Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced.

Slides:

Advertisements

Similar presentations

Inter WISP WLAN roaming

Advertisements

Authentication.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Encrypting Wireless Data with VPN Techniques

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

Security of Mobile Banking

Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN

WLAN-Cellular Interworking Rajesh S. Pazhyannur GTSS, Motorola

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Network Access and 802.1X Klaas Wierenga SURFnet

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.

1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.

Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Implementation and Evaluation of a Performance Enhancing Proxy for Wireless TCP Scenarios and Architecture.

802.1x EAP Authentication Protocols

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

IEEE Wireless Local Area Networks (WLAN’s).

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From ： Proceeding of the First International Conference on Security and Privacy for.

Secure Authentication System for Public WLAN Roaming Ana Sanz Merino Yasuhiko Matsunaga Manish Shah Takashi Suzuki Randy Katz.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

FTP. SMS based FTP Introduction Existing System Proposed Solution Block Diagram Hardware and Software Features Benefits Future Scope Conclusion.

WIRELESS LAN SECURITY Using

Wireless and Security CSCI 5857: Encoding and Encryption.

Interworking Architecture Between 3GPP and WLAN Systems 張憲忠, 何建民, 黃瑞銘, 紀嘉雄, 李有傑.

Doc.: IEEE /229r0 Submission Tan Pek-Yew, Panasonic Slide 1 March 2003 Interworking – QoS and Authorization Tan Pek Yew & Cheng Hong Panasonic.

1 Integrating 3G and WLAN Services in NTP SIP-based VoIP Platform Dr. Quincy Wu National Telecommunications Program Office

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

COMMUNICATION SYSTEMS, NETWORKS AND DIGITAL SIGNAL PROCESSING Fifth International Symposium July, 2006, Patras, Greece Security in Wireless Networks:

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

11/26 Integration of wireless LAN and 3G wireless - Interworking architecture between 3GPP and WLAN systems Ahmavaara, K.; Haverinen, H.; Pichna, R.; Communications.

2003/12/291 Security Aspects of 3G-WLAN Interworking 組別： 2 組員：陳俊文 , 李奇勇 , 黃弘光 , 林柏均

KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.

WLAN-GPRS INTEGRATION FOR NEXT-GENERATION MOBILE DATA NETWORKS 通訊工程所蔡名岳

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.

1. Outlines Introduction What is Wi-Fi ? Wi-Fi Standards Hotspots Wi-Fi Network Elements How a Wi-Fi Network Works Advantages and Limitations of Wi-Fi.

Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.

Wireless Network Security and Interworking

4.1 Security in GSM Security services – access control/authentication user  SIM (Subscriber Identity Module): secret PIN (personal identification number)

WLAN-GPRS Integration For Next-Generation Mobile Data Networks Wireless Communications IEEE 2002 報告者：陳崇凱.

輔大資工所在職研一報告人：林煥銘學號： Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.

Lecture 24 Wireless Network Security

Doc.: IEEE /209r0 Submission 1 March GPP SA2Slide 1 3GPP System – WLAN Interworking Principles and Status From 3GPP SA2 Presented.

General Packet Radio Service (GPRS)

Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.

Wireless security Wi–Fi (802.11) Security

Wi-Fi Technology PRESENTED BY:- PRIYA AGRAWAL.

November 2001 Lars Falk, TeliaSlide 1 doc.: IEEE /617r1 Submission Status of 3G Interworking Lars Falk, Telia.

多媒體網路安全實驗室 A Secure Privacy-Preserving Roaming Protocol Based on Hierarchical Identity-Based Encryption for mobile Networks 作者 :Zhiguo Wan,Kui Ren,Bart.

GPRS General Packet Radio Service Shay Toder – Ori Matalon The Department of Communication System Engineering Ben-Gurion University June 19, 2002.

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Wireless Data Security Peter Michel CSC 8560 February 24, 2004.

1 Special Topics in Computer Engineering Supervised by Dr. Walid Abu-Sufah Jordan University Department of Computer Engineering.

Integration of and Third-Generation Wireless Data Networks

Name:Shivalila A H,Shima

WGSN: WLAN-based GPRS Support Node

SECURING WIRELESS LANS WITH CERTIFICATE SERVICES

MAC Address Hijacking Problem

Security and Privacy in Pervasive/Ubiquitous Computing Systems

AAA: A Survey and a Policy- Based Architecture and Framework

LM 7. Cellular Network Security

Presentation transcript:

Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced Network Technology Lab. Institute of Communications Engineering National Chung Cheng University foolfish@ant.comm.ccu.edu.tw

Outline Introduction Other Solutions Architecture Authentication Protocol User Identity Format Authentication in GSM Authentication and Roaming Subscriber Identity Privacy Accounting and Billing System Implementation Conclusions

Introduction Reusing GSM and GPRS mechanisms for user authentication, access control, subscriber management, operator roaming, and billing. Compatible with RADIUS、EAP, IEEE 802.1x and IEEE 802.11i. WLAN service provider is a cellular operator. SIM-based/RADIUS-based Authentication. The first public WLAN solutions only provide for internet or intranet connectivity. 2001/1 first version of EAP SIM protocol 2001/3 core solution and draft It’s being standardized in 3GPP R6 Transfer NAAP to 802.1x

Other Solutions Reusing GPRS mobility management message. The user’s active GPRS sessions could be transferred to WLAN.

Authentication Server (AAA Server) Architecture IP Network SS7 Network Authentication Server (AAA Server) RADIUS Proxy Charging Gateway 802.11i Ki / IMSI 802.1x with EAP/SIM

Authentication Protocol AAA Network MAP : Mobile Application Part MTP : Message Transfer Part SCCP : Signaling Connection Control Part TCAP : Transaction Capabilities Application Part

User Identity Format MCC has 3 MNC has 2-3 MSIN has <= 10 Network Access Identifier (NAI) : foolfish.lin@comm.ccu SIM-based : [Mobile Country Code][Mobile Network Code][Mobile Subscriber Identification Number]

Authentication in GSM Ki AAA Network IMSI to E.214 RAND is 128 bit Ki is 128 but SERS is 32 bit Kc is 64 bit IMSI is E.212 AAA Network

Authentication and Roaming RAND (nonce,Kc,RAND)  MAC A3/A8 (nonce,Kc’,RAND)  MAC’ Kc’/SRES’

Subscriber Identity Privacy GSM networks protect the privacy of the subscriber identity with temporary identities (TMSI). WLAN system introduces a new type of temporary identities called pseudonyms. In the very first connection with an AS, the client always transmits the clear text IMSI and uses pseudonym as the username portion of the NAI in subsequent connections.

Subscriber Identity Privacy Pseudonyms  IMSI Why not TMSI? Because SIM could be used in WLAN and Cellular. So use pseudonyms. (Encrypted pseudonyms)

Accounting and Billing Access Network Auth. Server GTP’ proprietary GRPS charging in roaming scenarios has not yet been fully standardized. proprietary / FTP CDR : Charging Data Records CGF : Charging Gateway Functionality CG : Charging Gateway BS : Billing System GTP’ : GPRS Tunneling Protocol

System Implementation Nokia Operator Wireless LAN solution release 2.0 Nokia A036 AP Linux OS, ARM940, Kernel 2.4.17, PoE AS is based on PC-Server (Compaq) Windows NT 4.0, RADIUS, SIM auth. Software 10-20 terminal auth. exchanges/sec. An average connection time of 30 min, 18,000-36,000 simultaneous connections. For redundancy and load-balancing reasons it’s recommended to have always at least two ASs in a WLAN system.

Conclusions The solution is generic enough to be used on any access networks that support EAP. Loose coupling architecture. Subscriber Identity Privacy issue.