kwangwoon univ. wireless and mobile network architectures intersystem handoff and authentication...

Kwangwoon Univ.http://netcom.kw.ac.kr

Wireless and Mobile Network Architectures

Intersystem Handoff and Intersystem Handoff and Authentication IS-41Authentication IS-41

오재준오재준NclabNclab

[email protected]@kw.ac.kr



6.1 IS-41 Intersystem Handoff6.1 IS-41 Intersystem Handoff

Two BSs are connected to different MSCsTwo BSs are connected to different MSCs Four types of intersystem handoffFour types of intersystem handoff

Handoff-forward Handoff-backward Handoff-to-third Path minimization



6.1.1 Handoff Measurement6.1.1 Handoff Measurement

•Step1

- HandoffMeasurementRequest

- set 7 second LMMRT

•Step2

- Performs signal measurement

- HandoffMeasurementRequest

LMMR (location measurement maximum response timer)



6.1.2 Handoff-Forward(1)6.1.2 Handoff-Forward(1)•InterSwitchCount parameter , MAXHANDOFF

•Step 1

- MSC A initiates the h/o-forward procedure

- allocate the trunk

- sends a query msg FacilitiesDirective (INVOKE)

- set 12 second HOT (handoff order timer)

- expired : release trunk

FacilitiesReleases with “HandoffAbort not received”

4-15 CTT set -> FacilitiesReleases

•Step 2

- check if the voice channel is avaible

•Step 2.1 (no radio channel is available)

- FacilitiesDirective (RETURN ERROR) with “Resource Shortage”

- stop HOT

- exchange FacilitiesReleases msg.

- MSCs exit the task



6.1.2 Handoff-Forward (2)6.1.2 Handoff-Forward (2)•Step2

•Step2.2 (radio channel is available)

- FacilitiesDirective (RETURN RESULT) with selected channel number.

- excute step3, step4 in parallel

•Step3 (MSC A)

- MSC A stops HOT

- set 7 second MHOT (mobile handoff timer)

- Handoff execution msg. to the MS

•Step4 (MSC B)

- set 7 second MAT (mobile arrival timer)

•Step4.1

- MAT expires, MSC B releases the radio channel

-MHOT of MSC A expire, trunk is released

•Step4.2

- MS responds, MSC B stops timer MAT

- MobileOnChannel msg. to MSC A

- MHOT is stopped

MSC B MSC A 1 2 3

4 5 6

7 8 9

* 8 #

Step 2.2

Step 1

FacilitiesDirective (RETURN REQUEST)

Signaling Link

Trunk

FacilitiesDirective (INVOKE)

HOT

(Before Handoff)

MSC B MSC A 1 2 3

4 5 6

7 8 9

* 8 #

Signaling Link

Trunk

(After Handoff)

Step 3

Step 4.2

MobileOnChannel (INVOKE)

MHOTMAT

Figure 6.2 Handoff- Forward



6.1.3 Handoff-Backward(1)6.1.3 Handoff-Backward(1)• MS moves from MSC B back to MSC A

•Step1

- MSC B set HOT

- HandoffBack msg. to MSC A

•Step2

- if receive msg. check the radio channel

•Step2.1 no channel is available

- HandoffBack (RETURN ERROR) with ”ResoureShortage”

- HOT timer stop and exit the task

•Step2.2 channel is available

- HandoffBack (RETURN RESULT) msg. with the selected channel number

- step3, step4 are executed in parallel

•Step3

- MSC B receives the HandoffBack response msg

- stop HOT, set 7 second MHOT

- ask MS to transfer to new radio channel



6.1.3 Handoff-Backward (2)6.1.3 Handoff-Backward (2)•Step4

- MSC A set 7 second MAT

- expects to hear from the MS

• Step 4.1

- MAT expires, MSC A releases the radio channel

- MHOT timer will expire

• Step 4.2

- MS responds

- MS has handed over to the new voice path

- MSC A stops MAT

- sends a query msg. FacilitiesRelease to MSC B

- MSC B stop MHOT

- MSC B sends a response msg.FacilitiesRelease to MSC A

- trunk between MSCs is released

MSC B MSC A 1 2 3

4 5 6

7 8 9

* 8 #

Step 3

Step 1

Signaling Link

Trunk

HandoffBack (INVOKE)

MSC B MSC A 1 2 3

4 5 6

7 8 9

* 8 #

Signaling Link

Trunk

(After Handoff)

Step 2.2

Step 4.2

HandoffBack (RETURN RESULT)

FacilitiesRelease (INVOKE)

FacilitiesRelease (RETURN RESULT)

Step 4

(Before Handoff)

MHOT

HOT

MAT

Figure 6.3 Handoff- backward



6.1.4 Handoff-to-Third and Path 6.1.4 Handoff-to-Third and Path MinimizationMinimization (Before Handoff)

Figure 6.4 Path minimization for handoff- to- third

MSC C 1 2 3

4 5 6

7 8 9

* 8 #

Signaling Link

Trunk

MSC B

MSC A

MSC C 1 2 3

4 5 6

7 8 9

* 8 #

Signaling Link

Trunk

MSC B

MSC A

Step 1

Step 2.2

Step 3

Step 4Step 5

Step 6


MobileOnChannel(INVOKE)

FacilitiesDirective (RETURN RESULT)


HandoffToThird(INVOKE)

HandoffToThird (RETURN RESULT)

(After Handoff)

MAT

HOT

MHOT

HTTT

•MS moves again from MSC B to MSC C

•Step1

- MSC B sets 18 second HTTT (handoff-to-third timer)

- HandoffToThird (INVOKE) to MSC A

- if HTTT expired MSC B process Handoff-forward

•Step2 MSC C is known to MSC A check

•Step 2.1

- no trunk connection

- HandoffToThird (RETURN ERROR)

- HTTT expired MSC B process Handoff-forward

•Step2.2

- interswitch trunk available

- MSC A set HOT

- FacilitiesDirective (INVOKE)

- if HOT expired MSC B process Handoff-forward



6.1.4 Handoff-to-Third and Path 6.1.4 Handoff-to-Third and Path MinimizationMinimization

•Step3

- MSC C check radio channel available

•Step3.1 (no radio channel is available)

- FacilitiesDirective (RETURN ERROR) to MSC A

- MSC A stop HOT and send HandoffToThird (RETURN ERROR) to MSC B

- MSC B stop HTTT

- step 2.1 process repeat

•Step3.2 (radio chnnel is available)

- FacilitiesDirective (RETURN RESULT) to MSC A

•Step4

- MSC B set HTTRT

- send handoff execution to MS

•Step5

•Step6

(Before Handoff)

Figure 6.4 Path minimization for handoff- to- third

MSC C 1 2 3

4 5 6

7 8 9

* 8 #

Signaling Link

Trunk

MSC B

MSC A

MSC C 1 2 3

4 5 6

7 8 9

* 8 #

Signaling Link

Trunk

MSC B

MSC A

Step 1

Step 2.2

Step 3

Step 4Step 5

Step 6


MobileOnChannel(INVOKE)

FacilitiesDirective (RETURN RESULT)


HandoffToThird(INVOKE)

HandoffToThird (RETURN RESULT)

(After Handoff)

MAT

HOT

MHOT

HTTT



6.2 IS-41 Authentication6.2 IS-41 Authentication

Two authentication schemesTwo authentication schemes without-sharing (WS) scheme

SSD (shared secret data) is shared only between AuC and MS For user high mobility rate

shared (S) scheme SSD is shared with the visited system authenticate the MS at call origination or delivery reducing message flow and call setup time require additional message exchanges during registrations For a user with high call frequency

switch between the two authentication schemes user’s call and move frequencies as the user’s behavior changes



6.2.1 Private and Authentication in TSB-516.2.1 Private and Authentication in TSB-51

MIN (mobile identification number)MIN (mobile identification number) ex) 011-700-5425

ESN (electronic serial number)ESN (electronic serial number) 32bit serial number

highest order 8bits : manufacturer’s code the remaining bit : unique MS number

AuC (authentication center)AuC (authentication center) Database connected to the HLR responsible for maintaining and updating the SSDs

LA (location area) LA (location area) belonging to one or more PSPs

PSP (PCS service provider)PSP (PCS service provider) providing some combination of BSs



6.2.2 Without-Sharing (WS) Scheme (1)6.2.2 Without-Sharing (WS) Scheme (1)

AuC HLR VLR

PSP(MSC, BS)

1. 2. MSInitiates a

registrationrequest

6. AuC verifiesAUTHR COUNT

3. AuthenticationRequest (INVOKE)



7. AuthenticationRequest (RETURN RESULT)



Figuer 6.5 The WS scheme for MS registration

6.2.2.1 Registration (Location Update)

•Step1

- MS execute CAVE algorithm using SSD; its ESN, MIN, RAND

- produce AUTHR

•Step2

- request registration with AUTHR, ESN, MIN, RANDC and COUNT

•Step3

- PSP forward authentication request to VLR serving the PSP LA

•Step4

- VLR forward the request to HLR

•Step5

- HLR forward the request to AuC

*CAVE (Cellular Authentication and Voice Encryption)



6.2.2 Without-Sharing (WS) Scheme (2)6.2.2 Without-Sharing (WS) Scheme (2)6.2.2.1 Registration (Location Update)

•Step6

- AuC retrieve the SSD associated with the MIN from its database

- execute CAVE algorithm with retrieved SSD and additional parameters

•Step7-9

- verifying that result matches the AUTHR value received from MS

- check the COUNT value

- AuthenticationRequest

*RETURN RESULT (success)

*RETURN ERROR (fail)

•Once the MS has been authenticated, the serving PSP system will start the location update procedure

AuC HLR VLR

PSP(MSC, BS)

1. 2. MSInitiates a

registrationrequest

6. AuC verifiesAUTHR COUNT







Figuer 6.5 The WS scheme for MS registration



6.2.2 Without-Sharing (WS) Scheme (3)6.2.2 Without-Sharing (WS) Scheme (3)6.2.2.2 Call Origination

AuC HLR VLR

PSP(MSC, BS)

1. MSoriginates

a call

5. AuC verifiesAUTHR COUNTand generates

VPMASK,SMEKEY







Figure 6.6 The WS scheme for call origination

•Step1

- MS execute CAVE algorithm with SSD ESN, MIN, RANDC

- to produce AUTHR, VPMASK, SMEKEY

•Step2-4

- PSP forwards the message to AuC

•Step5

- AuC performs authetication

•Step6

- AuC generates VPMASK and SMEKEY and forward them to the serving PSP system



6.2.3 Sharing (S) Scheme (1)6.2.3 Sharing (S) Scheme (1)AuC HLR VLR

PSP(MSC, BS)

1. 2. MS Initiates aregistration request

6. AuC verifiesAUTHR






AuthenticationRequest (RETURN RESULT)

11. AuC verifiesAUTHR

OldVLR

7. CountRequest (INVOKE)

8. CountRequest (INVOKE)

9. CountRequest (RETURN RESULT)

10. CountRequest (RETURN RESULT)

Figure 6.7 The S scheme for MS registration

•SSD shared with the visited PSP system

•Old VLR has the current value of COUNT

•Once the MS is registered , the new VLR instead of the AuC -> reduced message flow

•Step1-2

- execute CAVE algorithm using SSD,ESN, MIN and RAND

- produces AUTHR

Step3-6

- verifying the result

- AuC should obtain the current COUNT value from

the old VLR

•Step 7,8

- CountRequest

•Step9

- countRequest (RETURN RESULT)

6.2.3.1 Registration (Location Update)



6.2.3 Sharing (S) Scheme (2)6.2.3 Sharing (S) Scheme (2)6.2.3.2 Call Origination

VLRPSP

(MSC, BS)

1. MS initiate aregistration request

3. AuC generates AUTHR,VPMASK, SMEKEY;AuC verifies AUTHR,

COUNT



Figure 6.8 The S scheme for call origination

•Step1

- MS execute CAVE algorithm with SSD ESN, MIN, RANDC

- produce AUTHR, VPMASK, SMEKEY

- send RANDC, AUTHR, COUNT,ESN and MIN

•Step2

- AuthenticationRequest (INVOKE)

•Step3

- VLR execute CAVE algorithm

- generate AUTHR, VPMASK, and SMEKEY

•Step4

- verifying AUTHR and COUNT

- AuthenticationRequest (RETURN RESULT)



Adaptive Algorithm: AA1Adaptive Algorithm: AA1

The WS scheme The WS scheme the number of registration operations.

The S scheme The S scheme in the opposite situation

adaptive algorithm (AA1)adaptive algorithm (AA1) automatically selects an appropriate authentication

scheme for any given user in real time. Cycle : Cycle : the period between two consecutive registrations the period between two consecutive registrations

for a userfor a user λ: λ: the call arrival ratethe call arrival rate ŋ : ŋ : the mobility or the rate that a user changes LAs.the mobility or the rate that a user changes LAs. Then the expected number of call arrivals in a cycle p is: Then the expected number of call arrivals in a cycle p is:

ρρ = λ/ŋ= λ/ŋ




In the WS scheme (In the WS scheme (Cws = 5 + 5ρ) registration - five database accesses a call origination or termination - five database accesses

In the S schemeIn the S scheme (Cs = 9 + ρ) registration - nine database accesses (see Figure 6.7) a call origination or termination - one database access (see Fig

ure 6.8)

Cws=Cs if and on if ρ =1

the S scheme outperforms the WS scheme (i.e., Cthe S scheme outperforms the WS scheme (i.e., CS S < C< Cwsws) if ) if

and only if and only if ρ >1 >1



Adaptive Algorithm: AA1Adaptive Algorithm: AA1 The WS scheme : 0 <i < n - 1. The WS scheme : 0 <i < n - 1. The S scheme : n < j < 2n - 1. The S scheme : n < j < 2n - 1. Let L Let L

the number of call arrivals during the previous cycle. If the steady state of the algorithm exists, then the transition probabilitie

s for the finite automaton are: ρ1 = Pr[L = 1], ρ2 = Pr[L = 0], and p3 = Pr[L > 1]

The AuC needs to maintain The AuC needs to maintain authentication schemeauthentication scheme ( (ASAS) bits per user. ) bits per user. The VLR needs to maintain an AS bit per userThe VLR needs to maintain an AS bit per user

03

1

3

n-2

3

n-1

3

n

3

n+1

3

2n-2

3

2n-1

3

3

3

Figure 6.9 The state diagram for AA1.




When the AuC is accessed for a registration When the AuC is accessed for a registration operation, the AuC checks the following: operation, the AuC checks the following: Suppose that the algorithm is in state i.Suppose that the algorithm is in state i. If no call arrived during the previous cycle, the algorithm moves to

state i - 1 for i > 0, and remains in the same state i for i = 0. If exactly one call arrived during the previous cycle, the algorithm r

emains in the same state i. If more than one call arrived during the previous cycle, the algorith

m moves to state i + 1 for i < 2n - 1, and remains in the same state i for i=2n-1.

from state n -1 to state n from state n -1 to state n from from WSWS to to S S from state n to state n – 1 from state n to state n – 1 from from SS to to WS WS



Adaptive Algorithm : AA2Adaptive Algorithm : AA2 requires only an requires only an AS bit in the AuCAS bit in the AuC and and VLRVLRs to indicate whether the s to indicate whether the

S schemeS scheme or the or the WS schemeWS scheme is exercised. is exercised. At the beginning of a cycle, At the beginning of a cycle, AA2AA2 always exercises the always exercises the WS schemeWS scheme

AS bit is "WS" After an After an originatingoriginating or or terminatingterminating call arrives, call arrives, the the ASAS bit is switched bit is switched

to "to "SS," and the ," and the SS schemescheme is exercised. is exercised. Step 1Step 1

When the first call arrives, the authentication message flow follows Figure 6.6

when the AuC receives AuthenticationRequest (INVOKE) AS bit "S" SSD is sent to the VLR in the AuthenticationRequest (RETURN RESULT) me

ssage. When the VLR receives the SSD

AS bit is set to "S” At this moment, the S scheme is exercised.



Adaptive Algorithm : AA2Adaptive Algorithm : AA2 Step 2Step 2

For subsequent call arrivals in this cycle the message flow in Figure 6.8 is followed.

Step 3Step 3 At the end of the cycle-when the MS moves to a new LA the authentication/registration occurs, the AuthenticationRequest mes

sages are sent to the AuC. Step 3a.Step 3a.

If the AS bit at the AuC is "WS," it implies that no call origination/ termination occurs during the cycle

Step 3b.Step 3b. If the AS bit at the AuC is "S" The AS bit at the AuC is set to "WS." Wh

en the VLR receives the AuthenticationRequest (RETURN RESULT) message,

AS bit is set to "WS." At the end of step 3, the WS scheme is exercised.At the end of step 3, the WS scheme is exercised.

kwangwoon univ. wireless and mobile network architectures intersystem handoff and authentication...

Documents