Thread Links | Date Links | ||||
---|---|---|---|---|---|
Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
Dear Handover adhoc and Security adhoc
peoples,
Big bottleneck to make fast handover with Level 2 and 3
in handover adhoc's common understanding
is to perform PKM procedure at the target
BS.
The full PKM procedure with multiple transactions over
the air will take a long time at the target BS
because one transaction(PKM-REQ/RSP) takes
usually 7-8 frames processing time, that is 35-40ms.
Hence,
In order to resolve this problem, main approach for
resolution is to skip the PKM procedure at the target
BS.
However, from the security perspective, it's not make
sense that the target BS skips to authenticate the MSS entering to itself.
Accordingly, there are two requirements for the fast
handover.
1. The target BS shall skip all PKM procedure or
perform at a minimum of PKM procedure.
2. The target BS shall be able to authenticate the MSS
before the MSS enters to the target BS.
For meeting the
above two requirements, there are usually
two approaches for the target BS as
followings:
In the following approaches, the basic assumption is
that the serving BS and the target BS, both trust each
other.
1. The target BS pre-authenticate the MSS via the
serving BS.
This approach is that the serving BS
may be a proxy of MSS to perform the PKM procedure over the backbone with the
target BS.
That is, the security context is
negotiated between the serving BS and the target BS.
Finally, the serving BS can pass new
security context to the MSS in the HO-RSP or BSHO-RSP
messages.
This approach has an overhead such that
the serving BS shall negotiate the security context with all candidate target
BSs and
the target BS shall start the timer to
retain the MSS's security context till the MSS successfully enters into the
target BS itself.
2. The target BS shall reuse the authentication of the
serving BS.
This approach is that the
target BS reuse the authenticated result and its Authorization key again
came from the serving BS.
If the target BS wants to renew the
security context of the MSS, then the target BS shall perform the PKM procedure
after the release of connection handed over.
Basically, I think that the approach 2 is
better.
Any opinion ?
Sincerely yours,
Yong Chang/Ph.D
Samsung Electronics.
|