1 / 11

EAP/CDMA2000  WLAN Access Authentication Using R-UIM

S40-20040419-005A. EAP/CDMA2000  WLAN Access Authentication Using R-UIM. Lily Chen and Louis Finkelstein Motorola, Inc. April 19, 2004. Outline. Introduction Basic Ideas Protocols. Introduction. The proposal assumes the WLAN terminal interfaces with the CDMA2000  R-UIM.

xanthus-adkins
Download Presentation

EAP/CDMA2000  WLAN Access Authentication Using R-UIM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. S40-20040419-005A EAP/CDMA2000WLAN Access Authentication Using R-UIM Lily Chen and Louis Finkelstein Motorola, Inc. April 19, 2004

  2. Outline • Introduction • Basic Ideas • Protocols

  3. Introduction • The proposal assumes the WLAN terminal interfaces with the CDMA2000 R-UIM. • MT0 model and MT2-TE2 model • It executes the EAP protocol for WLAN access authentication. • It assumes the same architecture as in the Lucent contributions. • The EAP-Server (e.g., AAA) shall be able to interface with a CDMA2000 CAVE-based Authentication Center (AC); therefore, it supports the necessary subset of the SS7 authentication protocol. • It generates a WLAN Master Key (WKEY) as proposed by Lucent. • It supports both the SSD-shared and the SSD-not shared situations as proposed by Huawei. • It demands no changes to the CDMA2000 HLR/AC. • It minimizes the network traffic when adding WLAN service to an existing infrastructure.

  4. Basic Ideas • EAP/CDMA2000 generates a WLAN master key (WKEY) from the CDMA2000 encryption key SMEKEY (or KEY/VPM) as defined in IS-41. • A WKEY update can be triggered by the HLR/AC via the SSD-update procedure or by the WLAN AAA via the global challenge. • In the case that the SSD is not shared with the remote network, the WLAN-EAP server can use a WKEY for WLAN authentication without interacting with the HLR for each and every WLAN access. • It can significantly minimize the network traffic, especially the traffic to the CDMA2000 HLR/AC for WLAN service. • It supports SSD update with the WLAN terminal initiated by HLR/AC. • It supports the unique challenge initiated by the HLR/AC.

  5. EAP/CDMA2000 ANSi-41 WLAN Device WLAN Auth Server CDMA HLR/AC Access Request Auth Data? Yes No EAP/Global Global ch/resp EAP/Global Resp EAP/Unique Unique Ch Unique Resp EAP/Unique Resp Success EAP/Success AUTHREQ SMEKEY WLAN/CDMA Auth & derive session keys High Level Illustration

  6. Client Server EAP-Request / Identity EAP-Response / Identity EAP-Request / CDMA2000/Start EAP-Response / CDMA2000/Start (RAND/req) EAP-Request / CDMA2000/Global EAP-Response / CDMA2000/Global EAP-Request / CDMA2000/Unique EAP-Response / CDMA2000/Unique EAP-Request / CDMA2000/Challenge (RANDch) EAP-Response / CDMA2000/Challenge EAP-Success EAP/CDMA2000 Full Authentication CDMA2000 HLR/Ac Depending on whether SSD shared or not shared

  7. Client Server EAP-Request / Identity EAP-Response / Identity EAP-Request / CDMA2000/Start EAP-Response / CDMA2000/Start (RAND/req) EAP-Request / CDMA2000/Global EAP-Response / CDMA2000/Global EAP-Request / CDMA2000/Challenge (RANDch) EAP-Response / CDMA2000/Challenge EAP-Success EAP/CDMA2000 Authentication with WKEY Update CDMA2000 HLR/Ac Depending on whether SSD shared or not shared

  8. Client Server EAP-Request / Identity EAP-Response / Identity EAP-Request / CDMA2000/Start EAP-Response / CDMA2000/Start (RAND/req) EAP-Request / CDMA2000/Challenge (RANDch) EAP-Response / CDMA2000/Challenge EAP-Success EAP/CDMA2000 Authentication without WKEY Update CDMA2000 HLR/Ac No traffic even when SSD is not shared

  9. Client Server EAP-Request / Identity EAP-Response / Identity EAP-Request / CDMA2000/Start EAP-Response / CDMA2000/Start (RAND/req) EAP-Request / CDMA2000/SSD EAP-Response / CDMA2000/SSD (RANDBS) EAP-Request / CDMA2000/SSDBS (AUTHBS) EAP-Response / CDMA2000/SSDBS EAP-Request / CDMA2000/Unique EAP-Response / CDMA2000/Unique EAP-Request / CDMA2000/Challenge (RANDch) EAP-Response / CDMA2000/Challenge EAP-Success EAP/CDMA2000 SSD Update CDMA2000 HLR/Ac Initiated by CDMA2000 HLR/AC

  10. Proposal • We propose • That the WLAN and the CDMA2000 inter-working architecture support R-UIM-based authentication under the following conditions. • Considers both the SSD-shared and the SSD-not shared situations. • Maintains the CDMA2000 HLR/AC interface without any changes. • Does not increase network traffic significantly by using the WLAN service. • Uses EAP/CDMA2000 as the authentication protocol for R-UIM- based authentication.

  11. Issues • IETF Effort • Currently, there are no IETF RFCs for the EAP/CDMA2000 protocol. • We can work with the IETF in order to generate a draft (similar to EAP/SIM and EAP/AKA). • Current name of the protocol – EAP/CDMA2000 • We would like to emphasize the CDMA2000 authentication credentials and protocols. • However, we have no objection to any suggested names for the proposed protocol :>).

More Related