 |
|
|
WiFi (IEEE 802.11b) wireless LANs have proven a spectacular success. What used to be a rare add-on to laptops, is now often built in. It is not just laptops getting WiFi fever either, chipsets are increasingly embedded in desktop computers, PDAs and even cellular phones.
WiFi is popularizing wireless data just as cellular made wireless voice part of most people’s lives. But cellular protocols increasingly have data support as well. Will these compete or complement with WiFi? Or both? Will cellular carriers fight for customers against WiFi operators, or will cellular carriers become WiFi operators?
WiFi networks have limitations. Paradoxically these are due to some of the features that made the technology catch on so quickly. Lack of meaningful security made the networks easy to configure. Use of unlicensed spectrum meant that airtime was free and no coordination with other networks was required. Small cells meant that the probability of interference was very low.
But as WiFi becomes more popular, the lack of security becomes a huge problem for many WiFi users, the use of unlicensed spectrum means that there might not be enough to go round, and that there is no entity ready to sort out conflicts. Small cells mean that covering wide areas is far too expensive.
Modern cellular technologies with data support (CDMA2000 and GSM/UMTS) are opposite in these characteristics. Security is being built in, and is based on a lot of field experience. The 3G security infrastructure for all technologies, based on AKA, is very strong yet flexible, providing authentication, encryption and a number of other security services.
The use of licensed spectrum for cellular and PCS means that available frequencies are parceled out equitably, and the existence of medium to large coverage cell sites for voice service makes it much more practical to add wide area data coverage.
The reality is that, for some users, WiFi is a dream come true, while others can only use cellular data protocols, and many others will be looking for a seamless mixture.
Residential users can usually live within WiFi’s limitations. They appreciate the ease of setup, and many will happily live without any security, or with the limited and inflexible security provided by WEP (Wired Equivalent Protocol). They are price-sensitive, which makes the free airtime of a home WiFi network very attractive. And the small cellsite is not an obstacle, but an advantage in low to medium density residential areas, minimizing the risk of spectrum exhaustion and interference.
Another category of users who are quite happy with today’s WiFi are the free hotspot providers. Users can hardly complain about security when they are getting high speed wireless internet for free. The difficulty of developing an adequate revenue stream is this segment’s biggest current challenge, although spectrum issues may become more important as WiFi hotspots continue to spring up.
Business users are not so ecstatic about WiFi, whether they are using it to improve productivity internally, or trying to make a business out of selling wireless internet to the public.
Security emerges as a huge problem. Most wireless office networks are now banished outside the corporate firewalls. Security weaknesses are not due to problems with the WEP algorithm. In fact, if the WEP algorithm was unbreakable, the WEP security system would still be incredibly weak. The fatal flaw in WEP is that a single key is shared by all users of a particular access point (base station).
This has two ramifications. First of all a single shared key cannot be secure, as it will soon become common knowledge, and therefore it cannot be used to allow access by some, and disable it for others, nor can it be used to allow access that was purchased for a limited time.
Secondly, a per-cell key cannot be managed efficiently, because every mobile device needs to have keys pre-provisioned for all cells they might roam into. Maintaining a database is not possible for most users, because the list of keys and cells will be dynamic, and there is simply no infrastructure to efficiently and securely distribute these keys.
It might be hard to understand how a group that created such a useful protocol got security so wrong, but it is probably because WiFi was modeled as an Ethernet replacement. Ethernet replacement assumes that the wireless LAN connection simply replaces the ubiquitous Ethernet cable. Evidence for this is that WiFi provides approximately the same bandwidth as wired Ethernet (also a shared 10 Mbps resource) and relies on IP protocols allows WiFi to be used as a simple substitute for an Ethernet connection.
This model does mean that as soon as a computer is successfully connected to a WiFi access point, it can use standard internet protocols, such as smtp, ftp and http. This is one of the most attractive features of WiFi.
However, as soon as you cut the cord, users want mobility. And an Ethernet replacement model does not provide mobility protocols. In fact, one of the biggest weaknesses of the entire internet is the lack of true mobility.
The internet provides nomadicity, but not true mobility. There are many ways to connect to the internet and request services, but few facilities for terminating services, nor for seamless handoff between points of attachment to the internet.
The internet provides protocols that give an illusion of mobility. Initiating a dial-up modem or WiFi connection to obtain emails is not the same as having the network initiate a connection to your device and send an important email to you. No matter how important the message, it is up to the recipient to arrange to connect and request it. When a connection is initiated the mobile device must remain stationary or all the internet connections will be broken, and most applications will fail.
In the early days of cellular there was also only nomadicity. People soon learned that if they wanted to stay in touch, they needed to either phone their voice mail regularly, inform their contacts of the local system’s roamer access port number or carry a pager. Luckily, by the early 1990’s true mobility had arrived, and calls and short messages could be automatically delivered to a phone no matter where it was roaming.
Ironically, now it is the cellular phone, with its decade-old true mobility, that is often used to close the loop on an email by reminding the recipient to connect to the internet and check their email.
Mobility is a lot more difficult than it seems. Many capabilities need to be integrated before the system is fully functional:
Mobility management places a number of requirements on wireless systems:
These capabilities are largely provided through Mobile Application Part (MAP) – GSM MAP or ANSI-41 (for analog, TDMA and CDMA). Although these protocols are voice oriented, most of the capabilities are required for data. For example, ‘always on’ operation requires the ability to re-route terminating service requests via a single known point, the ‘Home’ system, much as terminating voice calls are re-routed by the HLR to the current serving system, or terminating short messages are re-routed by the Message Centre.
The fabulous success of the internet leads many people to conclude that it is based on an inherently superior suite of protocols. But, although it provides a wide range of new services (email, web, ftp, instant messaging etc.) it also has major performance, reliability and security issues. Its philosophy of providing many small, highly focused protocols makes new applications easy, but new systems more difficult. It makes the addition of new application protocols very easy, but changes to the underlying transport and routing layers become very difficult.
Mobile IP is a protocol for internet mobility based on 2 messages, compared to more than 75 each for GSM MAP and ANSI-41. This radical simplisticification is based on the philosophy of ‘separation of concerns’. All Mobile IP is supposed to do is re-route messages, it leaves validation, authentication, profile and billing concerns to other protocols.
When a mobile determines that it is present in a new system it registers with a Foreign Agent (FA) that assigns it a temporary IP address. This is forwarded to the Home Agent (HA) in a registration message. Packets destined for the mobile are routed to its permanent IP address, and terminate at the HA, which then tunnels them to the care-of address held by the FA. Messages sent by the mobile can sometimes be sent directly from the serving system, but often also need to be tunneled back through the HA.
Mobile IP’s design has many problems. First of all it does not even do a complete job. It does not include a de-registration command, so previous serving systems had no simple way to clean up resources assigned to mobile devices that were no longer present. This is not a problem in small implementations, but becomes one with larger, commercial implementations.
The protocol attempts to implement mobility at the higher protocol layers, although this would be more reliable and efficient at lower layers. Mobile IP is a routing function, but changing the fundamental routing methodologies is simply not considered. Consequently, the fundamental routing layer (which assumes that internet devices are stationary) becomes a barrier. Even the packet-oriented nature of the internet becomes a problem, as every packet needs the extra routing treatment.
Separation of concerns, although often a useful design tool, in this case requires multiple security solutions, instead of the use of one integrated solution. For example, the AAA, used to accumulate accounting records, needs to maintain a different security association than the Mobile IP protocol. Over-the-air security will need yet another association.
Mobile IP at best can solve one problem, and does not answer the question of what protocols should be used to solve the other. Disagreements over the protocol needed to fulfil the other necessarily mobility functions results in incompatibilities.
Because of these problems Mobile IP has suffered as an ‘orphan’ internet protocol. Although first proposed in 1996 (for wired computer mobility, not wireless mobility), lack of widespread implementation has meant that advances in internet security and routing capabilities (firewalls, Network Address Translation, VPN) have not taken Mobile IP needs into account, and often have acted to prevent Mobile IP from working.
Cellular carriers have a role to play in some WiFi environments, particularly in the commercialization of pay-for-service hotspots. Ideally, a cellular should be able to pay a small extra monthly fee for WiFi service from their cellular carrier, plus connection charges when actually using a hotspot. From the consumer’s point of view, they would find that they could use more hotspots, and their billing would be consolidated with their cellular service billing. Tedious login sequences, provision of credit card information and other inconveniences would be banished. Pricing would be consistent from location to location. Cellular data protocols could also be used, when outside WiFi coverage areas, without having to change the device setup.
From the carrier’s point of view they could enlarge their target market, including all roamers in their coverage area, and could provide services with a great deal of assurance that they would be paid for.
This will require the adaptation of cellular MAP protocols to better support data and the construction of bridges to common internet protocols, particularly those for validation, authentication and billing. Although this will be difficult, it may still be much easier than the job of putting together a consistent, workable suite of pure-internet protocols. Furthermore, it will enable the integration of voice and data services, and of different access technologies. It may be possible, for example, for an incoming short message to be redirected to a mobile device currently accessing via a WiFi hotspot. It may even be possible to bridge an incoming call to a device using a WiFi hotspot that supports Voice over IP.
Once a wireless device communicates its cellular identity (MIN or IMSI) to the cellular carrier’s home system (HLR), the home system can provide profile information, authenticate the subscriber, provide the basic data required for encryption, and can redirect services to the appropriate hotspot.
This approach would combine the best of cellular (true mobility and the experience of carriers) while providing consumers with a true wireless internet experience. Feeding the growing addiction to high speed wireless data will help drive demand for wide-area data services that only cellular can provide.
 |
© – Copyright