AAA Requirements for cdma2000 draft-hiller-cdma2000-AAA-00.txt - - PowerPoint PPT Presentation

aaa requirements for cdma2000
SMART_READER_LITE
LIVE PREVIEW

AAA Requirements for cdma2000 draft-hiller-cdma2000-AAA-00.txt - - PowerPoint PPT Presentation

Jan 31, 2024 301 likes •450 views

AAA Requirements for cdma2000 draft-hiller-cdma2000-AAA-00.txt TR45.6 Wireless Data Group Tom Hiller --- Editor Tom Hiller 11/11/99 Carriers and Vendors Involved... I US I Vendors Fujitsu Vodafone LGIC Ameritech Lucent

slide-1
SLIDE 1

Tom Hiller 11/11/99

AAA Requirements for cdma2000

draft-hiller-cdma2000-AAA-00.txt

TR45.6 Wireless Data Group Tom Hiller --- Editor

slide-2
SLIDE 2

Tom Hiller 11/11/99

Carriers and Vendors Involved...

I US

– Vodafone – Ameritech – GTE – Sprint PCS

I Canadian

– Bell Mobility

I Japan

– DDI – IDO

I Vendors – Fujitsu – LGIC – Lucent – Motorola – Nortel – Qualcomm – Samsung – SUN – 3Com – Cisco – NEC – Alcatel – Toshiba

slide-3
SLIDE 3

Tom Hiller 11/11/99

Introduction

I IP network access via cdma2000 carrier

– Traditional PPP (Simple IP ) – Mobile IP » Home Agent is located in wireless carrier network » Home Agent may be assigned by visited or home carrier

I Private Network or Home ISP access

– Home IP network authenticates and authorizes the user – Home Agent behind a firewall in a private network or ISP – Security support for low end devices that can not support IPsec and/or will not pay overhead on air interfaces

I Dual authentication of mobile by radio and IP networks

slide-4
SLIDE 4

Tom Hiller 11/11/99

General Architecture

Home IP Network Home AAA Mobile Station HA Visited Access Provider Network VLR HLR Visited AAA SS7 Network IP Network PDSN Radio Network Home ISP Private Network Visited Provider Home Provider Home Access Provider Network AAA Server AAA Broker Network R-P Interface

slide-5
SLIDE 5

Tom Hiller 11/11/99

Radio Network Authentication and Authorization

Mobile Station Visited Access Provider Network VLR HLR Radio Network R-P Interface

Mobile uses usual wireless interfaces and wireless authentication mechanisms to gain radio access

Home Access Provider Network

slide-6
SLIDE 6

Tom Hiller 11/11/99

IP Network Authentication

Mobile Station Visited Access Provider Network Visited AAA Home AAA PDSN/FA RAN Home IP Network R-P Interface AAA Broker Network Broker AAA

Mobile uses CHAP for "Traditional PPP Service" Mobile uses the Foreign Agent Challenge for Mobile IP Same AAA infrastructure works for both authentication mechanisms PPP AAA Request/Response

slide-7
SLIDE 7

Tom Hiller 11/11/99

Authentication and Authorization

I Mobile accesses data services after radio access

» Radio network authenticates mobile for radio access

I Authenticate mobile using CHAP or Foreign Agent

Challenge

– The NAI is used to route the AAA request to the home network based on the realm of the NAI – The AAA response provides assurance to the serving network that it will get paid for services rendered

slide-8
SLIDE 8

Tom Hiller 11/11/99

General MIP/AAA Requirements

I Same AAA infrastructure must work for both Traditional

PPP service (limited mobility) and Mobile IP service

– Mobile Node and home network have a shared secret

I The serving and home network are not required to have a

direct security association

– The home network may be a private network that only has an association with a broker or home wireless carrier – Associations may be provided indirectly via brokers » TR45.6 has not studied the number of brokers required

slide-9
SLIDE 9

Tom Hiller 11/11/99

AAA Transport Requirements

I User profiles

– Ability to transport a profile » Examples: Types of security and QoS services the home IP network authorizes

I AVP Encryption and Key Distribution

– Ability for Home AAA server to distribute keys » Pre-shared key for IKE » HA-FA key » MN-FA and MN-HA keys – Keys should be encrypted across multiple AAA server hops – Ability to transmit public key to facilitate encryption of AVPs or IP security

slide-10
SLIDE 10

Tom Hiller 11/11/99

Key Distribution

I Reasons:

– To promote use of HA to FA authentication extension – To promote fast intradomain FA to FA handoffs – To promote dynamic HA assignment – To allow pre-shared key for IKE to avoid certificate processing in the FA and HA

slide-11
SLIDE 11

Tom Hiller 11/11/99

AAA Reliability

I AAA protocol must provide carrier grade reliability

– Support reliable proxy chaining » Ability for the next hop AAA server to indicate delivery to the previous AAA server application – Support configurable retransmission and fail-over – Ability to detect silent failures of path to next AAA server

slide-12
SLIDE 12

Tom Hiller 11/11/99

Minimize Latency

I Desirable:

– Single round trip for AAA and MIP – Should be able to encode a MIP registration request in the same message to avoid multiple round trips – Fast FA to FA handoff

slide-13
SLIDE 13

Tom Hiller 11/11/99

Message Integrity and Non-repudiation

I Support

– Replay protection and optional non-repudiation capabilities for all authorization and accounting messages. – Ability for accounting messages to be matched with prior authorization messages. – Reliable transmission of accounting records » Accounting and settlement directly or via brokers. – Capability for AAA brokers to modify certain parts of AAA messages.

slide-14
SLIDE 14

Tom Hiller 11/11/99

cdma2000 MIP Deployment Status

I cdma2000 needs the FAC:

– NAI privacy is not a first release requirement – RADIUS extension looks like CHAP – Consensus has been reached on the list to use the RADIUS MN extension

I With the FAC and NAI, cdma200 carriers are ready to

deploy!

– 3G deployment starts next year – Packet data is a driving factor for 3G wireless deployment – Must have a robust AAA infrastructure ASAP – Highly desirable that the initial deployment be based on the new AAA protocol