1 / 14

Security & Policy in IP Mobile Network

Security & Policy in IP Mobile Network. Ram Gopal. L Communication Systems Lab Nokia Research Center Boston,USA. Outline. Overview Handover operation Security and Policy issues Questions. Wireless Network. RAN. CN. MSC/VLR. BS. RNC. MN. SGSN. External Network. GGSN.

taniel
Download Presentation

Security & Policy in IP Mobile Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security & Policy in IP Mobile Network Ram Gopal. L Communication Systems Lab Nokia Research Center Boston,USA

  2. Outline • Overview • Handover operation • Security and Policy issues • Questions

  3. Wireless Network RAN CN MSC/VLR BS RNC MN SGSN External Network GGSN AR Gi Uu Iub Iu

  4. Policy and Security Issues • Authentication • Mutual Authentication • Secured and reliable context transfer • Trust relationships • Heterogeneous handovers

  5. Remote node Access Router RN PR NR Access point MN moved from PR to NR Context Transfer (CT) • Why to transfer context ? • For seamless operation • Where ? • Between Access points • When? • Mobile controlled • Network controlled • Load balancing • Fail over requirements

  6. Context Transfer (2) • What is Context ? • Security • Header compression • QoS • Firewall • Context may have dependencies • Context may be distributed or Localized

  7. Policy Management • Policy management? • Issues • Lack of consistent product model • Heterogeneous network and multi-vendor • No standard for shared information

  8. Approach - AR based • Moving Intelligence to Network Element (AR) • Contacting Home AAA • Interpreting static profiles of MN • Interpreting neighboring AR Static profile • Moving Static capabilities of MN or new AR • Finally transferring the context to the AR • Issues • Currently no mechanism exists to transfer across two AS • Security risk – exposing topology,router capabilities • Router will be overloaded with require to interpret SLA’s

  9. Approach - Centralized server • Centralized decision making process (e.g.. Policy Server) • Policy Server makes the decision based on capabilities and capacity of the network • Context are securely transfer and distributed by policy server • Security risk is reduced • Leverages existing peering relationship between ISP’s

  10. CN Internet AS2 AS1 BGW BGW PS1 PS2 AR2 BS1 AR1 BS2 AAA2 MS AAA1 MN is moving from AS1 to AS2 MN AR selection process

  11. 5 3 2 4 1 Reactive handover Internet 7 CN BGW1 BGW2 AS1 AS2 PS1 PS2 8 AR2 6 AR1 BS1 BS2 MS AAA2 AAA1 Reactive Handover MN MN had moved to AS2

  12. 3 5 4 2 1 Proactive handover CN Internet BGW1 BGW2 AS1 AS2 PS1 PS2 6 AR2 AR1 BS1 BS2 MS AAA2 AAA1 MN Proactive Handover MN is moving from AS1 to AS2

  13. Policy Server and Policy • Policy Server • Collects feedback from the network elements • Interprets MN requirement and AR capability • Provide one level of indirection • Policies • Policies can be a business rules • Static Profiles contains rules specific to MN • QoS requirement • Security requirement .. • AR policies are the rules that control and manage the behavior AR

  14. Questions

More Related