VSA server to download the updated portion of the user’s VSA record.

2. Secure Mobility Gateway

The SMG is a special IPsec gateway deployed between the public Internet and the corporate intranet. It is responsible for: (1) authenticating a user’s computer with help of the VSA server, (2) tracking the location of a user’s computer with help of the IRC installed on the user’s computer, and (3) relaying IP packets between a user’s computer and other IP nodes that are communicating with the user’s computer. Where, the IP packets transmitted between the SMG and the current location of the user’s computer are encrypted and encapsulated.

The SMG has two network interface cards, one connected to the Internet and the other to the intranet. The Internet interface is a harden host interface; it only sends and accepts mobile IPsec packets with a source or destination IP address being the IP address of the Internet interface. A so-called mobile IPsec packet is a UDP packet that carries an SAID (Security Association Identifier), an encrypted payload, and a message integrity code. The encrypted payload can be an IP packet, a Mobile IP COA (Care-Of Address) registration message, or an IKE (Internet Key Exchange) [14] message. The intranet interface is a router interface that presents a subnet of the corporate intranet. The IP address used by the operating system of every wireless user’s computer belongs to this subnet. In the context of Mobile IP, this subnet is the home network; the SMG is the Home Agent (HA); and the IP address used by a user’s computer is the home address of the user’s computer. The intranet interface sends and accepts mobile IPsec packets with a source or destination IP address being the IP address of the intranet interface. It also sends and accepts regular IP packets with a source or destination IP address being the home address of a user’s computer. By using mobile IPsec packets, only a single IP-in-UDP tunnel between an IRC and the SMG is needed for both security and mobility.

The SMG stores SAs (Security Association) and location information for every wireless user’s computer in memory. Every SA contains an encryption key that is used to encrypt/decrypt the payload of mobile IPsec packets. The location information for a user’s computer consists of a COA and an SMG interface to which the user’s computer is communicating. If the user’s computer is connected to a residential WLAN, a public WLAN, or a cellular network, the COA is the IP address assigned to the user’s computer by the residential WLAN, the public WLAN, or the cellular network, and the used SMG interface is the Internet interface. If the user’s computer is connected to an office WLAN, the COA is the IP address assigned to the user’s computer by the office WLAN, and the used SMG interface is the intranet interface. As the user’s computer moves, both the COA and the used SMG interface may change. Whenever the SMG receives a mobile IPsec packet that carries a valid Mobile IP COA registration message or IKE message, the location information is updated as follows: the new COA is the source IP address of this mobile IPsec packet, and the new used SMG interface is the interface at which this mobile IPsec packet arrives.

The SMG interface used by a user’s computer determines how the SMG relays IP packets for the user’s computer. If the used SMG interface is the Internet interface, which implies the user’s computer is connected to a residential WLAN, a public WLAN, or a cellular network, the SMG performs the HA’s relay function using both interfaces: it decapsulates and decrypts the mobile IPsec packets arriving at the Internet interface, then routes the inner IP packets to their destinations using the intranet interface; it encrypts and encapsulates regular IP packets arriving at the intranet interface into mobile IPsec packets, then sends them to the IRC on the user’s computer using the Internet interface. If the used SMG interface is the intranet interface, which implies the user’s computer is connected to an office WLAN, the SMG performs the HA’s relay function using only the intranet interface, and the mobile IPsec packets transmitted between the SMG and the IRC may not need to be encrypted (assuming the office WLAN itself is properly secured).

There are two reasons why the SMG uses different methods to relay IP packets for users’ computers connected to wireless networks on different sides of the boundary between the public Internet and the corporate intranet: (1) if a user’s computer is connected to an office WLAN and if the SMG only processes mobile IPsec packets using the Internet interface, as proposed by many other WLAN/cellular integration systems, the mobile IPsec packets sent from the user’s computer to the SMG’s Internet interface must cross a corporate firewall and thus may be blocked by the firewall, since the firewall cannot know the content of these packets due to encryption; and (2) using the intranet interface to serve a user’s computer connected to an office WLAN does not need to encrypt/decrypt the payload; therefore, the routing speed can be improved.

3. Internet Roaming Client

The IRC is mainly responsible for creating and maintaining a mobile IPsec tunnel between a user’s computer and the corporate network over the best available wireless network. This mission includes the following tasks: (1) identifying the best wireless network available to the user, (2) making proper configuration in order to connect to the wireless network, (3) authenticating the user’s computer to the wireless network, (4) obtaining a wireless connection and receiving an IP address from the wireless network, (5) authenticating the user to the proper interface of the SMG, (6) creating a mobile IPsec tunnel to the proper interface of the SMG, (7) performing handoff between wireless networks if the current wireless network is no longer the best one available to the user, and (8) providing secure mobile routing for the user’s computer. All these are done outside the awareness of the operating system on the user’s computer; that is, from the viewpoint of the operating system, the user’s computer always employs a static IP address belonging to the corporate intranet, as if it were a desktop computer sitting in the office. Thus, the office network environment can be exactly reproduced for the user no matter where he/she is, and all networking applications on the user’s computer can run as usual.

Initially, the IRC presents a single sign-on interface for the user to start creating a secure connection to the corporate intranet. This interface is the same no matter where the user is located. The user only needs to enter the VSA username and password to start the process. The IRC then identifies the best wireless network available to the user by instructing the WLAN driver to scan the SSID and to measure the RSSI (Received Signal Strength Indication) of nearby WLANs. The following criteria can be used to determine which available wireless network is the best one (assuming a cellular network is always available everywhere).

1. If there is no WLAN detected or if there are some WLANs detected but none of them has an SSID matching a WLAN profile in the user’s VSA record, the best available wireless network is the cellular network specified in the VSA record.

2. If there is one WLAN detected, if its SSID matches a WLAN profile in the user’s VSA record, and if its RDDI value is above a threshold that represents a quality WLAN signal, the best available wireless network is the detected WLAN.

3. If there are multiple WLANs detected and if their SSIDs each match a WLAN profile in the user’s VSA record, the WLANs with RDDI values above the threshold are candidates. If there are more than one candidate, they can be evaluated based on their types using the following priority order: office WLAN, residential WLAN, and public WLAN[2]. If there are still more than one candidate, the WLAN with the highest RDDI value is considered the best available wireless network[3].

After the wireless network is selected, the IRC computes a key based on the entered VSA password, decrypts the user’s authentication credential for the selected wireless network using the computed key, and follows the access method specified in the wireless profile to authenticate the user to the selected wireless network. After a wireless connection is obtained and an IP address is assigned to the IRC by the wireless network, the IRC decrypts the user’s authentication credential for the corporate intranet using the computed key, authenticates the user to the proper interface of the SMG, and creates a mobile IPsec tunnel between the IRC and the proper interface of the SMG using the IKE protocol. After all these steps succeed, the IRC contacts the VSA server to download the updated VSA record.

After the mobile IPsec tunnel is established, the IRC keeps monitoring the WLANs available to the user by instructing the WLAN driver to scan the SSID and to measure the RSSI of nearby WLANs periodically. The following criteria can be used to determine whether the current wireless network is no longer the best available wireless network, and thus a handoff operation is needed.

1. If the current wireless network is a WLAN and the only WLAN, and if the RDDI value is below the threshold, the cellular network specified in the VSA record is the best available wireless network, and a handoff operation should be immediately performed.

2. In all other cases, all detected WLANs are evaluated based on their types and RDDI values based on the criteria mentioned before. After this process is repeated several times, if there are some WLANs that always have higher evaluation than the current wireless network, a handoff operation should be immediately performed, and the new best available wireless network is the one that has the highest evaluation in the most recent measurement.

If a handoff decision is made, the IRC decrypts the authentication credential for the new wireless network using the key derived from the entered VSA password and authenticates the user to it. After a new wireless connection is obtained and a new IP address is assigned to the IRC by the new wireless network, the IRC reports the new IP address as its COA to the proper interface of the SMG using a Mobile IP COA registration message. The SAs do not need to be updated after handoff if they have not expired, because they are not tied with the IP address of the mobile IPsec tunnel end.

If the user’s computer is connected to a residential WLAN, a public WLAN, or a cellular network, the outbound routing process is as follows: (1) the operating system directs an IP packet to an IP node communicating with the user’s computer (the IP packet is actually sent to the IRC); (2) the IRC encrypts and encapsulates the IP packet into a mobile IPsec packet, and directs it to the SMG’s Internet interface; and (3) the SMG receives the mobile IPsec packet from its Internet interface, decapsulates and decrypts the inner IP packet, and forwards it to the IP node using the intranet interface (it is actually sent to the next-hop router on the corporate intranet). The inbound routing process, where the packet’s destination IP address is the home address of the user's computer, is essentially the reverse of the outbound case. If a NAPT (Network Address/Port Translation) box is present in the current wireless network, the mobile IPsec tunnel is not affected due to the use of IP-in-UDP encapsulation.

If the user’s computer is connected to an office WLAN and if the encryption is turned off in order to improve routing speed, the outbound routing process is as follows: (1) the operating system directs an IP packet to an IP node; (2) the IRC receives it and encapsulates it into an unencrypted mobile IPsec packet, and addresses it to the SMG’s intranet interface; (3) the SMG receives the packet from the intranet interface, decapsulates it, and forwards the inner IP packet to the IP node using the intranet interface. Similar to above, the inbound case is essentially the reverse of the outbound.

III. PROTOTYPES AND EVALUATIONS

At the time when this paper is written, a software-based prototype system has been developed for Windows operating systems, and a hardware-based prototype IRC is also under development. These implementations are briefly described below. Handoff performance of the software-based prototype and feature comparisons with others are also presented.

3.1. A Software-Based Prototype System

To maximize its marketability, Internet Roaming must be compatible with Windows operating systems, which do not offer native mobility support. To demonstrate achieving this key requirement, a Windows-based IRC and a Windows-based SMG are developed. They can jointly support enhanced Mobile IP functions, such as encrypting the mobile IPsec tunnel using 128-bit AES [15]. The prototype system enables a Windows-based computer to seamlessly roam between WLANs attached to different subnets, despite the absence of mobility support in the operating system.

[pic]

Fig. 2. The conceptual structure of software-based IRC and SMG

As shown in Fig. 2, the software-based prototype IRC consists of an IRC utility (an application program) and an IRC intermediate driver (a kernel program). The IRC utility is used to present a single sign-on interface for user authentication and to configure Internet Roaming parameters. The IRC intermediate driver is used to provide enhanced Mobile IP functions for the user’s computer without awareness of the Windows operating system. In order to achieve this objective, the IRC intermediate driver is programmed to: (1) supply the home address assigned by the SMG to the Windows operating system when Windows runs DHCP; (2) decapsulate and decrypt inbound mobile IPsec packets into regular IP packets and pass them to the Windows operating system; (3) encrypt and encapsulate outbound regular IP packets into mobile IPsec packets and send them to the SMG; (4) monitor attached subnet and, if a change of attached subnet happens, apply an IP address from the newly attached subnet and register the IP address as its COA with the SMG. Since the software-based IRC hides mobility operations from the Windows operating system, it is compatible with all Windows-based networking programs, including existing VPN clients. Thus, if a VPN remote access method is already deployed, the IRC can delegate security to the VPN when connected to public networks, with no changes to the existing infrastructure required.

Similarly, the software-based prototype SMG consists of an SMG utility and an SMG intermediate driver. The SMG utility is used for a system administrator to configure, monitor, and manage users’ computers. The SMG intermediate driver is used to track the location of users’ computers and relay IP packets for them.

At the time when this paper is written, the full functionality of the IRC has not been developed yet. The prototype IRC can only work with a WLAN card, thus the handoff between a WLAN and a cellular data network is not supported. In addition, it cannot communicate with the WLAN driver to access key WLAN parameters such as SSID and RSSI due to the late introduction of standard NDIS (network driver interface specification) function calls for WLAN. As a result, the wireless network selection criteria and the handoff criteria described in Section 2.3 are not implemented yet; and all WLANs have to use the same SSID and WEP key. In this scenario, handoffs between these WLANs are performed by the WLAN driver without awareness of the IRC intermediate driver, thus the IRC intermediate driver must monitor whether current WLAN is attached to a new subnet. This is done by periodically sending a unicast ARP (Address Resolution Protocol) query packet to the default gateway router of the most recent attached subnet. If the number of consecutive ARP query packets that are not responded exceeds a threshold, the IRC intermediate driver performs the handoff operations, i.e., applying an IP address from the new subnet and registering it as the COA with the SMG.

According to the above analysis, handoff speed is primarily determined by the link-layer handoff speed and the threshold. Some measurements of the handoff speed on different WLAN cards are given below in Table 1. The link-layer handoff delay is the difference between the time when the IRC intermediate driver captures a Connect-Indication event cast by the underlying WLAN driver and the time when a Disconnect-Indication event is captured. The IP-layer handoff delay is the difference between the time when the Connect-Indication event is captured and the time when the IRC intermediate driver receives the Mobile IP COA registration acknowledge message from the SMG, which indicates that the mobile IPsec tunnel has been pointed to the new COA. Every entry in Table 1 is an average of about 100 measurements of controlled handoff in the same WLAN and wired network environment. Among them, the Orinoco WLAN driver does not cast any Disconnect-Indication event, so the corresponding link-layer handoff delay is not available.

|WLAN card vendor |Link-layer handoff delay |IP-layer handoff delay |Total handoff delay |

|Cisco |0.3912 sec |1.1216 sec |1.5128 sec |

|Linksys |0.5966 sec |1.2690 sec |1.8656 sec |

|Orinoco |N/A |1.3375 sec |> 1.3375 sec |

Table. 1. Handoff delay measurements

3.2. A Hardware-Based Prototype IRC

Although the above software-based IRC has a number of advantages such as low distribution cost and ease of improvement and customization, it requires kernel programming, special support from the operating system, and installation of kernel modules. These are difficult tasks due to diversity of mobile devices and fast evolvement of mobile operating systems. In order to simplify development and installation experience and in order to support a variety of mobile devices, a hardware-based prototype IRC, called an iCard, has been designed and is under development.

[pic]

Fig. 3. The conceptual structure of a hardware-based IRC (iCard)

As shown in Fig. 3, the iCard uses a popular Ethernet chip as the hardware interface to the mobile device, thus looking like a popular Ethernet card to it. As a result, using iCard to provide secure mobile networking functions for the mobile device does not require installing any software on the mobile device, except a popular Ethernet driver, which is probably already built in the mobile device’s operating system. The rest of iCard is equivalent to an embedded gateway: it runs Linux with a special IP stack that can support mobile IPsec functions; it has two network interfaces, one being an built-in Ethernet interface connected to the mobile device and the other being a CF slot that can accommodate a network interface card in CF form factor, preferably, a WLAN/cellular data modem combo card. The single sign-on and configuration functions are supported using a Web server running under Linux on the iCard. Thanks to the above iCard design, any mobile device that accepts a PCMCIA Ethernet card can instantly receive support of secure mobile networking by inserting an iCard into its PCMCIA slot.

Currently, the iCard prototype uses a StrongARM 1110 as the CPU. It has 32MB RAM and 16MB Flash.

3.3. Comparisons

There are other commercial products for enterprise-oriented WLAN/cellular network integration, such as Ecutel [16], NetMotion Wireless [17] and IPUnplugged [18]. Although detailed technical information about these products is not available, the major differences between Internet Roaming and them are summarized below, according to white papers published by the vendors.

1. In these products, the network component equivalent to the SMG always uses its Internet interface as an end of the encrypted IP tunnel connected to a mobile computer, no matter to which wireless network the mobile computer is connected. This design may risk loss of connection if the mobile computer is connected to an office WLAN inside the corporate intranet. In this case, because the COA of the mobile computer is within the corporate intranet and the IP address of the Internet interface of the SMG-equivalent component is on the public Internet, the encrypted IP tunnel must cross a corporate firewall. If the firewall does not allow pass-through of encrypted IP packets that are unknown to the firewall, the encrypted IP tunnel is blocked and the mobile computer will loss the connection. This problem has been addressed by the SMG, as described in Section 2.2.

2. In these products, the client-side components equivalent to the IRC are all software-based and designed for various Windows operating systems. Some of them use WinSock-based mobility management. They may become incompatible with future Windows releases if WinSock functions are revised. Others use intermediate driver to handle security and mobility management, but need a user-space program to pass configuration parameters to the intermediate driver and start the secure mobile networking functionality manually whenever the computer is reboot. This is inconvenient for a laptop user who usually wishes the secure connection be kept alive after he/she closes the laptop in a previous location and opens it in a new location. This problem is solved by the software-based IRC. The IRC intermediate driver can instantly restore the previous secure connection as soon as it is loaded into the kernel when the operating system is rebooting. Thus, the IRC can always maintain a “static” office network environment for laptop users, as they open and close laptops at different locations. Moreover, the hardware-based IRC, the iCard, can provide the above convenience of secure mobile networking for a variety of mobile devices whose operating systems may not provide sufficient support for implementing a software-based IRC.

IV. CONCLUSIONS

Internet Roaming is an IP-based corporate data network architecture that provides convenient secure mobile networking across office WLANs, residential WLANs, public WLANs, and cellular data networks for corporate wireless data users. An Internet Roaming system consists of a VSA server deployed on a corporate intranet, a SMG deployed between the public Internet and the corporate intranet, and many IRCs each installed on a user’s computer. Working with an SMG and a VSA server, an IRC can present a single sign-on authentication interface for the user to initiate a secure connection to a corporate intranet via the best available wireless network, and maintain the secure connectivity thereafter as the user moves from one wireless network to another. As a proof of concept, a software-based prototype system has been developed, which enables a Windows-based computer to seamlessly roam between WLANs attached to different subnets while maintaining an encrypted connection to a Windows-based SMG. The design of a hardware-based IRC that looks like a network interface card is also described. It can provide secure mobile networking for a variety of mobile devices such as PDAs. The measurements of handoff speed of the software-based prototype system and comparisons between Internet Roaming and other WLAN/cellular integration methods are also given in this paper.

ACKNOWLEDGEMENT

The authors thank Li Feng for her work on implementation of the software-based prototype and collection of handoff speed measurements.

References

1. IEEE 802.11, “IEEE Standards for LAN/MAN – specific requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications”, 1999.

2. IEEE 802.11b, “IEEE Standards for LAN/MAN – specific requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications – Higher-Speed Physical Layer Extension in the 2.4 GHz Band”, 1999.

3. Mark Taylor, Mohson Banan, William Waung, "Internetwork Mobility: The CDPD Approach", Prentice Hall, 1997.

4. Harri Holma, Antti, Toskala, WCDMA for UMTS, John Wiley and Sons Inc., 2002.

5. 3GPP Technical Report, “Feasibility study on 3GPP system to WLAN interworking,” Tech Report 3GPP TR 22.934 v1.2.0, May. 2002

6. J. Ala-Laurila, J. Mikkonen, J. Rinnemaa, "Wireless LAN Access Network Architecture for Mobile Operators", IEEE Communications Magazine, vol 39, No. 11, Nov. 2001, pp. 82-89.

7. Tomas Bostrom, Tomas Goldbeck-Lowe, Rolf Keller, “Ericsson Mobile Operator WLAN Solution”, 2002.

8. Robert Lucky, “Cannot Connect”, IEEE Spectrum, vol. 39, no. 1, pp. 112, January 2002.

9. Charles Perkins, “IP Mobility Support”, IETF RFC 2002, October 1996,

10. S. Kent, R. Atkinson, “Security Architecture for the Internet Protocol”, IETF RFC 2401, November 1998.

11. Cisco, “Security for Next Generation Wireless LANs”, .

12. IEEE 802.1x, “IEEE Standards for LAN/MAN – Port-Based Network Access Control”, 2001.

13. Elliot Poger, Mary G. Baker, “Secure Public Internet Access Handler (SPINACH)”, Proceedings of the USENIX Symposium on Internet Technologies and Systems, Dec. 1997.

14. D. Harkins and D. Carrel, “The Internet Key Exchange (IKE)”, IETF RFC2409, November 1998.

15. Advanced Encryption Standard,

16. EcuTel,

17. NetMotion Wireless,

18. IPUnplugged,

-----------------------

[1] Although there are many types of cellular data networks, normally at most one cellular data modem is installed on a mobile computer. Hence, from the viewpoint of the mobile computer, there is only one cellular data network. This is why the diversity of cellular data networks is not addressed by the Internet Roaming system.

[2] This priority order is determined by considering security, throughput, routing performance, and cost. If cost is not a factor, the priority order can be office WLAN, public WLAN, and residential WLAN, because a public WLAN often has a faster back haul connection to the Internet than a residential WLAN.

[3] A more reasonable evaluating factor should be the traffic load, and the best available wireless network should be the one with the least traffic load and an RDDI value above the threshold. However, currently there is no standard way for a WLAN station to detect the traffic load of an AP.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download