100 likes | 242 Views
3G CDMA AAA Function. Yingchun Xu 3COM. 3G CDMA AAA Requirements. Mobile Node Authentication in Foreign Network Essential for Billing Mobile Node Authentication in Home Agent Protects User Data Hijacking Quick Mobile Node Handoff Authentication Reduces handoff data loss/delay
E N D
3G CDMA AAA Function Yingchun Xu 3COM 3Com Confidential Proprietary
3G CDMA AAA Requirements • Mobile Node Authentication in Foreign Network • Essential for Billing • Mobile Node Authentication in Home Agent • Protects User Data Hijacking • Quick Mobile Node Handoff Authentication • Reduces handoff data loss/delay • Roaming Support • Easier Mobile Node Provision • Packet Data Accounting 3Com Confidential Proprietary
Mobile IP AAA Servers • RADIUS • Deployed in Dial-in Access Network • Simple and Stateless Operation • IETF RFC 2138 and RFC 2139 • Limited Support of 3G AAA Requirements • DIAMETER • IETF Draft • Super set of RADIUS • Supports 3G AAA Requirements • RADIUS Accounting + PKI (Public Key Infrastructure) • Flexible • Requires lots of computation • IETF Draft 3Com Confidential Proprietary
3Com Recommendation • RADIUS in Version 1 • PKI+RADIUS extension or DIAMETER in Version 2 3Com Confidential Proprietary
Reasons • RADIUS is simple. • RADIUS has been deployed in Dial-in service for awhile. • RADIUS works but with limited Mobile IP and roaming support. • For example, it does not support dynamic key distribution. Keys are required to be statically configured. • Proxy function requires static configuration. There is no protocol support for dynamic resolution of AAA server. • DIAMETER and RADIUS extension + PKI are not mature. It will take some time to settle down. • DIAMETER is in IETF draft state. We don't want to build a AAA used only for CDMA. • We need to support ISPs which have deployed RADIUS as Home AAA. 3Com Confidential Proprietary
What we get with RADIUS • Packet Accounting: fully supports CDG specified accounting parameters. • Mobile IP Foreign Agent Challenge/Response • Required to build trust relationship for billing. • Dynamic Home Address Assignment feature from DIAMETER can be easily implemented in Home Agent. • Home Agent manages and assigns temporary Home Address. • Roaming support by static configuration. • Mobile node authentication through static configuration of shared key between mobile nodes and its Home Agents. 3Com Confidential Proprietary
What we get with DIAMETER • Foreign Agent Challenge/Response. • Dynamic Key distribution for temporary Mobile IP registration authentication. • Dynamic resolution of proxy AAA server. • Packet Data Accounting. • Dynamic Home Address Assignment. • First Time Mobile IP Registration through DIAMETER. 3Com Confidential Proprietary
3Com Proposed RADIUS Based Foreign Agent Challenge/Response Implementation (First Time Registration) 3Com Confidential Proprietary
3Com Proposed RADIUS Based Foreign Agent Challenge/Response Implementation (Consecutive Registration) 3Com Confidential Proprietary
Security Association 3Com Confidential Proprietary