Nomadism/FMC Use Cases and AAA Impact Mohit Thakur 14th December, 2006

Slide Nr.: 2Mohit Thakur, Siemens AGMohit Thakur, Siemens AG Outline 1. Introduction. 2. Understanding FMC challenges. 3. MUSE Business Roles. 4. FMC Use Case 1: Nomadism with video call and IPTV service upgrade. 5. Authentication and Authorisation Requirements For Use Case FMC Use Case 2: Session Continuity with conversational services (Voice and Video over IP). 7. Authentication and Authorisation Requirements For Use Case 2 Using IWLAN. 8. Authentication and Authorisation Requirements For Use Case 2 Using SIP. 9. FMC Use Case 3: Nomadic user with public access over private domain. 10. Authentication and Authorisation Requirements For Use Case Conclusion.

Slide Nr.: 3Mohit Thakur, Siemens AGMohit Thakur, Siemens AG Introduction Project Introduction > MUSE is a large integrated R&D project on Broadband Access. > Objective: The overall objective of MUSE is the research and development of a future, low cost, multi-service access network. The access network should provide secure connectivity between end-user terminals and edge nodes in a multi-provider environment. It should be suited for the ubiquitous delivery of broadband services to every European citizen. Paper Introduction > We (in MUSE) analyse and understand the FMC (Fixed Mobile Convergence) aspects in the todays access network. > Use Case formulation to cover evolving current and futuristic scenarios to represent users behaviour while accessing his services namely: 1. Nomadism. 2. Session Continuity. 3. Public access through private WLAN. > Proposition of high level AAA requirements to meet the goal of above mentioned scenarios.

Slide Nr.: 4Mohit Thakur, Siemens AGMohit Thakur, Siemens AG MUSE Business Roles > Packager Keeps customer profiles (e.g. desired policy in case of conflicting requests for different services) Keeps customer information for session authentication. Collects accounting information > Network Service Provider (NSP) Assignment of public IP addresses and connects to internet or corporate network. NSP definitely needs to have a AAA infrastructure > Application Service Provider (ASP) Offers application services. > Connectivity Provider (CP) End-to-end (e2e) connectivity between the Customer and ASP, guaranteeing and monitoring agreed e2e QoS and security Provides the means to perform AAA. Assembly of billing info for packager Assignment of private IP addresses to retail end-user (or NAP) > Network Access Provider (NAP) / Regional Network Provider (RNP) Transport and resource management between the RGW and the edge router with the QoS requested by the CP(s) RNP aggregates traffic from different edge nodes and delivers this to the appropriate service (or other) edge nodes.

Slide Nr.: 5Mohit Thakur, Siemens AGMohit Thakur, Siemens AG Understanding FMC challenges > Nomadism: Ability of the user to change his network access point on moving; when changing the network access point, the user's service session is completely stopped and then started again, i.e. there is no session continuity or handover possible. > Session Continuity: Ability of the user or terminal to change the network access point while maintaining the ongoing session. > Roaming: Ability of the user to access services according to his/her profile while moving outside of his/her subscribed home network, i.e. by using an access point of a visited network. > Nomadism put new requirements like: 1. Authentication. 2. QoS. > FMC puts even more: 1. Roaming between home and visited networks from different providers, degrees of service continuity etc. Figure 1: MUSE view on FMC related definitions

Slide Nr.: 6Mohit Thakur, Siemens AGMohit Thakur, Siemens AG FMC Use Case 1: Nomadism with video call and IPTV service upgrade Use Case DescriptionUser AspectsNetwork AspectsService Aspects Jose starts his parents PC and access the Web portal of this SP, authenticates himself and due to his nomadic features he has access to all his services. Access to services from remote terminal. AA, ACC, ARD, NRP, LOCAA, SEC, SEP, LOC He then initiates a video over IP call from the PC to his video capable multimedia phone at home using his own subscription Video call service can be used from a different access network connection ARD, NRP, LOC, MSAACC, MEA, SEC, SEP, LOC He uses the Internet to access his media-center, where he has stored all the pictures from his daughters last birthday, and shows it on the TV screen at his parents home Remote access to private server ARD, NLR, SECSEP, Photo viewing software (e.g. web server) or FTP server in the CPN As Jose has a HDTV subscription, he contacts his service provider and upgrades the IP TV service to HDTV DRM, Service quality upgrade for a nomadic user ACC, ARD, NRP, LOCDRM, MEA, SEP, LOC

Slide Nr.: 7Mohit Thakur, Siemens AGMohit Thakur, Siemens AG Authentication and Authorisation Requirements For Use Case 1 1.Authentication could be based on: a) Per Device; b) Per Session; c) Per User. 2.User would authenticate with NSP (Network Service Provider) to gain its high speed access network. The authentication is done over an already existing internet connection. 3.To upgrade the quality of IPTV to HDTV, bandwidth enhancement and QoS should be guaranteed by the service provider. Application based authentication would enforce the authentication result backwards from provider end to user end. 4.The 2 sessions, Joses parents initial normal internet connection and Joses high speed internet connection with HDTV have to exist in parallel.

Slide Nr.: 8Mohit Thakur, Siemens AGMohit Thakur, Siemens AG FMC Use Case 2: Session Continuity with conversational services (Voice and Video over IP) Use Case DescriptionUser AspectsNetwork AspectsService Aspects Shortly after, Bobs phone gets out of the reach of the wireless home network, the phone is connected to a WIMAX (or UMTS) base station. Session continuity between private home network and a WiMAX / UMTS network or public hotspot AA, ACC, SEC, HOV, ROA, LOC SEP, LOC Since bandwidth is more expensive on this network, Bob receives a message on his screen asking whether he wants to continue with the video path. Since video is not really important while walking, Bob decides to save money and tells his colleague that he will end the video path. The audio path stays active, so they will be able to continue their conversation. Media adaptation based on network capability and price ACC, LOCACC, MEA, SEP, LOC At his office he transfers the running video call from the mobile terminal (WiMAX, UMTS) to his Notebook connected to a fixed access network Continue session on different terminal AA, SEC, HOV, ROA, LOCAA, SEP, LOC

Slide Nr.: 9Mohit Thakur, Siemens AGMohit Thakur, Siemens AG Authentication and Authorisation Requirements For Use Case 2 Using IWLAN 1.Wireless user device must have several interfaces for e.g. WLAN, UMTS etc. 2.IWLAN provides only network layer authentication solution, other protocols like SIP should take care of service level authentication. 3.EAP-AKA and EAP-SIM could be used for mutual authentication to create IPsec security tunnel between UE and Packet Data Gateway. 4.IWLAN provides either Direct IP Access or 3GPP IP access.

Slide Nr.: 10Mohit Thakur, Siemens AGMohit Thakur, Siemens AG Authentication and Authorisation Requirements For Use Case 2 Using SIP 1. SIP based service authentication is a mandatory method in IMS. 2. IT does not require network layer tunelling (IPsec). 3. Service layer mutual authentication employing SIP registration mechanisms (AKA, SIM) normally are sufficient. 4. Security of SIP authentication signaling is provided by SIPSecure and SecureRTP.

Slide Nr.: 11Mohit Thakur, Siemens AGMohit Thakur, Siemens AG FMC Use Case 3: Nomadic user with public access over private domain Use Case DescriptionUser AspectsNetwork AspectsService Aspects Some of the houses nearby provide public access over their private WiFi network. According to the network settings on his multimedia device, Bob gets connected to one of these networks and orders the pizza over the Internet. Public access over a private domain AA, ACC, ARD, RP, SEC, LOCAA, LOC

Slide Nr.: 12Mohit Thakur, Siemens AGMohit Thakur, Siemens AG Authentication and Authorisation Requirements For Use Case 3 > The difference between use cases 1, 2 and 3 is that in the latter one the owner of the private network does not necessarily have to know the visitor. > There could be 2 possibilities for specifying the AA requirements here: 1. The visitor authenticates to his service provider who has a direct relationship with the hosts NAP (Network Access Provider). Due to the relationship, it is possible to support QoS in the access network, e.g. by separating the hosts and visitors traffic by means of VLANs. 2. In the second scenario the visitor authenticates against a third party (like in FON). QoS in the access network can only be supported if the third party has a direct relationship with the hosts SP.

Slide Nr.: 13Mohit Thakur, Siemens AGMohit Thakur, Siemens AG Conclusion > Anytime & Anywhere services are constantly growing which leads to FMC technologies are being developed to provide nomadism, session continuity and roaming between fixed networks and mobile networks. > Multiprovider and multiservice networks have to be taken into consideration before designing any sort of AAA architecture.