Future generation mobile communication networks will have a control intelligence distributed to the edge between wireless and wireline infrastructure elements. Thus, distribution of intelligence to the edge of the mobile communication environment will be referred to as distributed mobile communication environment in the following. While in the following reference will be made to specific examples of such distributed mobile communication environments, it should be clear that any type of distributed mobile communication environment, e.g., GSM, UMTS/EMT2000, PDC, AMPS, DAMPS, IF-95, WLAN, . . . , and any hybrid form thereof, is well considered as covered by the technical teachings to be explained in the following.
Today, problems arise, e.g., for intra-domain handover, i.e. a handover between access points and/or base stations of the same mobile communication environment. In particular, existing solutions do not allow for a fast and at the same time authenticated handover between a first network access point and a second network access point in support of a fast, secure, and seamless handover. Actually, this is a big problem for future generation mobile communications using distributed networks.
An existing solution is known from IEEE 802.11f, IEEE, Draft Recommended Practice for Multi-Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation, IEEE 802.11f, January 2003, which provides a solution for fast handover within a single domain of a mobile communication environment using context information and caching of context information at access points. Typically, access points are in a so-called neighbourhood relation graph of a currently activated access point AP, also referred to as multicast domain of the current access point. While this standard provides a solution for secure transfer of context information to a new access point, it does nevertheless not define what a context information should actually contain. Further, the standard IEEE 802.11f does not define how mutual authentication should take place at the new access point.
Further, the standard IEEE 802.11i, Medium Access Control Security Enhancements, IEEE 802.11i, September 2003, discusses a solution for pre-authentication, however, without support of fast handover. The pre-authentication is basically achieved by a mobile station roaming in the mobile communication environment using a key in a cache to identify itself to a current access point. Here, the current access point checks with the old access point. The key is derived from a master key which is stored with an authentication server, also referred to AAA server, and the mobile device. The authentication server sends a derived authentication key to an access point.
While fast handover security is under consideration in IEEE 802.11i, there is nothing decided yet. While a keying mechanism and fast handover solution are proposed, the described approach is used for the authentication server for roaming, see N. Cam-Winget et al., Keying for Fast Roaming, IEEE 802.11-02/241r2, May 2003. The authentication server derives a roaming key for each access point and sends it to the access point, and the mobile device also derives the roaming key and therefore the two can authenticate each other. Therefore, the approach described in IEEE 802.11i is certainly not suitable for fast roaming, in particular when there is a lot of traffic in the backbone network and the access server is located far away from the access point or equivalently hotspot. Still further, this standard IEEE 802.11i does not discuss about context transfer.
In conclusion, the approaches proposed by IEEE bodies are still at preliminary stages, and nothing is defined on fast handover. Also security issues during handover are mainly left aside, while IEEE LinkSec http://grouper.ieee.orq/groups/802/linksec// is working towards a common security solution for IEEE devices. Here, the attention is mainly towards wired communication.
Therefore, what is also missing is a solution for inter-domain handover, i.e. handover between distributed wireless communication environments operated by different stakeholders and a solution for efficient re-authentication during handover.
The same also applies to 3G standardization proposals. According to 3GPP Technical Specification 33.102, 3Gsecurity; Security Architecture, V5.1.0, December 2002. There is proposed a procedure of context transfer in UMTS and GSM wireless communication networks. However, what is not discussed is the issue of sending context information with different stakeholders and technologies spread out over different wireless communication networks.
Another proposal, B. Aboba, and T. Moore, A Model for Context Transfer in IEEE 802, Internet Draft, expired, draft-aboba-802-context-02.txt, April 2002, and IETF Seamoby W G: http://www.ietf.org/html.charters/seamoby-charter.html, is related to IETF Seamoby WG and working towards seamless mobility solutions. Here, the draft on context transfer requirements <draft-ietf-seamoby-ct-reqs-o5.txt> has a requirement which states that context information transfer should be based on priority. However, it is not discussed how to prioritize context information. Further, <draft-ietf-seamoby-ctp-reqs-o1.txt> defines a context information transfer protocol for the IP layer. Nevertheless, this protocol does not relate to distributed mobile communication environment and inter-domain handover and it does also not discuss issues related to re-authentication and mutual authentication during handover, in particular with respect to different stakeholders.
Yet another proposal is IST Moby Dick aiming at solutions for fast and seamless handover between different access technologies. Here, most of the proposed handover technologies do not focus on security issues while at the same time aiming at providing fast handover, Hasan, J. Jähnert, S. Zander, and B. Stiller, Authentication, Authorization, Accounting, and Charging for the Mobile Internet, TIK-Report No. 114, version 1, June 2001.
Yet another approach to handover between heterogeneous mobile communication environments has been discussed in H. Wang, and A. R. Prasad, Security Context Transfer in Vertical Handover, in Proc. Of the 14th International Symposium on Personal, Indoor, Mobile Radio Communication (PIMRC 2003), Beijing, China, September 2003, but also this approach does not discuss fast and simultaneously secured handover for a distributed mobile communication environment in the sense outlined in the following.