10.2 Packet Data Services Description
10.2.1 Simple IPThe main characteristic of simple IP is that it does not provide mobility beyond the serving PDSN. The network only provides IP routing service to the current point of attachment in the network (i.e., PDSN). This is equivalent to the dial-up Internet service provider (ISP) service. An MS can roam from one RN to another using the location update procedure, but once a session is established with a PDSN, the MS can't hand over the session to another PDSN. PPP is used to provide the data link protocol between a user and the PDSN. The PDSN assigns an MS a dynamic IP address during the IPCP (IP Control Protocol) phase of PPP. The A10/A11 interface is used to provide the user plane tunneling and intra-PDSN handovers. The user retains its IP address and uses IP connectivity as long as it is served by the same serving PDSN. The network can also provide virtual private network (VPN) service with the addition of VPN software on the MS. The user authentication is provided by the Password Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP) procedures. The PDSN, acting as an AAA (RADIUS) client, communicates user CHAP or PAP authentication information to the AAA server. PAP is the most basic form of authentication, in which a user's name and password are sent by the user and compared to a table of name -password pairs by the network. The main weakness of PAP is that both the username and password are transmitted in an unencrypted form. CHAP removes this weakness by sending the MS a key for encrypting the username and password. In CHAP, first the network sends a challenge message to the MS, which responds with a value obtained by using the key. If the values match, the user is authenticated. The user authentication is optional in simple IP. A PDSN can also be configured to allow an MS to receive simple IP service without CHAP or PAP. Simple IP supports header and payload compression as defined in the TIA/EIA/IS-835 specification. The Van Jacobson's TCP/IP header compression is supported as specified in RFC 1144. The PPP Compression Control Protocol is also optionally supported, which is used to negotiate a PPP payload compression algorithm from the following list:
10.2.2 Mobile IPThe mobile IP service (RFC 2002) [2] provides complete mobility to a user. The PDSN has the functionality of an FA. A user is assigned an HA in its home IP network. The MS is assigned an IP address, called home address, which is in the same subnet as the HA. The MS uses CoA (IP address of the FA) to register with the HA. Registration causes the HA to perform proxy ARP on the home subnet and begins intercepting all packets destined to the MN's home address. The HA also creates a binding between the home address of the MN and the care-of address specified in the Registration request. When the HA receives data for an MS, it forwards the data to the FA using CoA and the FA forwards the data to the MS. Packets destined for the MN are tunnelled using IP-in-IP tunnelling to the care-of address. IP-in-IP tunnelling is specified in RFC 2003. Mobile IP allows an MS to be reachable regardless of whether it is roaming in a public or private network. The only criteria is that the care-of address and the home agent have public IP addresses that are globally routable. In case of private network access, the MS uses reverse tunneling via the FA to send the data through the private network.
As in simple IP, the data link protocol between MS and PDSN is provided by PPP. If the PDSN receives a packet for an MS with no established PPP session, the PDSN discards the packet and sends an ICMP destination unreachable packet to the source. A single PPP session can support multiple IP home addresses, thus allowing different applications per MS. Mobile IP signaling is exchanged on the traffic channels over the air interface, which is an inefficient usage of the expensive radio resource. There are some improvements with respect to the base mobile IP protocol to make the signaling more RR efficient. One such improvement is that the agent advertisement messages are not broadcast continuously and periodically by the PDSN to all the MS. Instead, they are sent to an MS after establishing PPP connection. Another improvement is that the PDSN can only repeat the advertisements a configurable number of times for an MS. Also, the PDSN stops sending the advertisements to an MS once it receives a registration request from the same MS. As mobile IP runs over the PPP connection, the mobile IP registration lifetime should be smaller than the PPP inactivity timer. Mobile IP provides its own set of security procedures between mobile client (MS) and mobile agents, and also between the mobile agents . It only mandates a strong security association for authentication between the MS and HA for the registration messages. This security association can be established simply by static provisioning (e.g., at subscription time) of the keys in the MS and HA. Mobile IP does not mandate an authentication mechanism between the HA and FA (PDSN). However, in a commercial environment such as cellular, it is important to authenticate all the messages between the FA and the HA to stop any encroachment of services and establish reliable billing between home and visited network. The standard (TIA/EIA/IS-835) supports the following options for the key distribution between FA and HA:
The MS-FA security procedure is provided by using MS-FA challenge/response mechanism as described in RFC 3012. It is initiated by the PDSN to authenticate a user in a visited domain upon user registration. The PDSN includes an MS-FA challenge extension in the agent advertisement. Since the advertisements are rarely sent, the PDSN includes the next challenge in the registration reply. The MS uses this next challenge in the next re-registration with this PDSN. The PDSN communicates the FA challenge response, received from the MS, to the home AAA server through the visited AAA server.  |
EAN: 2147483647
Pages: 164