November 2004 doc IEEE 802 11 04xxxr 0
November, 2004 doc. : IEEE 802. 11 -04/xxxr 0 cdma 2000 -WLAN Interworking Jim Tomcik (jtomcik@qualcomm. com) Raymond Hsu (rhsu@qualcomm. com) November, 2004 San Antonio, TX Submission 1 Jim Tomcik
November, 2004 • Objectives Phase-1 Objectives – Scenario 1: Common billing (scenario 1) • – No 3 GPP 2 specification work needed Scenario 2: 3 GPP 2 -based access control, direct Internet access, and accounting • • doc. : IEEE 802. 11 -04/xxxr 0 Common root key (A-key or MN-AAA key) for both WLAN & cdma 2000 authentication Direct Internet access from WLAN system WLAN accounting available to home cdma 2000 operator Phase-2 Objectives – Scenario 3: Access to home cdma 2000 system from WLAN system • • – Scenario 4: Session continuity • Submission e. g. Access to IMS, WAP, MMS in the home system Via tunneling between WLAN and cdma 2000 systems Maintain IP connectivity while moving between cdma 2000 and WLAN systems 2 Jim Tomcik
November, 2004 doc. : IEEE 802. 11 -04/xxxr 0 Status • Phase-1 Status (X. S 0028) – Finished R&F (“Review and Freeze”) – Currently in V&V (“Verification and Validation”) – Publication in 1 Q/2005 • Phase-2 Status – No work-plan yet – High-level discussion has started in the Oct. 3 GPP 2 meeting Submission 3 Jim Tomcik
November, 2004 doc. : IEEE 802. 11 -04/xxxr 0 Phase-1 Architecture Submission 4 Jim Tomcik
November, 2004 doc. : IEEE 802. 11 -04/xxxr 0 Some Phase-1 Detail • SSID for system selection – – – • SSID may be used to identify the serving WLAN system, or a home CDMA 2000 system that has roaming agreement with the serving WLAN system MS is configured with a list of preferred SSIDs MS uses passive scan or active scan to obtain available SSIDs WLAN access authentication key (WKEY) – WKEY may be generated from a CDMA 2000 root key (e. g. , A-key, MNAAA key) • Why? Cryptographic separation - if WKEY is compromised, the root key is still safe – – An alternative approach is to pre-configure the MS with a separate WKEY MS uses (R)UIM procedures (IS-820) to bootstrap WKEY – EAP is used to exchange key materials between MS and home AAA for bootstrapping WKEY If A-key is used as the root key, home AAA interface with HLR/AC to SMEKEY – Submission • • If A-key is used as the root key, WKEY is derived from the SMEKEY If MN-AAA key is used as the root key, WKEY is derived from the MN-AAA authenticator 5 Jim Tomcik
November, 2004 doc. : IEEE 802. 11 -04/xxxr 0 Some Phase-1 Detail • WLAN access authentication – WKEY is used as the secret for authentication – Two EAP authentication methods are allowed: • EAP-AKA • EAP-TLS with Pre-Shared Key (PSK) • IEEE 802. 11 i for Privacy protection in WLAN system – If MS is authenticated, MS and home AAA derive Pairwise-Master Key (PMK) – Home AAA distributes the PMK to the AP serving the MS – MS and AP use the PMK to derive session keys for privacy protection • Internet access via WLAN system directly – If MS is authenticated, WLAN system assigns an IP address – Not require to traverse through the home CDMA 2000 system • WLAN accounting sent to home CDMA 2000 system – Standard IETF RADIUS attributes – No 3 GPP 2 vendor-specific attributes Submission 6 Jim Tomcik
November, 2004 doc. : IEEE 802. 11 -04/xxxr 0 EAP-AKA Message Flows Submission 7 Jim Tomcik
- Slides: 7