On predictive routing of security contexts in an all-IP network

Abstract

While mobile nodes (MNs) undergo handovers across inter-wireless access networks, their security contexts must be propagated for secure re-establishment of on-going application sessions, such as those in secure mobile internet protocol (IP), authentication, authorization, and accounting (AAA) services. Routing security contexts via an IP network either on-demand or based on MNs' mobility prediction, imposes new challenging requirements of secure cross-handover services and security context management. In this paper, we present a context router (CXR) that manages security contexts in an all-IP network, providing seamless and secure handover services for the mobile users that carry multimedia-access devices. A CXR is responsible for (1) monitoring of MNs' cross-handover, (2) analysis of MNs' movement patterns, and (3) routing of security contexts ahead of MNs' arrival at relevant access points. The predictive routing reduces the delay in the underlying security association that would otherwise fetch an involved security context from a remote server. The predictive routing of security contexts is performed based on statistical learning of MNs' movement pattern, gauging (dis)similarities between the patterns obtained via distance measurements. The CXR has been evaluated with a prototypical implementation based on an MN mobility model on a grid. Our evaluation results support the predictive routing mechanism's improvement in seamless and secure cross-handover services by a factor of 2.5. Also, the prediction mechanism is shown to outperform the Kalman filter-based method [13] as a Kalman Fiter-based mechanism up to 1.5 and 3.6 times regarding prediction accuracy and computation performance, respectively. Copyright © 2009 John Wiley & Sons, Ltd.