3com confidential proprietary 3g cdma aaa function yingchun xu 3com
TRANSCRIPT
3Com Confidential Proprietary
3G CDMA AAA FunctionYingchun Xu
3COM
3Com Confidential Proprietary
3G CDMA AAA Requirements
• Mobile Node Authentication in Foreign Network– Essential for Billing
• Mobile Node Authentication in Home Agent– Protects User Data Hijacking
• Quick Mobile Node Handoff Authentication– Reduces handoff data loss/delay
• Roaming Support
• Easier Mobile Node Provision
• Packet Data Accounting
3Com Confidential Proprietary
Mobile IP AAA Servers
• RADIUS– Deployed in Dial-in Access Network
– Simple and Stateless Operation
– IETF RFC 2138 and RFC 2139
– Limited Support of 3G AAA Requirements
• DIAMETER– IETF Draft
– Super set of RADIUS
– Supports 3G AAA Requirements
• RADIUS Accounting + PKI (Public Key Infrastructure)– Flexible
– Requires lots of computation
– IETF Draft
3Com Confidential Proprietary
3Com Recommendation
• RADIUS in Version 1
• PKI+RADIUS extension or DIAMETER in Version 2
3Com Confidential Proprietary
Reasons
• RADIUS is simple.• RADIUS has been deployed in Dial-in service for awhile.• RADIUS works but with limited Mobile IP and roaming
support. – For example, it does not support dynamic key distribution. Keys
are required to be statically configured.– Proxy function requires static configuration. There is no protocol
support for dynamic resolution of AAA server.• DIAMETER and RADIUS extension + PKI are not mature. It will
take some time to settle down.• DIAMETER is in IETF draft state. We don't want to build a AAA
used only for CDMA. • We need to support ISPs which have deployed RADIUS as
Home AAA.
3Com Confidential Proprietary
What we get with RADIUS
• Packet Accounting: fully supports CDG specified accounting parameters.
• Mobile IP Foreign Agent Challenge/Response– Required to build trust relationship for billing.
• Dynamic Home Address Assignment feature from DIAMETER can be easily implemented in Home Agent.– Home Agent manages and assigns temporary Home
Address.• Roaming support by static configuration.• Mobile node authentication through static configuration
of shared key between mobile nodes and its Home Agents.
3Com Confidential Proprietary
What we get with DIAMETER
• Foreign Agent Challenge/Response.• Dynamic Key distribution for temporary Mobile
IP registration authentication.• Dynamic resolution of proxy AAA server.• Packet Data Accounting.• Dynamic Home Address Assignment.• First Time Mobile IP Registration through
DIAMETER.
3Com Confidential Proprietary
3Com Proposed RADIUS Based Foreign Agent Challenge/Response Implementation (First Time
Registration)M N PD SN Visit R AD IU S H A H om e R AD IU S
AgentAdvertise (C hallenge)
R egR eq (C hallenge, M N -AAA, N AI)
AccessR eq (C H AP)
AccessR eply(ok)
R egR eq
R egR eply
H om eAddressAssignm ent if necessary
R egR eply
AccessR eq (C H AP)
AccessR eply(ok)
3Com Confidential Proprietary
3Com Proposed RADIUS Based Foreign Agent Challenge/Response Implementation (Consecutive
Registration)M N PD SN Visit R AD IU S H A H om e R AD IU S
AgentAdvertise (C hallenge)
R egR eg
R egR eq
R egR eply
R egR eply
3Com Confidential Proprietary
Security Association
Fore ign R AD IU S H om e R AD IU S
H om e Agent
(M)
(M )
PD SN
M obile N ode (M )
(O)
(O )