Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced.

Published byKatrina Flynn Modified over 9 years ago

Similar presentations

Presentation on theme: "Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced."— Presentation transcript:

1 Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced Network Technology Lab. Institute of Communications Engineering National Chung Cheng University

2 Outline Introduction Other Solutions Architecture
Authentication Protocol User Identity Format Authentication in GSM Authentication and Roaming Subscriber Identity Privacy Accounting and Billing System Implementation Conclusions

3 Introduction Reusing GSM and GPRS mechanisms for user authentication, access control, subscriber management, operator roaming, and billing. Compatible with RADIUS、EAP, IEEE 802.1x and IEEE i. WLAN service provider is a cellular operator. SIM-based/RADIUS-based Authentication. The first public WLAN solutions only provide for internet or intranet connectivity. 2001/1 first version of EAP SIM protocol 2001/3 core solution and draft It’s being standardized in 3GPP R6 Transfer NAAP to 802.1x

4 Other Solutions Reusing GPRS mobility management message. The user’s active GPRS sessions could be transferred to WLAN.

5 Authentication Server (AAA Server)
Architecture IP Network SS7 Network Authentication Server (AAA Server) RADIUS Proxy Charging Gateway 802.11i Ki / IMSI 802.1x with EAP/SIM

6 Authentication Protocol
AAA Network MAP : Mobile Application Part MTP : Message Transfer Part SCCP : Signaling Connection Control Part TCAP : Transaction Capabilities Application Part

7 User Identity Format MCC has 3 MNC has 2-3 MSIN has <= 10 Network Access Identifier (NAI) : SIM-based : [Mobile Country Code][Mobile Network Code][Mobile Subscriber Identification Number]

8 Authentication in GSM Ki AAA Network IMSI to E.214 RAND is 128 bit
Ki is 128 but SERS is 32 bit Kc is 64 bit IMSI is E.212 AAA Network

9 Authentication and Roaming
RAND (nonce,Kc,RAND)  MAC A3/A8 (nonce,Kc’,RAND)  MAC’ Kc’/SRES’

10 Subscriber Identity Privacy
GSM networks protect the privacy of the subscriber identity with temporary identities (TMSI). WLAN system introduces a new type of temporary identities called pseudonyms. In the very first connection with an AS, the client always transmits the clear text IMSI and uses pseudonym as the username portion of the NAI in subsequent connections.

11 Subscriber Identity Privacy
Pseudonyms  IMSI Why not TMSI? Because SIM could be used in WLAN and Cellular. So use pseudonyms. (Encrypted pseudonyms)

12 Accounting and Billing
Access Network Auth. Server GTP’ proprietary GRPS charging in roaming scenarios has not yet been fully standardized. proprietary / FTP CDR : Charging Data Records CGF : Charging Gateway Functionality CG : Charging Gateway BS : Billing System GTP’ : GPRS Tunneling Protocol

13 System Implementation
Nokia Operator Wireless LAN solution release 2.0 Nokia A036 AP Linux OS, ARM940, Kernel , PoE AS is based on PC-Server (Compaq) Windows NT 4.0, RADIUS, SIM auth. Software 10-20 terminal auth. exchanges/sec. An average connection time of 30 min, 18,000-36,000 simultaneous connections. For redundancy and load-balancing reasons it’s recommended to have always at least two ASs in a WLAN system.

14 Conclusions The solution is generic enough to be used on any access networks that support EAP. Loose coupling architecture. Subscriber Identity Privacy issue.

Download ppt "Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
Authentication.

Authentication.
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
Security of Mobile Banking

Security of Mobile Banking
Omniran-13-0040-00-0000 1 3GPP Trusted WLAN Access to EPC Use Case Analysis Date: 2013-05-15 Authors: NameAffiliationPhoneEmail Max RiegelNSN+49 173 293.

Omniran GPP Trusted WLAN Access to EPC Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN
WLAN-Cellular Interworking Rajesh S. Pazhyannur GTSS, Motorola

WLAN-Cellular Interworking Rajesh S. Pazhyannur GTSS, Motorola
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Network Access and 802.1X Klaas Wierenga SURFnet

Network Access and 802.1X Klaas Wierenga SURFnet
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
Doc.: IEEE 802.11-04/0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.

Doc.: IEEE /0407r0 Submission Andrew Myers, BT Slide 1 March 2004 WLAN Backend System Security and WLAN Interworking Security Andrew Myers British.
1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.

1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.
Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.

Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.
An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

An Architectural Framework for Providing WLAN Roaming D.Vassis G.Kormentzas Dept. of Information and Communication Systems Engineering University of the.

Similar presentations

Ads by Google