To appear in the Proceedings of the First Annual Global Mobile Congress, Shanghai, China, October 2004.

QoS and Security in 4G Networks

Xiaoming Fu1, Dieter Hogrefe1, Sathya Narayanan2, Rene Soltwisch1
1 2
Telematics Group, Panasonic Information & Networking
University of Goettingen, Germany Technologies Laboratory, USA
{fu,hogrefe,soltwisch}@informatik.uni-goettingen.de [email protected]

Abstract In the wireless access field, Bluetooth was developed as a

new cable replacement technology, which provides a
Future 4G mobile communication networks are short-range (~10m), low bit rate (1Mbps) access in the
expected to provide all IP-based services for 2.4GHz spectrums. IEEE also developed a wireless LAN
heterogeneous wireless access technologies, assisted by (WLAN) access family of protocol IEEE 802.11
mobile IP to provide seamless Internet access for mobile including 802.11b (a 100m, 11Mbps access technology in
users. Two major challenges in developing such the 2.4GHz spectrum), 802.11a, and 802.11g, as well as
HiperLAN2 developed by ETSI. Nowadays, 802.11 has
heterogeneous network infrastructure are QoS
become one of the most popular and easy ways to
provisioning and security services for mobile users’ provide wireless access for nomadic laptop users; first
communication flows. This paper proposes a new products of cellular phones that can access IEEE 802.11
architectural view and methodologies for QoS and base stations have recently been available in the market.
security support in 4G networks, which integrates QoS
signaling with authentication, authorization and The focus of this paper is on fourth generation (4G)
accounting (AAA) services to both guarantee the user mobile networks. Even though a universal consensus on
applications’ QoS requirements and achieve efficient what is going to be 4G is not yet reached in the industry
or the literature, there is a reasonable understanding of
authentication, authorization and key exchange.
some characteristics of 4G mobile networks. Some of the
accepted characteristics are:
1 Introduction • All-IP based network architecture;
• Higher bandwidth;
In the past decade, the telecommunications industry has • Support for different access networks, including
witnessed an ever accelerated growth the usage of mobile WLAN technologies like IEEE 802.11;
communications. As a result, the mobile communications • Full integration of “hot spot” and “cellular”;
technology has evolved from the so-called second- • Support for multimedia applications.
generation (2G) technologies, GSM in Europe, IS-95
(CDMA) and IS-136 (TDMA) in USA, to the third In order to clarify our vision of 4G networks, we could
generation (3G) technologies, UMTS/WCDMA in imagine a staff A starts a voice over IP conversation with
Europe and CDMA2000 in USA, being standardized by his boss B (who is at a remote site) on his way to the
3GPP and 3GPP2 (respectively), partnership projects airport, through an access to the UMTS system. When he
between the governmental standards development arrives at the airport, WLAN access becomes available
organizations (SDO) of various countries. and the conversation (connectivity) between A and B is
expected to be seamlessly continued (upon necessary
Along with the standards development for providing authentication of A’s credential by the network) even
voice service to mobile users, a group of standards to with a different access technology and a different
deliver data to the mobile users have evolved from both operator. Furthermore, data transmission over the
SDOs and industry. Systems and applications, such as wireless link may desire stronger protection and the
iMode, the mobile Internet access system developed by conversation between A and B may desire certain QoS
NTT DoCoMo, and Short Message Service (SMS) for support from the network. This scenario indicates the
sending and receiving short text messages for mobile integration of different characteristics of data
phone users, have been built and continue to be transmission and data protection, and possible different
developed. The WAP (wireless application protocol) approaches for quality assurance. As 4G is expected to be
forum and more recently, the Open Mobile Alliance have built on all-IP-based technologies, architectural
also been developing applications for wireless networks. considerations in IP layer become critical to enable

1
seamless interoperation among these technologies. While Authorization and Accounting), we identify these
the IETF addresses the connectivity problems by its components in the SeaSoS architecture into two planes,
Mobile IP (MIP) protocols for both IPv4 and IPv6 namely the control plane and the data plane.
networks [1,2], Quality of Service (QoS) and security
insufficiencies are apparent: besides a simple IPsec Data plane Control plane
support for MIP registration process [3], MIP mainly
maintains the connectivity between a mobile node (MN)
and its corresponding node (CN) while it is moving away Data plane (Reconfiurable)
from its home networks. It neither supports QoS nor components control Components,
stronger security between the MN and the network. e.g., AAA services, IKE,
Control mobility registrations,
Parameters resource reservations
QoS mechanisms, including resource reservation (states)
(signaling), admission control and traffic control, allow
multimedia applications to get certain quality guarantee Data
e.g., on bandwidth and delay for its packets delivery. packets
Control messages: MIP/AAA registration,
Providing QoS guarantees in 4G networks is a non-trivial QoS signaling, key exchange mesgs etc.
issue where both QoS signaling across different networks
and service differentiation between mobile flows will Fig. 1: The decomposition of control plane and data plane
have to be addressed. On the other hand, before functionalities
providing network access and allocating resources for an
MN, the network needs to authenticate the MN’s (or the Fig. 1 illustrates this method of flexible functional
mobile user’s) credential. Furthermore, a security composition in 4G networks. As we are mainly
association needs to be established between the MN and concerned with network elements effectively at the
the network to ensure data integrity and encryption. Thus, network layer, we do not show a whole end-to-end
in order to achieve seamless handover, mobility, QoS and communication picture through a whole OSI or TCP/IP
security technologies must be integrated. stack. The control plane performs control related actions
The rest of this paper presents a new architecture, such as AAA, MIP registration, QoS signaling,
Seamless Mobility with Security and QoS Support in 4G installation/maintenance of traffic selectors and security
Networks (SeaSoS), to address these challenges, which associations, etc., while the data plane is responsible for
integrates QoS signaling, AAA and key exchange into data traffic behaviors (such as classification, scheduling
the 4G mobile networking infrastructure. We present our and forwarding) for end-to-end traffic flows. Some
views on 4G networks design and analyze underlying components located in the control plane interact, through
fundamental problems in Section 2. Section 3 describes installing and maintaining certain control states for data
the SeaSoS architecture and how it addresses these plane, with data plane components in some network
problems. Section 4 compares SeaSoS with other elements, such as access routers (ARs), IntServ [4] nodes
approaches and outlines some future work. or DiffServ [5] edge routers. However, not all control
plane components need to exist in all network elements,
and also not all network elements (e.g., AAA server) are
2 A Basic Model for 4G Networks involved with data plane functionalities. We refer these
QoS, security and mobility can be viewed as three cases as path-decoupled control and other cases as path-
different, indispensable aspects in 4G networks; however coupled control.
all are related to network nodes involving the controlling
or the processing of IP packets for end-to-end flows We argue the separation and coordination of control
between an MN and the CN. We show in this section plane and data plane is critical for seamless mobility with
how we view the 4G network infrastructure based on QoS and security support in 4G networks, with the
which we present the SeaSoS architecture in Section 3. reasons as follows. Per-flow or per-user level actions
occur much less frequent than per-packet actions, while
2.1 Two Planes: Functional Decomposition per-packet actions are part of critical forwarding behavior,
which involves very few control actions (which are
Noting that an IP network element (such as a router) typically simply to read and enforce according the install
comprises of numerous functional components that state during forwarding data). Actually, this separation
cooperate to provide such desired service (such as, concept is not new – routing protocols have the similar
mobility, QoS and/or AAA – Authentication, abstraction together used with the traditional IP packet
delivery, this abstraction is recently being investigated in

2
the IETF ForCES working group. However, we Furthermore, when FMIPv6 is applied, the path can be
emphasize the three critical dimensions of future 4G more complicated by the way of further tunneling data
networks: mobility, QoS and security, as well as other packets from the Previous Access Router (pAR) through
new emerging or replacement components might appear, the New Access Router (nAR) and finally reach the MN.
integrated into a unified framework and allowing more
extensibility for 4G networks design.
CN
MIPv6(w/oRO)
2.2 Two Modes of Operation
HMIPv6 HA MIPv6(w/RO)
Besides the functional decomposition, we divide the
operations that a 4G network infrastructure used in MAP
mobility scenarios into two categories: 1) end-to-end way HMIPv6
control, which is related to authentication between the HMIPv6+FMIPv6
mobile device and the network, and enabling of MIPv6+FMIPv6
forwarding end-to-end traffic. 1) the hop-by-hop way,
mainly on hop-by-hop trust relationship and resource pAR nAR
reservation setup.
FMIPv6
2.3 Understanding Mobility, QoS and Security
Problems in 4G Networks
MN
Mobility. Mobility involves both control plane and data (a) Mobile node as data sender
plane. The control plane is mainly involved with path- CN
decoupled, end-to-end way of mobility registrations,
while data plane concerns mobility-enabled routing for
MIPv6(w/RT)
data flows into and from an MN while it moves between
different locations. The data plane behavior is achieved HMIPv6 HA
by installing/changing certain binding caches upon
certain control plane information exchange (e.g., the
binding update/acknowledge procedure in MIP). In fact, MIPv6(w/oRT)
HMIPv6
although MIP does not change the traditional IP routing MAP
table, when the MN is away from home and changes its
FMIPv6
location, associated with its fixed home address
information, routing information is added in certain data HMIPv6+FMIPv6
processing and/or forwarding entities such as mobility pAR
agents (e.g., home agent and foreign agent) and systems
nAR
FMIPv6
themselves upon successful MIP registrations. Localized
mobility solutions such as fast handover for Mobile IPv6
(FMIPv6) [13] and Hierarchical Mobile IPv6 (HMIPv6) MN
[14] make this a little bit more complicated. Fig. 2
illustrates this issue in various MIPv6 cases. (b) Mobile node as data receiver
Fig. 2: A data plane view of an MN’s flow
As shown in Fig. 2(a), after different combinations of
MIP registrations an MN can receive data flows along Similarly, Fig. 2(b) demonstrates the various potential
different paths sending from the CN. For example, after a data paths along which flows sent by the MN traverse,
MIPv6 with route optimization (MIPv6w/RO) including the case after a MIPv6 registration with or
registration, data flows traverse along normal IP routing without reverse tunneling (MIPv6w/RT or MIPw/oRT),
path within bothering mobility agents. However, if a or combined with FMIPv6 and/or HMIPv6. A more
MIPv6 without route optimization (MIPv6w/oRO) detailed description of these scenarios is provided in our
registration is enforced, data flows can either traverse prior work [8].
through the home agent (HA) towards MN directly (the
normal case), or traverse through the HA and the QoS. QoS provisioning also comprises data plane
mobility anchor point (MAP) introduced in HMIPv6. (mainly traffic control e.g., classification and scheduling)

3
and control plane (mainly admission control and QoS 3 The SeaSoS Architecture
signaling) functions. Follow the above exploration of
mobility problems, we can identify the fundamental Reification of network architectures for support of QoS
difference of QoS provisioning in all-IP 4G mobile provisioning and security in 4G networks calls for new
networks from a traditional, wired or wireless IP sights of dealing with the complexity of visualizing and
networks: whereas its resource control mechanisms can architecting networks. Based on the network model
be similar to that of traditional networks, changing a described in Section 2, we present an architecture for
location during the lifetime of a data flow introduces Seamless Mobility with Security and QoS Support
changed data path, thus requiring identifying the new (SeaSoS), that integrates mobility schemes with QoS and
path and installing new resource control parameters via security measures, and discuss the main issues toward
path-coupled QoS signaling. Hence, a problem is how to realizing SeaSoS architecture.
apply any QoS signaling mechanism to achieve end-to-
end resource setup in mobility scenarios. The current SeaSoS differs from priori work in two main aspects: 1)
QoS signaling protocol, RSVP [7], exhibits lack of it provides a distinct abstraction on functional separation
intrinsic architectural flexibility in adapting to mobility and coordination of various involved network elements,
requirements. Difficulties arise, for example, because of which facilitates the network architects with a systematic
its inability to adapt to the introduction of mobility exploration of the network design space. 2) SeaSoS
routing in the data plane encountered in 4G networks, allows network operators and end users to modify
which results in either too complicated solutions or network attributes using dynamic plug-ins (e.g., replacing
simply being unable to satisfy the needs. Over the years, a mobility management protocol) or by re-configuring
research efforts have been made to address this (e.g., existing network services (e.g., adjusting the
[8,19,20,21]) however it remains still an open issue. configuration parameters of traffic selector in an IPsec
architecture). For example, SeaSoS allows MNs to re-
Security. Security in 4G networks mainly involves configure their protocol stacks (e.g., from HMIPv6 to
authentication, confidentiality, integrity, and standard MIPv6 for mobility support, from Radius to
authorization for the access of network connectivity and Diameter or COPS for the AAA procedure) in order to
QoS resources for the MN’s flows. Firstly, the MN needs dynamically interact with heterogeneous wireless access
to prove authorization and authenticate itself while networks, and choose a certain QoS signaling protocol
roaming to a new provider’s network. AAA protocols (such as RSVP or NSIS-QoS [9]) for their end-to-end
(such as Radius, COPS or Diameter [10]) provide a applications. In one word, SeaSoS identifies the critical
framework for such support especially for control plane infrastructure of future 4G networks, as well as other new
functions (including key establishment between the MN emerging or replacement components might appear,
and AR, authenticating the MN with AAA server(s), and integrated into a unified framework and allowing an
installing security policies in the MN or ARs’ data plane efficient, scalable and extensible network design for 4G
such as encryption, decryption, and filtering), but they networks. Note a network element may contain zero1, one
are not well suited for mobility scenarios. There needs to or many of data plane and control plane components in it.
an efficient, scalable approach to address this. The
Extensible Authentication Protocol (EAP) [6], a recently As an example of basic SeaSoS operation, we use MIPv6,
developed IETF protocol, provides a flexible framework RSVP, AAA and EAP together in achieving a seamless
for extensible network access authentication and handover in 4G networks. As shown in the Message
potentially could be useful. Secondly, when QoS is Sequence Chart (MSC) in Fig. 3, we extend the method
concerned, QoS requests needs to be integrity-protected, proposed in [22], namely apply EAP to perform the
and moreover, before allocating QoS resources for an mutual authentication between the MN and access
MN’s flow, authorization needs to be performed to avoid network, combined with AAA registration and extended
denial of service attacks. This requires a hop-by-hop way with QoS and mobility support. Note the security
of dynamic key establishment between QoS-aware association between the MN and the network is not
entities to be signaled on. Finally, most security concerns directly transferred over the wireless interface, to avoid
in this paper lie in network layer functions: although malicious nodes to obtain or modify it. As the MIP
security can also be provided by higher layers above the registration is also an end-to-end way operation, we
network layer (for example TLS [15] provides privacy
and data integrity between two communicating 1
Here we do not regard normal IP routing as part of control
applications), our study mostly lies on mobility in the plane or data plane, therefore if a node only forwards normal IP
sense of network layer information exchange for mobile packets it is transparent to other components related to mobility,
devices. QoS and security.

4
extend this approach to support efficient MIP registration. AAA response to the MAP. Afterwards, MAP control
These transactions are shown in step 1-17. In addition, plane changes its binding cache (i.e., mobility routing
once a mobility registration takes place in the HA, a QoS information for CNÆMN traffic) in the data plane. Then
signaling process can start for the flow destined to the the MAP can start two procedures without distinction of
MN. Here we use RSVP Path-Resv two-way signaling subsequence: 1) forward the AAA request with HBA
(step 18-23) but different from traditional RSVP, we use through the nAR towards the MN (while traversing nAR,
the combination of MN’s permanent address (i.e., the the control plane in nAR installs a traffic selector in the
home address) and the flow label as the unique identifier, data plane for CNÆMN traffic), 2) initialize a QoS
which avoids a double reservation problem as identified signaling process towards the MN. Note 1) and 2)
in [8]. In order to prevent denial of service of QoS theoretically can be further merged but this increases the
resources, we could apply an RSVP Integrity object [12] complexity of implementation.
to the Path/Resv messages. Before applying this
authenticated RSVP signaling procedure one may create
a chain of trust relationship (security associations) along
the RSVP nodes through the use of ISAKMP [17] with
RSVP DOI [18] in the key exchange protocol IKE [16].
MSC - Basic SeaSoS operation (MIPw/oRO, CN->MN flows)
MN (n)AR AAAL QR AAAH HA

1.Start

2.EAPreq/ID

3.EAPresp/ID 4.AAAreq/EAPresp/ID
(NAI)
(NAI)
5.AAAreq/EAPresp/SKE-ARchal
6.EAPresp/SKE-ARchal (N1,msg)
(N1,msg)
7.EAPresp/SKE-MNchal
(auth1,N2) 8.AAAreq/EAPresp/ID/BU/SKE-ARchal
(auth1,N2) 9.AAAreq/EAPresp/ID/BU
10.BU
(NAI,auth1,N1,N2 )
11.BA
12.AAAchal/EAPresp/Verify/BA
( Auth2,Ksms)
13.AAAchal/EAPresp/SKE-ARverify/BU
(auth2)
14.EAPresp/SKEsucc/BA
15.AAAchal/EAPresp/SKEsucc (a) Mobile node moves inside a MAP domain
16.AAA:EAPsucc
17.EAPsucc
(Ksms)
18.RSVPpath
19.RSVPpath
20.RSVPpath

21.RSVPresv
22.RSVPresv 23.RSVPresv

Fig. 3: Example of SeaSoS basic operation (control plane)

To further elaborate SeaSoS concepts, let’s assume

HMIPv6+MIPv6 is now the replacing mobility scheme.
The simplest scenario can be that the MN just moves
inside a MAP domain. As shown in Fig. 4(a), one can
integrate the AAA procedure together with the HMIPv6
registration procedure. For example, if we use Diameter
as the AAA protocol, we could encapsulate the HMIPv6
Binding Update (HBU) and Acknowledgement (HBA)
messages inside the AAA request the MN control plane,
similar to the Diameter Mobile IPv4 application [11]. (b) Mobile node moves to a new MAP domain
This is rather simple, and after the MAP control plane
receives this message, it forwards only the AAA request Fig. 4: SeaSoS in HMIPv6 (flows destined to MN)
part to the local AAA server (AAAL); the latter
An inter-domain handover is similar (shown in Fig. 4(b)).
authenticates the MN and if succeeds, returns a positive

5
The difference lies in when the MAP determines it is a References
request to this domain, it initializes a AAA process
combined with a global MIP registration (AAA:BU/BA). [1] C. Perkins, IP Mobility Support for IPv4, RFC 3344, Aug.
When the home AAA server (AAAH) accepts the request, 2002.
a global binding cache is changed in HA’s data plane; the [2] D. Johnson, C. Perkins, and J. Arkko, Mobility Support in
HA can further initialize a QoS signaling process towards IPv6, RFC 3775, June 2004.
the MN. In both cases, we can see the handover process [3] J. Arkko, V. Devarapalli, and F. Dupont, Using IPsec to
incorporates support of QoS, authentication and Protect Mobile IPv6 Signaling between Mobile Nodes and
authorization for MN’s flow in the HMIPv6 registration. Home Agents, RFC 3776, June 2004.
[4] B. Braden, D. Clark, and S. Shenker, Integrated Services
in the Internet Architecture: an Overview, RFC 1633, June
4 Summary and Future Work 1994.
[5] S. Blake, D. Black, and et al., An Architecture for
There have been a few investigations on different aspects Differentiated Services, RFC 2475, Dec. 1998.
on QoS and security in 4G networks, notably MobyDick [6] B. Aboba, L. Blunk, and et al., Extensible Authentication
[19], SeQoMo [20], FCAR [21], and W-SKE [22]. We Protocol (EAP), RFC3748, June 2004.
compare SeaSoS with them in Table 1. [7] R. Braden, L. Zhang, S. Berson, S. Herzog, and S. Jamin,
Resource ReSerVation Protocol (RSVP) – Version 1
Table 1: Comparison of SeaSoS with other approaches Functional Specification, RFC 2205, Sept. 1997.
Mobility QoS Key ex- [8] X. Fu, H. Schulzrinne, and H. Tschofenig, Mobility
Approach Security
support signaling change Support in NSIS, Internet draft, June 2003.
Implicit [9] S. Van den Bosch, G. Karagiannis, and A. McDonald,
MIPv6+ COPS/
MobyDick session No NSLP for Quality-of-Service Signaling, Internet draft,
HMIPv6 Diameter
signaling May 2004.
QoS Cond.- [10] P. Calhoun, J. Loughney, E. Guttman, G. Zorn, and J.
SeQoMo HMIPv6 Diameter No
Handoff Arrko, Diameter Base Protocol, RFC 3588, Sept. 2003.
Changed
FCAR MIPv4 No No [11] P. Calhoun, T. Johansson, and et al., Diameter Mobile
RSVP
IPv4 Application, Internet draft, July 2004.
EAP+
W-SKE No No Yes [12] F. Baker, B. Lindell, and M. Talwar, RSVP Cryptographic
Radius
Authentication, RFC 2747, Jan. 2000.
Any comb- Changed EAP+
SeaSoS ination of RSVP or any Yes [13] H. Soliman, C. Castelluccia, K. El-Malki, and L. Bellier,
IP mobility NSIS-QoS AAA Hierarchical Mobile IPv6 Mobility Management
(HMIPv6), Internet draft, June 2004.
[14] R. Koodli, Fast Handovers for Mobile IPv6, Internet draft,
From this table we can see, different from these July 2004.
approaches, which mostly focus on functional aspects [15] T. Dierks and C. Allen, The TLS Protocol Version 1, RFC
and optimization for certain circumstances, SeaSoS 2246, Jan. 1999.
introduces the concept of supporting seamless mobility [16] D. Harkins and D. Carrel, The Internet Key Exchange
with and QoS mechanisms and security architectural (IKE), RFC 2409, Nov. 1998.
components, which allows dynamic replacing/switching [17] D. Maughan, M. Schertler, M. Schneider, and J. Turner,
mobility management protocols and re-configuring Internet Security Association and Key Management
existing network services in a secure way, and examines Protocol (ISAKMP), RFC 2408, Nov. 1998.
how they can be integrated universally to build an [18] H. Tschofenig and H. Schulzrinne, RSVP Domain of
environment supporting 4G service requirements. Interpretation for ISAKMP, Internet draft, Oct. 2003.
[19] V. Marques, R.L. Aguiar, and et al., An IP-based QoS
Due to the space limitation we can only sketch the key Architecture for 4G Operator Scenarios, IEEE Wireless
SeaSoS concepts in this paper. Towards the realization of Communications, 10(3): 54-62, June 2003.
the SeaSoS architecture, there are a number of issues to [20] X. Fu, T. Chen, A. Festag, H. Karl, G. Schaefer, and C.
Fan, Secure, QoS-Enabled Mobility Support for IP-based
be resolved. A key issue is how to tradeoff between Networks, IPCN’2003, Dec. 2003.
efficiency and security, especially when coordinating [21] S.-C. Lo, G. Lee, W.-T. Chen, and J.-C. Liu, Architecture
different control plane components. We are currently for Mobility and QoS Support in All-IP Wireless
developing details of the proposed concepts in the Networks, IEEE JSAC, 22(4): 691-705, May 2004.
context of seamless inter-domain mobility, and will [22] L. Salgarelli, M. Buddhikot, J. Garay, S. Patel, and S.
validate the design through simulations and performance Miller, Emerging Authentication and Key Distribution in
evaluations in a mobile IPv6 environment. Wireless IP Networks, IEEE Wireless Communications,
10(6): 52-61, Dec 2003.