Interworking ArchitectureInterworking ArchitectureBetween 3GPP and WLAN Between 3GPP and WLAN

SystemsSystems

張憲忠張憲忠 , , 何建民何建民 , , 黃瑞銘黃瑞銘 , , 紀嘉雄紀嘉雄 ,,

李有傑 李有傑

OutlineOutline

IntroductionIntroduction 3GPP3GPP Assumed De Facto WLAN system architecture

Usage of 3GPP subscription for WLAN Authentication and Authorization User data routing and access to services Charging Conclusions

3GPP3GPP

Third Generation Partnership Project a joint initiative of European, U.S., Japane

se, and Korean telecommunications standardization organizations

For UMTS Developing an interworking architecture as

an add-on to the existing 3GPP cellular system

De factoWLAN system architecture

Usage of 3GPP subscription of Usage of 3GPP subscription of WLANWLAN

Usage of 3GPP subscription of Usage of 3GPP subscription of WLAN (cont.)WLAN (cont.)

WLAN UEWLAN UE WLAN user equipment terminal equipped with a SIM/USIM card

AAAAAA typically a RADIUS server used for authentication, aut

horization, and accounting HSSHSS

Home subscriber servers (HSS) HSSs together with the already distributed SIM/USIM

smart cards and established global roaming agreements between 3GPP system operators

3GPP-based WLAN access 3GPP-based WLAN access authentication and authorizationauthentication and authorization

Network selectionNetwork selection Authentication and key agreement in IEEE Authentication and key agreement in IEEE

802.11i802.11i Authentication and authorization in 3GPP-Authentication and authorization in 3GPP-

WLAN interworkingWLAN interworking Reusing 3GPP legacy home location regisReusing 3GPP legacy home location regis

tersters

Network selectionNetwork selection

Network selection in GSM and UMTSNetwork selection in GSM and UMTS UE discovers the available networks, or more specific

ally the public land mobile network identifiers (PLMN IDs)

In 3GPP-WLAN interworking, it is more complexIn 3GPP-WLAN interworking, it is more complex The WLAN operator may have

agreements with one or more local GSM or UMTS operators, which in turn may have roaming agreements with the user’s home operator or

direct agreements between wireless ISPs and the home operator.

Solution for visited network Solution for visited network selection for WLANselection for WLAN

based on the Network Access Identifier (NAI)

Format of NAIFormat of NAI Username portion, followed by the @

character and a realm portion

Solution for visited network Solution for visited network selection for WLAN (cont.)selection for WLAN (cont.)

If the WLAN access network cannot route the request to the home network, the UE is provided with a list of supported VPLMNs

UE selects the preferred VPLMN, reformats its NAI to contain also the VPLMN ID, and starts authentication again with its “new” ID

Authentication and key agreement Authentication and key agreement in IEEE 802.11iin IEEE 802.11i

802.11i802.11i a scalable authentication, access control, and key

agreement framework based on the IEEE 802.1x standard.

Authentication and key agreement functions can be implemented by using RADIUS and the Extensible Authentication Protocol (EAP)

EAPEAP Provides a “wrapper” or framework for any multi-round-trip

authentication protocol to be transported

DIAMETER can alternatively be used

Authentication and authorization in Authentication and authorization in 3GPP-WLAN interworking3GPP-WLAN interworking

Authentication and authorization in Authentication and authorization in 3GPP-WLAN interworking (cont.)3GPP-WLAN interworking (cont.)

Two new EAP methods, EAP SIM and EAP AKA, have been specified for 3GPP-WLAN interworking EAP SIM specifies an authentication and key

agreement protocol based on the GSM SIM algorithms

EAP AKA encapsulates the UMTS Authentication and Key Agreement (AKA) within EAP.

Authentication processAuthentication process

The WLAN access network is connected to the 3GPP AAA proxy via Wr.

The 3GPP AAA proxy forwards authentication signaling between the WLAN access network and the 3GPP AAA server.

Where no visited PLMN IDs are involved, the Wr reference point connects the WLAN access network directly to the 3GPP AAA server

In the roaming case, the reference point between the 3GPP AAA proxy and 3GPP AAA server is Ws.

Authentication process (cont.)Authentication process (cont.)

The authorization information and authentication vectors needed in the authentication protocols are stored (or generated) by the HSS

3GPP AAA server retrieves this information from the HSS exchange over the Wx reference point

Reusing 3GPP legacyHome location registers

Reuse HLR and VLRReuse HLR and VLR

Before 3GPP-WLAN interworking compatible HSS implementations are available, the existing home location registers (HLR) can be used for generating authentication vectors

D’ reference point represents a subset of the operations used in the D re

ference point locating between a visitor location register (VLR) and the HLR

3GPP AAA server uses the same Mobile Application Part (MAP) messages to retrieve authentication vectors from the HLR as a VLR uses, according to those CN specifications.

User data routing and access to services

Data routingData routing

In the simplest case, the user data is directly routed from the WLAN access network to the Internet.

Optionally, an aggregate site-to-site tunnel can be set up between a WLAN access network and a 3GPP network to divert the complete user plane through the operator network

The need of tunnelingThe need of tunneling

The home or visited operator may also want to provide services that are accessible only in a private IP network, MMS, WAP, IMSMMS, WAP, IMS

Home operator may also wish that all user data were routed via the home network to collect independent charging Information and apply any operator policies.

IP network selectionIP network selection

Based on a parameter called a WLAN access point name (W-APN)

After the IP network has been selected using the W-APN, appropriate tunnels are established to route the user data to the selected IP network

Termination of tunnelTermination of tunnel

Tunnel will be terminated in the home operator network by a network element called the packet data gateway (PDG)

WLAN access gateway (WAG), may also be required to implement tunneling

Charging modelCharging model

Postpaid charging Prepaid charging

Postpaid chargingPostpaid charging

The charging information collection happens via so-called charging gateways (CGs).

Each operator collects information about all chargeable events in their network to their own CG

CG consolidates this information and passes it further to the operator’s billing system for further processing.

Prepaid chargingPrepaid charging

When the user uses the services, the operator online checks the resulting charging information and deducts a corresponding amount from the available credit of the user

In a 3GPPWLAN interworking system this type of prepaid credit control is handled by the online charging system (OCS)

Charging for WLAN access (1)Charging for WLAN access (1)

Charging for WLAN access (2)Charging for WLAN access (2)

Charging information about WLAN access therefore needs to be collected at the WLAN access network and forwarded to the 3GPP visited and home networks

After authorization to access the WLAN access network is completed, a user-specific accounting session is established between the WLAN access network and the 3GPP home network

This accounting session is established with standard AAA accounting signaling, and the reference point for this signaling is Wb.

Charging for WLAN access (3)Charging for WLAN access (3)

The 3GPP AAA server collects and consolidates accounting information and forwards it as WLAN access call detail records (WLAN CDRs) toward the CG over the Wf reference point.

Charging for postpaid usersCharging for postpaid users

In the billing system this information is then used for clearing the charges between the home network operator, visited network operator, and WLAN access network provider as well as for creation of bills for postpaid users.

Charging for prepaid usersCharging for prepaid users

Before authorizing a prepaid user to access the WLAN, the 3GPP AAA server has to make a credit reservation from the user’s prepaid account in the OCS

the 3GPP AAA server monitors the received accounting information from the WLAN access network.

When the downloaded credit is to be exhausted a new credit request from OCS is triggered

At the termination of the WLAN connection the 3GPP AAA server returns any unused credit back to the OCS.

Home network IP-flow-based Home network IP-flow-based chargingcharging

All the specific remote services are accessed via the PDG within the home network

PDG is connected to the OCS by the Gy reference point and to the CG by the Gz reference point

Charging information can be collected at the PDG.

ConclusionsConclusions

Functionalities of 3GPP-WLAN interworking system reuse of 3GPP subscription Network selection 3GPP-system-based authentication, authorization, and security

key agreement user data routing and service access end user charging

All these functionalities are assumed to be achieved without setting any 3GPP-specific requirements on the actual WLAN access systems

Rely on the existing functionality providing by IEEE 802.11 standards