120 likes | 324 Views
3GPP2-WLAN Interworking update. Stefan Rommer, Lila Madour (Ericsson). Phased approach. Scenario 1 : Common billing and customer care. Scenario 2 : cdma2000 based Access Control and Charging and Access to the Internet via the WLAN system.
E N D
3GPP2-WLAN Interworking update Stefan Rommer, Lila Madour (Ericsson) S. Rommer, L. Madour (Ericsson)
Phased approach • Scenario 1: Common billing and customer care. • Scenario 2: cdma2000 based Access Control and Charging and Access to the Internet via the WLAN system. • Scenario 3: Access to the cdma2000 Packet Data Services via the WLAN system. • Scenario 4: Session continuity. • Scenarios 1 and 2 will be supported in the first release S. Rommer, L. Madour (Ericsson)
3GPP2 WLAN activities • Stage 1: Requirements • 3GGP2 S.R0087-0 (completed) • Stage 2/3: Architecture and Protocols • Currently work in progress in PSN.PDS sub-working Group. • Draft specification in the 3GPP2 document X.P0028 • Publication is planned for early Q4 2004. • The first release focuses on scenario 1 and 2 only. • Scenario 3 and 4 will be considered in future release. S. Rommer, L. Madour (Ericsson)
Database cdma2000-WLAN Network Reference Model Broker Network (0 or more) cdma2000 Home Network 2 B-AAA H-AAA HLR/AC 2 Mobile Station W-AAA 1 3 Internet WLAN S. Rommer, L. Madour (Ericsson)
Interfaces • Interface 1 • Based on WLAN technologies such as IEEE 802.11, 802.1X, 802.11i, etc. • Interface 2 • Used for Authentication, Authorization and Accounting. The interface is based on RADIUS and supports EAP. • Interface 3 • Access to Internet • AAA-HLR/AC interface • based on ANSI 41 MAP signaling S. Rommer, L. Madour (Ericsson)
User Authentication • 3GPP2 recommends two EAP methods for User Authentication and WLAN PMK derivation and they are: • EAP-AKA (work in progress in IETF) • EAP-TLS with Pre-shared keys (work in progress in IETF) • User Authentication would be based on a bootstrapped WLAN Key (Wkey) • 3GPP2 specifies EAP methods to bootstrap a long term Wkey based on one of the existing cdma2000 shared secrets used for 2G or 3G. • Currently under discussion • EAP-AKA and EAP-TLS derive a session key that is delivered to the AP S. Rommer, L. Madour (Ericsson)
Network Advertisement and Selection • 3GPP2 support manual and automatic network selection. • Automatic selection requires information about cdma2000 related SSIDs as well as roaming agreements with the home network. S. Rommer, L. Madour (Ericsson)
Other User Authentication schemes • Authentication in a non-802.1X hotspot can be performed using: • Universal Access Method as defined by the WISPr in Wi-Fi Alliance • CHAP/PAP if WLAN supports PPPoE (similar to cdma2000 packet data access authentication) S. Rommer, L. Madour (Ericsson)
Issues related to 802.11 • Network selection • UAM/802.1X co-existence • Session control / session termination S. Rommer, L. Madour (Ericsson)
Links to documents • Stage 1: Requirements • http://www.3gpp2.org/Public_html/specs/S.R0087-0_v1.0_040723.pdf • Stage 2/3: Architecture and Protocols • Draft 0.5 (2004-07-19) • ftp://ftp.3gpp2.org/TSGX/Working/2004/2004-07/TSG-X-2004-07-LA/WG3-PSN/SWG31-PDS/x31-20040719-008%20X.P0028%20v0.5%20WLAN%20Interworking-%5BED%5D.doc S. Rommer, L. Madour (Ericsson)
Acronyms • AC: Authentication Center (used in 2G cdma authentication) • HLR: Home Location Register (used in 2G cdma authentication and authorization) • MS: Mobile Station • MN-AAA: Mobile Node- Authentication Authorization and Accounting server. • RUIM: Removable User Identity Module (similar to SIM in GSM) • UIM: User Identity Module S. Rommer, L. Madour (Ericsson)
Back-up slideBootstrapping of a long term WLAN key (work in progress) • 3GPP2 specifies EAP methods to bootstrap a long term WLAN key (Wkey) based on either one of the following cdma2000 shared secrets: • SMEKEY used in 2G circuit switched authentication stored in the HLR/AC and the UIM/RUIM in the MS or, • MN-AAA/CHAP secret used for 3G packet data user authentication; stored in the Home AAA and the UIM/RUIM in the MS. • The SMEKEY or the MN-AAA/CHAP secret is used as the password for authenticating a Diffie-Helman key exchange between the MS and the EAP server in the AAA. S. Rommer, L. Madour (Ericsson)