EAP over HRPD Comments Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.

Slides:

Advertisements

Similar presentations

Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu Qualcomm Inc. Notice: QUALCOMM Incorporated grants a free, irrevocable license.

Advertisements

Mobile IPv4 FA CoA Support in WLAN Interworking Raymond Hsu, Qualcomm Inc., Sanket S. Nesargi, Nortel, Nanying Yin,

Inter-AGW HO Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material.

Dynamic HA Assignment for MIPv4 in WLAN Interworking Raymond Hsu, Qualcomm Inc., Wing C. Lau, Qualcomm Inc., Notice:

MIP6-HA-Local-Assignment-Capability indication to MS Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners.

1 DSMIP6 Support QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota Notice.

IP Connectivity for E911 in HRPD/PDS Networks Page 1 IP Connectivity for Emergency Calls in HRPD/PDS Networks 3GPP2 Meeting, 1/07 IP Connectivity for Emergency.

XHRPD Example Scenario for MSS Masa Shirota Qualcomm Inc. July 15, GPP2 Dalian Meeting Recommendation: FYI Notice QUALCOMM Incorporated grants a.

3GPP2 A r0 3GPP2 C xxxr0 TSG-A WG3 and TSG-C WG2 Title: HRPD Redirect on EPC Unavailable Source: Mike DolanAlcatel-Lucent Dave.

HRPD Femto Local IP Access: Overview Peerapol Tinnakornsrisuphap Qualcomm October 27 th, GPP2 Seoul,

1 IP Service Authorization Support and Mobility Selection for X.S0011-E Source: QUALCOMM Inc.: Masa Shirota, George Cherian, Jun Wang,

1 UATI-IP address mapping Peerapol Tinnakornsrisuphap David Ott Qualcomm.

1 Title: Need for the Message Integrity of User traffic Abstract: From both: competitive and security standpoints, UMB standard should add the option of.

1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.

3GPP2 Network Evolution: Inter-working Across Technologies January 08, 2007 QUALCOMM Inc Notice Contributors grant a free, irrevocable license to 3GPP2.

1 cdma2000® Data Service Transition to NULL Support Jun Wang Ravi Patwardhan June 5, 2003 Recommendation -

Broadcast Area Based Management for BCMCS Quanzhong Gao Weidong Wu 04/05/2005.

Security Framework for (e)HRPD 1 S GPP2 TSG-S WG4 Source: QUALCOMM Incorporated Contact(s): Anand Palanigounder

1 IPsec-based MIP6 Security Qualcomm Inc. Starent Inc. Notice: Contributors grant free, irrevocable license to 3GPP2 and its Organization Partners to incorporate.

IP Packet Tunneling and Routing in UMB March 26 th, 2007 Qualcomm/Alcatel-Lucent/Hitachi Notice Contributors grant a free, irrevocable license to 3GPP2.

Authentication Profile for UICC- less eHRPD Terminals QUALCOMM Incorporated Contact(s): Anand Palanigounder Jun Wang.

80-VXXX-X A July 2008 Page 1 QUALCOMM Confidential and Proprietary PCC Support for cdma2000 QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

Broadcast/Multicast Priority List JUNHYUK SONG SAMSUNG Incorporated grants a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate.

QUALCOMM PROPRIETARY 3GPP2 Network Evolution Architecture Dec. 04, 2006 Lucent Technologies Nortel Networks Qualcomm Inc. Hitachi, Ltd Huawei Technologies.

1 Flow Mobility Support QUALCOMM Inc. George Cherian, Jun Wang, Masa Shirota

Why not EAP over PANA? Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable.

C August 24, 2004 Page 1 SMS Spam Control Nobuyuki Uchida QUALCOMM Incorporated Notice ©2004 QUALCOMM Incorporated. All rights reserved.

1 SeGW Certificate profile (Revised) 3GPP2 TSG-S WG4 /TSG-X WG5 (PDS) S X xx Source: QUALCOMM Incorporated Contact(s): Anand.

80-VXXX-X A July 2008 Page 1 QUALCOMM Confidential and Proprietary PMIP Comparison QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota

80-VXXX-X A July 2008 Page 1 QUALCOMM Confidential and Proprietary PCC Support for cdma2000 QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota

May 12, 2008 Alcatel Lucent, Cisco, Motorola, Nortel, Verizon ABSTRACT: Proposed is additional key hierarchy and derivation for EPS access over eHRPD.

Mobility Management in WLAN IW Inma Carrion, Vijay DevarapalliNokia Raymond HsuQualcomm Inc. Pete McCann, Frank AlfanoLucent Serge ManningSprint Notice:

1 Authentication and User Profile April 24, 2007 Jun Wang QUALCOMM Inc. Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization.

HRPD Connection Layer Protocols for Inter-technology Handoff March 31 st, 2008 Peerapol Tinnakornsrisuphap

Title: Placement of ROHC, Authenticator and Requirements for a robust Mobility Management Scheme Abstract: This contribution proposes a new architectural.

Dec GPP2 TSG-X PDS 1 BCMCS Higher-Layer Encryption Raymond Hsu, Jun Wang Qualcomm Inc. Dec Notice QUALCOMM Incorporated grants a free, irrevocable.

Jun Wang Anand Palanigounder Peerapol Tinnakornsrisuphap

UMB AIS Document Structure Ravi Patwardhan, Qualcomm QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2 and its Organizational.

July 21, 2008 Alcatel Lucent ABSTRACT: Proposed is key derivation for eHRPD RAN Handoff. RECOMMENDATION: Review and approve. Notice Contributors grant.

Background Both RoHCv1 and RoHC v2 are supported in 3GPP LTE R8 and R9

Active Call Hand-in in cdma2000 1x Airvana Qualcomm October 27 th, GPP2 Seoul, Korea Notice ©2008. All rights reserved. The contributors grants a.

Supporting Local Breakout in HRPD Femto Peerapol Tinnakornsrisuphap Qualcomm Doug Knisely

August 25, 2008 Alcatel Lucent ABSTRACT: 1x System Reliability is important in the face of major events, such as an earthquake. There are several ways.

Jun Wang Anand Palanigounder Peerapol Tinnakornsrisuphap

3GPP2 Network Evolution: UMB->HRPD Handoff October 16, 2007 Qualcomm Inc. Contact: Jun Wang Notice Contributors grant a free, irrevocable license to 3GPP2.

X xxx ZTE Discussion on cdma2000 Charging with PCC Title: Inter-RAT RAN information management protocol Stack Sources: NSN Contact: Scott Marin,

Page 1 Notice © All rights reserved. Qualcomm Incorporated grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate.

Comment to Limited Idle Mode Nortel Networksgrants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable.

1 Remote IP Access - Stage 2 Architecture proposal for adoption Peerapol Tinnakornsrisuphap Anand.

EHRPD-LTE Inter Technology Spectrum Optimization Source: Qualcomm Incorporated Contact: Jun Wang/George Cherian September 9, 2013 Notice ©2013. All rights.

Tunneling Protocol Structures for UMB to HRPD Interworking Linhai He Peerapol Tinnakornsrisuphap

X xx CT+ZTE PCC for cdma2000 MS Init Call Flows 1 1 Title: PCC for cdma2000 – MS-Init Call Flow Example Sources: CTC, ZTE Contact: CHINA TELECOM.

1 Title: Performance of Default Parameters for 1xEV-DO RTCMAC Source: Christopher Lott, QUALCOMM Incorporated , Date: Februrary.

1 HRPD Fast Handoff Jun Wang and Raymond Hsu Qualcomm Inc Notice: QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2 and its Organization.

80-VXXX-X A July 2008 Page 1 QUALCOMM Confidential and Proprietary PCC Support for cdma2000 QUALCOMM Inc. Jun Wang, George Cherian, Masa Shirota

0 软交换应用的探讨赵慧玲 2004 年 05 月 Dynamically Coverage Management By Caiqin Zhu(Catherine Zhu) China Telecom Apr © GPP2 China Telecom.

1 PPP Free Operation Mobility Management January 16, 2006 Jun Wang, Pete Barany, Raymond Hsu Qualcomm Inc Notice: Contributors grant free, irrevocable.

1 On 3GPP2 Femto Security Anand Palanigounder Qualcomm Inc. Notice: Contributors grant a free, irrevocable license to 3GPP2 and its Organization.

Signaling Packet Routing for Layer 3 approach in UMB-HRPD/1x interworking KDDI Corporation, Tsunehiko Chiba, Osamu.

C August 19, 2003 Page 1 SMS Push Teleservice Nobuyuki Uchida QUALCOMM Incorporated Notice ©2003 QUALCOMM Incorporated. All rights reserved.QUALCOMM.

Benefits of eBS for UMB Qualcomm Inc. January 08, 2007 Notice Contributors grant a free, irrevocable license to 3GPP2 and its Organization Partners.

1 MSI (Multiple Service Instances) Ravindra Patwardhan QUALCOMM Incorporated Review and approve for D Notice QUALCOMM.

WLAN IW Enhancement for Multiple Authentications Support QUALCOMM Inc.: Raymond Hsu, QUALCOMM Inc.: Masa Shirota,

Clarifications on Work Split among TSG-X/A for 3GPP2 Network Evolution March 26, 2007 Airvana/Alcatel-Lucent/CTC/Fujitsu/ Hitachi/KDDI/NEC/Qualcomm/ZTE.

1 IP Service Authorization Support and Mobility Selection Source: QUALCOMM Inc.: Masa Shirota, George Cherian, Jun Wang,

Inter-RAT Measurement Control Jungsoo Jung Samsung Electronics Samsung Electronics grants a free, irrevocable license to 3GPP2 and.

Source: Qualcomm Incorporated Contact: Jun Wang, George Cherian March 1, 2010 Page 1 3GPP2 Femtocell Phase II Femto Access Control Enhancement Notice ©

Requirement for Proxy Mobile IP tunnel for AGW-eBS data tunnel Qualcomm, Inc. Contributors grant a free, irrevocable license to 3GPP2 and its Organization.

E-UTRAN - HRPD rev B Interworking

Presentation transcript:

EAP over HRPD Comments Qualcomm, Inc. Vidya Narayanan, Dondeti, Lakshminath, Jun Wang, Pete Barany Notice: QUALCOMM Incorporated grants a free, irrevocable license to 3GPP2 and its Organization Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include portions of the contribution; and at the Organization Partner’s sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner’s standards publication. QUALCOMM Incorporated is also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution. This document has been prepared by QUALCOMM Incorporated to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on QUALCOMM Incorporated. QUALCOMM Incorporated specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of QUALCOMM Incorporated other than provided in the copyright statement above.

Background BW, Nokia, Starent, Samsung submitted a contribution (X ) to comment on QUALCOMM contribution regarding EAP over HRPD proposal The group had a briefly discussed in the meeting Although we discussed and answered some of the questions, the group agreed to continue the discussions via exchanges due to time limitation This presentation addresses the all issues that raised by X

Comment #1 This fixed-network-originated model is lacking the 4th element: Enforcement Point (or, NAS port). Splitting the NAS into NAS Authenticator (e.g., on PDSN) and multiple NAS ports (e.g., ANs) is needed for efficient AAA in the face of mobility.  Authenticator can be the Enforcement point.  RFC3748 already allows the model where the authenticator comprises of multiple ports or a virtual authenticator that encompasses multiple ports. Hence, inherently, this is supported in any protocol that does EAP.  In addition, we proposed session/context transfer between authenticators and there is no need to access HAAA when the handoff occurs between two authenticators.

Comment #2 Simply assigning a protocol ID in the lower layer is not sufficient to design an EAP transport, especially for mobile and wireless systems. Things like orderly delivery, state and session management, channel binding, key scoping, replay and DoS prevention require additional bits be carried either as other payloads along EAP or otherwise EAP lower layer requirements are specified in RFC3748. Here is a list of reqs and non-reqs from 3748: –Unreliable transport is a non-req (if xport is unreliable, it must be resilient to Success and Failure messages being lost). –Lower layer error detection is required. –Lower layer security is a non-req. –Lower layer fragmentation and reassembly is desirable. –Non-duplicate delivery is desirable (this applies when the lower layer is reliable to begin with) –Ordering guarantee from lower layer is required. EAP over HRPD meets all of the above Channel binding, state/session management, key scoping, replay and DoS prevention, etc. quoted above in the comment are not specified EAP lower layer requirements. In addition, we have submitted GEE protocol to IETF to address allowing parallel access and service authentications etc.

Comment #3 This approach forces the NAS to be on the AN. If 3GPP2 needs to support NAS on the PDSN, then additional protocol work is needed. The complexity of the additional protocol work (either split MAC, or EAP forwarding/proxying) is open for discussion. The proposal is to have the authenticator in the RRM for access authentication. Even if the authenticator is in the PDSN for service authentication, that only means that the RRM is simply relaying the EAP messages between the PDSN and the AT and it is less complex than running EAP over PANA over UDP over IP.

Comment #4 Unless we know for sure that the lower layers will always provide reliable delivery, omission of an (EAP Success/Failure) acknowledgement from the AT is a bad design (not to be copied from other EAP lower layers). It can lead to loss of state synchronization, deadlock, layer violations, or added inter-layer communication. The RLP sequence number provides reliable unicast delivery.

Comment #5 Due to lack of cryptographic binding between the EAP-AKA and EAP-MD5, this design is open to MitM attacks. EAP-AKA supports mutual authentication. EAP-MD5 runs inside a mutually authenticated secure channel, and so no cryptographic binding is required as a MiTM attack is not possible on a mutually authenticated channel. In addition, EAP-MD5 is just an example we are using in the contribution.