Unlicensed Mobile Access UMA - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Unlicensed Mobile Access UMA

Description:

London. Agenda. What is UMA. UMA Architecture. Security in UMA ... authenticates the user based on the keys derived by the last full authentication ... – PowerPoint PPT presentation

Number of Views:925
Avg rating:3.0/5.0
Slides: 19
Provided by: dasunwee8
Category:

less

Transcript and Presenter's Notes

Title: Unlicensed Mobile Access UMA


1
Unlicensed Mobile Access (UMA)
  • Dasun Weerasinghe
  • School of Engineering and Mathematical Sciences
  • City University
  • London

2
Agenda
  • What is UMA
  • UMA Architecture
  • Security in UMA
  • Authentication
  • Encryption
  • EAP-AKA Authentication
  • Future Work

3
What is UMA
  • UMA allows to access the mobile voice and data
    services of the cellular network over a Wireless
    LAN
  • Subscribers are enabled to roam and handover
    between cellular networks and wireless networks
  • UMA Technology specification was published in
    September 2004
  • 3GPP approved the specification as Generic
    Access to A/Gb interfaces
  • Pilot project by Nokia in Finland

4
What is UMA ( Contd..)
5
UMA Architecture
  • Mobile devices access the Core Network through
    Unlicensed Mobile Access Network (UMAN).
  • UMAN has 3 major entities
  • Unlicensed wireless network
  • IP access network
  • UMA Network controller (UNC)
  • UNC authorizes and authenticates the Mobile
    devices for accessing the Core Network

6
UMA Architecture ( Contd..)
7
UMA Security
  • Authentication
  • Authenticate MS with UNC to make secure tunnel
  • Based GSM or UMTS credentials
  • Protocol of authentication is IKEv2
  • GSM EAP-SIM or UMTS EAP-AKA
  • Mutual Authentication of MS and Mobile Network
  • Session Key Generation IK and CK

8
UMA Security EAP Authentication
  • Steps in Authentication ( EAP )
  • MS establish a link with AP
  • Determines the UNC to be connected
  • Initiate the connection with UNC with IKE
  • UNC connects with the local AAA

9
UMA Security - EAP Authentication (Contd..)
  • Local AAA linked to the Home AAA
  • EAP procedure is performed between MS and AAA
  • UNC is a relay for EAP messages

10
EAP-AKA
11
EAP-AKA steps
  • MS finds an AP
  • MS finds the UNC-SGW and initiates the IKEv2
    authentication procedure
  • MS sends to NAI to UNC-SGW which contains IMSI
  • UNC-SGW communicates with local AAA
  • Local server determines the Home AAA by using the
    NAI. Routing path may include several AAA proxies
  • Leading digits in NAI indicates the
    authentication procedure is EAP - AKA

12
EAP-AKA steps ( contd..)
  • AAA requests the user profile and UMTS
    authentication vectors from HSS
  • UMTS authentication vector consists with RAND,
    authentication part (AUTH), expected result, IK
    and CK
  • AAA send the EAP Request/AKA Challenge to UNC-SGW
    with RAND, AUTH, MAC ( message authentication key
    ) and re-authentication identity.
  • UNG-SGW forwards the EAP Request/AKA Challenge to
    MA

13
EAP-AKA steps ( contd..)
  • MS runs the UMTS algorithm and verifies the AUTH.
    It computes the RES, IK, CK and calculates MAC
    using the generated IK and CK
  • MS sends EAP Response/AKA Challenge with RES and
    MAC
  • AAA verifies the received MAC and compares RES
    with XRES
  • AAA sends IK and CK to UNC-SGW for the
    communication with MS
  • UNC-SGW informs the successful authentication to
    MS

14
EAP-AKA Fast Re-Authentication
  • Used to reduce the network load due to the
    authentication
  • AAA server authenticates the user based on the
    keys derived by the last full authentication
  • Re-authentication ID is generated by the AAA in
    the full authentication process

15
EAP-AKA Fast Re-Authentication (Contd..)
16
EAP-AKA Fast Re-Authentication Steps
  • MS initiates the IKEv2 authentication procedure
  • Re-Authentication identity is sent to the UNC-SGW
  • UNC-SGW sends EAP Response/Identity to AAA with
    re-authentication Id
  • AAA initiates a counter and sends EAP
    Request/AKA-Reauthentication message with counter
    value, MAC and re-authentication id for the next
    fast authentication.
  • MS verifies the counter value and the MAC and
    send the EAP Response/AKA-Reauthentication with
    the same counter value and calculated MAC.
  • AAA server verifies the counter value and MAC
  • EAP success message is sent to MS

17
Encryption
  • CK is generated during the authentication process
  • Negotiated cryptographic algorithms are used.

18
Future Work
  • Calls handing off between the cellular network
    and the wireless LAN with fast authentication
    process
  • SSO from one UNC to another
  • Introduce UNC to the Mobile Shopping Mall. UNC
    can be a web service.
  • Introduce XML security to the communication
    between MS and UNC
  • Authentication of the UNC to the network
  • Some security holes in Fast authentication
Write a Comment
User Comments (0)
About PowerShow.com