C. Statement of Work

The following set of tasks will be performed to create the Secure Mobile Network system that we have discussed in our Innovative Claims section. Work items are broken down by year of effort. For reasons of summarization, we have chosen to not break system testing down into a finer level of detail. However we want to point out that we will devote a considerable effort to software engineering. We intend to hold code and design walkthroughs, write software testplans and carry out network testing for each major phase of the project.

C1. Year 1 Work Items

  • Item 1: Study of architectural design issues including mobile-IP component design (FA, HA, MN), one and two-way tunnels, network layer protocol design, network layer kernel architecture, access control and key management table kernel integration and daemons. Access control issues here will be a first-cut at what mechanisms and policies should be in place. This will be incrementally improved in the effort of the second year. (No attempt will be made at this stage to design an enclave-oriented distributed access control protocol.) The objective is to specify how the key system architectural components, network topologies, network protocol components will work together.

  • Item 2: Implementation, testing, and deployment of a kernel with integrated mobile-IP and secure network layer.

  • Item 3: Construction and deployment of a mobile network within our CS/EE building.

  • Item 4: Study and formal verification of secure mobile-IP and integrated network layer security protocols.

    C2. Year 2 Work Items

  • Item 5: Study of design issues associated with firewalls, network access control issues, distributed access protocols, and mobile systems. We must first analyze current thinking about firewall policies and implementation mechanisms used to implement those policies. We need to determine what sorts of policies might be in use to make (or break) mobile networking and given those policies, how should the mechanisms for secure mobile networks be setup. Our goal is to determine policies and mechanisms suitable for normal deployment and for distributed enclave management.

  • Item 6: Preliminary study of ad hoc routing problems. We do not intend to finalize this work until the third year, but we will need to familiarize ourselves as soon as possible with the topological problems and possibilities so that our later work can be factored into access control. The objective will be to write a preliminary paper on how ad hoc networking might work and how it would tie into access control issues.

  • Item 7: Study and formal verification of a distributed access control protocol.

  • Item 8: Implementation, testing, and deployment of a kernel with an expanded access control mechanism, including daemons, and a distributed access control protocol.

  • Item 9: Study and design of a Home Agent redundancy system. The objectives here include an expanded Mobile-IP protocol that will allow for a secure handoff from one HA system to another and for the existence of multiple Home Agents on the home network. A set of Home Agents should be able to store and exchange one set of remote forwarding bindings. If a network partition occurs, the remote Mobile Nodes should not be aware of the loss of a particular Home Agent.

  • Item 10: Study and formal verification of any protocols or protocol changes developed for Home Agent redundancy.

  • Item 11: Implementation, testing, and deployment of a mobile system with expanded capabilities for Home Agent redundancy.

  • Item 12: Study and investigate how a FORTEZZA card might best be integrated into our network kernel. We intend to look at both the link layer and network layer and determine how the network layer might both determine that crypto facilities exist (in a driver) and efficiently interface with them.

    C3. Year 3 Work Items

  • Item 13: Study and investigate how to integrate any secure key management protocols into our mobile system. At this point in time it is hard to determine how an infrastructure for Internet key management protocols might be put in place. However we can study protocol issues. One possibility is MCNC's key agile work. An Internet protocol may also be developed during the intial stages of the project. Furthermore, if ARPA is interested, we would also study and implement a protocol for key exchange in less-secure ad hoc situations; for example, face to face business meetings.

  • Item 14: Study and design of both link-layer and partitioned cell ad hoc routing protocols. Our objective is to determine how such a protocol might best be designed given shifting radio-cell topologies and uncertain battery conditions.

  • Item 15: Study and formal verification of protocols developed to allow ad hoc communication including communication between Mobile Systems that allow them to reach a relatively local Foreign Agent.

  • Item 16: Implementation, testing, and deployment of a mobile system with expanded capabilities for Home Agent redundancy. We intend to try and construct a rapid prototype of this protocol (or set of protocols) early on, say in year two in order to gain experience with it.
    back to Proposal Outline

    Email to Jim Binkley: