New personal IPv6 address scheme and universal CIM card for UCWW

Ivan Ganchev, Maiirtin O'Droma

Telecommunications Research CentreUniversity of Limerick

IRELAND{ Ivan.Ganchev, Mairtin.ODromal @ul.ie

Abstract: This paper proposes a new personalIPv6 address scheme and universal Consumer IdentityModule (CIM) card for future ubiquitous consumerwireless world (UCWW) established on the Consumer-based Business Model (CBM). The new person-centric,network-independent, IPv6 address class will enablereal consumer number ownership and full anytime-anywhere-anyhow portability for future generations ofmobile users empowered to opt out of their long-termsubscriptions with access network providers (ANPs),and use advertised communication services from anyconsumer-centric wireless access network present tothem. The new proposed universal CIM card will enableusers to use their personal IPv6 number with whateverterminal they choose thus facilitating advanced usermobility.

Keywords: Ubiquitous Consumer Wireless World,UCWW; Consumer-based Business Model, CBM;personal IPv6 address; Consumer Identity Module,CIM; X.509 public-key certificate.

1. Introduction

A new Consumer-based Business Model (CBM)(depicted in Figure 1) was proposed in [1, 2] as anevolution of, and alternative to, the legacy Subscriber-based Business model (SBM) for wireless accessservices in future ubiquitous consumer wireless world(UCWW). The vision is that CBM will subsume ratherthan replace SBM. In CBM the users will move backand forth anytime-anywhere-anyhow among accessnetworks for any and all services. They may opt out ofhaving any long-term network provider relationship, ormay have several, simultaneously and without conflict,with different providers. Thus the users are defined asconsumers rather than subscribers. The goal is creatingconditions for a greatly increased freedom for users inaccessing variety of services, creation of a new dynamicof consumer choice driving the realization of consumer-driven "always best connected and served" (ABC&S)paradigm [3], i.e. that it be consumer-driven rather than

1 Acknowledgement: This publication has emanated from a researchconducted with the financial support of Science Foundation Irelandunder the Basic Research Grant, 04/BR/E0082, and of theTelecommunications Research Centre, University of Limerick.

network-driven. Inherent in the essence of this thinkingwill be consumer-driven integrated heterogeneousnetworking. A further consequence will be greateropenness in the market to new teleservice businessentities and opportunities, especially the creation of anew economic driver for an enlarged and more openaccess network marketplace, and an infrastructure for apotential commercial Ad Hoc networking and openmesh-networking solutions.

Fig. 1. The CBM with a co-existent SBM environment

UCWW CBM prerequisites: Two essentialprerequisites for CBM are: (i) users owning their ownunique and personal number (address or identity asdescribed in this paper) which is globally significant andnetwork-independent; and (ii) the existence of anetwork-independent, trusted, third-party infrastructuralmeans to pay for services -third-party authentication,authorization and accounting (3P-AAA)- somethinglike a wireless equivalent of a credit card system. Theformer makes it possible for users to create local loopconnections with whatever 'consumer-open' accessnetworks they choose. The latter is a provision forseparating out the administration and management ofusers' AAA activity from the activity of supplying awireless access service by re-locating it with 3P-AAAservice providers (3P-AAA-SPs). By replacing thehome access network provider (together with itsproprietary AAA infrastructure), the 3P-AAA-SPbecomes the central player in obtaining wirelessservices (Figure 1). Thus also the distinction between

1-4244-1 178-5/07/$25.00 §2007 IEEE.

home and foreign access network providers willdisappear. The various providers' entities (accessnetwork providers, ANP; teleservice providers, TSP,value-added service providers, VASP) havearrangements with the 3P-AAA-SPs (full arrowedlines), through which payments for services purchasedby users (dashed arrowed lines), are transacted(typically users will received itemized transactionreports from the 3P-AAA-SPs). Thus consumers haveopened to them a greatly expanded freedom of gettingservices as 'local' to whatever ANP they 'casually'choose, for instance enabling them to avoid roamingtariffs.The 3P-AAA has also the potential to enablecommercially viable Ad Hoc networking and openmesh-networking [11] solutions where a terminal actinglike a one-node/one-router access network may offerwireless access services casually or persistently to othernodes and be paid for this service just as any CBMANP. This solution is exactly what is required for the'fine-grained mobile bazaar' proposal [4], morespecifically for the Ad Hoc networking incarnation ofthis, whereby an available idle terminal may act as anaccess node (i.e. effectively as an Ad Hoc or meshed-networked wireless router) to provide access, directly orvia a multi-hop link, to wireless communicationsresources, and further on to the Internet, and receivepayment for this service.A core UCWW technological infrastructural innovationproposed here (and in [1]) is the universal ConsumerIdentity Module (CIM) card with an embeddedperson-centric IPv6 identity, to supercede the SIM card.With CIM cards users can continue their long-termSBM-like subscription with their chosen access networkprovider, and explore their new potential as consumer-users.

The rest of the paper is organized as follows. The newpersonal IPv6 address scheme is described in section 2.The new universal CIM card is proposed in section 3. Ageneric communication scenario using consumer' spersonal IPv6 address is considered in section 4. Finallysection 5 concludes the paper.

2. Consumer Address Ownership and NewPerson-Centric IPv6 Address Class

The idea of having a unique identification for people isnot new. In 1995 ITU-T proposed a personal telephonenumber to be used for unique user identificationirrespective of the terminal used as part of the ITU-Tvision for Universal Personal Telecommunication(UPT) [5]. The 'all-IP' future communication conceptimplies shifting this idea right into the IP domain.Besides replacing the personal telephone number with apersonal IP address, another principal difference of ourproposal is that this personal IP address would be nottied to any access network, e.g. would not be a result of

any subscription-type relationship between a user andan ANP, and would be owned by the consumer-user.This address ownership is a key CBM enabler. Implicitin this is full number-portability.The concept of node identifier, e.g. [6], was proposed tosupport IP routing for Ad Hoc connectivity by unitingall physical-layer multihop topologies in a singlemultigraph topology. The node identifier serves to unifya set of wireless interfaces and identifies them asbelonging to the same Ad Hoc node. It consist in adynamically assignment of a new non-permanent IPv6local-use unicast address which would to serve as an AdHoc connector. However, our proposal for static,permanent, personal IPv6 address gives more flexibilityto set up and operate Ad Hoc networks because theconsumer's device can use the same IP address in everycase and in any communication scenario. Further thecommercial dimension and viability of Ad Hocnetworking (as well as mesh networking e.g. in atransportation environment) can be realised and servedthrough this address. In addition the uniqueness of thepersonal IPv6 address (managed and allocated by aglobal address supplier) will eliminate the need forduplicated IP address detection, which is compulsory in[6].Another approach to mobile node identifier is treated in[7]. It arose as a direct response to the need of a MobileIPv6 (MIPv6) node to identify itself using an identityother than the default home IP address during the firstregistration at the home agent. For this a new optionaldata field within the mobility header of MIPv6 packetswas defined. Our proposal for personal IPv6 address,however, provides the opportunity for more flexiblecontrol over mobility/roaming, e.g. by end-to-endexecution of handovers by consumers in collaborationwith teleservice providers, and independently of theaccess network providers, through the use of the multi-homed functionality of the mSCTP protocol, [8].Implicit here is a greatly multiplied functional capabilityand intelligence at the edge, i.e. in terminals andteleservice entities.The proposed new globally significant, network-independent, person-centric IPv6 address class shouldbe identified by appropriately assigned Class Prefix;Figure 2 shows a possible format.

128 bits

Class Consumer ID A signablePrefix CnueIDSub-address/ID

Fig. 2. The proposed person-centric IPv6 address class

Considering global population, the new class shouldcontain at least 10 billion IPv6 addresses, but probablyseveral times this should be reserved (this seemsfeasible, as the IPv6 address space is sufficiently large).For instance, having the length of the primary useridentification field Consumer ID ranging from 34 to 37bits will allow addressing of 17 to 137 billion people.An additional Assignable Sub-address/ID field, which

could be owner/consumer assignable, seems reasonable,e.g. to be used by the owner for dependent familymembers, or act as an owner-defined Terminal ID. Thiscould be useful in transition scenarios or in developingwireless scenarios, where it would greatly simplify theestablishment and functioning of a user's wirelesspersonal area network (WPAN) in any location (e.g.home, office, hotel room etc) without a need for IPaddress allocation by some authority, access networkprovider etc, and with the possibility for each of theseWPAN devices, with the owner assigned IP address,participating in separate IP-based teleservice sessionsover the Internet using consumer's 3P-AAA accounts asper consumer-enabled permissions. The assignable sub-address part may also be used to facilitate smooth user' sparticipation in Mobile Ad Hoc Networks (MANET)and Vehicular Ad Hoc Networks (VANET). The lengthof the field should be sufficiently large, e.g. as aTerminal ID, to allow addressing of tens of personalterminals. Just as getting a single personal IPv6 addresswould be a commercial transaction, obtaining more thanone IPv6 personal addresses, e.g. for different personalterminals, would be a subject to additional payment. Inaddition as there is no reason why users might notengage in address trading, the commercial legalarrangements should allow for this, e.g. ownershipshould be legally verifiable and transferable withoutdifficulty. Perhaps this responsibility would ultimatelyfall to an IANA/ICANN type organisation.Assuming acceptance of the 'personal IPv6' addressproposal, once an address is purchased by a user itnaturally must be prevented from being used by others.This could be achieved by a centralized purchasedscheme trough authorized address suppliers, each ofwhich owning a portion/subset of this new IP addressclass' space and identified by an optional AddressSupplier ID field or by characteristics in the ConsumerID. Personal IPv6 addresses may be sold within a'lease-based' system. Such a scheme could facilitateunused addresses (the leases for which have not beenrenewed) returning to the pool of available addresses.One point of concern with this permanent IPv6 addressused for user identification is related to possiblecompromise of privacy, e.g. tracking a user (terminal)as s/he (it) moves through different locations andgathering a statistics about used services. Howeversome of the existing mechanisms for privacy protection,c.f. [7], may still be used in our case too, e.g. encryptingthe traffic at the data link layer, encrypting the IP trafficbetween the user and the ANP, use of temporary,changing "pseudonyms" as identifiers, etc.Connection of incoming calls needs clarification. Unlikethe subscriber model, consumers through their uniquegeography- and network-independent address will notautomatically have a unique network point ofattachment through which they may receive incomingcalls. To enable consumers to be able to receiveincoming calls, a supplementary Incoming CallConnection (ICC) service (and supporting

technological infrastructure) is required. The newconsumer-oriented ICC service would best be managedand controlled by new extra-network service-providerentities which will work directly with the users and withthose access networks offering ICC support. The userswill be able to purchase flexible, simple or sophisticatedICC service from ICC service providers. Through theICC infrastructure, consumers will be enabled to receivecalls anywhere, not as today's global roamers but as a'local' to whatever access network(s) they chose toreceive their ICC support. Analogous to the networkaddress identifier (NAI) convention for present(network-dependent) IP addresses, a user-friendlypersonal address identifier (PAI) naming conventioncould be put in place for these personal IPv6 addressesto facilitate the ICC service provision [1].

3. New Universal X.509-based CIM Card

There is a need for this new IPv6 personal address to besecurely 'locked' to enable the user to be uniquelyidentified and authenticated for secure execution of the3P-AAA procedure, ICC services and teleservicepurchases, etc. This could be achieved by embeddingthe consumer's personal IPv6 address into his/her ITU-T's X.509 public-key digital certificate. The ITU-T'sX.509 authentication framework defines a good modelfor strong secure authentication with a minimumnumber of exchanges. The authentication is performedthrough simple automatic exchange of X.509 digitalcertificates between communication parties (consumer-users, access network providers, teleservice providers,etc.). It seems reasonable that at least the two-wayauthentication option of X.509 (i.e. authentication ofboth communication parties) must be employed. Thethree-way option (extra protocol exchange) is also likelyto be used, as it does not require the communicationparties to have synchronized clocks. The exchange ofcertificates will enable trusted relationships and securepayment transactions.The extensions defined in the current version 3 of X.509standard (X.509v3) provide methods for associatingadditional attributes to carry information unique to theowner of the certificate [9]. In particular the SubjectAlternative Name field, which allows additionalidentities (e.g. e-mail address, DNS name, IP address,URI etc.) to be bound to the owner, can accommodatethe proposed personal IPv6 address. As the X.509standard allows for multiple instances of eachalternative name, one certificate may include severalpersonal IPv6 addresses belonging to the same user. (Atrusted relationship between IANA/ICANN and acertificate authority will allow swapping IPv6 addresseson a certificate). This however must be clearly markedas a critical X.509v3 extension in order to be used in ageneral context. Because the Subject Alternative Nameis definitively bound to the public key, all parts of theformer (including personal IPv6 address) must be

verified by the certificate authority (CA). This processwill be greatly facilitated if 3P-AAA-SPs act as CAsand issue X.509 certificates with embedded personalIPv6 addresses to consumers. The personal IPv6 addressincorporated could be that supplied by the consumer orbe a new one.In [1] we proposed a universal CIM card through whicha consumer would use his/her personal IPv6 addresswith whatever terminal s/he chooses. Below we givesome more details on CIM. Financial institutions, suchas credit-card companies, are potentially suitable 3P-AAA-SP entities, which would facilitate a wirelesscredit card and manage a smooth replacement of today' scredit cards. Each cardholder-consumer would be issueda universal X.509-based CIM card, which could be usedwith any terminal and through which consumertransactions may be paid. Through the relevantCAs'/3P-AAA-SPs' public key infrastructures (PKIs),the validity of the certificates of all parties to atransaction may be mutually checked as required.The CIM card can be developed by latest Java Cardtechnology [10], which provides highly secure, market-proven, and widely deployed2 open platformarchitecture for the rapid development and deploymentof smart card applications meeting the real-worldrequirements of secure system operations. The Java cardmay typically be a plastic card containing an embeddedchip. A typical CIM card architecture is shown in Figure3.

Plug-ins

3P-AAM X.509 ICC User profileclient I certificate application mngmn

application application ... managementZ/I/A 11NN M/31 1N\N t//21 \\ application

Java Card API

Java Card Virtual Machine

Fig. 3. The CIM card structure

Different applications/applets could be deployed on theCIM card, e.g. a generic 3P-AAA client applicationsupporting the standardized 3P-AAA procedure overterminal interfaces, an application for managingconsumer's X.509 certificates, an ICC application forfacilitating the incoming call service provision, anapplication for managing the user profile, etc.Additionally installed plug-ins will allow furtherpersonalization of each application, e.g. in case of 3P-AAA the user may install a separate plug-in for eachindividual 3P-AAA-SP with whom s/he has anagreement for AAA, charging and billing of services(the use of a each particular 3P-AAA-SP is activateddepending on the current user context as specified in theuser profile). The commercial relation between the CIMcard issuer and the application provider is independent

2 More than 100 million Java cards used around the world in 2001[10].

of the platform technology, ensuring a really openmarket space [10]. For instance in the 3P-AAA case, thebusiness agreements are between the CIM card issuerand the 3P-AAA application provider, where the issuercan specify the extent of its responsibility for the overallcard security and the 3P-AAA application provider canassume its own responsibility for the secure 3P-AAAoperation of its in-card business logic implemented inthe loaded 3P-AAA client application.The Java Card platform provides a secure executionenvironment with a firewall between differentapplications on the same card. Each application canencapsulate sensitive data and algorithms withinobjects, which have provable behavior and increasedsecurity. Further security enhancements, such astransaction atomicity and cryptographic classes, are alsoprovided. In addition the dynamic download capabilityof the card ensures that applications can be securelymanaged, i.e. tamper-proof downloaded, installed,configured, updated, and removed after the card hasbeen issued. For example, VISA has recently initiatedthe Global Platform specifications as flexible loadingmechanisms that may be deployed with any Java Card[10].The Java Card Virtual Machine (JCVM) separatesapplications from the underlying hardware andoperating system. "Split virtual machine" architecture isused: one part is executed on the user terminal,preparing the code to be executed in the other part of thevirtual machine, on the card. The split JCVM design isintended to reduce the size of the applet imagedownloaded to the card and to minimize run-timememory requirements [10].The standardized API provides a uniform interface toapplications and extension Java packages.

4. Generic Communication Scenario

A generic communication scenario using consumer'spersonal IPv6 address is depicted in Figure 4 (forreasons of clarity the data link layer and the physicallayer are not shown in the figure).The scenario imagines a consumer seeking and findingthe best ANP (among those available in the currentlocation), through which to connect (over the Internet)to a TSP server in order to avail of a particularteleservice. After a successful mutual authentication (ofthe consumer and the ANP) based on the exchange ofX.509 certificates, the ANP (access router) checks withthe respective 3P-AAA-SP whether the consumer hassufficient credit for the requested wirelesscommunications service. Based on this information theANP decides to allow (or not) the consumer using itsservice for a particular period of time and for aparticular, perhaps budgeted, range of services. Then theANP (access router) accepts the permanent IPv6 addresssupplied by the consumer and updates the routing tablesof all routers within the ANP domain for proper local

routing (i.e. all ANP routers are notified about this newdestination) and confirms to the consumer that s/he maystart using the ANP wireless communications service.Then the consumer chooses a particular teleservice s/hewants to use and sends through his/her mobile terminal(MT) a service request towards the chosen TSP's server.This request is encapsulated in an IPv6 packet with theconsumer's personal IPv6 address written in the sourceaddress field. When this packet reaches the ANP egressrouter, the router translates the personal IPv6 address ofthe consumer (used only locally) to (one of) the IPv6address(es) of the egress router (used for global routingon the Internet). In other words as IP traffic passes fromthe consumer's MT to the Internet, the egress routertranslates 'on the fly' the source address in each packetfrom the personal IPv6 address of the consumer to (oneof) its IPv6 address(es). The reverse address translationis performed in the opposite direction. In fact this is aclassic form of the network address translation (NAT).

mSCTP

t2 TL -0- TL t6IPv4/lPv6 IPv4/lPv6 IPv6

N NL t3 - NL

t3 t4 t5

User Data

t1, t7 AL Data

t2, t6 TL Data

t3, t4 X IP Data

t5 KiA IP Data

ApplicationByte Stream

Application Layer PDU(AL PDU)

Transport Layer PDU(TL PDU)

IP packetwith IPv6 addressof ANP's egress router

IP packet with personal IPv6address of consumer

Fig. 4. A generic communication scenariousing consumer's personal IPv6 address

This NAT can be performed at any level of the ANProuting hierarchy - from the egress router to the access

router. However it seems better if NAT is performed atthe highest possible level (i.e. in the egress router)because this will simplify greatly the intra-domain MTroaming, i.e. when MT moves between differentARs/ANs belonging to the same ANP. In this case all IPpackets coming from the Internet will still be deliveredfirst to the egress router, which will forward them to theactual current location of the MT within the ANPdomain specified in the updated routing tables of ANProuters. If NAT is performed at any other level, than theTSP server has to be notified about every change of thedestination IP address (e.g. the address of the new AR towhich the MT has moved recently), or the previouslyused AR has to forward all new coming IP packets to

the new AR router.

5. Conclusion

The UCWW-CBM goal is to place wide-rangingfreedom and control in the consumer-user's hands inregard to access network choices based on personalalways best connected and served (ABC&S) criteriasuch as price/performance choices matched to personalprofiles. One of the foundational pillars for CBMrealization are a person-centric, geography-independent,and network-independent numbering scheme, whichwill enable truly full number portability. For this a newperson-centric IPv6 address class together with a secureuniversal Consumer Identity Module (CIM) cardutilizing X.509v3 digital certificate security have beenproposed. A generic communication scenario usingconsumer' s personal IPv6 address has been alsodescribed.

REFERENCES

[1] O'Droma M. and I. Ganchev. "Towards a UbiquitousConsumer Wireless World". IEEE WirelessCommunications, Feb. 2007, Pp. 2-13. ISSN: 1536-1284.

[2] O'Droma M. and I. Ganchev. "Techno-Business Modelsfor 4G" (invited paper), In Proc. of the InternationalForum on 4th Generation Mobile Communications, Pp.3.5.1-30, 20-21 May 2004, King's College London,London.

[3] O'Droma M., I. Ganchev, H. Chaouchi, H. Aghvami, V.Friderikos. "'Always Best Connected and Served'Vision for 4G Wireless World". Journal of InformationTechnologies and Control, Year IV, No. 3/2007, 14 Pp.

[4] Chakravorty R. et al. "MoB: A Mobile Bazaar forWide-area Wireless Services". Proc. ACMMobiCom'05 Conf:, Cologne, Germany. Pp. 228-242,Sep. 2005.

[5] ITU-T Recommendation F.851: Universal PersonalTelecommunication (UPT) Service Description -Service Set 1. Feb. 1995.

[6] Chelius G. and E. Fleury. "RFC Draft: IPv6 AddressingArchitecture Support for mobile ad hoc networks".September 2002. l w I

[7] Patel A. et al. "RFC 4283. Mobile Node IdentifierOption for Mobile IPv6 (MIPv6)". Nov. 2005.

[8] Koh S.J. et al. "mSCTP for soft handover in transportlayer". IEEE Communications Letters, Vol. 8, Issue3, Pp. 189-191. March 2004.

[9] Housley R. et al. "RFC 3820. Internet X.509 Public KeyInfrastructure Certificate and Certificate RevocationList (CRL) Profile". April 2002.

[10] Java CardTM Platform Security (technical white paper).Sun Microsystems, Inc. Pp. 1-26. 2001.

[11] Zhang, Y., J. Luo and H Hu. Wireless Mesh networking:Architectures, protocols and Standards. AuerbachPublications. 2007.