Professional Documents
Culture Documents
Motivation Data transfer , Encapsulation Security, IPv6, Problems Micro mobility support DHCP Ad-hoc networks, Routing protocols
www.jochenschiller.de
MC - 2008
8.1
Routing
based on IP destination address, network prefix (e.g. 129.13.42) determines physical subnet change of physical subnet implies change of IP address to have a topological correct address (standard IP) or needs special entries in the routing tables change of all routing table entries to forward packets to the right destination does not scale with the number of mobile hosts and frequent changes in the location, security problems adjust the host IP address depending on the current location almost impossible to find a mobile system, DNS updates take to long time TCP connections break, security problems
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
8.2
Requirements for Mobile IPv4 (RFC 3344, was: 3220, was: 2002 , updated by: 4721)
Transparency
mobile end-systems keep their IP address continuation of communication after interruption of link possible point of connection to the fixed network can be changed support of the same layer 2 protocols as IP no changes to current end-systems and routers required mobile end-systems can communicate with fixed systems authentication of all registration messages only little additional messages to the mobile system required (connection typically via a low bandwidth radio link) world-wide support of a large number of mobile systems in the whole Internet
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
Compatibility
Security
8.3
Terminology
www.jochenschiller.de
MC - 2008
8.4
Example network
HA MN
Internet
(physical home network for the MN) router
FA
foreign network
CN
end-system
Prof. Dr.-Ing. Jochen H. Schiller
router
www.jochenschiller.de MC - 2008
8.5
MN
3
FA
CN
sender
1. Sender sends to the IP address of MN, HA intercepts packet (proxy ARP) 2. HA tunnels packet to COA, here FA, by encapsulation 3. FA forwards the packet to the MN
www.jochenschiller.de MC - 2008
8.6
MN
sender
FA
foreign network
CN
receiver
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de
1. Sender sends to the IP address of the receiver as usual, FA works as default router
MC - 2008
8.7
Overview
COA home network router HA Internet router FA MN
foreign network
CN
router
router FA
4. Internet
MN
foreign network
1. CN router
www.jochenschiller.de
MC - 2008
8.8
Network integration
Agent Advertisement
HA and FA periodically send advertisement messages into their physical subnets MN listens to these messages and detects, if it is in the home or a foreign network (standard case for home network) MN reads a COA from the FA advertisement messages MN signals COA to the HA via the FA, HA acknowledges via FA to MN these actions have to be secured by authentication HA advertises the IP address of the MN (as for fixed systems), i.e. standard routing information routers adjust their entries, these are stable for a longer time (HA responsible for a MN over a longer period of time) packets to the MN are sent to the HA, independent of changes in COA/FA
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
Advertisement
8.9
Agent advertisement
0 7 8 15 16 type #addresses code addr. size router address 1 preference level 1 router address 2 preference level 2 ... type = 16 type = 16 length sequence number length = 6 + 4 * #COAs R B H F M G r T reserved registration lifetime R: registration required COA 1 B: busy, no more registrations COA 2 H: home agent F: foreign agent ... M: minimal encapsulation G: GRE encapsulation r: =0, ignored (former Van Jacobson compression) T: FA supports reverse tunneling reserved: =0, ignored 23 24 checksum lifetime 31
www.jochenschiller.de
MC - 2008
8.10
Registration
MN
FA
HA
MN
HA
www.jochenschiller.de
MC - 2008
8.11
S: simultaneous bindings B: broadcast datagrams D: decapsulation by MN M mininal encapsulation G: GRE encapsulation r: =0, ignored T: reverse tunneling requested x: =0, ignored
www.jochenschiller.de
MC - 2008
8.12
31 lifetime
8.13
Encapsulation
original IP header
original data
new IP header
new data
outer header
inner header
original data
www.jochenschiller.de
MC - 2008
8.14
Encapsulation I
8.15
Encapsulation II
www.jochenschiller.de
MC - 2008
8.16
original data
RFC 1701
IHL DS (TOS) length IP identification flags fragment offset TTL GRE IP checksum IP address of HA Care-of address COA C R K S s rec. rsv. ver. protocol checksum (optional) offset (optional) key (optional) sequence number (optional) routing (optional) ver. IHL DS (TOS) length IP identification flags fragment offset TTL lay. 4 prot. IP checksum IP address of CN IP address of MN TCP/UDP/ ... payload ver.
new header
www.jochenschiller.de
MC - 2008
8.17
Solutions
sender learns the current location of MN direct tunneling to this location HA informs a sender about the location of MN big security problems!
Change of FA
packets on-the-fly during the change can be lost new FA informs old FA to avoid packet loss, old FA now forwards remaining packets to new FA this information also enables the old FA to release resources for the MN
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
8.18
Update ACK
Data Warning Request Update ACK Data
Data
Data
Data
t
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
8.19
MN
1
FA
sender
foreign network
CN
receiver
1. MN sends to FA 2. FA tunnels packets to HA by encapsulation 3. HA forwards the packet to the receiver (standard case)
www.jochenschiller.de MC - 2008
8.20
www.jochenschiller.de
MC - 2008
8.21
8.22
Security
authentication with FA problematic, for the FA typically belongs to another organization no protocol for key management and key distribution has been standardized in the Internet patent and export restrictions typically mobile IP cannot be used together with firewalls, special set-ups are needed (such as reverse tunneling) many new reservations in case of RSVP tunneling makes it hard to give a flow of packets a special treatment needed for the QoS
Firewalls
QoS
www.jochenschiller.de
MC - 2008
8.23
Security in Mobile IP
www.jochenschiller.de
MC - 2008
IP security architecture I
IP header
Prof. Dr.-Ing. Jochen H. Schiller
ESP header
www.jochenschiller.de
encrypted data
MC - 2008
8.25
IP security architecture II
MH
registration reply
FA
registration reply
HA
8.26
Key distribution
FA
MH
HA
agent mobile host registers a new binding at the home agent home agent answers with a new session key for foreign agent and mobile node
www.jochenschiller.de MC - 2008
8.27
IP Micro-mobility support
Micro-mobility support:
Efficient local handover inside a foreign domain without involving a home agent Reduces control traffic on backbone Especially needed in case of route optimization
Important criteria:
8.28
Cellular IP
Operation:
CIP Nodes maintain routing entries (soft state) for MNs Multiple entries possible Routing entries updated based on packets sent by MN Internet Mobile IP CIP Gateway
CIP Gateway:
Mobile IP tunnel endpoint Initial registration processing
Security provisions:
all CIP Nodes share network key MN key: MD5(net key, IP addr) MN gets key upon registration
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de
BS
BS
BS
MN1
MN2
MC - 2008
8.29
Advantages:
Initial registration involves authentication of MNs and is processed centrally by CIP Gateway All control messages by MNs are authenticated Replay-protection (using timestamps)
Potential problems:
MNs can directly influence routing entries Network key known to many entities (increases risk of compromise) No re-keying mechanisms for network key No choice of algorithm (always MD5, prefix+suffix mode) Proprietary mechanisms (not, e.g., IPSec AH)
www.jochenschiller.de
MC - 2008
8.30
Advantages:
Simple and elegant architecture Mostly self-configuring (little management needed) Integration with firewalls / private address support possible
Potential problems:
Not transparent to MNs (additional control messages) Public-key encryption of MN keys may be a problem for resource-constrained MNs Multiple-path forwarding may cause inefficient use of available bandwidth
www.jochenschiller.de
MC - 2008
8.31
HAWAII
Operation:
MN obtains co-located COA 2 and registers with HA Handover: MN keeps COA, new BS answers Reg. 4 Request and updates routers MN views BS as foreign agent
1 3
Security provisions:
MN-FA authentication mandatory Challenge/Response Extensions mandatory Mobile IP 3 MN
MN
www.jochenschiller.de
MC - 2008
8.32
HAWAII: Security
Advantages:
Mutual authentication and C/R extensions mandatory Only infrastructure components can influence routing entries
Potential problems:
Co-located COA raises DHCP security issues (DHCP has no strong authentication) Decentralized security-critical functionality (Mobile IP registration processing during handover) in base stations Authentication of HAWAII protocol messages unspecified (potential attackers: stationary nodes in foreign network) MN authentication requires PKI or AAA infrastructure
www.jochenschiller.de
MC - 2008
8.33
Advantages:
Mostly transparent to MNs (MN sends/receives standard Mobile IP messages) Explicit support for dynamically assigned home addresses
Potential problems:
Mixture of co-located COA and FA concepts may not be supported by some MN implementations No private address support possible because of co-located COA
www.jochenschiller.de
MC - 2008
8.34
Operation:
Network contains mobility anchor point (MAP)
mapping of regional COA (RCOA) to link COA (LCOA)
Internet
RCOA MAP
HA
binding update
AR
AR
Security provisions:
no HMIP-specific security provisions binding updates should be authenticated
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
LCOAnew LCOAold MN MN
8.35
Advantages:
Local COAs can be hidden, which provides at least some location privacy Direct routing between CNs sharing the same link is possible (but might be dangerous)
Potential problems:
Decentralized security-critical functionality (handover processing) in mobility anchor points
MNs can (must!) directly influence routing entries via binding updates (authentication necessary)
www.jochenschiller.de
MC - 2008
8.36
Advantages:
Handover requires minimum number of overall changes to routing tables Integration with firewalls / private address support possible
Potential problems:
Not transparent to MNs Handover efficiency in wireless mobile scenarios:
Complex MN operations All routing reconfiguration messages sent over wireless link
www.jochenschiller.de
MC - 2008
8.37
Application
simplification of installation and maintenance of networked computers supplies systems with all necessary information, such as IP address, DNS server address, domain name, subnet mask, default router etc. enables automatic integration of systems into an Intranet or the Internet, can be used to acquire a COA for Mobile IP
Client/Server-Model
the client sends via a MAC broadcast a request to the DHCP DHCPDISCOVER server (might be via a DHCP relay)
DHCPDISCOVER server client
Prof. Dr.-Ing. Jochen H. Schiller
client
relay
www.jochenschiller.de MC - 2008
8.38
DHCPOFFER
DHCPOFFER
collection of replies selection of configuration DHCPREQUEST (reject) DHCPREQUEST (options) confirmation of configuration
DHCPACK
initialization completed release DHCPRELEASE
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
delete context
8.39
DHCP characteristics
Server
several servers can be configured for DHCP, coordination not yet standardized (i.e., manual configuration)
Renewal of configurations
IP addresses have to be requested periodically, simplified protocol
Options
available for routers, subnet mask, NTP (network time protocol) timeserver, SLP (service location protocol) directory, DNS (domain name system)
www.jochenschiller.de
MC - 2008
8.40
A
Prof. Dr.-Ing. Jochen H. Schiller
C
MC - 2008
www.jochenschiller.de
8.41
Examples
Single-hop: All partners max. one hop apart
Bluetooth piconet, PDAs in a room, gaming devices
8.42
Mobile Devices
Mobile IP, DHCP
Fixed Network
Router End system
www.jochenschiller.de
MC - 2008
8.43
N7
N6
N7 N1 N2 N3
N5
N4 time = t2
N5
8.44
Distance Vector
periodic exchange of messages with all physical neighbors that contain information about who can be reached at what distance selection of the shortest path if several paths available
Link State
periodic notification of all routers about the current state of all physical links router get a complete picture of the network
Example
ARPA packet radio network (1973), DV-Routing every 7.5s exchange of routing tables including link quality updating of tables also by reception of packets routing problems solved with limited flooding
www.jochenschiller.de MC - 2008
8.45
Reasons
Classical approaches from fixed networks fail
Very slow convergence, large overhead
Maximal
Stability of the logical network, battery run-time, time of connectivity
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
8.46
www.jochenschiller.de
MC - 2008
8.47
Early work
on demand version: AODV
Expansion of distance vector routing Sequence numbers for all routing updates
assures in-order execution of all updates avoids loops and inconsistencies
8.48
Discover a path
only if a path for sending packets to a certain destination is needed and no path is currently available
Maintaining a path
only while the path is in use one has to make sure that it can be used continuously
www.jochenschiller.de
MC - 2008
8.49
Path discovery
broadcast a packet with destination address and unique ID if a station receives a broadcast packet
if the station is the receiver (i.e., has the correct destination address) then return the packet to the sender (path was collected in the packet) if the packet has already been received earlier (identified via ID) then discard the packet otherwise, append own address and broadcast packet
Optimizations
limit broadcasting if maximum diameter of the network is known caching of address lists (i.e. paths) with help of passing packets
stations can use the cached information for path discovery (own paths or paths for other hosts)
www.jochenschiller.de
MC - 2008
8.50
G I K H L F J
A
D
www.jochenschiller.de
MC - 2008
8.51
www.jochenschiller.de
MC - 2008
8.52
[O,C/G,4711]
I K
E [O,C/E,4711] H
D F
L J
www.jochenschiller.de
MC - 2008
8.53
G I
Q
[O,C/G/I,4711]
E
H D F
[O,C/B/D,4711]
A
[O,C/B/A,4711]
K
[O,C/E/H,4711]
L J
(alternatively: [O,C/E/D,4711])
www.jochenschiller.de
MC - 2008
8.54
G I
Q
[O,C/G/I/K,4711]
E
H D F
K L J
N
[O,C/E/H/J,4711]
[O,C/B/D/F,4711]
www.jochenschiller.de
MC - 2008
8.55
G I K H L F J
Q
[O,C/G/I/K/M,4711]
A
D
N
[O,C/E/H/J/L,4711]
(alternatively: [O,C/G/I/K/L,4711])
www.jochenschiller.de
MC - 2008
8.56
G I K H L F J
A
D
N
[O,C/E/H/J/L/N,4711]
www.jochenschiller.de
MC - 2008
8.57
G I K H L F J
Q
Path: M, K, I, G
A
D
www.jochenschiller.de
MC - 2008
8.58
Maintaining paths
after sending a packet
wait for a layer 2 acknowledgement (if applicable) listen into the medium to detect if other stations forward the packet (if possible) request an explicit acknowledgement
if a station encounters problems it can inform the sender of a packet or look-up a new path locally
www.jochenschiller.de
MC - 2008
8.59
Interference-based routing
N4
N5 S2
N6
R2
N7
N8
N9
www.jochenschiller.de
MC - 2008
8.60
www.jochenschiller.de
MC - 2008
8.61
reactive
Hierarchical
AODV Ad hoc On demand Distance Vector (RFC 3561) DSR Dynamic Source Routing (RFC 4728) DYMO Dynamic MANET On-demand
CGSR Clusterhead-Gateway Switch Routing HSR Hierarchical State Routing LANMAR Landmark Ad Hoc Routing ZRP Zone Routing Protocol DREAM Distance Routing Effect Algorithm for Mobility GeoCast Geographic Addressing and Routing GPSR Greedy Perimeter Stateless Routing LAR Location-Aided Routing
www.jochenschiller.de
MC - 2008
8.62
Auto-Configuration
Assignment of addresses, function, profile, program,
Service discovery
Discovery of services and service providers
Multicast
Transmission to a selected group of receivers
Quality-of-Service
Maintenance of a certain transmission quality
Power control
Minimizing interference, energy conservation mechanisms
Security
Data integrity, protection from attacks (e.g. Denial of Service)
Scalability
10 nodes? 100 nodes? 1000 nodes? 10000 nodes?
8.63
Cluster
Super cluster
www.jochenschiller.de
MC - 2008
8.64
Differences to MANETs
Example: Applications: MANET more powerful, more www.scatterweb.net general WSN more specific Devices: MANET more powerful, higher data rates, more resources WSN rather limited, embedded, interacting with environment Scale: MANET rather small (some dozen devices) WSN can be large (thousands) Basic paradigms: MANET individual node important, ID centric WSN network important, individual node may be dispensable, data centric Mobility patterns, Quality-of Service, Energy, Cost per node
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
8.65
Bluetooth, TETRA,
SN SN
SN GW
SN SN
GW
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
8.66
Long-term monitoring of patients with minimal restrictions Intensive care with relative great freedom of movement
Intrusion detection, mechanical stress detection Precision HVAC with individual climate
Monitoring of wildlife and national parks Cheap and (almost) invisible person monitoring Monitoring waste dumps, demilitarized zones
8.67
Modular design
Core module with controller, transceiver, SD-card slot Charging/programming/GPS/GPRS module Sensor carrier module
Software
Firmware (C interface) TinyOS, Contiki Routing, management, flashing ns-2 simulation models Integration into Visual Studio, Eclipse, LabVIEW, Robotics Studio
8.68
Nodes
Fully certified according to international regulations Range > 1.5 km (LOS), > 500m in buildings < 100A while still running (no sensors, no RF) Can drive external sensors up to 500mA (analog/digital) SPI, serial, IC, display, camera, joystick interfaces
Gateways
Bluetooth, WLAN, Ethernet, serial, USB, RS485, GSM/GPRS
Software
Auto-configuration, GPS tracking, over-the-air programming, building monitoring,
Evaluation board
Examples from www.scatterweb.com
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
8.69
MSB430H
Firmware
Very low footprint Platform independent Minimal power consumption (5A stand-by)
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2008
8.70
Features
Tickless timer/clock (interrupts only if necessary) Uses 3 kbyte RAM, 28 kbyte Flash (on MSP430) Highly modular, rule-based programming possible No threads, no dynamic memory management Power consumption
API makes all power modes available MSP ARM + PA Sleep TX RX 5A 11-26mA 19mA 3mA 600mA 80mA >3km 99% ANSI C, platforms LPC2148, MSP430, i386
MC - 2008
8.71
Real-World Integration
Gaming, Tourism Emergency, Rescue Monitoring, Surveillance
Self-configuring networks
Robust routing Low-power data aggregation Simple indoor localization
8.72
Data Messages
Send back data using gradients Hop count guarantees shortest path
Sink
www.jochenschiller.de
MC - 2008
8.73
Energy-aware routing
nodes Example: Routing via nodes with enough solar power is considered for free
www.jochenschiller.de
MC - 2008
8.74
Solar-aware routing
Solar-powered node
Send status updates to neighbors
Either proactive or when sniffing ongoing traffic
www.jochenschiller.de
MC - 2008
8.75
Manx Shearwater
www.jochenschiller.de
MC - 2008
8.76
Main challenge: robustness, reliability, easy-to-use Joint project with Oxford University and MSRC
8.77
8.78
Step detection
(522721.19N - 131747.76O)
(522721.22N - 131748.81O)
Indoor?
www.jochenschiller.de
MC - 2008
8.79
www.jochenschiller.de
MC - 2008
8.80
Walking
At least one foot on the ground Low step frequency
Running
Periods without ground contact Similar to jumping Higher step frequency, wider steps
Sprinting
Similar to running Highest step frequency Only short distances
8.81
Filtered acceleration
150
100
50
0 0 200 400 600 800 1000 1200 1400 1600 1800 2000
time [ms]
8 km/h 12 km/h
Prof. Dr.-Ing. Jochen H. Schiller
9 km/h 13 km/h
www.jochenschiller.de
10 km/h 14 km/h
MC - 2008
www.jochenschiller.de
MC - 2008
8.83
Better decentralized than centralized? Hardware: ScatterWeb MSB430, -S, -T Automatic calibration, automated training,
variable patterns
www.jochenschiller.de
MC - 2008
8.84
ALARM!
ALARM!
ALARM!
www.jochenschiller.de
MC - 2008
8.85
Event detection
Different Types of Events (Raw Data)
Kicking
1000 900 800 700
Intensity Intensity
Peeking Shaking
Climbing
Leaning
100.00
110.00
120.00
130.00
140.00
150.00
160.00
170.00
180.00
190.00
8.86
Still a lot to do
Integration of new/future radio technologies Cheap indoor localization (+/- 10cm) More system aspects (security, middleware, ) Prove scalability, robustness Make it cheaper, simpler to use
8.87