Jun Wang ([email protected])Anand Palanigounder ([email protected])
Peerapol Tinnakornsrisuphap ([email protected]) George Cherian ([email protected])
Chandru Sundarraman ([email protected])Jack Nasielski ([email protected])
June 09, 2009QUALCOMM Inc.
Page 1
Femto Access Control
Notice ©2009. All rights reserved.The contributors grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include all or portions of this contribution; and at the Organizational Partner’s sole discretion to permit others to reproduce in whole or in part such contribution or the resulting Organizational Partner’s standards publication. The contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution.This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. The contributors specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above.
FAP Access Control
2
• What is FAP Access Control? • Allow only mobiles that are part of the Access Control List (ACL) for a FAP to
access services through that FAP (aka Closed Subscriber Group or CSG in 3GPP)
• Types of Associations in 3GPP2– Open Association: Any mobile can register with the FAP and access services– Restricted Association: Only mobiles in the access control list for a given FAP
allowed to register and access service. Any other mobile NOT allowed any type of association.
– Signaling Association: Any mobile can register with FAP, but during service access mobile may be redirected to macro, if it’s not in the FAP ACL (i.e., mobile is not authorized to access service through the restricted FAP)
• Problem(s): • Which network entity decides whether a mobile is allowed to access through
FAP?• Which network entity enforce sthe ACL policy and how to enforce the policy?• How does the FAP know its types ?
• This presentation focuses on the network aspects of ACL
Page 2
HRPD/1x Packet Femto Architecture Update
Page 3
Ty
MS
Internet
(P)M
IP
For A12 Device Authentication
For Femto Device
Authentication
FGW
SeGW
FAP
A13
A16
-19
A10A11
AA
A(A
12)
FmAAA
(Axx
)
HRPD/1x
AAA
HA/LMA
PDSN
PCRF
Femto-AAA AN-AAA
HRPDAN
FMS
BS/AN
HRPD/1x Packet Femto Control Access Design
Page 4
FAP is served as the first level of enforcement point (EP)Only the first level of EP is proposed for this release
Femto-AAA stores FAP type and access control listAfter successful FAP authentication and authorization,
the FAP can access femto-AAA through SeGW using AAA protocol to request FAP type and access control list:NAI uses format of FEID@realmFemto-AAA returns FAP type and the associated access control list
Access control list for 1xPS services should use user’s MSID• Each FAP is associated with a list of allowed MSIDs (as part of the FAP
profile in Femto-AAA)Access control list for HRPD PS services can use
• Option 1: User’s NAI (Recommended Option)• Option 2: User’s MSID• Each FAP associated with a list of allowed MSIDs or User’s NAIs (as
part of the FAP profile in Femto-AAA)
How to Prevent FAP from Spoofing other FAP’s FEID
FAP SeGW Femto AAA
4. AAA Request (FEID@realm, Message Authenticator)
3. FAP uses FAP SS to compute Request Authenticator and Message
Authentication SS (MASS) to compute Message authenticator
2. IPsec is established
1. FAP Authentication (SeGW sends FAP SS and FGW’ s Message Authentication SS
received from Femto AAA to the FAP)
6. AAA Response (FEID, FAP Type, FAP ACL, Message Authenticator)
FGW (AAA Proxy)
1. FAP Authorization(Femto-AAA sends FAP SS and FGW’ s Message
Authentication SS to seGW)
5. Femto-AAA checks request Authenticator, if check is passed, the
Femto AAA computes Response authenticator and MASS
Proxy AAA checks message Authenticator)
Proxy AAA checks message Authenticator)
7. FAP obtains FAP information (FAP type, ACL etc)
Page 5
SIP Based 1x CS Femto Architecture Update
Page 6
HLR/AC
MSC
MC
MAP
Mg (SIP)
Fx3
Fx2 (SIP)
AAA
Ma or ISC
(SIP)
MAP
1xMacroCell A2
PDE MPC
Fm
ISUP
ISUP
TDM
TDM
Mm (SIP)
ISUPTDM
IPNetwork
Fx2 (SIP)
1x Macro BSC
A1 PSTN
1x
Femto Access Point
SIPUAMS
MGCF/MGW
IMS
IP MultimediaNetwork
PSAP
Fx1 (RTP)
FemtoSecurityGateway
FMS
Fx1 (RTP)
Fx1 (RTP)
Legend:FCS Femto Convergence ServerFMS Femto Management System
FemtoAAA
FCS
FGW
AAA
SIP Based 1x CS Femto Control Access Design
Page 7
FAP is the first level of Enforcement PointUpon the FAP authentication and authorization successful, the FAP can
access femto-AAA through SeGW using AAA protocol to request FAP type:NAI uses format of FEID@realmFemto-AAA returns FAP type and optionally the associated access
control listFor enterprise FAP, the Femto-AAA may not return ACL if ACL is too
longFCS is the second level of Enforcement Point
The FCS obtains FAP types and Access Control List from femto AAA (recommended one)FCS requests the access control list from femto-AAA using format of
FEID@realm through AAA protocol after SIP registration is successfulFemto-AAA stores FAP type and associated Access Control
ListAccess control list for 1x CS services should use mobile’s CS
service identity (MSID)• Each FAP associated with a list of allowed MSIDs (as part of the 1x FAP
profile in femto-AAA)• MSID can be either IMSI or MIN
Procedure for FAP as an Enforcement Point
Page 8
If the type is the open association:No special procedure for FAPThere is no ACL
If the type is the restricted association:FAP only allows the MS in ACL to access the system1x FAP rejects the RGM/ORM/PRM (or any air interface signaling) if
the MS is not in the ACLHRPD FAP rejects the HRPD session negotiation if the MS is not in
the ACLIf the type is the signaling association:
FAP allows all the MS to send signaling to the system1x FAP accepts the RGM/ORM/PRM (or any air interface signaling):
If the MS is not in the ACL, the FAP may redirect the MS to the Macro BS when the MS is establishing the call
HRPD FAP accepts the HRPD session negotiation with the MS If the MS is not in the ACL, the FAP may redirect the MS to the Macro
BS when the MS is establishing the data call
Procedures for FCS as an Enforcement Point
Page 9
FCS is aware of the associated FAP’s types and ACLIf the associated FAP type is the open association :
No special procedure in FCSIf the associated type is the restricted association :
FCS only allows the MS in ACL to access the systemFCS rejects the MS registration (and other SIP signaling
such as SIP Invite etc) if the MS is not listed in the ACLIf the associated type is the signaling association:
FCS allows all the MS to send SIP signaling to the system
FCS accepts the MS registration/MS Origination:If the MS is not in the ACL, the FCS may redirect the
MS to the Macro BS when the MS is establishing the call
Recommendations
Page 10
Add the Femto Access Control feature in the initial release:Make necessary updates to architecture specified in X.P0059-000Specify the HRPD/1x PS Femto Access Control feature in X.P0059-100Specify the 1x CS Femto Access Control feature in X.P0059-200Specify the FAP procedures in A.S0024
Adopt the following proposals as suggested in this contribution:Femto-AAA is the storage entity for FAP types and ACL based on
operator's configurationFAP receives FAP types and optional ACL from the Femto-AAAFAP is the first level of Enforcement Point for both 1x and HRPDFCS is the second level of Enforcement Point for 1x CS femto
Stage 2 and Stage 3 contributions will flow up
Annex
Page 11
Options for Storage Point and Enforcement Point
Page 12
Options for Storage Point for both CS and PS:Option 1: Femto-AAA/HAAA (recommended option)Option 2: FMS
Options for Enforcement Point (EP)SIP based CS Options:
Option SC1: FAP (Recommended to be 1st level of EP) Option SC2: FCS (Recommended be 2nd level of EP) Option SC3: EP (Separate Enforcement Point) Option SC4: FGW
PS Options: Option P1: FAP (Recommended to be 1st level of EP and be
included in the first Release) Option P2: PDSN (Recommended be 2nd level of EP and will be
added in future release) Option P3: EP (Separate Enforcement Point) Option P4: FGW
Procedures for PDSN as an EP and for AAA as Storage Point (1)If the associated FAP type is the open association:
No special procedure in PDSN and the HAAAIf the associated type is the restricted association:
Option 1: Allows PPP to be established (since the MS still can be authenticated). The HAAA indicates to the PDSN that the MS is not in ACL for the FEID. The PDSN moves A10 to the macro BS and release the A10 to the FAP by indicating the FAP that the MS is not in ACLThe PDSN can indicate to the MS through PPP VSP, and/orThe FAP can redirect the MS to the macro by indicating the
reason. For HRPD, the FAP will tear down the HRPD sessionOption 2: Does not allow the PPP to be established. The HAAA
indicates to the PDSN that the MS is not in ACL for the FEID. The PDSN release the A10 to the FAP by indicating the FAP that the MS is not in ACLThe PDSN sends LCP termination request to the MS and indicate
to the MS through either PPP VSP or LCP termination option, and/or
The FAP can redirect the MS to the macro by indicating the reason. For HRPD, the FAP will tear down the HRPD session
Option 3: Option 2 + return ACL to the PDSN so that the PDSN does not need to go to HAAA for PPP authentication for other MSs which is not in ACL
Page 13
Procedures for PDSN as an EP and for AAA as Storage Point (2)If the associated type is the signaling association:
Option 1: Allows PPP to be established (since the MS still can be authenticated).
The HAAA indicates to the PDSN that the MS is not in ACL for the FEID. When the data is received, the PDSN may send limited data to the FAP
and indicate the FAP that the MS is not in ACL through A11 signaling. The PDSN buffers the rest of the data until the Macro AN setup A10 with
the PDSN. The PDSN then release the A10 to the FAP. The PDSN can notify to the MS through PPP VSP, and/or The FAP can redirect the MS to the macro by indicating the reason.
Option 2: Allows PPP to be established (since the MS still can be authenticated).
The HAAA indicates to the PDSN that the MS is not in ACL for the FEID. The PDSN immediately moves A10 to the macro BS and release the A10
to the FAP by indicating the FAP that the MS is not in ACL The PDSN can indicate to the MS through PPP VSP, and/or The FAP can redirect the MS to the macro by indicating the reason.
Page 14