university of bern a novel and flexible architecture for cahn marc danzeisen

University of Bern

A novel and flexible Architecture for

CAHNMarc Danzeisen

2Marc Danzeisen28.05.2003

University of Bern

Outline

CAHN with CANs only– The Building Blocs, features and

responsibilities CAHN with CANs and N-CANs

– Distribution of the Building Blocs CAHN Communication

– Between Nodes– With CAHN Service Provider

Open Issues / Ongoing work


University of Bern

CAHN with CANs only

Signaling planeSignaling plane

WLAN

HLR/HLR/AuCAuC

or Bluetooth

Data planeData plane

GSM

CellularCellular CellularCellular


WLAN

HLR/HLR/AuCAuC

or Bluetooth

Data planeData plane

GSMGSM



University of Bern

USSD SMS

Building Blocs of CAHN

Cellular

CAHN Communication Module (CCM)

Het. VPN File Transfer

GUI

Key Management


Het. VPN File Transfer Key Management

GUI

WLANBLT

Cellular Aware Node (CAN)

USSD SMS

Cellular WLANBLT

Physical Communication Devices

CCM:• CAHN Protocol• Identity Management

• MSISDN• MAC / IP Addr.

• CAHN Service Mgnt

CAHN Adapters:• Translation of CAHN PDUs (Messages) to the lower layers

CAHN Services:• Heterogeneous VPN• Secure File Transfer, etc.

Key Management:• For CAHN Protocol• For CAHN Services

CAHN Connectors:• Configuration of Physical Devices• Secure Links

CAHN GUI:• For User Interaction with CAHN Services

Inter Module Communication:• Local or Remote


University of Bern

CAHN Communication (I)

WLANBLTCellular

USSD SMS



GUI

Key Management

WLANBLTCellular

USSD SMS



GUI

Key Management

1) Start GUI of File Transfer Service, Invite Peer

3) Translation of the CAHN Request to fit the signaling channel (SMS / USSD / BLT / WLAN, etc.)

2) Create CAHN Request (Service, MSISDN (Own / Peer), Capabilities, Devices, etc.)

4) Pop-up of the File Transfer Service, GUI, accept of request

5) Negotiation of Config and Security Settings

6) Secured Link establishment


University of Bern

CAHN Communication (II)

WLANBLTCellular

USSD SMS



GUIKey Management

1) Connects to the File Transfer Service, Invite Peer

5) Calculation of Config and Security Settings

7) Secured Link establishment

WLANBLTCellular

USSD SMS



GUIKey Management

Cellular

USSD SMS



Service Management

Key Management

User /Session

DBBilling

CAHN Service Provider

2) Create CAHN Service Request

4) Pop-up of the File Transfer Service, GUI, accept of request

6) Config & Key distribution

3) Invite Peer


University of Bern

CAHN with CANs and N-CANs


WLAN

HLR/HLR/AuCAuC

Data planesData planes


GSM

NonNon-- CellularCellular NonNon-- CellularCellular


WLAN

HLR/HLR/AuCAuC

Data planesData planes


GSMGSM

NonNon-- CellularCellularNonNon-- CellularCellular NonNon-- CellularCellularNonNon-- CellularCellular


University of Bern

Distribution of the Building Blocs (CAN / N-CAN / CAHN Server)

WLANCellular

USSD SMS

BLT


GUI


Main requirement:• CAHN should work, also if the N-CANs are not always on

BLT

GUI

N-CANCAN



CAHNServer

?

Pro

toco

ls?


University of Bern

Open Issues / Ongoing Work Inter-module Communication (Protocol, Local / Remote) CAHN Protocol Definition CAHN Services:

– Service Definition for Service Detection / Registration– Information to be exchanged– VPN / File Transfer: Heterogeneous Network design– Service monitoring


University of Bern

Open Issues / Ongoing Work (II) CAHN Security

– Loosely coupled security– CAHN as a pure application on top of the cellular

system– No direct interaction within the key generation

(CAHN Key Management)– CAHN uses the secured communication channels

of the cellular system (implicit authentication)

– Tightly coupled security– Reuse of SIM Security for CAHN Key Generation

(CAHN Messages and Data Channels)

To consider:– Operator is always man-in-the-middle (like CA)– Cellular Systems are not designed to handle inter-

node security (SA only between SIM and AuC)


University of Bern

Questions?Thank you!

university of bern a novel and flexible architecture for cahn marc danzeisen

Documents