Title: WLAN-3GPP2 Roaming Ericsson Hanan Ahmed Hanan.Ahmed@ericsson.ca International Roaming Team Meeting Orlando, June 2003
1WLAN-3GPP2 RoamingEricssonHanan
AhmedHanan.Ahmed_at_ericsson.caInternational
Roaming Team MeetingOrlando, June 2003
2Presentation Outline
- Introduction
- Wireless Internet Service Provider (WISP) Roaming
- 3GPP2-WLAN Inter-working
- A Possible Inter-working Scenario
3Introduction
- WLAN cdma2000 radio technologies provide
complementary environments for mobile packet data
users - WLAN provides high bit rate capabilities, 3GPP2
provides broad coverage, secure authentication
accounting mechanisms and various services
4Wireless Internet Service Provider (WISP) Roaming
5Wireless Internet Service Provider Roaming (WISPr)
- Best Current Practices for Wireless Internet
Service Provider (WISP) Roaming, Wi-Fi Alliance,
Feb. 2003. - Provides recommendations guidelines for roaming
parties. No branding as WISPr compliant - Describes minimum set of RADIUS attributes to
support basic services, fault isolation
accounting
6WISPr, Overview
Roaming Intermediary (optional)
Home Entity
Hotspot Operator
Authentication Accounting Server
Authentication Accounting Server
Authentication Accounting Server
Direct AAA Exchange
RADIUS
User Data
PAC Gateway
Billing
Access Point
Wi-Fi
Laptop
End User
Roaming User
PAC Public Access Control
7WISPr, Assumptions
- Wireless ISPs SHALL utilize Wi-Fi and/or Wi-Fi5
certified networking components - Entities involved in roaming must support the
RADIUS protocol RFC2865, RFC2866 and
WISPr-defined attributes for exchange of
operational and accounting data - All issues related to WISP business models are
outside the scope of WISPr. Excluded topics
include services definitions and selection,
roaming relationships, selection of roaming
clearinghouses, charging models, fees,
currencies, settlement methods, billing cycles
and anything related to these subjects
8WISPr, Assumptions (cont.)
- Established industry standards groups are more
suitable to define inter-standard roaming
practices. WISPr will cooperate with these
organizations in any future discussions of best
practices for inter-standard roaming - As new technology and methodologies emerge,
WISPr will consider their potential application
to WISP roaming - The deployment of 802.11a wireless LANs does not
offer significant technical implications on WISPr
because of WISPrs limited dependence on the
802.11 PHY layers
9WISPr, Access Method
- WISPr recommends the Universal Access Method
(UAM) to facilitate WISP roaming. The UAM allows
a subscriber to access WISP services with only an
Internet browser and Wi-Fi network interface on
the subscriber device, so that all users,
regardless of device type or operating system,
can participate in WISP roaming. The UAM utilizes
an Internet browser-based secure Authentication
Portal, user credential entry, and RADIUS AAA - The UAM may be enhanced by use of a proprietary
Smart Client to simplify the user experience. The
use of a proprietary Smart Client could restrict
network access
10WISPr, Users Experience
- A user in a public hotspot. Boots up his laptop
and associates with the local Wi-Fi network. He
then starts his browser - Instead of the browser loading his home page, it
loads a Welcome Page from the Hotspot Operator.
The user logs in with a username and password - Once authenticated, a Start Page appears from the
Home Entity and the user can access his original
home page such as Yahoo. In addition, a smaller
window pops up detailing session information and
a log out button. The user can access the
Internet via his wireless connection - When the user finishes, clicks the logout button
to disconnect from the network
113GPP2-WLAN Inter-working
123GPP2-WLAN Inter-working, Update
- Stage 1 (S.P0087-0) is in progress
- The scope is limited to users with subscription
to a 3GPP2 system, The intent is to extend 3GPP2
packet data services /or capabilities to the
WLAN environment - Users can benefit from increased throughput in
hot spots and improved coverage offered by 3GPP2
systems - Areas of Inter-working include common
authentication, authorization, accounting, access
to common services, mechanism for selecting
switching between the two systems mechanism to
allow session continuity
133GPP2-WLAN Inter-working, Update(cont.)
- Modification or addition may be required to WLAN
and/or 3GPP2 but change to WLAN should be
minimized there should be no change to
IEEE802.11 specifications - Two types of mobile stations are foreseen single
mode which supports WLAN, dual mode which
supports both WLAN 3GPP2 air interfaces - 3GPP2 WLAN inter-working shall not be limited to
any specific WLAN technology. The evolution
should adopt a flexible, general, scalable
future proof approach - An Annex was put containing items to be
considered for future revisions
143GPP2-WLAN Inter-working, Model
One or more 3GPP2 Home network one or more
3GPP2 Visited networks that may be administered
by the same or different entity
3GPP2 System
3GPP2-WLAN
Inter-working
Broker-3GPP2 Inter-working
one or more WLANs networks
Broker-WLAN
Inter-working
3GPP2 Broker
WLAN
System
System
One or more broker networks that serve one or
more 3GPP2 systems on or more WLAN systems. A
broker system enables Inter-system roaming where
the 3GPP2 systems are administered by different
entities
Mobile Node
153GPP2-WLAN Inter-working, Model (cont.)
- The figure provides a logical inter-working model
- The relationship is characterized by specified
protocols procedures - Inter-working relationship may be direct or
indirect - Inter-working between a 3GPP2 system a WLAN
system may be many-to-many relationship
163GPP2-WLAN Inter-working, General
- High level Inter-working scenarios Access to
Internet via WLAN, Access to 3GPP2 via WLAN,
session continuity, Billing customer care - Ownership WLAN system may be owned by a 3GPP2
operator, public network operator, an entity
providing WLAN access or an entity providing WLAN
for internal use allows interconnection and
visitor use - Operation Mediation of accounting records across
all of the operators WLAN partners in a timely
manner - Trust 3GPP2 systems inter-working with WLAN, to
consider the possible security weakness in the
WLAN
173GPP2-WLAN Inter-working, Requirements
- Network Selection Operators to define a home,
preferred or forbidden list of WLAN systems.
Users to select, prioritize transit to a system
be notified when transition occurs. MSs to be
able to indicate the available access systems
to make automatic transition among the available
accesses - Connectivity Support of IPv4, support IPv6
connectivity - Access control, authentication, authorization
subscription - Data integrity privacy
183GPP2-WLAN Inter-working, Requirements (cont)
- Accounting
- Common billing customer care
- Roaming
- While roaming to a WLAN system, it shall be
possible for the MS to obtain all access
independent IP services provided by the home
3GPP2 system. - If unable to access a desired 3GPP2 service
through the WLAN system, the dual mode MS should
be able to revert to the 3GPP2 system to access
the desired service. - Session continuity to allow the MS to continue
the same session for all access independent IP
services while it moves among available access
systems
19A Possible Inter-working Scenario
20Multi-Access Service Availability
WLAN Access
WLANServices
3GServices
3GGP2 Access
Connectivity and services based on availability
preferences
21Possible scenario for 3GGP2-WLAN Inter-working
Visited Network
HomeNetwork
WLAN AN
VAAA
HAAA
HLR/AuC
PPS
HA
IP Net.
AGW
IMS
3GPP2 RAN
V-IMS
IMS IP Multimedia Service
AN Access Network
UE User Equipment
22EAP-AKA Authentication Key Exchange
23EAP-AKA Authentication with 802.1x
- The UE establishes an 802.11 association with an
802.1X compliant WLAN AN - The WLAN AN requests the user identity using
EAPoL - The UE responds with the corresponding user
identity - The WLAN AN sends a RADIUS Access-Request
containing the EAP packet (i.e. the user
identity) - The AAA decides that EAP-AKA authentication is
suitable based on the user profile, it gets the
necessary Authentication credentials from the
HLR/AC using a standard SS7/MAP or other suitable
interface - The AAA sends a RADIUS Access-Challenge that
transports the corresponding EAP method
24EAP-AKA Authentication with 802.1x (cont.)
- The WLAN AN extracts the EAP-AKA challenge from
the received RADIUS message and sends it to the
MS - The UE responds to the challenge
- The WLAN AN forwards this response inside a
RADIUS Access-Request - Once the RADIUS message arrives at the AAA, it
checks the response to the challenge. If the
authentication is successful, the AAA sends a
RADIUS Access-Accept transporting an EAP-Success - At reception of this RADIUS message, the WLAN AN
sends the EAP-Success to the terminal. Then a
secure channel is established between the
terminal and the AP
25EAP-AKA Benefits
- Provides an authentication mechanism that can be
used across cdma2000 WLAN accesses - Authentication session key distribution using
AKA mechanism - EAP AKA includes optional identity privacy
support re-authentication procedure - The UIM the home environment have an agreed
upon secret key beforehand - EAP-AKA is being defined in IETF
- AKA is based on symmetric keys, runs typically in
a UIM/RUIM - AKA is defined in 3GPP2 and used in IMS
- AKA promotes a single sign on
263GPP-WLAN Inter-working
CGw /CCF
3GPP Visited Network
Intranet/Internet
Wf
WLAN Access Network (with or without an
intermediate network)
Wr/Wb
3GPP Proxy AAA
UE
Wr/Wb
3GPP AAA
3GPP Home Network
Wf
Wx
Wo
CGw/CCF
OCS
HSS
27Summary
- Recommendations guidelines for roaming parties
from Wi-Fi Alliance, Feb. 2003 - Stage 1 (S.P0087-0) is in progress, the scope is
limited to users with subscription to a 3GPP2
system - Many inter-working scenarios depending on
ownership, agreements cost - EAP-AKA provides secure methods for a single sign
on