Zhang/Unlicensed Mobile Access Technology AU5537_C000 Finals Page i 30.7.2008 07:52pm UNLICENSED MOBILE ACCESS TECHNOLOGY #1 Zhang/Unlicensed Mobile Access Technology AU5537_C000 Finals Page ii 30.7.2008 07:52pm #2 Zhang/Unlicensed Mobile Access Technology AU5537_C000 Finals Page iii 30.7.2008 07:52pm UNLICENSED MOBILE ACCESS TECHNOLOGY Protocols, Architecture, Security, Standards and Applications Edited by #3 Zhang/Unlicensed Mobile Access Technology AU5537_C000 Finals Page iv 30.7.2008 07:52pm #4 Auerbach Publications Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2009 by Taylor & Francis Group, LLC Auerbach is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S Government works Printed in the United States of America on acid-free paper 10 International Standard Book Number-13: 978-1-4200-5537-5 (Hardcover) This book contains information obtained from authentic and highly regarded sources Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use The Authors and Publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint Except as permitted under U.S Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers For permission to photocopy or use material electronically from this work, please access www.copyright.com (http:// www.copyright.com/) or contact the Copyright Clearance Center, Inc (CCC) 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400 CCC is a not-for-profit organization that provides licenses and registration for a variety of users For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe Library of Congress Cataloging-in-Publication Data Zhang, Yan Unlicensed mobile access technology : protocols, architectures, security, standards and applications / edited by Yan Zhang, Laurence T Yang, Jianhua Ma p cm (Wireless networks and mobile communications ; 11) Includes bibliographical references and index ISBN-13: 978-1-4200-5537-5 ISBN-10: 1-4200-5537-2 Mobile computing Congresses Mobile communication systems Congresses I Yang, Laurence Tianruo II Ma, Jianhua III Title IV Series QA76.59.Z43 2008 004.165 dc22 Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the Auerbach Web site at http://www.auerbach-publications.com 2008008315 Zhang/Unlicensed Mobile Access Technology AU5537_C000 Finals Page v 30.7.2008 07:52pm #5 Contents Preface vii Editors ix Contributors xi PART I: ARCHITECTURES UMA Technology: Architecture, Applications, and Security Means HASSNAA MOUSTAFA UMA and Related Technologies: Ā e Road Ahead 19 USMAN JAVAID, NICOLAS BIHANNIC, TINKU RASHEED, AND DJAMAL-EDDINE MEDDOUR Quality of Service Management in UMA 35 VESELIN RAKOCEVIC Radio Resource Management in IEEE 802.11-Based UMA Networks 51 FRANK A ZDARSKY AND IVAN MARTINOVIC Security in IEEE 802.11-Based UMA Networks 75 IVAN MARTINOVIC, FRANK A ZDARSKY, ADAM BACHOREK, AND JENS B SCHMITT Mobility Management between UMA Networks and Cellular Networks 95 DAQING XU AND YAN ZHANG PART II: PROTOCOLS AND SECURITY Protocols and Decision Processes for Vertical Handovers 123 JIE ZHANG, ENRIQUE STEVENS-NAVARRO, VINCENT W.S WONG, HENRY C.B CHAN, AND VICTOR C.M LEUNG Piconet Interconnection Strategies in IEEE 802.15.3 Networks 147 ´ AND VOJISLAV B MIŠIC ´ MUHI A.I KHAIR, JELENA MIŠIC, Quality of Service in Wireless Local and Metropolitan Area Networks 163 HAIDAR SAFA AND MOHAMED K WATFA v Zhang/Unlicensed Mobile Access Technology AU5537_C000 Finals Page vi 30.7.2008 07:52pm #6 vi 10 Fast MAC Layer Handoff Schemes in WLANs 187 LI JUN ZHANG AND SAMUEL PIERRE 11 Security in Wireless LANs 207 MOHAMED K WATFA AND HAIDAR SAFA 12 Interference Mitigation in License-Exempt 802.16 Systems: A Distributed Approach 229 ´ MURPHY, AND LIAM MURPHY OMAR ASHAGI, SEAN 13 QoS Capabilities in MANETs 249 BEGO BLANCO, FIDEL LIBERAL, JOSE LUIS JODRA, AND ARMANDO FERRO PART III: STANDARDS AND APPLICATIONS 14 WiMAX Architecture, Protocols, Security, and Privacy 281 S.P.T KRISHNAN, BHARADWAJ VEERAVALLI, AND LAWRENCE WONG WAI CHOONG 15 Detailed DSRC-WAVE Architecture 297 YASSER MORGAN, MOHAMED EL-DARIEBY, AND BAHER ABDULHAI 16 Supporting Heterogeneous Services in Ultra-Wideband-Based WPAN 325 KUANG-HAO LIU, LIN CAI, AND XUEMIN (SHERMAN) SHEN 17 New UMA Paradigm: Class Opportunistic Networks 349 ZILL-E-HUMA KAMAL, LESZEK LILIEN, AJAY GUPTA, ZIJIANG YANG, AND MANISH KUMAR BATSA Index 393 Zhang/Unlicensed Mobile Access Technology AU5537_C000 Finals Page vii 30.7.2008 07:52pm #7 Preface Ā is is the first book providing readers a complete cross-reference for unlicensed mobile access (UMA) technology UMA technology targets to provide seamless access to global system for mobile communication (GSM) and general packet radio service (GPRS) mobile service networks over unlicensed spectrum technologies, including Bluetooth and Wi-Fi (IEEE 802.11), and possibly emerging WiMAX (IEEE 802.16) With a dual-mode enabled mobile terminal, a subscriber is able to roam freely and seamlessly handoff between cellular networks and unlicensed wireless networks With intelligent horizontal and vertical handoff techniques in UMA, subscribers receive voice and data services continuously, smoothly, and transparently To achieve these aims, there are a number of challenges Mobility management is one of the most important issues to address Vertical and horizontal handoff algorithms shall be intelligently designed to adapt to heterogeneous wireless environments In addition, guaranteeing quality-of-service (QoS) during movement and handoff is also of great importance to satisfy subscribers’ requirements Furthermore, software-defined radio or cognitive radio is a key enabling technology for the success of UMA Āe book covers basic concepts, advances, and latest standard specifications in UMA technology, and also UMA-relevant technologies Bluetooth, Wi-Fi, and WiMAX Ā e subject is explored in a variety of scenarios, applications, and standards Āe book comprises 17 chapters, topics of which span comprehensively to cover almost all essential issues in UMA In particular, the discussed topics include system/network architecture, mobility management, vertical handoff, routing, Medium Access Control, scheduling, QoS, congestion control, dynamic channel assignment, and security Āe book aims to provide readers with an all-in-one reference containing all aspects of the technical and practical issues in UMA technology Āe chapters in this book are organized into three parts: Part I: Architectures Part II: Protocols and Security Part III: Standards and Applications Part I introduces the basics, QoS, resource management, mobility management, and security in UMA technology Part II concentrates on the protocol issues and security challenges in UMArelated technologies, including WirelessPAN, Wi-Fi, and WiMAX Part III presents the standard specifications and various applications Āi s book has the following salient features: Provides a comprehensive reference for UMA technology Introduces basic concepts, efficient techniques, and future directions Explores standardization activities and specifications in UMA and related wireless networks Bluetooth, Wi-Fi, and WiMAX Offers illustrative figures that enable easy understanding vii Zhang/Unlicensed Mobile Access Technology AU5537_C000 Finals Page viii 30.7.2008 07:52pm #8 viii Āe book can serve as a useful reference for students, educators, faculties, telecommunication service providers, research strategists, scientists, researchers, and engineers in the field of wireless networks and mobile communications We would like to acknowledge the effort and time invested by all contributors for their excellent work All of them are extremely professional and cooperative Our thanks also go to the anonymous chapter reviewers, who have provided invaluable comments and suggestions that helped to significantly improve the whole text Special thanks go to Richard O’Hanley, Catherine Giacari, and Stephanie Morkert of Taylor & Francis Group for their support, patience, and professionalism during the entire publication process of this book Last but not least, special thanks should also go to our families and friends for their constant encouragement, patience, and understanding throughout the writing of this book Yan Zhang, Laurence T Yang, and Jianhua Ma Zhang/Unlicensed Mobile Access Technology AU5537_C000 Finals Page ix 30.7.2008 07:52pm #9 Editors Dr Yan Zhang received his PhD from the School of Electrical and Electronics Engineering, Nanyang Technological University, Singapore Since August 2006, he has been working with the Simula Research Laboratory, Norway (http://www.simula.no/) He is associate editor of Security and Communication Networks (Wiley), and he is on the editorial boards of the International Journal of Network Security, Transactions on Internet and Information Systems, International Journal of Autonomous and Adaptive Communications Systems, and the International Journal of Smart Home He is the editor for the Auerbach Wireless Networks and Mobile Communications series Dr Zhang has served as guest coeditor for a few journals and selected papers He has coedited numerous books, including, Resource, Mobility and Security Management in Wireless Networks and Mobile Communications; Wireless Mesh Networking: Architectures, Protocols and Standards; Millimeter-Wave Technology in Wireless PAN, LAN and MAN; Distributed Antenna Systems: Open Architecture for Future Wireless Communications; Security in Wireless Mesh Networks He has served as the workshop general cochair for COGCOM 2008, WITS-08, and CONET 2008, and has organized and cochaired numerous conferences since 2006 He has been a member of technical program committees for numerous international conferences including ICC, PIMRC, CCNC, AINA, GLOBECOM, and ISWCS He received the best paper award and outstanding service award in the IEEE 21st International Conference on Advanced Information Networking and Applications His research interests include resource, mobility, spectrum, energy, and security management in wireless networks and mobile computing He is a member of IEEE and IEEE ComSoc Dr Laurence T Yang is a professor of computer science at St Francis Xavier University, Antigonish, Nova Scotia, Canada His research includes high-performance computing and networking, embedded systems, ubiquitous/pervasive computing, and intelligence He has published around 280 papers in refereed journals, conference proceedings, and book chapters in these areas He has been involved in more than 100 conferences and workshops as a program/general conference chair and in more than 200 conferences and workshops as a program committee member He has served as a chair, vice-chair, or cochair on a variety of IEEE Technical Committees and Task Forces In addition, he is the editor-in-chief of 10 international journals and a few book series He is also an editor for 20 international journals He has edited or contributed to 30 books and has won numerous best paper awards from the IEEE Dr Jianhua Ma is a professor at the Faculty of Computer and Information Sciences, Hosei University, Japan, since 2000 He has had 15 years teaching/research experience at National University of Defense Technology, Xidian University, and the University of Aizu From 1983 to 2003, his ix Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 393 30.7.2008 06:19pm #3 Index A Access categories (ACs) queues, 171 user traffic priorities mapped to, 170–171 Access category index (ACI), 309 Access network convergence, 21 Access points AP detection mechanism, 91–92 placement of, 64–65 ultrathin, 67 Access services network (ASN), 124 ACK procedure, 173 ACK-Security-Block packet, 190 Adaptation Protocol (L2CAP), 382 Address Resolution Protocol spoofing, ARP spoofing Ad hoc mesh network, 156 Ad hoc QoS multicast, 272 AES (advanced encryption standard), 12, 78, 215 Algorithmic attacks, 213 Ambient networks (ANs), 368–369 Analytic hierarchy process (AHP), 127 AP caching scheme, 194–195 AP List Request, 193 Application server level convergence, 22–23 AQM, see Ad hoc QoS multicast ARF, see Auto rate fallback ARP spoofing IP addresses and hardware addresses, 90–91 protections against, 91 ASN gateway (ASN GW), 124 ASTM-E17.51, 300 Authentication and Key Agreement, 224 third generation, mechanism of, 225 Authentication server (AS), 199 AUTHORIZATION-DATA, 220 AUTN (authentication vector), 225 Auto rate fallback, 59 B Backoff algorithm, 236–237 BANs, see Body area networks Base stations (BSs) average system throughput of, 239, 243 backoff process, 236 bandwidth allocation to SS, 180 broadcasting process, 235–236 BS_1, 370 BS_2, 379 data subcarriers, 235 DL/UL throughput, 239–241 listening process, 235 OFDM subcarriers of, 234 reconfiguration process, 236 re-listening process, SSs, 236 service flow between SS and, 181 subcarriers distributions, 245–246 and stations’ starting order, 240–241 Base transceiver station, 224 Basic service set, see BSS Basic Service Set Identifier (BSSID), 189 Beamforming and beam-steering antennas, 286 Benevolent oppnet, 364–365 BE scheduling, 179 B3G networks (Beyond 3G networks), 20 multidimensional heterogeneity, 21 Bluetooth technology, 351 cell phones, 370 dongle, 382 smoke detectors, 360, 383 WPAN, 326 Body area networks, 353–354 Broadcasting algorithm, 235–236, 237 Brute force attack, 212 BS algorithms, 235–236 BSS, 65, 69–70, 164–165, 189, 208 BTS, see Base transceiver station Bypass scanning, 193–194 C Cache hit and cache miss, 195 Caching technique, bypass scanning, 193 Candidates, 353 393 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 394 30.7.2008 06:19pm 394 #4 Unlicensed Mobile Access Technology CAP CTAs requests, 149, 328 of HCCA, 172 of piconet, 159 Carrier Sense Multiple Access with Collision Avoidance, 148, 164–166, 303, 328 Carrier sense threshold selection, 57 CBR, see Constraint-based routing CCA, see Clear channel assessment CCH, see Control channel CCH interval (CCHI), 310 CCMP (generic encryption block cipher), 215 cryptographic key, 83 security scheme, 84 CEDAR core network, 267 operation, 268 Cell phones; see also MIDlets bluetooth-enabled, 370 with GPS, 365 programming, Java-based, 382 towers, 354 CEN, see European Committee for Standardization (CEN) Centralized radio resource management architectures using CAPWAP protocol, 67 wireless access point, 65–67 Certification authorities (CAs), 220–221 Channel access enhanced distributed, see Enhanced distributed channel access) multi-channel protocols, 258–259 single-channel protocols, 258 Channel estimation, 257 Channel mask, 192, 194 Channel quality, receiver, 59 Channel router, 309 Channel selection adjacent-channel interference, 63–64 objective of, 61 transmit spectrum mask, 63 in wireless LANs, 62 Channel selector, 308–309 Channel time allocation period, see CTAP Chaotic deployment, 54 Cipher key, 224 Ciphertext, 212 Class opportunistic networks, 369–370 Clear channel assessment modes, 57 Clear-to-send packet, see CTS packet Client-centric control approach, 65 Client-to-client attacks, 211 Cognitive radio, 232 Constraint-based routing, 255–256 Contention access period, see CAP Control channel WAVE devices, 302, 304, 310, 312–313 WBSS services, 315, 319 Coordinated radio resource management architecture, 66 Coordinated universal time, see UTC Core extraction distributed ad hoc routing, see CEDAR Core network convergence, 21–22 Core services network (CSN), 124 CRC-32, 214 Cross-layer design, 194 Cross-layer models class-parameter mapping in, 264 INSIGNIA, 263–264 operation of, 263 Cryptographic attackers, 210 CSMA/CA, see Carrier Sense Multiple Access with Collision Avoidance CSMA/CA networks transmit power, 56–57 transmit rate, 58 CTAP, 149, 328–329 CTS packet, 157, 165–166, 210 D Data encryption, 12–13 Data link layer and MAC protocol, 258–259 sublayers, 257 Data transmissions in MAC protocol, 258–259 using FDD and TDD, 175 WAVE MAC-QoS architecture for, 309 DCF, see Distributed coordination function DCLCR problem, 268 Decentralized radio resource management architectures, 65 Decryption algorithm, 213 Dedicated short range communication, 299–300 Delay tolerant networks, 369 Demand management, 299 Denial-of-service (DoS) attacks, 199, 211 Dense deployment, wireless network aggregates, 54 Destination addresses (DAs), 210 DHCP, see Dynamic Host Configuration Protocol Differentiated Services (DiffServ), 255 DiffServ (DS) Architecture, 38–39 Direct-sequence spread-spectrum (DS-SS), 327 Distributed algorithms interference mitigation, 802.16 system BS algorithms, 235–236 data subcarriers, 235 OFDM subcarriers, 234 simulator testing performance of, 238–246 SS algorithms, 237 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 395 30.7.2008 06:19pm Index Distributed coordination function, 164 Distributed system service (DSS), 209 Distribution system (DS), 208 DL/UL throughput for BSs, 240 factors affecting neighboring stations, transmissions of, 241 transmission power, 239 DNS server address, 318 DoS attacks, 9, 15, 17 unauthenticated control frames, 90 4-way handshake blocking, 92 DSRC, see Dedicated short range communication DSRC networks applications, 302–303 basic units of, 301 building blocks of, 303–304 WAVE communication stack, 304–305 802.11e EDCA architecture, 308 security concerns, 321–322 WAVE network layer services, 316–317 DTNs, see Delay tolerant networks Dual-mode handset, see UMA-enabled dual-mode mobile handset Dynamic Host Configuration Protocol, 134 Dynamic Service Addition Request (DSA-REQ), 181–182 E EAP, 215 authentication method message flow, 80–81 RADIUS protocol, 79–80 key management, 82–83 EAP-AKA, 225, 287; see also Authentication and Key Agreement EAPOL-Start message, 199 EAP-SIM, see Extensible Authentication Protocol-Subscriber Identity Module EAP-SRP, 220 EAP-TLS mutual authentication for IEEE 802.11i RSN, 81 network latencies, 86–87 EAP-Transport Layer Security (EAP-TLS), 221 EAP-TTLS, 221–222 EDCA, see Enhanced distributed channel access EDCA mechanism, drawback of, 173 Ego hackers, 210 Encryption algorithm, 213 End-to-end QoS architecture, 46 Enhanced distributed channel access access categories first-in first-out queues, 171 traffic priorities mapped to, 169–170 #5 395 Enhanced ticket-based routing, 269 ER-GSA, see Exclusive-region global search algorithm ertPS scheduling algorithm, 178–179 ETBR, see Enhanced ticket-based routing EtherType, 305 European Committee for Standardization (CEN), 300 Exclusive-region global search algorithm, 337–338 Exclusive regions, 331–332 Expanded oppnet, 353–354 Extended rtPS scheduling algorithm, see ertPS scheduling algorithm Extended service set (ESS), 208 Extensible Authentication Protocol, see EAP Extensible Authentication Protocol-Subscriber Identity Module, 224 F Fair allocation, bandwidth, 340 Fast handoff schemes bypassing scanning, 193–194 channel masks and AP caching schemes, 194–195 cross-layer design strategies, 194 fast scanning methods, see Fast scanning location-based, 194 NG and NG-pruning schemes, 195–198 to reduce re-authentication delays IEEE 802.11i pre-authentication, 199 PNC scheme, 199–201 predictive authentication scheme, 201 using geolocation information, 198 Fast scanning full scanning, 191–192 selective scanning, 192–193 FHRs, see Frequent handoff regions FHR scheme, see Predictive authentication scheme Fixed WiMAX; see also Mobile WiMAX functionality, 285 IEEE 802.16-2004 standard, 282 orthogonal frequency division multiple access, 283 smart antenna, 285–286 Flexible QoS Model for mobile networks, see FQMM FQMM channel utilization, 262 node identification in, 261–262 Frame structure with FDD and TDD, 175 Frequency-selective scheduling, 289 Frequent handoff regions, 201 G GA-CSR protocol, 43–44 GAN, 351 architecture and functional components, 24, 43 comparison with I-WLAN, SCCAN and MIH, 30–31 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 396 30.7.2008 06:19pm 396 #6 Unlicensed Mobile Access Technology GAN controller (GANC) mobile station, 43 protocol mapping in, 43–44 3G and WLAN integration architecture, 114 GA-PSR protocol, 44 Gauss–Markov model, 129 Generalized Multi-Protocol Label Switching, 255 Generic Access Circuit Switched Resources protocol, see GA-CSR protocol Generic access network, see GAN Generic Access Packet Switched Resources protocol, see GA-PSR protocol Generic object exchange, 382 Geolocation information, for fast handoff, 198 Global positioning system (GPS), 128 G/MPLS, see Generalized Multi-Protocol Label Switching 3GPP (Third Generation Partnership Project), 5, 117, 224 GPRS systems QoS, 39 security features in, 13 GPS server, 198 Grey relational analysis (GRA), 128 Grid computing, 366–367 Group key handshake, 83 GSM, 223–224 GSM/GPRS core network open platform, 15–16 QoS in, 39 UMA standard, 36 UMA technology and, 13 UNC, security threats due to, 8–9 GSM security features, 13 implications of UMA for countermeasures for, 16 open platforms, 15–16 H Handoff process authentication, 189–190 fast, see Fast handoff schemes reassociation and association, 190 scanning, 188–189 for WLANs, 191 Handover Initiate message, 198 Handover measurements, UMA system from GSM to UMA, 116 4-way handshake delay, 86–87 message flow, 82–83 HARQ, 286 HCCA, see HCF controlled channel access HCF, see Hybrid coordination function HCF controlled channel access access scheduling framework, 174 controlled access phases in, 172 TXOP allocation, 173 Helpers, 353 OVM primitives for, 359 pseudocode for, 363 Heterogeneous mobile networks QoS management in GGSN and IMS, 42 policy rules, 43 Hierarchical/clustered topologies, 259 Hierarchical mobile SIP (HMSIP), 133, 135 High data rate wireless personal area networks, 148–150 High-performance radio metropolitian area network, see HiperMAN HI message, see Handover Initiate message HiperAccess, 293 HiperMAN, 293 HLR, see Home location register Home location register, 223–224 Home network convergence, 21 HR-WPANs, see High data rate wireless personal area networks Hybrid automatic repeat request, see HARQ Hybrid coordination function, 164 Hybrid-routing protocols, 260 I IAPP, see Inter-Access Point Protocol Idle mode, 290 IEEE 802.15.3, 326, 328–329 IEEE 1609.2, 321 IEEE 1609.4, 303 IEEE 802.11a and Hiper Lan/2, coexistence issues between, 231 IEEE 802.11b/g, 202 IEEE 802.11 delays, 87–88 IEEE 802.11e MAC layer access mechanisms drawback of, 173 enhanced distributed channel access, 169–171 HCF controlled channel access, 172 performance enhancement techniques, 173–174 IEEE 802.16e-2005 standard, 282, 284, 287, 289 IEEE 802.11i security standard confidentiality and integrity, 83–84 delay-reducing mechanisms, 87 deploying, problems in, 88 EAP-TLS authentication delays, 86–87 key hierarchy, 81–82 key management, 82–83 mutual authentication, 80–81 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 397 30.7.2008 06:19pm #7 Index port-based access control mechanism, 78–79 pre-authentication mobile stations, 199 and PMK caching, 84 RSN connection process, 84–86 4-way handshake blocking, 92 IEEE 802.11p, 303, 308 IEEE 802.11r, 202 IEEE 802.11 standard AP and mobile station authentication, 189–190 reassociation and association, 190 scanning, 188–189 control and management frames, 89 frame control field, 91 open system authentication, 189 shared key authentication, 189–190 state machine, 89 WEP, security features, 76–77 IEEE 802.15.3 standard, 148–150 IEEE 802.16 standard management connections, 177 QoS related mechanisms, 180 activation model, 182–13 dynamic service establishment, 181–182 service flow QoS scheduling, 181 WiMAX technology based on, 174 IEEE 802.16-2004 standard, 282, 285 IEEE 802.21 standard, 4–5 IEEE 802.11h standard amendment, 68–69 IEEE 802.11k standard amendment, 69–70 IEEE 802.11v standard amendment, 70 MIH of, 23 IEEE 802.16 system BS and SSs, 232 distributed algorithms for interference mitigation in BS algorithms, 235–236 data subcarriers, 235 OFDM subcarriers, 234 simulator testing performance of, 238–246 SS algorithms, 237 physical layers MAC layer, 232–233 PHY layers, 233 stations starting order, 241–242 IEEE 802.1X, 198 IEEE 802.1X port-based network access, 78–79 Impulse radio, 327 IMS, see IPMultimedia Subsystem Initialization vector (IV), 76–77 Insertion attacks, 211 INSIGNIA model, 263; see also Cross-layer models architecture of, 265 user session adjustment, 264 Integrated Services (IntServ) architecture, 38, 254 397 Intelligent channel scanning, 192 Inter-Access Point Protocol, 190 Interference, license-exempt wireless systems, 231 Internet Key Exchange v2 (IKEv2), 9, 12 Internet QoS architectures, 38–39 traffic classification and packet marking, 39 Interworking-WLAN, see I-WLAN Intrusion attacks, IP access networks GSM networks available over, IP-IAPP scheme, 194 IP Multimedia Subsystem core network infrastructure, 22 and 3G architecture, 117 I-WLAN deployment with, 29 WiMAX supports to, 286–287 IP multimedia subsystem (IMS), 133 IPv6 neighbor cache, 317–318 IPv6 prefix, 198 IR, see Impulse radio I-WLAN evolved UMTS architecture, 26–27 3GPP Release specifications, 25–26 protocols, 26 I-WLAN R7, 26–27 J Jain’s fairness index, 340 Java server, 379–380 flow of control for, 383 on Linux, 382 K Kerberos (secret-key authentication protocol), 218–220 L LEAP authentication message flow, 217–218 authentication protocol, 217 License-exempt spectrum, 230 Lightweight Extensible Authentication Protocol, see LEAP Link asymmetry, 56–57 Listening algorithm, 235, 237 Lites, 353 OVM primitives for, 360 pseudocode for, 364 LLC, see Logical link control Location-based vertical handover decision algorithm, 128–129 Logical link control, 382 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 398 30.7.2008 06:19pm 398 #8 Unlicensed Mobile Access Technology M MACA/PR Protocol, 157 MAC header, 210 MAC layer access mechanisms of CSMA/CA protocol, 165–166 distributed coordination function, 167–168 inter-frame space, 166–167 point coordination function, 168–169 architecture in 802.11e, see IEEE 802.11e MAC layer based approach for interference mitigation, 231 data traffic bursts supports, 284 handoff process, see Handoff process scheduling, 285 802.16 system bandwidth request slots, 233 PMP connection, 232 MAC layer management entity (MLME), 309, 321 MAC protocol, 148, 209, 329–329 design of channel access, 258–259 transmission initiation and topologies, 259 in IEEE 802.15.3, 328–329 for WMNs, 156 MAC Service Data Unit, 310 Malevolent oppnet, 364–366 Management channel time allocation, 149 MANETs, 250 application areas of, 253 method of operation, 251 mobile nodes, 251–252 network scalability, factors affecting, 266 QoS management models for constraint-based routing, 256 differentiated services, 255 G/MPLS, 255 integrated services, 254 traffic engineering, 255–256 QoS problems, 254 QoS signaling mechanisms ASAP and AODV, 274 dRSVP, 273–274 RSVP, 273 QoS support in in application layer, 260–261 in data link layer, 257–259 in network layer, 259–260 in physical layer, 256 QoS models for, 261–264 in transport layer, 260 routing protocols for classification of, 267 with QoS support, 266–273 without QoS support, 265–266 Man-in-the-middle attack, 212 Markov chain, 337 Markov decision process, 128 MaxChannelTime, 189 Maximum weighted independent set (MWIS), 333–337 MCTA, see Management channel time allocation Media independent command service, 28 Media independent event service, 27–28 Media independent handover, see MIH Media independent information service, 28–29 Medium access control layer, 304, 326 Mesh networks, 368 Mica2Motes, 379, 382 Michael, Message Integrity Code, 215 MicroOppnet, 350–351 application scenario for, 383–384 design of, 380–382 implementation, 382–383 overview, 370–380 MICS, see Media independent command service MIDlets, 382 flow of control, 384 MIES, see Media independent event service MIH architecture, 27 functional components media independent event service, 27–28 MICS and MIIS, 28–29 potential integration with current network architecture, 29–30 MIIS, see Media independent information service MinChannelTime, 189 MIPv4 and MIPv6, 130–131 MITM attack, see Man-in-the-middle attack Mobile ad hoc networks, see MANETs Mobile information device profile (MIDP) 2.0, 382 Mobile operators IMS infrastructure deployment, 22 network bandwidth, 36 UMA technology authentication process, 12 benefits of using, 4–5, security concerns, 16–17 Mobile-originated speech call procedure, 103–105 Mobile station assignment strategy, 60–61 authentication, 189–190 handover from GERAN to UMAN, 107–110 UMAN to GERAN, 110–112 scanning, 188–189 signaling architecture for CS domain, dual-mode, 98 for packet switched domain, dual-mode, 99 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 399 30.7.2008 06:19pm Index UMA–UMA handover, 113–114 and UNC discovery and registration procedure, 101–103 registration procedure, 101 updation procedure, 103 Mobile Stream Control Transmission Protocol, 131 Mobile subscribers authentication, 12 data and voice services, 5, mobile core service network over IP access network, Mobile switching center (MSC), 224 Mobile terminals (MTs) data packets, 130 Markovian model, 129 and MIH framework, 27, 29 open, security concerns of, 15–16 Mobile-terminated speech call procedure, 105–107 Mobile WiMAX; see also Fixed WiMAX applications, 291 equipment, 292 MAC scheduling service, 288–289 power-efficient operation, modes for, 290 QoS mechanisms, 288–289 scalable OFDMA, 284 seamless handoff supports, 289 security features in user authentication, 287 user data protection, 288 Mobility management discovery and registration procedure keep-alive process, 103 between MS and UNC, 101–103 handover from GERAN to UMAN, 107–110 handover from UMAN to GERAN, 110–112 mobile-originated speech call procedure, 103–105 mobile-terminated speech call procedure, 105–107 paging procedure, 112–113 registration update procedure, 103 seamless real-time handover with UMA, 115–116 testing methodology, 116–117 tightly coupled architecture, 114–115 VoWLAN phones, 115 UMA to UMA handover, 113–114 Motorola RAZR, 382 MOVE-Notify packet, 190 MOVE-Response packet, 190 MS, see Mobile station MS-CHAP, 219–220 M-SCTP, see Mobile Stream Control Transmission Protocol MSDU, see MAC Service Data Unit Multi-channel protocols, 258–259 Multi-hop mobile wireless network, 157 Multipath interference, 285 #9 399 Multiple radio interfaces, 193 MultiScan, 193 Multi-service scheduling, 330 Multi-user interface, 335–336 N NAS (network access server), 216 nCite SGW, 14 Neighbor graph, 192–193 defined, 196 Neighbor graph caching, 193 nesC, programming, 382 Network allocation vector (NAV), 166, 189 Network-centric control approach, 65 Network selection analytic hierarchy process, 127 grey relational analysis, 128 NG, see Neighbor graph NGC, see Neighbor graph caching NG-pruning schemes, 195–198 NG server, 193, 196 Nokia cell phones, Java-enabled, 382 NONCE-MT, 224 Nonlinear mixed-integer programming (NLIP), 336 Nonoverlapping graphs, 196–197 Nonpersistent WBSS, 313–314, 318 Non-real-time polling uplink scheduling, see nrtPS uplink scheduling NP-hard problem, 332, 337 nrtPS uplink scheduling, 179 O OBEX, see Generic object exchange OBU, 301–302, 304, 316 OFDM, 283, 327 OFDMA, see Orthogonal frequency division multiple access On-board unit, see OBU OnStar, 353–354 Open platforms security threats countermeasures against, 16 DoS attacks, 15–16 malicious software and Bluetooth technology, 15 Oppnet control center, 361 Oppnets, 350 application development by using OVM, 360–361 benevolent and malevolent, 364 characteristics, 362 comparison with P2P networks, 366 control flow in, 356 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 400 30.7.2008 06:19pm 400 #10 Unlicensed Mobile Access Technology emergency applications, 363 expanded, seed oppnet growth into, 354 and grids, 367 home/office applications, 364 lites, see Lites predator, 365 reserve, 355 seed, 352–353 Oppnet virtual machine, 357 oppnet application development, 360–361 primitives for CC and seed nodes, 358 for helpers, 359 for lites, 360 Opportunistic networks class I, 369–370 class II, 352–355 Orthogonal channels, 62 Orthogonal frequency division multiple access, 124 Orthogonal frequency division multiplexing, see OFDM Over-the-air frame formats, 305–306 OVM, see Oppnet virtual machine P PaA (proportional allocation algorithm), 332–333 Packet data performance tests, 116–117 Packet paging for circuit mode service, 112–113 for GPRS data service, 112 Packet radio network, 157 Paging procedure, 112–113 Pairwise transient key, 82 APs and SAs, 84 PANDA, 269 PBNM framework architectural elements, 41 in QoS management, 42 end-to-end, 47 PBX, see Private branch exchanges PCF, see Point coordination function PEAP, 221–222 Peer-to-peer (P2P) networks, 366 PEP, see Policy enforcement point Persistent WBSS, 513–514 Pervasive technologies, 351 Phishing, 90; see also ARP spoofing PHY layer-distributed approach, 231 Physical layer(s) for 802.11 and 802.16-2004, 285 capture, 56 jamming of, 88 for 802.16 system, 232–233 Piconet bridge interconnection, time slots in superframe, 156 data transfer in, 150 downlink and uplink traffic, performance of, 158–159 interconnection, standpoint of master–slave bridge, 150–151 slave–slave bridge, 152 using different RF channels, 153 ISM band, 150 MAC parameters, 157 mesh networks channel time scheduling, 154–155 master–slave bridge, 154 slave–slave bridge, 154 superframe format in, 149 superframe structure, 158 Piconet coordinator, 329–330 PKD, see Proactive key distribution PKG see Private key generator PLCP (Physical Layer Convergence Protocol) header, 210 PMKSA caching, 84 PNC, see Piconet coordinator PNC-capable device, 150 PNC scheme, 200 Point coordination function, 164, 168–169 Policy enforcement point, 41 Polling, 180; see also Base stations (BSs) Portal function, 316–317 Port-based access mechanism, 79 Positional attribute-based next-hop determination approach, see PANDA Pre-authentication, 199 wireless station, 84 Predator oppnets, 365 Predictive authentication scheme, 201 Predictive routing, 273 Pre-master secret, 221 Private branch exchanges, 23–24 Private key generator, 221 PRNET, see Packet radio network Proactive key distribution, 87 Proactive key distribution schemes, 199–200 Proactive-routing protocols, 259–260 Probe delays, 191 ProbeDelay time, 189 Probe Request frames, 188 PROXYABLE, 220 PRP, see Proactive-routing protocols PS-poll frames, 90 PTK, see Pairwise transient key Q QOLSR flooding process, 270–271 QoS, see Quality of service Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 401 30.7.2008 06:19pm Index QoS multipath routing, 269 QoS routing, 265 Quality of service, 164, 300 definition, 35 for heterogeneous traffic, 333–339 in IEEE 802.11e MAC layer, see IEEE 802.11e MAC layer IEEE 802.16 standard components of, 183 DSA-REQ message, 181–182 MAC transport, service flow, 181 mechanisms of, 180 two-phase activation model, 182–183 of Internet, see Internet QoS management in heterogeneous mobile networks, 42–43 PBNM framework for, 41–42 in UMA, 44–47 parameters, 177 provision, challenges to, 38 support for, 45–46 user’s perception of network, 37 in WiMAX networks addressing and connections, 176–177 architectures supporting, 183–184 mesh mode, 176 PMP mode, 174–176 in wireless cellular networks GSM/GPRS network, 39 UMTS network, 39–40 in wireless LANs, 40–41 Quality Optimized Link State Routing, see QOLSR R RaA (repeating allocation algorithm), 333 Radio resource management, 52 architectures centralized versus decentralized, 65 coordinated versus uncoordinated, 66 network-centric versus client-centric, 65 using CAPWAP protocol, 66–68 virtualized wireless access networks, 68 network management, 70 radio resource measurements, 69–70 spectrum management, 68–69 tuning parameters, see Tuning parameters in UMA networks access schemes, 53 chaotic and dense deployment, 54 Radio signal strength, 125 Radio transceiver, 193 RADIUS-Access-Accept message, 199 #11 401 RADIUS-Access-Challenge message, 199 RADIUS-Access-Request message, 199 RADIUS (Remote Authentication Dial-In User Service) server, 190, 198 RAND, 224–225 RBAR, see Receiver-based auto rate RC4 (stream cipher), 76 Reactive-routing protocols, 260 Ready-to-send (RTS) packet, 210 Real-time polling service scheduling algorithm, see rtPS scheduling algorithm Reassociation, 190 Receiver-based auto rate, 59 Receiver-initiated protocols, 259 Reef Point SGW, 14 Remote IP layer, 26; see also I-WLAN Resource Reservation Protocol, 38 RFCOMM protocol, 382 Robust secure network, see RSN Routers, 368 advertisement, 194 Routing algorithms, 259 Routing protocols, 251 for MANETs with QoS support ad hoc QoS multicast, 272–273 AODV with QoS extensions, 269 CEDAR, 267–268 enhanced ticket-based routing, 269 PANDA and QoS multipath routing, 269 predictive routing, 273 QOLSR, 270–271 ticket-based probing, 268 WARP, 271–272 RSN, 215 concept, 78 connection process active/passive network discovery procedure, 84–85 legacy authentication, 85–86 key hierarchy, 81–82 RSN associations (RSNAs), 78 RSS, see Radio signal strength RSVP, see Resource Reservation Protocol rtPS connection, 184 rtPS scheduling algorithm, 178 S Scalable OFDMA, see S-OFDMA 802.11 scanning, 188–189 SCCAN comparison with MIH, 29–30 UMA and I-WLAN, 29 enterprise solution architecture, 23–24 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 402 30.7.2008 06:19pm 402 #12 Unlicensed Mobile Access Technology Scheduling algorithms comparisons on minimum utility, 343 comparisons on traffic classes, 341–342 efficiency and stability, 344–345 Scheduling services, 177–178 SCHs, see Service channels Script kiddies, 210–211 SDP, see Service discovery protocol SDR, see Software defined radio Seamless converged communications access networks, see SCCAN Seamless convergence at application server level, 22–23 in core network, 21–22 GAN architecture, 24–25 of heterogeneous access networks, 32 in heterogeneous networking architecture, 20 in home network and access network, 21 Interworking-WLAN, see I-WLAN limits and potential of, 29–31 media independent handover, see MIH SCCAN, 23–24 Seamless mobility management, 114 Seamless network architectures; see also Seamless convergence classification, 21 recommendations for, 32 Second-generation cellular infrastructure, 292 Secure remote password, 220 Security gateway, 10 deployment solutions for nCite and Reef Point SGW, 14 VPN-1 MASS, 15 IKEv2 and, 12 quality of service mechanisms, 13 role in UNC, 11 SEED_discover, 380 SEED_listen, 380 Seed nodes, 353 OVM primitives for, 358 pseudocode for, 362 Seed oppnets, 352–353 SEED_sendTask, 380 Selective scanning, 192–193 Sender-initiated protocols, 259 Send-Security-Block packet, 190 Sensornets, see Wireless sensor networks Sensor network-assisted handoff, 193 Service channels, 302, 304 Service discovery protocol, 282 Service flow QoS scheduling, 181; see also IEEE 802.16 standard Service platform level convergence, see Application server level convergence Service providers benefits of UMA for, UMA security, countermeasures, 10 implications of adding UNC, security gateway, 13–14 security risk assessments, 8–9 Service set identifier, 189 Session Initiation Protocol (SIP) end-to-end mobility management, 133 setting, procedure of, 132 SGW, see Security gateway Short inter-frame space (SIFS), 166 Signal-to-interference ratio, 125 Signal-to-noise-plus-interference ratio (SINR), 149 SIM card, 223 Simple diversity antennas, 286 Simulator BSs and SSs simulation results, 239–246 SNR thresholds and simulation parameters, 238 test topology, 236 Single-channel protocols, 258 SIR, see Signal-to-interference ratio Smart antennas, 285–286 Smooth channel scanning, 192 SNC scheme, 200 S-OFDMA, 284 Software defined radio, 232 Spontaneous networks, 370 SRES, 224 SRP, see Secure remote password SS algorithms, 237 SSID, see Service set identifier SS-initiated protocol, 181 Standard IP-based protocols, 98–100 Stargate gateways, 379, 382 STAs, see Wireless STAs Strong nodes, see Supernodes Strong password encrypted key exchange (SPEKE), 220 Subcarriers base station, 242–246 and BS algorithms, 235–236 data, 235 distribution, 240–241 guard, 234 OFDM, 231, 233–234, 242 and SS algorithms, 237 Subscriber identity module, see SIM Subscriber station (SS), 174 connection classifier, 179 DL/UL throughput, 239–241 management connections, 179–180 Superframe structure, 158 Supernodes, 366 Supply management, 299 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 403 30.7.2008 06:19pm Index #13 403 Symbian OS, 382 Synchronization algorithm, 235 Synchronization tolerance, 312 SyncScan, 192 Tuning technique, full scanning, 192 Tunneling layer, 26; see also I-WLAN Two-phase activation model, 182–183 TXOPs, 172–173 T U TBR algorithm, see Ticket-based probing algorithm TC-278, 300 TCP/IP socket connection, 380 TCP-Migrate Protocol, 131 TDD, 284 TE downlink and uplink, 158–159 mechanisms, components in measurement subsystem, 255–256 modeling and optimization subsystem, 256 Temporal Key Integrity Protocol (TKIP), 78, 83, 215 Third-generation cellular infrastructure, 292 Third Generation Partnership Project (3GPP), 132 Ticket-based probing algorithm, 268 Tightly coupled architecture, 114; see also Mobility management Time division duplex, see TDD Timestamp field, 310–312 Timing information field, 311 TinyOS, 382 TKIP, see Temporal Key Integrity Protocol T-Mobile VPN connection, 380, 382 WAP and GPRS connections, 382 TPC mechanisms, 56 Traffic analysis attack, 212 Traffic class behavior of, 40 streaming, 39 Traffic conditioner, 262 Traffic engineering, see TE Transmit rate adaptation, principle of, 58 control, 59 frames and beacons, 58 Transport IP layer, 26, see also I-WLAN Transport layer, QoS support in, 260 TSF, see Timestamp field TSN (transitional security network), 215 Tuning parameters access point placement, 64–65 carrier sense threshold, 57–58 channel selection, 61–64 station assignment, 60–61 transmit power, 55 link asymmetry, 56–57 physical layer capture, 56 transmit rate, 58–60 UGS scheduling algorithm, see Unsolicited grant service scheduling algorithm UMAC, UMA-enabled dual-mode mobile handset data encryption, 12 seamless integration GSM RAN or broadband access network, 10–11 mobile networks and unlicensed spectrum networks, 5–6 set up preferences, 97 UMA network controller paging procedure initiation, 112–113 security gateway role in, 11, 96 security threats, UMA-enabled handset, 5–6 UMANs (UMA networks), GSM and GPRS mobile services, 117 interworking with cellular networks dual-mode handset, 97 functionality, 96 mobility management performance of, see Mobility management QoS management in, 44 communication phases, 47 end-to-end, 46 support for, 45–46 technical challenges, 48 radio access network, security in IEEE 802.11-based, see IEEE 802.11i security standard standard GERAN protocols, 97–98 standard IP-based protocols, 98–100 threat analysis core operational infrastructure, malicious subscribers, 8–9 security countermeasures, 10 security requirements, UMA-RLC protocol, 101 UMA-RR protocol, 100 WLAN and Bluetooth protocols, 98 UMA-RLC protocol, 101 UMA-RR protocol, 100 UMA technology, architecture, specification for subscriber security, 11–12 concept of, 6, 36 IP layer solution, 5, real-time handover with Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 404 30.7.2008 06:19pm 404 #14 Unlicensed Mobile Access Technology intelligent client software, 116 UNC, 115 seamless convergence solutions, 24–25, 29 security process communication between handset and UNC, 10–12 data encryption, 12–13 GSM security mechanisms, 13 mobile packet core protection, 13 security gateways, 13–15 user authentication, 12 subscriber service threats, subscriber threats, UMTS network connection management in, 40 network domains, 39 QoS, 40 UNC, see UMA network controller Uncoordinated radio resource management architecture, 66–67 Unlicensed Mobile Access Consortium, see UMAC Unsolicited grant service scheduling algorithm, 178 Uplink request/grant scheduling, 178–179 User authentication, 287 User priority, 309 UTC, 304, 310–312 Utility-based scheduling algorithm, 337–338 Utility functions, 334 Utility maximization, 340 Utility minimization, 340–344 Utility optimization problem, 334–337 Utility update, 338–339 UWB (ultra-wideband), 326 UWB PHY, 327–328 V Variable-sample approach, 338 Vehicular infrastructure integration (VII), 303 Vertical handover decision, admission control and resource sharing in blocking probability, 141 dropping probability, 142 system model, 137 traffic equations, 138–140 WiFi hot spots, mobility in, 140–141 data packets, 126 location-based, 128–129 mobility management solutions application-layer signaling protocol, 132–133 network layer, 130–131 transport layer, 131–132 network selection, 126–127 QoS degradation, 128 seamless SIP-based handover scheme, 132–135 user’s satisfaction of, 126 Virtualized wireless access networks, 68 VoWLAN phones, 115 VPN-1 MASS SGW, 15 W WARP (Wireless Ad-hoc Routing Protocol) link stability metric, 272 NDP, 271 PRP in, 271–272 WAVE, 301, 308–309 communication services, 313–314 network layer services, 316–318 security, 321–322 service management, 318–321 WAVE basic service set, 301–302 initiation and operations, 314–315 management, 319–320 vs non-WBSS operations, 313 persistent, 320 termination, 315 WAVE MAC services WAVE management entity (WME), 320–321 WAVE service advertisement (WSA) format, 306 WAVE service information element (WSIE), 306 WAVE services management (WSM), 318–322 WAVE Short Messages Protocol, 302, 312–313 WBSS, see WAVE basic service set Weather monitoring, 365 Weighted fair queuing (WFQ), 338 WEP attacks, 214 encapsulation, 213–214 IV, 213 key, 189 key stream, 214 WEP protocol initialization vector, 76–77 security concerns, 76 WiBro (wireless broadband), 292–293 WiFi hot spot, 128 Wi-Fi Protected Access, 215 authentication, 216–217 Wi-Fi Protected Access key mixing mechanism, 78 WiFi/WLAN/802.11b/g, 351 WiMAX, 300 applications/deployment scenarios IP/Ethernet traffic, 290 VoIP and broadcast, 291 base station and subscriber station, 174 comparison with 3G/2G, WLAN, and WPAN, 293 cyclic prefix (CP), 283 equipments, 292 HARQ feature of, 286 MAC layer, 284–285 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 405 30.7.2008 06:19pm Index network architecture inter-working and roaming, 287 IP multimedia subsystem support, 286–287 mobility and handover support capabilities, 289 modularity and flexibility, 286 physical layer orthogonal frequency division multiplexing, 283 scalable OFDMA, 284 time division duplex, 284 QoS of addressing and connections, 176–177 bandwidth allocation and request mechanisms, 179–180 data and scheduling services, 177–179 in mesh mode, 176 in point-to-multipoint mode, 174–176 quality of service mechanisms, 288–289 services flows in, 289 smart antennas, 285–286 WiMAX standard, see IEEE 802.16-2004 standard WiMAX/WiFi networks dual-coverage area, 138, 141 integrated, 136 location service server (LSS), 129 vertical handover decision, see Vertical handover decision Wired Equivalent Privacy protocol, see WEP protocol Wireless access in a vehicular environment, see WAVE Wireless LANs, 326 channel selection in, 62 handoff process for, 191 IEEE 802.11i security standard #15 405 confidentiality and integrity, 83–84 key hierarchy, 81–82 key management, 82–83 mutual authentication, 80–81 port-based access control mechanism, 78–79 pre-authentication and PMK caching, 84 RSN connection process, 84–86 4-way handshake blocking, 92 QoS of, 40–41 Ad Hoc Architecture, 164 basic service set, 164 IEEE 802.11e MAC layer, 169–172 IEEE 802.11 MAC layer, see MAC layer roaming, 202 security problems, wireless hotspots attacks on availability, 88–90 DoS attack, APs, 91–92 wireless ARP spoofing attack, 90–91 transmit rate control in, 59 Wireless mesh networks (WMN), 147 ad hoc networks, 148 Wireless metropolitan area networks, QoS of, 176–188; see also WiMAX Wireless sensor networks, 366–367 Wireless spectrum, licensed and license-exempt, 230 Wireless STAs, 208 WMPLS, 262–263 Worldwide Inter-Operability for Microwave Access, see WiMAX WSMP, see WAVE Short Messages Protocol WSMP format, 305–306 Zhang/Unlicensed Mobile Access Technology AU5537_C018 Pageproof Page 406 30.7.2008 06:19pm #16 ... 30.7 .2008 07:52pm #2 Zhang /Unlicensed Mobile Access Technology AU5537_C000 Finals Page iii 30.7 .2008 07:52pm UNLICENSED MOBILE ACCESS TECHNOLOGY Protocols, Architecture, Security, Standards and Applications. ..Zhang /Unlicensed Mobile Access Technology AU5537_C000 Finals Page i 30.7 .2008 07:52pm UNLICENSED MOBILE ACCESS TECHNOLOGY #1 Zhang /Unlicensed Mobile Access Technology AU5537_C000... 19 Zhang /Unlicensed Mobile Access Technology AU5537_C002 Finals Page 20 30.7 .2008 05:43pm 20 Unlicensed Mobile Access Technology 2.1 Introduction #4 Āe proliferation of fixed and mobile access technologies,