How can AAA infrastructure support services and applications in roaming architectures - PowerPoint PPT Presentation
Title:
How can AAA infrastructure support services and applications in roaming architectures
Description:
... The AAA infrastructure has a role to play in the service plain ... 3G mobile roaming model multimedia, e-Commerce applications etc. Possible uses of AAA ... – PowerPoint PPT presentation
Number of Views:20
Avg rating:3.0/5.0
Title: How can AAA infrastructure support services and applications in roaming architectures
1
How can AAA infrastructure support services and
applications in roaming architectures
- Ericsson Bay Area Research (EBAR)
- Theodore Havinis
2
The future trust model
Home
Corporate Network
Home
Terminal/ User
Service Provider
Home
Service/ Content Provider
Home
Visited
PLMN operator
PLMN operator
for services that use resources in visited
3
Identifying the issues
- The FACT is
- The AAA infrastructure has a role to play in the
service plain - The QUESTION is then
- What is exactly the role that the AAA
infrastructure could play in the service plain
considering - 3G mobile roaming model
- multimedia, e-Commerce applications etc.
4
Possible uses of AAA infrastructure
- End-User (EU) authentication
- authentication always from EU-to-home
- Key distribution management
- network-2-network (n2n) security is needed in
some cases - AAA infrastructure is used for distributing keys.
- Preparing for full IKE security association (SA)
negotiation - Transporting User profile
- Policy Decision Point
5
Distinguish btw E-U authentication and N2N
security
IETF SIP End-2-End
In IETF SIP, the SIP proxy is transparent to
End-User authentication
Home operator
UA
End-User authentication
3G SIP Network-2-Network
In 3G, the SIP proxy cannot be transparent for
various reasons, one being capability to
route calls locally e.g E-911
Home operator
UA
SIP Proxy
End-User authentication
N2N security
Home
Visited
6
Initial SAs SIP Server at Home
Visited
Home
UA
UA
UE
Proxy
LS
SA 2
Home network decides where the SIP server
is located
KSA2
KSA2
SA 1
KSA1
KSA1
3G operators are considering gateways
btw networks for protecting internal
infrastructure
Initial SAs according to roaming model
SA 3
KSA3
KSA3
7
Initial SAs SIP Server at Visited
Visited
Home
UA
UE
Proxy
Home network decides where the SIP server
is located
3G operators are considering gateways
btw networks for protecting internal
infrastructure
Initial SAs according to roaming model
8
How can a AAA server be used with n2n
- What is the proposal
- To use the AAA infrastructure for provisioning
the shared secrets. - In addition, to use the AAA infrastructure for
n2n authentication and security according to the
selected mode of operation - Modes of operation for Network-2-Network security
- In -band complete piggybacking of SIPREGISTER
and its response over AAA infrastructure - Out-of-band complete piggybacking of
SIPREGISTER, SAsestablished when SIPREGISTER
sent externally - Transparent AAA used only for establishing SAs.
9
Network-to-Network In-band
Home
Visited
UA
UA
UE
Proxy
LS
SIP REGISTER
Policies enabled
PRINCIPLE SIPREGISTER sent piggybacked
through AAA infrastructure, does Auth/Accounting
policy selection. Trusts established SIPINVI
TE externally
Ks1
Ks2
SIP INVITE
12
10
Network-to-Network Out-of-band
Visited
Home
UA
UA
UE
Proxy
LS
SIP REGISTER
Policies enabled
PRINCIPLE SIPREGISTER sent piggybacked
through AAA infrastructure, just authentication
done policy downloaded to SIP
server SIPREGISTER sent externally and used
for key distribution management, resulting in
building-up trusts. SIPINVITE externally
Ks1
Ks2
SIP INVITE
11
Network-to-Network Transparent
Visited
Home
UA
UA
UE
Proxy
LS
SIP REGISTER
Policies enabled
PRINCIPLE AAA infrastructure used for key
generation policy downloading to SIP
server. SIPREGISTER sent externally and used
for key distribution management, resulting in
building up trusts. SIPINVITE externally
Ks1
Ks2
SIP INVITE
10
12
Thank you
