1 / 12

後卓越計畫 進度報告 楊舜仁老師實驗室 2006.12.06

後卓越計畫 進度報告 楊舜仁老師實驗室 2006.12.06. 3GPP-WLAN Interworking (collaboration with ICL/ITRI). 3GPP AAA Server. WLAN UE. WLAN AN. HSS/HLR. WAG. 1.802.11 probe request. 2.802.11 probe response. 3.802.11 open system authentication request. 4.802.11 open system authentication response.

jock
Télécharger la présentation

後卓越計畫 進度報告 楊舜仁老師實驗室 2006.12.06

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 後卓越計畫 進度報告 楊舜仁老師實驗室 2006.12.06

  2. 3GPP-WLAN Interworking (collaboration with ICL/ITRI)

  3. 3GPP AAA Server WLAN UE WLAN AN HSS/HLR WAG 1.802.11 probe request 2.802.11 probe response 3.802.11 open system authentication request 4.802.11 open system authentication response 5.802.11 association request 6.802.11 association response WLAN Authentication Message Flow (1)

  4. WLAN Authentication Message Flow (2) 3GPP AAA Server HSS/ HLR WLAN UE WLAN AN WAG 7. EAP Request /Identity 8. EAP Response /Identity NAI based temp identifier or IMSI 9. EAP Response /Identity NAI based temp identifier or IMSI 10. AV retrieval 11. Multimedia Auth Answer AV(1….n)

  5. WLAN Authentication Message Flow (3) 3GPP AAA Server HSS/ HLR WLAN UE WLAN AN WAG 12. EAP Request /SIM-Start [AT_VERSION_LIST] 13. EAP Request /SIM-Start [AT_VERSION_LIST] 14. EAP Response / SIM-Start [AT_NONCE_MT, AT_SELECTED_VERSION] 15. EAP Response / SIM-Start [AT_NONCE_MT, AT_SELECTED_VERSION] 16. EAP Request /SIM-challenge [AT_RAND AT_MAC] 17. EAP Request /SIM-challenge [AT_RAND AT_MAC]

  6. WLAN Authentication Message Flow (4) 3GPP AAA Server HSS/ HLR WLAN UE WLAN AN WAG Peer runs GSM algorithms, verifies AT_MAC and derives session keys 18. EAP Response /SIM-challenge[AT_MAC] 19. EAP Response /SIM-challenge[AT_MAC] Verifies AT_MAC 21. EAP Success [keying material] 20. Policy enforcement delivery 22. EAP Success

  7. PDG Authentication Scenario

  8. IMS Authentication MS SGSN HSS/AuC CSCF PDP Context Activation Register (impi) Multimedia Auth Request (impi) Multimedia Auth Answer AV(1….n) 401 Unauthorized (RAND || AUTN) Select authentication vector AV Register (RES) Compare RES and XRES Server Assignment Request Server Assignment Answer 200 OK

  9. Message flow of EAP-SIM (briefly) EAP/identity EAP/identity EAP/SIM-start EAP/SIM-start EAP/SIM-start EAP/SIM-challenge EAP/SIM-challenge EAP/SIM-challenge EAP/Success(failure) EAP/Success(failure) Client Server Client Server Original Our scheme

  10. Our Proposed Scheme on PDG Scenario (1) Station TTG GGSN AAA srv HLR/ HSS 1.IKE_SA_INIT [Hdr , SA ,D_H value , Nonces] 2.IKE_AUTH Request [Hdr , IDi(user ID) ,IDr(W-APN) , CP , SAi2 , TSi, TSr] 3.EAP-Resp/Identity [User ID , W-APN 4.Check user’s subscription on if tunnel is allowed User profile and AVs retrieval if needed 5.EAP-Req/SIM-Start 6.IKE_AUTH Request [Hdr , IDr(PDG ID) , Cert , AUTH , EAP-Req/SIM-Start] 7.IKE_AUTH Response [Hdr,EAP-Resp/SIM-Challenge] 8.EAP-Resp/SIM-Challenge 9.EAP-Success + keying material 10.AUTH payload is computed using the keying material (MSK) 11.IKE_AUTH Response [Hdr,EAP-Success ] 12.IKE_AUTH Request [Hdr,AUTH]

  11. Our Proposed Scheme on PDG Scenario (2) Station TTG GGSN AAA srv HLR/ HSS 13 Check the correctness of AUTH payload 14.Create PDP Context request 15.Create PDP Context response 16.IKE_AUTH Response [Hdr , AUTH , CP , SAr2 , TSi , TSr]

  12. IMS Authentication Reduction HSS/AuC MS SGSN CSCF PDP Context Activation Select a rand and compute CK=f3k(rand) IK=f4k(rand) (impi,imsi,rand) (Impi rand) Store the (imsi,impi) pair (Impi , rand) Retrieve the IMSI value (IMSIHSS(impi) , User profile ,CK , IK) Check if IMSIHSS(impi)=imsi 200 OK Compute CK=f3k(rand) IK=f4k(rand)

More Related