JUNHYUK SONG INTERNET DRAFT CHAEYOUNG CHONG October 2001 SAMSUNG ELECTRONICS. DONGKIE LEIGH SK TELECOM IP User Mobility Support Model draft-song-network-user-mobility-00.txt Status of This Memo Distribution of this memo is unlimited. This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at: http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at: http://www.ietf.org/shadow.html. Abstract The demand for wireless mobile networking has been dramatically increased thanks to rapid development of wireless technology and de facto Mobile IP technology [1]. Mobile IP, as originally specified, defines the protocol enhancements that can provide IP mobility over the Internet. The mobile node, identified by its Home Address regardless its attaching point can have transparent routing of IP datagrams. However, the need for the user mobility support has identified by many wireless operators so as to keep up with nowadays competitive wireless mobile industry. The IP user mobility is as this document defines that the ability of end user to send and receive IP datagrams regardless of mobile terminal and current location. This document specify the definition of the user mobility, the merits of IP User Mobility, and finally provide IP user mobility support model. Song et al. Expires March 2002 [Page 1] Internet Draft 12 October 2001 1. Introduction The demand for wireless mobile networking has been dramatically increased thanks to rapid development of wireless technology and de facto Mobile IP technology [1]. Mobile IP, as originally specified, defines the protocol enhancements that can provide IP mobility over the Internet. The mobile node, identified by its Home Address regardless its attaching point can have transparent routing of IP datagrams. However, the need for the user mobility support has identified by many wireless operators so as to keep up with nowadays competitive wireless mobile industry. The user mobility is as this document defines that the ability of end user to send and receive IP datagrams regardless of mobile terminal and current location. This document specify the definition of the user mobility, the merits of IP User Mobility, and finally provide IP user mobility support model. 1.1 IP User Mobility Definition IP User Mobility is the ability of end users to originate and receive IP datagrams on any host in any location, through the ability of the network to locate end users as they move. IP User Mobility is based on the use of a unique user identifier (i.e. 'Network Access Identifier', NAI [2]) [Note: Above definition is from "Personal Mobility" [5] and modified to fit IP world accordingly] 1.2 The merits of IP user mobility - User can be located by user identifier regardless of point of attachment - IP user mobility can alleviate shortage of IPv4 address, because user is not required to have an unique IP address - The mobile node belong to either IPv4 and IPv6 network will be supported since the attachment point of the user will be dynamically binded to user identifier - IP User Mobility provides scalability and reliability while avoiding triangular routing by proxy agent 1.3 Network Model Requirements A user must be able to send and receive IP datagrams, directed by user identifier regardless of point of attachment and IP address of user mobility node. Song et al. Expires March 2002 [Page 2] Internet Draft 12 October 2001 1.4 Goal The goals of this document is to define IP user mobility and provide the IP user mobility model. 1.5 Assumptions - The high degree of mutual trust is assumed between user and User Mobility Agent through authentication. The method or protocol used for establishment of the security association is outside the scope of this document. - The high degree of mutual trust is assumed between correspondent host and location server. The method or protocol used for establishment of the security association is outside the scope of this document. - The location server MUST be globally locatable by correspondent Host. - The specific protocol used in user mobility model is outside the scope of this document. However, authors have in mind of using SIP [6], DIAMETER [8] or Mobile IP [1] with new extension as a registration protocol, and DNS as a location update protocol. - The IP address of User Mobility Agent in user's home network is assumed to be known to user in this document. However, assigning one specific UMA to the user may decreases scalability. AAA infrastructure can be used to increase scalability and reliability. 1.6 IP User mobility Applicability The most of the widely deployed wireless IP mobility service is based on IPv4, known for the IP address shortage problem. Mobile IP can provide IP mobility service for the mobile node that frequently change the point of attachment, and IP address while continue to receiving IP routing service directed to its home IP address. However, one of the drawbacks of IP mobility service is every mobile IP subscriber need to have an unique home IP address for IP mobility service which is difficult to accommodate in IPv4 network. User mobility can resolve this problem by dynamically binding IP address with user identifier that can be globally resolved through location server while reducing latency caused by triangular routing, and increase network reliability. IP user mobility and IP mobility can supplement each other. [see Appendix A.2] Song et al. Expires March 2002 [Page 3] Internet Draft 12 October 2001 Since IPv6 is providing the large address space, each individual may have unique IPv6 addresses to identify itself rather than host or mobile terminal. IPv6 address is made of 16 octets; 32 characters. It is not easy to use for ordinary people to identify an user. User mobility service can provide the authority to let user to register its IP address and user identifier through location server. 1.7 IP User Mobility application example The one example of the user mobility service is global roaming service through User Identification Module (UIM) that can be inserted to any Host or Mobile Station in order to send and receive IP datagrams directed to user identifier such as NAI [1]. UIM shall have information of user, such as user identifier, shared key for user authentication, IP address of the server that user can download the necessary files to enable user mobility service. Another example is instant messaging service that let other users or the Infomration Broker to constantly reach the individual or group of specific users regardless of user location by user identifier rather than IP address. 1.7 Terminology This document frequently used the following terms: AAA The server performing Authentication, Authorization, and Accounting service Correspondent Host (CH) The host that a user is currently communicating with Home Network A network that user's AAA server and User Mobility Agent located Home Address An IP address that is assigned for an extended period of time to a mobile node. It remains unchanged regardless of where the node is attached to the Internet [1] Location Server The server widely available for access that contains binding table of the user identifier and current IP address Song et al. Expires March 2002 [Page 4] Internet Draft 12 October 2001 User Mobility Node (UMN) A host or router that is capable of user mobility support, it could either mobile or static. Router A node that provide forwards IP packets not explicitly addressed to itself User Binding Table A cached table of User Mobility Agent has entry made of user identifier, current IP address and lifetime. User Mobility Agent (UMA) A router on user's Home Network which dynamically update the location of the user in location server. User Identifier (UI) The identifier made of concatenation of User ID and realm. UI is basically used to identify the user and user authentication UI-AAA User Identifier AAA authentication 2. Basic Operation A user is identified by its User Identifier(UI) made of concatenation of userID and realm. The user mobility agent in home network shall have the user profile that contains User Identifier, shared key for user authentication and some other user information. (Note: Those information can be centrally stored in the AAA server). Regardless of the location of the user, a user is always addressable by its user identifier registered in location server as an entry; user identifier (UI) matching current user mobility node IP address. While the user is roaming into foreign network, user may obtain IP address in order to access network after successful local access authentication. After successful IP address allocation user shall register it's newly allocated IP address to the user mobility agent in its home network. The user mobility agent MUST authenticate the registration message and then update the current location of user in the location server. After successful update with the location server, User Mobility Agent MUST return registration reply message. Song et al. Expires March 2002 [Page 5] Internet Draft 12 October 2001 +---------+ |Location | | Server | +---------+ ^ Update | Current | Location(3)| +------+ +--------+ +---------+ | | | | | | | | Registration (1) | | | | | |-------------------->| Access | Registration (2) | User | | UMN | | Router |------------------->| Mobility| | | | |<-------------------| Agent | | |<--------------------| | Registration Reply | | | | Registration Reply | | (4) | | | | (5) | | | | +------+ +--------+ +---------+ Figure 1: User location registration A User MUST re-register with User Mobility Agent periodically to inform its network connectivity. If the user stop re-registering to UMA, UMA MUST delete the entry in the User Binding Table after timer expires, and MUST update the information to the location server. When user move to the new location while communicating with correspondent host, user mobility node MUST update its new location by periodically retransmiting registration message to User Mobility Agent until acknowledged. The user mobility node MAY send Redirect Notification message to provoke Correspondent Host (CH) to update the current location of user (IP address matching user identifier) from the location server. (see figure 2) Upon sending Redirect Notification message to CH, UMN shall periodically retransmit Redirect Notification message for certain number of times until UMN begin to receiving redirected IP datagrams or retransmission timer expires. Upon receiving Redirect Notification message, CH shall query the location server for the current location of user. After obtain location information (new IP address) for the user from the location server, CH shall begin to sending IP datagrams to the new location of the user. Song et al. Expires March 2002 [Page 6] Internet Draft 12 October 2001 Redirect Notification(6) +-------+ Location Query(7) +---------+ +------------------------>| CH |<------------------->|Location | | +---------------------- +-------+ | Server | | | Redirected IP datagrams (8) +---------+ | | ^ | | Update | | | Current | | v Location v (3) +------+ +--------+ +---------+ | | | | | | | | Registration (1) | | | | | |-------------------->| Access | Registration (2) | User | | UMN | | Router |------------------->| Mobility| | | | |<-------------------| Agent | | |<--------------------| | Registration Reply | | | | Registration Reply | | (4) | | | | (5) | | | | +------+ +--------+ +---------+ Figure 2: Redirect Notification model 3. Requirements This section describes requirements of IP user mobility service for user mobility node, user mobility agent, and correspondent host. 3.1 User Mobility Node requirements The host or router that user is using to register to the user mobility agent MUST be aware of User Mobility Service that fully complied with following requirements. It applies to all user mobility node that support IP user mobility service - Since user may move to new location frequently, it is required to register its current location to location server through User Mobility Agent in home network. The exact protocol for the registration message is outside scope of this document, however mobile node MUST support sending Registration message, and MUST be able to receive and process Registration Reply message. - User Mobility node MUST re-register its current location periodically to User Mobility Agent. This is to prevent misbehaving of location server caused by obsolete, not synchronized user location data. Song et al. Expires March 2002 [Page 7] Internet Draft 12 October 2001 - The method by which a user mobility node to authenticate registration message for secure communication with user mobility agent is outside scope of this document, however registration message MUST be authenticated. Using AAA infrastructure is one such a method. - User Mobility Node MUST maintain the list of correspondent host that user mobility node has sent Redirect Notification message until the lifetime of cached correspondent host expires. 3.2 User Mobility Agent requirements The following requirements MUST apply to all User Mobility Agent regardless of how User Mobility Agent is implemented. User Mobility Agent can be implemented over AAA, Mobile IP Home Agent, web server, standalone and etc. (see Appendix A) - User Mobility Agent MUST be able to process registration message for user authentication and user location update with location server. - User Mobility Agent MUST have user binding table made of an entry for each registered user identifier(UI) with IP address of UMN that currently user is using and its lifetime. - User Mobility Agent MUST maintain lifetime for the user binding table. It is initialized upon receiving registration message from the user mobility node, and re-newed by each time reception of re-registration message. If the lifetime expires, User Mobility Agent MUST delete entry for the user binding table and MUST send update message to the location server to delete the record of user identifier. - User Mobility Agent MUST be able to return registration reply message in response to registration message after successful user location update. - User Mobility Agent MUST have high degree mutual trust with registerd user - User Mobility Agent MUST have high degree mutual trust with location server. Song et al. Expires March 2002 [Page 8] Internet Draft 12 October 2001 3.3 Correspondent Host requirements The following requirements apply to all correspondent hosts which is either sending or receiving IP datagrams from user mobility node - Correspondent host MUST be able to query the current location of user from the location server. - Correspodent host MUST have certain degree of mutual trust with location server. (Note: The degree of mutual trust depends on what protocol is used between CH and Location server) - Correspondent host MUST be able to process Redirect Notification message from user mobility node for update of the current location of the user. - Correspondent host SHOULD maintain a cache table for user identifier and IP address of user mobility node obtained from the location server. 4. Security Considerations There is a possibility of denial service attack by malicious user. The DoS attack is possible by sending forged Redirect Notification message continuously to correspondent host. Upon receiving of every Redirect Notification, CH may ended up keep querying to the location server, eventually bombarding the location server. The lifetime value for the cache of the user location must be set to reasonable time to minimize the risk of denial of service attack. 5. Acknowledgements Special thanks to Prof. Murali Venkatesh of Syracuse University. Song et al. Expires March 2002 [Page 9] Internet Draft 12 October 2001 Appendix A. IP User Mobility implementation example model 1. User Mobility Agent implemented in AAA This model defines user mobility support through User Mobility Agent implemented in AAA infrastructure. This model can provide better salability than standalone UMA model because User Mobility Agent implemented where user profile is located. MN shall generate UI-AAA authentication for user authentication. After successfully authenticate the user authentication request, UMA shall transmit User location Update to location server. +--------------+ UI-AAA (3) +--------------+ | | Auth Req | AAAH/ | | AAAF |-------------->| User Mobility| | |<--------------| Agent | +--------------+ UI-AAA (5) +--------------+ ^ | Auth Ack | UI-AAA | | User | Auth Req | | UI-AAA Location | (2) | | Auth Ack Update(4)| | | (6) v | v +---------------+ +------+ UI-AAA +-----------+ |Location Server| | | Auth Req (1) | | +---------------+ | |---------------------->| ROUTER | ^ | |<----------------------| | User | | UMN | UI-AAA | | Location | | | Auth Ack (7) | | Query | | |<--------------------->| | | | | IP data (8) | | +-------+ +------+ | | <-----------| CH | +-----------+ IP data +-------+ Figure 3: User Mobility support through AAA Song et al. Expires March 2002 [Page 10] Internet Draft 12 October 2001 2. User Mobility Agent support with MIPv6[9] and DNS[6] This model defines user mobility support of Mobile IPv6 network. When user moves to new location, user shall register its current location to UMA by using Mobile IP binding update message with user authentication option. UMA implemented in Home Agent shall update the location of the user to DNS server after successful user authentication and Mobile IP process. MIPv6 Host shall query of the user location through DNS server to locate the most recent location of the user. The MIPv6 host shall retrieve two records, one for home address of mobile node and the other is current UMN address. MIPv6 host shall begin to transmit IP packets to home address of MN. The IP data will deliver to MN by HA as encapsulated data. Upon receiving of encapsulated IP data, MN shall send binding update request message to MIPv6 host. The MIPv6 host shall compares IP source address of binding update request with retrieved records of the user, and if it matches same shall begin to sending IP packets to MN directly. +------+ Agent +------------+ +--------------+ | | Advertisement(1)| | | | | MN/ |<----------------| MIPv6 |Binding Update(3)| MIPv6 | | UMN |Binding Update(2)| Router |---------------->| HA/UMA | | |---------------->| |<----------------| | | |<----------------| |Binding Ack (5) | | | |Binding Ack(6) | | | | | | | |<----------------| | | |<----------------| |Encapsulated IP | | +------+ Encapsulated IP +------------+Packet (9) +--------------+ | ^ Packet (10) ^ ^ | | | | | | | | | | IP traffic (12) +------------+ IP traffic (8) | | | +----------------------| MIPv6 Host |---------------------+ | +----------------------->| | | Binding Update Request(11)+------------+ | ^ DNS | | Update | DNS | (4) | Query | | (7) | v | +--------------+ +-------------------->| DNS server | +--------------+ Figure 4: User Mobility support by MIPv6 and DNS Song et al. Expires March 2002 [Page 11] Internet Draft 12 October 2001 3. User Mobility Support using UIM and AAA infrastructure When user access foreign network with UIM, access Router may provide local authentication (such as CHAP) for the mobile node. After successful local authentication for network access, MN shall access the webserver to UMN client program. Upon completion of installation, UMN form the user location update message with UI-AAA authentication for location registration to User Mobility Agent. User Mobility Agent shall update the current location of user to location server after successful UI-AAA authentication through AAAH. +--------------+ | | | AAAH | | | +--------------+ ^ | +-----+ | |UI-AAA | UIM | UI-AAA | |Auth(5) +-----+ Auth(4)| | | | V +------+ Terminal (1) +--------+ +---------+ | | Authentication | | | | | |<------------------->| |User Location Update| | | | | Access |with UI-AAA auth(3) | User | | UMN | User Location Update| Router |------------------->| Mobility| | | with UI-AAA auth (2)| |<-------------------| Agent | | |-------------------->| |User Location Update| | | |<--------------------| | Ack(7) | | | | User Location Update| | | | +------+ Ack (8) +--------+ +---------+ ^ | (6) | v +----------------+ |Location Server | +----------------+ Figure 5: UIM support through User Mobility Agent and AAA Song et al. Expires March 2002 [Page 12] Internet Draft 12 October 2001 References [1] C. Perkins, Editor. "IP Mobility Support". RFC 2002. October 1996. [2] Bernard Aboba and Mark A. Beadles "The Network Access Identifier". RFC 2486. January 1999. [3] Calhoun, P. and C. Perkins. "Mobile IP Network Access Identifier Extension for IPv4", RFC 2794, January 2000. [4] Calhoun, P. and C. Perkins. "Mobile IPv4 Challenge/Response Extensions", RFC 3012, November 2000. [5] R. Pandya, "Emerging mobile and personal communication systems." IEEE Communication Magazine, vol. 33. pp 44-52, June 1995 [6] M. Handley, H. Schulzrinne, E Schooler, and J. Resenberg, "SIP: session initiation protocol,: Request for Comments (Proposed Standard) 2543, Internet Engineering Task Force, Mar. 1999 [7] J.H Song and C.Y Chong "draft-song-mobileip-mipv6-user-mobility-00.txt" [8] Pat R. Calhoun and C. Perkins. "Diameter Mobile IPv4 Application" draft-ietf-aaa-diameter-mobileip-07.txt [9] David B. Johnson and C. Perkins. "Mobility Support in IPv6" draft-ietf-mobileip-ipv6-14.txt Song et al. Expires March 2002 [Page 13] Internet Draft 12 October 2001 Addresses Questions about this memo can be directed to the authors: JUNHYUK SONG SAMSUNG ELECTRONICS. Mobile Development Team Network Systems Division Phone: +82-31-779-6822 Email: santajun@lycos.co.kr FAX: +82-31-7798769 CHAE YONG CHONG SAMSUNG ELECTRONICS. Mobile Development Team Network Systems Division Phone: +82-31-779-6822 Email: cychong@samsung.com DONGKIE LEIGH SK TELECOM Core Network Development Team Network R&D Center Phone +82-2-829-4640 Email: galahad@netsgo.com FAX:+82-2-829-4612 Song et al. Expires March 2002 [Page 14]