On predictive routing of security contexts in an all-IP network

• Published in: Security and communication networks Vol. 3; no. 1; pp. 4 - 15
• Main Authors: Kim, Hahnsang, Shin, Kang G.
• Format: Journal Article
• Language: English
• Published: Chichester, UK John Wiley & Sons, Ltd 01.01.2010
• Subjects: Computer networks; edit distance; IP (Internet Protocol); Mathematical models; Movement; Networks; Routers; Routing (telecommunications); secure seamless handovers; Security; selective predictive routing; χ2-distance
• ISSN: 1939-0114; 1939-0122; 1939-0122
• DOI: 10.1002/sec.135

While mobile nodes (MNs) undergo handovers across inter‐wireless access networks, their security contexts must be propagated for secure re‐establishment of on‐going application sessions, such as those in secure mobile internet protocol (IP), authentication, authorization, and accounting (AAA) services. Routing security contexts via an IP network either on‐demand or based on MNs' mobility prediction, imposes new challenging requirements of secure cross‐handover services and security context management. In this paper, we present a context router (CXR) that manages security contexts in an all‐IP network, providing seamless and secure handover services for the mobile users that carry multimedia‐access devices. A CXR is responsible for (1) monitoring of MNs' cross‐handover, (2) analysis of MNs' movement patterns, and (3) routing of security contexts ahead of MNs' arrival at relevant access points. The predictive routing reduces the delay in the underlying security association that would otherwise fetch an involved security context from a remote server. The predictive routing of security contexts is performed based on statistical learning of MNs' movement pattern, gauging (dis)similarities between the patterns obtained via distance measurements. The CXR has been evaluated with a prototypical implementation based on an MN mobility model on a grid. Our evaluation results support the predictive routing mechanism's improvement in seamless and secure cross‐handover services by a factor of 2.5. Also, the prediction mechanism is shown to outperform the Kalman filter‐based method [13] as a Kalman Fiter‐based mechanism up to 1.5 and 3.6 times regarding prediction accuracy and computation performance, respectively. Copyright © 2009 John Wiley & Sons, Ltd. A context router (CXR) is a router that transfers and manages security contexts on‐demand or in a predictive fashion, for secure and seamless cross‐handover services. The CXR tracks mobile users' movement in association with attachment of access points rather than their location itself, providing a trade‐off between accuracy in prediction and complexity. This ion causes the CXR's independence of various underlying access networks, effectively achieving scalability and manageability.