1 / 15

Packet Data Roaming in IS-835

Packet Data Roaming in IS-835. Raymond Hsu rhsu@qualcomm.com May 8, 2002. Outline. IS-835 Status Network diagram Data roaming via Mobile IP Mobile IP authentication methodology Mobile IP registration detail Security between visited & home networks Private address support

russ
Télécharger la présentation

Packet Data Roaming in IS-835

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Packet Data Roamingin IS-835 Raymond Hsu rhsu@qualcomm.com May 8, 2002

  2. Outline • IS-835 Status • Network diagram • Data roaming via Mobile IP • Mobile IP authentication methodology • Mobile IP registration detail • Security between visited & home networks • Private address support • Data roaming accounting • Always-on • Push services

  3. IS-835 Status • IS-835 was published Dec. 2000. • Simple IP, Mobile IP, accounting, etc. • IS-835-A was published May 2001. • Mainly bug fix for IS-835. • IS-835-B is in TIA ballot review, to be published in Summer of 2002. • Dynamic HA assignment, always-on, fast handoff, ROHC, IPv6, QoS, etc. • IS-835-C, work in progress. • More QoS, 0-byte header compression, broadcast/multicast, Diameter, etc. • 3GPP2 TSG-P and TR-45.6 jointly develop the series of IS-835 specifications.

  4. Network Diagram & Protocol Stack • PDSN terminates PPP and hosts Mobile IP FA. • AAA performs authentication, authorization, and accounting. • PCF can be integrated with BSC. • HA resides in carrier’s network or a private network. = New entities for 3G wireless IP network HLR AAA HA MSC A8/A9 A10/A11 PDSN Internet MS BTS BSC PCF IP IP PPP PPP IS-2000 Radio Network IP Tunnel IP Network IP Tunnel

  5. Data Roaming via Mobile IP Home network access from a visited carrier via Mobile IP: • MS registers and is authenticated via ANSI-41. • MS originates the packet data service (SO 33) and is allocated with resource (traffic channel, A8/A10 connections). • MS establishes a PPP session with PDSN in visited network. • MS performs Mobile IP registration with HA in home network. • Packets are protected between PDSN and HA.

  6. Mobile IP Registration Authentication – Two Steps • Step1: MS is authenticated by home RADIUS server. • MS and RADIUS server have a shared secret indexed by NAI. • The purpose is to authenticate the MS for access control and accounting. • This authentication is analogous to CHAP for Simple IP. • Step 2: MS is authenticated by HA. • MS and HA have a shared secret indexed by NAI. • It may be statically configured. • It may be derived from the MS-RADIUS shared secret. • The purpose is to authenticate the MS for mobility binding and address allocation.

  7. Mobile IP Registration PDSN (FA) Visited RADIUS Home RADIUS MS BSC/PCF HA Agent Advertisement Registration Request Access Request Access Request Step 1 Access Accept Access Accept Registration Request Step 2 Registration Reply Registration Reply

  8. Mobile IP Registration Step 1: MS is authenticated by home RADIUS server. • MS receives Agent Advertisement • It contains FA COA and Challenge. • If FA COA has changed, MS starts Mobile IP registration. • MS sends Registration Request. • It contains NAI, Challenge Response, Challenge, and MN-HA Authentication Extensions. • MS is required to use a static HA in IS-835-A. • MS may use static home address or request for a dynamic home address. • PDSN forms an Access Request • Access Request contains NAI, Challenge, and Challenge Response. • Access Request is routed to the MS’s home RADIUS server based on NAI. • Home RADIUS server verifies the Challenge Response and replies Access Accept if successful.

  9. Mobile IP Registration Step 2: MS is authenticated by HA. • Upon receiving Access Accept, PDSN forwards the Registration Request to HA. • The HA authenticates the MS. • The HA assigns an address (if requested by the MS). • The HA updates the mobility binding. • Associate the MS’s home address with the FA COA. • The binding has a lifetime. • The HA sends Registration Reply to PDSN. • MN-HA Authentication Extension, MS’s home address, lifetime • The PDSN adds the MS to the visitor-list • Binds the MS’s home address and HA address to the MS’s A10 connection ID. • The PDSN forwards Registration Reply to MS. • The MS authenticates the HA.

  10. FA-HA Security • For packet data roaming, it is desirable to protect packets between PDSN/FA and HA. • FA-HA Authentication Extension • Integrity protection for Mobile IP registration messages • Prevent rogue FA (man-in-the-middle attack) • IPSec • Provide encryption on all packets • Use IKE to establish security association • Reverse tunneling • Tunnel all mobile-originated packets from FA to HA • More latency due to triangular routing • Gain IPSec protection

  11. Private Address Support • HA may assign a private IP address to MS via Mobile IP registration. • MS uses the private address to access servers in home network. • Reverse tunneling is required. • MS can access the Internet via home network that performs NAT. • Two MSs served by the same PDSN may be assigned with the same private IP address. • This is possible if two HAs coincidentally assign the same address. • Not possible if the two MSs are served by the same HA. • Not a problem at the PDSN • In the reverse direction, an A10 connection is mapped to a reverse tunnel identified by the MS’s home address and HA address. • In the forward direction, an HA-to-FA tunnel is mapped to an A10 connection. • Source address of the outer packet is the HA address. • Destination address of the inner packet is the MS’s home address.

  12. Data Roaming Accounting Billing System Home AAA • BSC/PCF collects airlink records (e.g. airtime, MS’s ID, etc.) • BSC/PCF sends airlink records to PDSN. • Triggered by an event (e.g. A10 connection set-up or tear-down) • PDSN collects data records (e.g. packet/byte counts, IP addresses, etc.) • PDSN sends to AAA the usage records consisting of airlink records and data records. • Triggered by an event (e.g. PPP session establishment or termination), • AAA is an accounting collection point for the billing system. • Visited AAA forwards copies of usage records to home AAA. BSC/PCF Billing System Visited AAA Airlink Records PDSN Usage Records

  13. Always On • Simple IP • Disable the PPP inactivity timer. • If MS is dead or moves to a new PDSN serving area, PPP state remains in the old PDSN. • Bad for PDSN with limited PPP resource. • Use LCP Echo. • If PPP inactivity timer expires, PDSN sends LCP Echo-Request to MS. If the MS responds, PDSN refreshes the timer; otherwise, PDSN removes the PPP state. • Detect zombie PPP in PDSN. • Will be supported in IS-835-B. • Mobile IP • Before the registration lifetime expires, MS performs Mobile IP registration to refresh the binding in HA and PDSN. • PPP inactivity timer is set larger than the registration lifetime.

  14. Always-On Issues • Some carriers have limited globally routable addresses. • Private addressing helps, but NAT is not perfect! • Breaks end-to-end IPSec • More processing & latency • IPv6 helps, but most servers today are IPv4 • Require IPv6-IPv4 interworking

  15. Push Services • If Push Server (PS) knows the MS’s IP address, the PS can send data to the MS. • MS initially establishes a packet data session • MS is assigned an IP address via IPCP (if Simple IP is used) or Mobile IP registration. • The entity that assigns the address uses RFC 2136 to update the carrier’s DNS server. • PS queries the DNS server for the MS’s IP address. • DNS update will be supported in IS-835-B. • If MS is always on, PS should be able to find the MS’s IP address and push data to the MS. • According to the current standards, if MS is off or idle without a packet data session, PS will not be able to push data to the MS.

More Related