WLAN-3GPP2 Roaming Ericsson Hanan Ahmed Hanan.Ahmed@ericsson.ca International Roaming Team Meeting Orlando, June 2003

1
WLAN-3GPP2 RoamingEricssonHanan
AhmedHanan.Ahmed_at_ericsson.caInternational
Roaming Team MeetingOrlando, June 2003
2
Presentation Outline

• Introduction
• Wireless Internet Service Provider (WISP) Roaming
• 3GPP2-WLAN Inter-working
• A Possible Inter-working Scenario

3
Introduction

• WLAN cdma2000 radio technologies provide
  complementary environments for mobile packet data
  users
• WLAN provides high bit rate capabilities, 3GPP2
  provides broad coverage, secure authentication
  accounting mechanisms and various services

4
Wireless Internet Service Provider (WISP) Roaming
5
Wireless Internet Service Provider Roaming (WISPr)

• Best Current Practices for Wireless Internet
  Service Provider (WISP) Roaming, Wi-Fi Alliance,
  Feb. 2003.
• Provides recommendations guidelines for roaming
  parties. No branding as WISPr compliant
• Describes minimum set of RADIUS attributes to
  support basic services, fault isolation
  accounting

6
WISPr, Overview
Roaming Intermediary (optional)
Home Entity
Hotspot Operator
Authentication Accounting Server
Authentication Accounting Server
Authentication Accounting Server
Direct AAA Exchange
RADIUS
User Data
PAC Gateway
Billing
Access Point
Wi-Fi
Laptop
End User
Roaming User
PAC Public Access Control
7
WISPr, Assumptions

• Wireless ISPs SHALL utilize Wi-Fi and/or Wi-Fi5
  certified networking components
• Entities involved in roaming must support the
  RADIUS protocol RFC2865, RFC2866 and
  WISPr-defined attributes for exchange of
  operational and accounting data
• All issues related to WISP business models are
  outside the scope of WISPr. Excluded topics
  include services definitions and selection,
  roaming relationships, selection of roaming
  clearinghouses, charging models, fees,
  currencies, settlement methods, billing cycles
  and anything related to these subjects

8
WISPr, Assumptions (cont.)

• Established industry standards groups are more
  suitable to define inter-standard roaming
  practices. WISPr will cooperate with these
  organizations in any future discussions of best
  practices for inter-standard roaming
• As new technology and methodologies emerge,
  WISPr will consider their potential application
  to WISP roaming
• The deployment of 802.11a wireless LANs does not
  offer significant technical implications on WISPr
  because of WISPrs limited dependence on the
  802.11 PHY layers

9
WISPr, Access Method

• WISPr recommends the Universal Access Method
  (UAM) to facilitate WISP roaming. The UAM allows
  a subscriber to access WISP services with only an
  Internet browser and Wi-Fi network interface on
  the subscriber device, so that all users,
  regardless of device type or operating system,
  can participate in WISP roaming. The UAM utilizes
  an Internet browser-based secure Authentication
  Portal, user credential entry, and RADIUS AAA
• The UAM may be enhanced by use of a proprietary
  Smart Client to simplify the user experience. The
  use of a proprietary Smart Client could restrict
  network access

10
WISPr, Users Experience

• A user in a public hotspot. Boots up his laptop
  and associates with the local Wi-Fi network. He
  then starts his browser
• Instead of the browser loading his home page, it
  loads a Welcome Page from the Hotspot Operator.
  The user logs in with a username and password
• Once authenticated, a Start Page appears from the
  Home Entity and the user can access his original
  home page such as Yahoo. In addition, a smaller
  window pops up detailing session information and
  a log out button. The user can access the
  Internet via his wireless connection
• When the user finishes, clicks the logout button
  to disconnect from the network

11
3GPP2-WLAN Inter-working
12
3GPP2-WLAN Inter-working, Update

• Stage 1 (S.P0087-0) is in progress
• The scope is limited to users with subscription
  to a 3GPP2 system, The intent is to extend 3GPP2
  packet data services /or capabilities to the
  WLAN environment
• Users can benefit from increased throughput in
  hot spots and improved coverage offered by 3GPP2
  systems
• Areas of Inter-working include common
  authentication, authorization, accounting, access
  to common services, mechanism for selecting
  switching between the two systems mechanism to
  allow session continuity

13
3GPP2-WLAN Inter-working, Update(cont.)

• Modification or addition may be required to WLAN
  and/or 3GPP2 but change to WLAN should be
  minimized there should be no change to
  IEEE802.11 specifications
• Two types of mobile stations are foreseen single
  mode which supports WLAN, dual mode which
  supports both WLAN 3GPP2 air interfaces
• 3GPP2 WLAN inter-working shall not be limited to
  any specific WLAN technology. The evolution
  should adopt a flexible, general, scalable
  future proof approach
• An Annex was put containing items to be
  considered for future revisions

14
3GPP2-WLAN Inter-working, Model
One or more 3GPP2 Home network one or more
3GPP2 Visited networks that may be administered
by the same or different entity
3GPP2 System
3GPP2-WLAN
Inter-working
Broker-3GPP2 Inter-working
one or more WLANs networks
Broker-WLAN
Inter-working
3GPP2 Broker
WLAN
System
System
One or more broker networks that serve one or
more 3GPP2 systems on or more WLAN systems. A
broker system enables Inter-system roaming where
the 3GPP2 systems are administered by different
entities
Mobile Node
15
3GPP2-WLAN Inter-working, Model (cont.)

• The figure provides a logical inter-working model
• The relationship is characterized by specified
  protocols procedures
• Inter-working relationship may be direct or
  indirect
• Inter-working between a 3GPP2 system a WLAN
  system may be many-to-many relationship

16
3GPP2-WLAN Inter-working, General

• High level Inter-working scenarios Access to
  Internet via WLAN, Access to 3GPP2 via WLAN,
  session continuity, Billing customer care
• Ownership WLAN system may be owned by a 3GPP2
  operator, public network operator, an entity
  providing WLAN access or an entity providing WLAN
  for internal use allows interconnection and
  visitor use
• Operation Mediation of accounting records across
  all of the operators WLAN partners in a timely
  manner
• Trust 3GPP2 systems inter-working with WLAN, to
  consider the possible security weakness in the
  WLAN

17
3GPP2-WLAN Inter-working, Requirements

• Network Selection Operators to define a home,
  preferred or forbidden list of WLAN systems.
  Users to select, prioritize transit to a system
  be notified when transition occurs. MSs to be
  able to indicate the available access systems
  to make automatic transition among the available
  accesses
• Connectivity Support of IPv4, support IPv6
  connectivity
• Access control, authentication, authorization
  subscription
• Data integrity privacy

18
3GPP2-WLAN Inter-working, Requirements (cont)

• Accounting
• Common billing customer care
• Roaming
• While roaming to a WLAN system, it shall be
  possible for the MS to obtain all access
  independent IP services provided by the home
  3GPP2 system.
• If unable to access a desired 3GPP2 service
  through the WLAN system, the dual mode MS should
  be able to revert to the 3GPP2 system to access
  the desired service.
• Session continuity to allow the MS to continue
  the same session for all access independent IP
  services while it moves among available access
  systems

19
A Possible Inter-working Scenario
20
Multi-Access Service Availability
WLAN Access
WLANServices
3GServices
3GGP2 Access
Connectivity and services based on availability
preferences
21
Possible scenario for 3GGP2-WLAN Inter-working
Visited Network
HomeNetwork
WLAN AN
VAAA
HAAA
HLR/AuC
PPS
HA
IP Net.

AGW
IMS
3GPP2 RAN
V-IMS
IMS IP Multimedia Service
AN Access Network
UE User Equipment
22
EAP-AKA Authentication Key Exchange
23
EAP-AKA Authentication with 802.1x

1. The UE establishes an 802.11 association with an
   802.1X compliant WLAN AN
2. The WLAN AN requests the user identity using
   EAPoL
3. The UE responds with the corresponding user
   identity
4. The WLAN AN sends a RADIUS Access-Request
   containing the EAP packet (i.e. the user
   identity)
5. The AAA decides that EAP-AKA authentication is
   suitable based on the user profile, it gets the
   necessary Authentication credentials from the
   HLR/AC using a standard SS7/MAP or other suitable
   interface
6. The AAA sends a RADIUS Access-Challenge that
   transports the corresponding EAP method

24
EAP-AKA Authentication with 802.1x (cont.)

1. The WLAN AN extracts the EAP-AKA challenge from
   the received RADIUS message and sends it to the
   MS
2. The UE responds to the challenge
3. The WLAN AN forwards this response inside a
   RADIUS Access-Request
4. Once the RADIUS message arrives at the AAA, it
   checks the response to the challenge. If the
   authentication is successful, the AAA sends a
   RADIUS Access-Accept transporting an EAP-Success
5. At reception of this RADIUS message, the WLAN AN
   sends the EAP-Success to the terminal. Then a
   secure channel is established between the
   terminal and the AP

25
EAP-AKA Benefits

• Provides an authentication mechanism that can be
  used across cdma2000 WLAN accesses
• Authentication session key distribution using
  AKA mechanism
• EAP AKA includes optional identity privacy
  support re-authentication procedure
• The UIM the home environment have an agreed
  upon secret key beforehand
• EAP-AKA is being defined in IETF
• AKA is based on symmetric keys, runs typically in
  a UIM/RUIM
• AKA is defined in 3GPP2 and used in IMS
• AKA promotes a single sign on

26
3GPP-WLAN Inter-working
CGw /CCF
3GPP Visited Network
Intranet/Internet
Wf
WLAN Access Network (with or without an
intermediate network)
Wr/Wb
3GPP Proxy AAA
UE
Wr/Wb
3GPP AAA
3GPP Home Network
Wf
Wx
Wo
CGw/CCF
OCS
HSS
27
Summary

• Recommendations guidelines for roaming parties
  from Wi-Fi Alliance, Feb. 2003
• Stage 1 (S.P0087-0) is in progress, the scope is
  limited to users with subscription to a 3GPP2
  system
• Many inter-working scenarios depending on
  ownership, agreements cost
• EAP-AKA provides secure methods for a single sign
  on