3 GPPSA 3 LI43 San Fanscico 15 Nov

  • Slides: 17
Download presentation
3 GPP/SA 3 -LI#43 San Fanscico, 15 Nov– 18 Nov 2011 Tdoc SA 3

3 GPP/SA 3 -LI#43 San Fanscico, 15 Nov– 18 Nov 2011 Tdoc SA 3 LI 11_115 MNO Cloud Use Case 2 Source: Rogers Wireless Contact: Ed O’Leary (ed. [email protected] rogers. com), George Babut ([email protected] rogers. com)

Introduction • This document provides additional use cases and provides a brief description of

Introduction • This document provides additional use cases and provides a brief description of the first Cloud Use Case as reference

List of Potential Cloud Use Cases relevant to LI Work • Use Case 1:

List of Potential Cloud Use Cases relevant to LI Work • Use Case 1: Filing Sharing Service with single MNO • Use Case 2: MNO uses a Cloud server – Use Case 2 a: MNO uses a Cloud server that provides redirection • Use Case 3: The MNO hosts a cloud in its network • Use Case 4: SMB or Enterprise use multiple MNO networks • Use Case 5: Same as Use Case 4, but each MNO has a Cloud Server that proxies (extension of Use Case 2) • Use Case 6: Same as use case 6, however MNO cloud server provides redirection (extension of Use Case 2 a) to the 3 rd party cloud App server • Use Case 7: SMB or Enterprise use multiple MNO with their own Clouds (extension of Use Case 4) • Use Case 8: Enterprise extension to the cloud • Use Case 9; Local Break out

Use case 2 • MNO uses a Cloud server – MNO deploys a Cloud

Use case 2 • MNO uses a Cloud server – MNO deploys a Cloud server Application that provides access to the real cloud • Client application • Could be an IMS application – Real cloud is as in Use one, third party, that may be anywhere or relocated anywhere in the regulatory domains – MNO internal DNS resolves URI request to the MNO cloud server application – the external DNS resolves the URI requests for the Cloud server to an MNO Cloud Server – This server proxies all request to the cloud location, hiding and recording all transactions • Allows multiple services and white label clouds to be supported

Use case 2 issues • It may be required to handle lots of transactions

Use case 2 issues • It may be required to handle lots of transactions – N number of hosted cloud services, • It may be Attacked or spoofed (more than so than the core network, as it contains IPR (SMB files)) • Not as efficient as other cases, scaling • Allows clients to act as a network share – Access to files only when requested – May be difficult to issue a warrant, as device may in a different regulatory domain (roaming) • It may or may not have access to the crypto keys for secure content • Captures all transactions • Registered Domains (administration)

Use case 2 issues • How would cloud server application be identified to LEA?

Use case 2 issues • How would cloud server application be identified to LEA? – URI redirection may not provide enough information as to the type of service • Ie file share, or music, or email – Crypto keys on content • What applications would be used to authenticate users prior to redirection to real cloud – Ie users that masquerade as targets – What other information is required to authenticate user/ target • Nothing precludes target for providing an associate with proper credentials to access the cloud services – What other information is gathered – MNO side and Non MNO side » HTTP get/ or application API information (what is encrypted and what is not) » IP address » Mac_ID » …

Use case 2 a • MNO uses a Cloud server – MNO deploys a

Use case 2 a • MNO uses a Cloud server – MNO deploys a Cloud server Application that provides access to the real cloud • Client application • Could be an IMS application – Real cloud is as in Use one, third party, that may be anywhere or relocated anywhere in the regulatory domains – the DNS resolves the URI requests for the Cloud server to an MNO Cloud Server – The cloud server Authenticates the user per service and provides a redirection to the real cloud and the resource requested – In general no content passed through the cloud Server – LEA will capture CII on the cloud server – It may be possible to augment the Cloud server to provide capture of content as in use case 2, if cloud server included LEA target capture

Use case 2 a Issues Redirection • Note that some form of authorizations should

Use case 2 a Issues Redirection • Note that some form of authorizations should be used on this, else the user with the redirected URI, can easily modify that URI to access other resources/ files on the server. Ie www. rogers. com/files/pdf/file. pdf – Many servers may allowing the user to access the file directory by modifing the URI to www. rogers. com/files/ – But access block www. rogers. com/files/pdf/ – So access to these other locations will not be captured by LEA – Who controls the file access (user, MNO, cloud app? ) • Captures all file requests, but may not capture all content • Implementation may allow the 3 rd party Cloud to send to the cloud server file contents (for LEA and other government enterprise requirements (archival purposes)) or deleted files • User access directly files from the Cloud – “off loads” delivery and access to cloud from the MNO cloud server – Concern over access locally on 3 rd party server to logs, or by the 3 rd party service provider to log, and or admin activities/ alarms of data sent to MNO cloud server.

Use case 2 a Issues • Access to content – Implementation may not be

Use case 2 a Issues • Access to content – Implementation may not be standardize • LI correlation issues – Crypto keys • May all be on the real cloud

Reference

Reference

Use Case 1 General • MNO offers a cloud service, File Sharing Service, see

Use Case 1 General • MNO offers a cloud service, File Sharing Service, see “Dropbox” as a real world example www. dropbox. com – • The service can be white labelled by the MNO, such that the user does not know its from a third party • The third party can choose its own third party provider for the service hosting • The MNO may be a converged operator providing may access domains (3 gpp, Non 3 gpp, wireline, cable, Broadband) • There are various business models offering the service which provide different architectures and implementations Rogers Wireless MNO Cloud Use cases 13

Regulatory Domain • Each regulatory Domain may have some constraints on the service delivery

Regulatory Domain • Each regulatory Domain may have some constraints on the service delivery • The File Sharing cloud infrastructure may be required to operate in the same domain as the LEA pending the delivery or lack of delivery of LI information

Use Case 1 Description • In this case, a Small medium business (SMB) has

Use Case 1 Description • In this case, a Small medium business (SMB) has opted to use File sharing Service for all its users. An MNO was selected that provides Broadband Wireless connectivity and provides an integrated service across both domains of it users to access files, • Read write and delete privileges are controlled by an Admin determined by the SMB for each user. • This may or not be controlled by the MNO, but by preconfigured access rules to the Service. (ie initial setup) • The MNO may have an Admin facility to the Cloud Service for user support (ie user set up configuration, clean up, network size, debug and problem resolution)

Use Case 1 Description - cont • The service may use encryption from the

Use Case 1 Description - cont • The service may use encryption from the application on the users device and provide end to end encryption from the application to the server. • The files stored on the File Sharing Server may be encrypted (end to end security from user to user) • The MNO may provide the encryption services • The Cloud Service provider may provide the encryption service • The user may provide its own encryption service

Use Case 1 Description - cont • In this use case a third party

Use Case 1 Description - cont • In this use case a third party service is used and that party has hosted the service on another third party application server. • The Third party Service resides in a country not in the regulatory domain of the MNO nor LEA • The third party APP Server is also not in the same regulatory domain as the MNO • The service is setup that allows a user while not on the MNO network, to access the File sharing via another access domain ( ie Internet Cafe)