3com confidential proprietary 3g cdma aaa function yingchun xu 3com

3Com Confidential Proprietary

3G CDMA AAA FunctionYingchun Xu

3COM


3G CDMA AAA Requirements

• Mobile Node Authentication in Foreign Network– Essential for Billing

• Mobile Node Authentication in Home Agent– Protects User Data Hijacking

• Quick Mobile Node Handoff Authentication– Reduces handoff data loss/delay

• Roaming Support

• Easier Mobile Node Provision

• Packet Data Accounting


Mobile IP AAA Servers

• RADIUS– Deployed in Dial-in Access Network

– Simple and Stateless Operation

– IETF RFC 2138 and RFC 2139

– Limited Support of 3G AAA Requirements

• DIAMETER– IETF Draft

– Super set of RADIUS

– Supports 3G AAA Requirements

• RADIUS Accounting + PKI (Public Key Infrastructure)– Flexible

– Requires lots of computation

– IETF Draft


3Com Recommendation

• RADIUS in Version 1

• PKI+RADIUS extension or DIAMETER in Version 2


Reasons

• RADIUS is simple.• RADIUS has been deployed in Dial-in service for awhile.• RADIUS works but with limited Mobile IP and roaming

support. – For example, it does not support dynamic key distribution. Keys

are required to be statically configured.– Proxy function requires static configuration. There is no protocol

support for dynamic resolution of AAA server.• DIAMETER and RADIUS extension + PKI are not mature. It will

take some time to settle down.• DIAMETER is in IETF draft state. We don't want to build a AAA

used only for CDMA. • We need to support ISPs which have deployed RADIUS as

Home AAA.


What we get with RADIUS

• Packet Accounting: fully supports CDG specified accounting parameters.

• Mobile IP Foreign Agent Challenge/Response– Required to build trust relationship for billing.

• Dynamic Home Address Assignment feature from DIAMETER can be easily implemented in Home Agent.– Home Agent manages and assigns temporary Home

Address.• Roaming support by static configuration.• Mobile node authentication through static configuration

of shared key between mobile nodes and its Home Agents.


What we get with DIAMETER

• Foreign Agent Challenge/Response.• Dynamic Key distribution for temporary Mobile

IP registration authentication.• Dynamic resolution of proxy AAA server.• Packet Data Accounting.• Dynamic Home Address Assignment.• First Time Mobile IP Registration through

DIAMETER.


3Com Proposed RADIUS Based Foreign Agent Challenge/Response Implementation (First Time

Registration)M N PD SN Visit R AD IU S H A H om e R AD IU S

AgentAdvertise (C hallenge)

R egR eq (C hallenge, M N -AAA, N AI)

AccessR eq (C H AP)

AccessR eply(ok)

R egR eq

R egR eply

H om eAddressAssignm ent if necessary

R egR eply

AccessR eq (C H AP)

AccessR eply(ok)


3Com Proposed RADIUS Based Foreign Agent Challenge/Response Implementation (Consecutive

Registration)M N PD SN Visit R AD IU S H A H om e R AD IU S

AgentAdvertise (C hallenge)

R egR eg

R egR eq

R egR eply

R egR eply


Security Association

Fore ign R AD IU S H om e R AD IU S

H om e Agent

(M)

(M )

PD SN

M obile N ode (M )

(O)

(O )

3com confidential proprietary 3g cdma aaa function yingchun xu 3com

Documents