03472-01 SEG-100 TTG Interface Reference

download 03472-01 SEG-100 TTG Interface Reference

of 32

description

interface reference

Transcript of 03472-01 SEG-100 TTG Interface Reference

  • TTG Interface ReferenceSECURITY GATEWAYSEG-100

    SOFTWARE RELEASE 1.1February 2012 007-03472-0001

  • Revision historyVersion Date Description-0000 October 2011 First edition.-0001 February 2012 Second edition. Updated for the 1.1.2 software release. See Whats new in this manual on page 4 for a

    description of changes in this edition.

    20112012byRadiSysCorporation.Allrightsreserved.RadisysisaregisteredtrademarkofRadiSysCorporation.AdvancedTCA,ATCA,andPIGMGareregisteredtrademarksofPCIIndustrialComputerManufacturersGroup.Allothertrademarks,registeredtrademarks,servicemarks,andtradenamesarethepropertyoftheirrespectiveowners.

  • Table of Contents

    3

    Preface ................................................................................................................................................ 4About this manual........................................................................................................................................4Whats new in this manual ...........................................................................................................................4Where to get more product information .......................................................................................................4Notational conventions ................................................................................................................................5

    Chapter 1: Introduction...................................................................................................................... 6I-WLAN network overview ...........................................................................................................................6Components ................................................................................................................................................7

    Chapter 2: I-WLAN Message Flows .................................................................................................. 8Payloads......................................................................................................................................................8AKA full authentication: Request-identity disabled ......................................................................................9AKA full authentication: Request-Identity enabled.....................................................................................15UE-initiated tunnel termination ..................................................................................................................19GGSN-initiated tunnel termination.............................................................................................................21TTG-initiated tunnel termination ................................................................................................................22IKE/IPsec Dead Peer Detection (DPD)......................................................................................................24UE-initiated IKE rekey, IPsec rekey...........................................................................................................25TTG-initiated IKE rekey, IPsec rekey.........................................................................................................26

    Appendix A: I-WLAN Authentication Methods............................................................................... 28Certificates used in I-WLAN ......................................................................................................................28X.509 certificates ......................................................................................................................................29Extensible Authentication Protocol (EAP)..................................................................................................31

  • Preface

    About this manualThisdocumentisaninterfacedescriptionfortheRadisysSEGTunnelTerminatingGateway(TTG).ItdescribestheWuinterface,whichisthereferencepointbetweentheWLANUserEquipment(UE)andtheTTG,theWminterface,whichisthereferencepointbetweentheTTGandtheAAAserver,andtheGninterface,whichisthereferencepointbetweentheTTGandtheGGSN.

    Whats new in this manual UpdatedtheGGSNinitiatedtunnelterminationflowonpage21. Minorupdatesandclarifications.

    Where to get more product information VisittheRadisyswebsiteatwww.radisys.comforproductinformationandotherresources.Downloads(manuals,releasenotes,software,etc.)areavailableatwww.radisys.com/downloads.

    Related Radisys manualsSeethefollowingresourcesforinformationontheSEGnotdescribedinthismanual: TheSEG100GettingStartedGuidedescribeshowtosetuptheSEG100modulesandthe

    SEG11002system,andhowtoconfiguretheSEGsoftwareforinitialuse. TheSEG100AdministrationGuidedescribesSEGconceptsandservesasareferencefor

    proceduralandusageinformation. TheSEG100CommandLineInterfaceReferencedescribestheSEGcommandline

    interfaceandservesasareferenceforcommandsyntaxandoptions. TheSEG100LogReferencedescribesalllogmessagesgeneratedbytheSEG. TheSEG100StatisticsReferencedescribesallstatisticalvaluesandassociatedparameters

    thataremaintainedbytheSEG.4

  • PrefaceSpecifications and standards documents3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,3GPP.3GPPTS29.060GPRSTunnelingProtocol(GTP)acrosstheGnandGpinterface,Release9,December2009,3GPP.3GPPTS23.2343GPPSystemtoWirelessLocalAreaNetwork(WLAN)interworkingSystemDescription,Release7,June2007,3GPP.RFC4187,ExtensibleAuthenticationProtocolMethodfor3rdGenerationAuthenticationandKeyAgreement(EAPAKA),IETF,January2006.RFC4306,InternetKeyExchange(IKEv2)Protocol,IETF,December2005.

    Notational conventionsThismanualusesthefollowingconventions

    Allnumbersaredecimalunlessotherwisestated.

    ItalicText File,function,andutilitynames.MonoText Screentextandsyntaxstrings.BoldMonoText Acommandtoenter.ItalicMonoText Variableparameters.Brackets[] Commandoptions.Curlybraces{} Agroupedlistofparameters.Verticalline| AnORinthesyntax.Indicatesachoiceofparameters.5

  • 1Chapter 1. 3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,3GPP.Introduction

    I-WLAN network overview3GPPIPAccess,orInterworkingWLANasspecifiedby3GPP1,isamethodforestablishingconnectivitywithexternalnetworkssuchas3Goperatornetworks,corporateintranets,ortheInternetviaa3GPPsystemforotheraccessnetworks,besidesGPRSandWCDMA,suchasPublicWLAN,DSL,orWiMAX.3GPPIPAccessallowsanoperatortoreuseitsGiinfrastructureandtoopenaccesstoitsservicestoagreaterrangeofusers.

    Figure 1. I-WLAN network overview6

  • 1IntroductionComponentsToaccomplish3GPPIPAccess(IWLAN),anewnodecalledPacketDataGateway(PDG)wasintroducedby3GPPspecifications.TheGGSNissupplementedwithaTunnelTerminationGateway(TTG)toproduceaPDG.ATTGprovidesthe3GPPIPAccessspecificfunctionsthatarenotincludedinGGSN.SeeaconceptualoverviewofaPDGbelow.

    Figure 2. Conceptual overview of a PDG with its components and interfaces7

  • 2Chapter

    I-WLAN Message Flows

    ThischapterspecifiesthenormalflowsinanIWLANusecase.TheeventsdescribecommunicationbetweentheTTGandexternaldevicessuchastheAAA,GGSN,andUE.Note:FlowsoutlinedinthisdocumentareapplicableonlywhentheTTGoperatesinanIWLANnetworkthatcomplieswith3GPPspecificationsandwhentheTTGhasbeenconfiguredasrecommended.

    PayloadsTheIKEpayloadscontainedinthemessagesareindicatedbynamesaslistedbelow.Notation PayloadAUTH AuthenticationCERT CertificateCERTREQ Certificate RequestCP Configuration PayloadD DeleteE EncryptedEAP Extensible AuthenticationHDR IKE HeaderIDi Identification - InitiatorIDr Identification - ResponderKE Key ExchangeNi, Nr NonceN NotifySA Security Association8

  • 2I-WLAN Message FlowsAKA full authentication: Request-identity disabled

    Flow 1Inthisflow,Requestidentityisdisabled,whichisthedesignedapproachfortheSEGTTG.TheTTGwillalwayssendtheidentity(compiledfromtheclientusername)intheAccessRequestmessage.Thiscanbecomparedwithflow2inwhichRequestIdentityisenabled,whichmeansthattheidentityisrequestedbytheAAA.

    Figure 3. IPsec/GTP tunnel establishment with full EAP-AKA authentication, request identity disabled9

  • 2I-WLAN Message FlowsMessage details1. IKE_SA_INIT(SA,KE,Ni,N,N)

    UEinitiatesIKE_SA_INITwithIKEproposalsinSApayload.Payloads: SA KE Ni N(NAT_DETECTION_SOURCE_IP) N(NAT_DETECTION_DESTINATION_IP)ProposalPayloadsinSA:(protocol=IKE) EncryptionAlgorithm IntegrityAlgorithm PseudorandomFunction DiffieHellmanGroup:DHGroup21024bitMODPNote:TheseproposalsareUEdependent.

    2. IKE_SA_INIT(SA,KE,Nr,N,N,CERTREQ)TTGrespondsIKE_SA_INITwithIKEproposalsinSApayload.Payloads: SA KE Nr N(NAT_DETECTION_SOURCE_IP) N(NAT_DETECTION_DESTINATION_IP) CERTREQ(X.509CertificateSignature)ProposalPayloadsinSA:(protocol=IKE) EncryptionAlgorithm PseudorandomFunction IntegrityAlgorithm DiffieHellmanGroup:DHGroup21024bitMODPInsteps1and2,theWLANUEperformstheIKE_SA_INITproceduretowardstheTTG.Duringthisprocedure,thecryptographicalgorithmsarenegotiatedandNONCEsandDiffieHellmanvaluesareexchangedbetweentheWLANUEandtheTTG.AnIKESAisachievedthatwillbeusedtoestablishthechildSAforsubsequentESPIPsecpackets.TheWLANUEmightchoosetoincludeNATTraversalpayloadsaswelltodetermineifthereareanyintermediateNATs.10

  • 2I-WLAN Message Flows3. IKE_AUTH(IDi,CP,SA,TSi,TSr,CERTREQ,IDr,NUEinitiatesIKE_AUTHrequestwithIPsecproposalsinSApayload.EncryptedPayloads: IDi(permanentIDorpseudonymID) CP(CFG_REQUEST,Novalues) SA TSi(0,065536,0.0.0.0255.255.255.255) TSr(0,065536,0.0.0.0255.255.255.255) CERTREQ(X.509) IDr(FQDN) (N)

    Note:NoESNisUEdependent.PayloadsinSAforCHILD_SAnegotiation:(protocol=ESP) EncryptionAlgorithm IntegrityAlgorithm NoESNNote:NoESNisUEdependent.Inthisexample,CP:(type=1,requiredattributeswithnovalues)TheWLANUEsendsanIKE_AUTH_Request.TheIDipayloadcontainstheNAI(usernameandoptionalrealmpart)oftheuser,andtheIDrpayloadcontainsthenameoftheWAPNthattheuserisrequestingaccessto.TheIDtypeisID_RFC822_ADDRforIDiandID_FQDNforIDr,respectively.Thesevaluesaresubjectedtoabasicvalidation,suchastheTTGcouldresolvetheWAPNusingtheDNSserverlocatedinthe3GPPnetwork.Forthispurpose,theTTGcouldmaintainacacheformappingsbetweenWAPNsandIPaddressestoavoidfrequentDNSlookups.TheWAPN(thevalueoftheIDr)shouldberecordedforlateruse.ThisIKE_AUTH_Requestdoesnotcontainanyauthenticationpayload,whichindicatesthattheWLANUEwishestouseEAPforauthentication.AconfigurationpayloadoftypeCFG_REQUESTshouldalsobepresentaswellastrafficselectors.11

  • 2I-WLAN Message Flows4. IKE_AUTH(IDr,CERT,AUTH,EAP)TTGrespondsIKE_AUTHuponRADIUSAccessChallenge(EAPRequest/AKA/Challenge).EncryptedPayloads: IDr(FQDN):Sameasreceivedinstep3. CERT(X.509):TTGendentitycertificateaccordingwithprofileinTS33.234. AUTH(RSADigitalSignature):Containsauthenticationdata. EAP/Request/AKA/Challenge(AT_RAND,AT_AUTN,AT_IV,AT_ENCR_DATA,AT_MAC):

    InformationinthepacketreceivedfromAAA. AT_ENCR_DATAcontainsAT_NEXT_PSEUDONYM(andAT_NEXT_REAUTH_ID)for

    pseudonymuseridentitywhennecessary.ThisIDwillbevalidafterasuccessfulauthentication.Thisattributeisincludedwhenitisnecessary.AT_IVmustbepresentonlyiftheAT_ENCR_DATAattributeisincluded.

    5. IKE_AUTH(EAP)UEinitiatesIKE_AUTHwiththecomputedresult.EncryptedPayload: EAP/Response/AKA/Challenge(AT_RES,,AT_MAC)

    6. IKE_AUTH(EAP)TTGrespondswithIKE_AUTHEAPSuccesstoUEiftheauthenticationandthePDPcontextactivationsucceeded.EncryptedPayload: EAP/Success

    7. IKE_AUTH(AUTH)UEinitiatesIKE_AUTHtoTTG.EncryptedPayload: AUTH(SharedKeyMessageIntegrityCode)

    8. IKE_AUTH(AUTH,CP,SA,TSi,TSr,N,N)TTGrespondsIKE_AUTHtoUEwithIPsecproposalsinSApayload.EncryptedPayloads: AUTH(SharedKeyMessageIntegrityCode) CP(CFG_REPLY,IPv4address,IPv4netmask,IPv4dns,IPv4subnet) SA TSi(0,065536,UEsipUEsip) TSr(0,065536,0.0.0.0255.255.255.255) N(ESP_TFC_PADDING_NOT_SUPPORTED) N(NON_FIRST_FRAGMENTS_ALSO)12

  • 2I-WLAN Message FlowsPayloadsinSAforCHILD_SAnegotiationcompletion:(protocol=ESP) EncryptionAlgorithm IntegrityAlgorithm NoESN

    9. AccessRequest(EAP/Response/Identity)TTGsendsAccessRequesttoAAAtoinitiateEAPAKAnegotiation.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)/Identity(1)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)

    10. AccessChallenge(EAP/Request/AKAChallenge)AAAsendsAccessChallengetoTTGaspartofEAPAKAauthentication.Attributes: EAPMessage(79)(Request(1)/AKAChallenge(23,1)) State(24)(StatefornegotiationinAAA) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)

    11. AccessRequest(EAP/Response/AKA/Challenge)TTGsendsAccessRequesttoAAAwithAKAchallengeresponse.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)/AKAChallenge(23,1)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)13

  • 2I-WLAN Message Flows12. AccessAccept(EAP/Success)AAAsendsAccessAccepttoTTGtocompletesuccessfulEAPAKAauthentication.Attributes: UserName(1)(@realm) EAPMessage(79)(Success(3)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) VendorSpecific(26),Vendor=311(Microsoft),MSMPPERecvKey(17)(Sessionkey) VendorSpecific(26),Vendor=311(Microsoft),MSMPPESendKey(16)(Sessionkey)

    13. DNSQueryTTGsendsDNSquerytoDNSserverqueryingtheAPNnametogetGGSNIPaddress.

    14. DNSResponseDNSserversendsIPfortheresolvedAPNname(theGGSNIPaddress).

    15. CreatePDPContextRequestTTGinitiatesPDPContextActivationtoGGSN.GTPEncapsulatedPayload: IMSI Recovery SelectionMode TunnelEndpointIdentifierDataI TunnelEndpointIdentifierControlPlane NSAPI ChargingCharacteristics EndUserAddress AccessPointName SGSNAddressforsignaling SGSNAddressforusertraffic MSISDN QualityofServiceProfile RATType14

  • 2I-WLAN Message Flows16. CreatePDPContextResponseGGSNrespondstothePDPContextActivationtoTTG.GTPEncapsulatedPayload: Cause ReorderingRequired TunnelEndpointIdentifierDataI TunnelEndpointIdentifierControlPlane ChargingID EndUserAddress GGSNAddressforControlPlane GGSNAddressforUserTraffic QualityofServiceProfile Recovery ProtocolConfigurationOptions

    AKA full authentication: Request-Identity enabled

    Flow 2Inthisflow,Requestidentityisenabled,whichmeansthattheidentityisrequestedbytheAAA.ThiscanbecomparedwiththedesignedapproachoftheSEGTTGinwhichRequestIdentityisdisabled(flow1).15

  • 2I-WLAN Message FlowsFigure 4. IPsec/GTP tunnel establishment with full EAP-AKA authentication, request identity enabled16

  • 2I-WLAN Message FlowsMessage details1. IKE_SA_INIT(SA,KE,Ni,N,N)

    Sameas1inflow1.2. IKE_SA_INIT(SA,KE,Nr,N,N,CERTREQ)

    Sameas2inflow1.3. IKE_AUTH(IDi,CP,SA,TSi,TSr,CERTREQ,IDr,N)

    Sameas3inflow1.4. IKE_AUTH(IDr,CERT,AUTH,EAP)

    TTGrespondsIKE_AUTHuponRADIUSAccessChallenge(EAPRequest/AKA/Identity).EncryptedPayloads: IDr(FQDN) CERT(X.509) AUTH(RSADigitalSignature) EAP/Request/AKA/Identity(AT_FULLAUTH_ID_REQ)Note:IfFastReAuthenticationisenabled,AT_ANY_ID_REQmightbeincluded.Ifrequired,AT_PERMANENT_ID_REQwillbesent.

    5. IKE_AUTH(EAP)UEinitiatesIKE_AUTHwiththeID.EncryptedPayload: EAP/Response/AKA/Identity(AT_IDENTITY)

    6. IKE_AUTH(EAP)TTGrespondstoIKE_AUTHuponRADIUSAccessChallenge(EAP/Request/AKA/Challenge).EncryptedPayloads: EAP/Request/AKA/Challenge(AT_RAND,AT_AUTN,AT_IV,AT_ENCR_DATA,AT_MAC) AT_ENCR_DATAcontainsAT_NEXT_PSEUDONYM(andAT_NEXT_REAUTH_ID)for

    pseudonymuseridentitywhennecessary.ThisIDwillbevalidafterthesuccessfulauthentication.Thisattributeisincludedwhenitisnecessary.AT_IVmustbepresentonlyiftheAT_ENCR_DATAattributeisincluded.AT_PADDINGwillbeincludedifnecessary.

    7. IKE_AUTH(EAP).Sameas5inflow1.

    8. IKE_AUTH(EAP).Sameas6inflow1.

    9. IKE_AUTH(AUTH).Sameas7inflow1.17

  • 2I-WLAN Message Flows10. IKE_AUTH(AUTH,CP,SA,TSi,TSr,N,N).Sameas8inflow1.

    11. AccessRequest(EAP/Response/Identity)TTGsendsAccessRequesttoAAAtoinitiateEAPIdentityrequest.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)

    12. AccessChallenge(EAP/Request/AKAIdentity)AAAsendsAccessChallengetoTTGaspartofAKAidentityrequestresponse.Attributes: EAPMessage(79)(Request(1)/AKAIdentity(23,5)) State(24)(StatefornegotiationinAAA) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)

    13. AccessRequest(EAP/Response/AKAIdentity)TTGsendsAccessRequesttoAAAtoinitiateEAPAKAnegotiation.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)/Identity(23,5)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)

    14. AccessChallenge(EAP/Request/AKA/Challenge).Sameas10inflow1.

    15. AccessRequest(EAP/Response/AKA/Challenge).Sameas11inflow1.18

  • 2I-WLAN Message Flows16. AccessAccept(EAP/Success).Sameas12inflow1.

    17. DNSQuery.Sameas13inflow1.

    18. DNSResponse.Sameas14inflow1.

    19. CreatePDPContextRequest.Sameas15inflow1.

    20. CreatePDPContextResponse.See16inflow1.

    IfAAAusedAT_FULLAUTH_ID_REQ,andifAT_IDENTITYcontainsavalidpermanentidentityoravalidpseudonymidentity,theAAAproceedswithfullauthentication.IfAT_IDENTITYcontainsapseudonymidentitynotfoundindatabaseoritsvalidityperiodhasbeenexceeded,theAAAsendsEAP/Request/AKA/IdentitywithAT_PERMANENT_ID_REQ.

    UE-initiated tunnel termination

    Flow 3Figure 5. UE-initiated tunnel termination19

  • 2I-WLAN Message FlowsMessage details1. INFORMATIONAL(DELETE)

    EncryptedPayload: DELETE(protocol=IKE(1),numberofspis=0spi_size=0)

    2. INFORMATIONAL

    Nopayloads.3. DeletePDPContextRequest

    TTGinitiatesPDPContextremovaltoGGSN.GTPEncapsulatedPayload: TeardownInd NSAPI

    4. DeletePDPContextResponseGGSNrespondstoDeletePDPContextRequest.GTPEncapsulatedPayload: Cause

    Note:WLANUEwillusetheproceduresdefinedintheIKEv2protocol(seeIETFRFC4306)todisconnectanIPsectunnelfromtheTTG.TheWLANUEwillclosetheincomingsecurityassociationsassociatedwiththetunnelandinstructtheTTGtodothesamebysendingtheINFORMATIONALrequestmessagewithaDELETEpayload.TheDELETEpayloadwillcontaineither: ProtocolIDsetto1andnosubsequentSecurityParametersIndexes(SPIs)inthe

    payload.ThisindicatesclosingofIKEsecurityassociation,andimpliesthedeletionofallIPsecESPsecurityassociationsthatwerenegotiatedwithintheIKEsecurityassociation.

    ProtocolIDsetto3forESP.TheSecurityParametersIndexesincludedinthepayloadwillcorrespondtotheparticularincomingESPsecurityassociationsattheWLANUEforthegiventunnel.20

  • 2I-WLAN Message FlowsGGSN-initiated tunnel termination

    Flow 4Figure 6. GGSN-initiated tunnel termination

    Message details1. DeletePDPContextRequest

    GGSNinitiatesPDPContextremovaltoTTG.GTPEncapsulatedPayload: TeardownInd NSAPI

    2. DeletePDPContextResponse3. INFORMATIONAL(DELETE)

    EncryptedPayload: DELETE(protocol=IKE(1),numberofspis=0spi_size=0)

    4. INFORMATIONAL(DELETE)Nopayloads.21

  • 2I-WLAN Message FlowsTTG-initiated tunnel termination

    Flow 5PossibletriggersforTTGinitiatedtunnelterminationare: DPDclientdoesnotrespondtokeepalivemessages(INFORMATIONAL). UserAdmindelete(CLIcommand). AbsenceofGTPechorepliesinDataPlane(GGSNdoesntrespondonechorequests). AbsenceofGTPechorepliesinControlPlane(GGSNdoesntrespondonechorequests). Usersessiontimeout(AuthenticationSystem).

    Figure 7. Tunnel termination initiated from TTG

    Note:TheexactsequenceofthemessageflowuponTTGinitiatedtunnelterminationmaydifferdependingonthetriggeringaction.

    Message detailsNormally,TTGsendsIKE_SAdeletion.1. INFORMATIONAL(DELETE)

    EncryptedPayload: DELETE(protocol=IKE(1),numberofspis=0spi_size=0)

    2. PDPContextDeleteRequestTTGsendsPDPDeleteContextRequesttoGGSN.

    3. INFORMATIONAL(DELETE)Nopayloads.

    4. PDPDeleteContextResponsesentfromGGSN22

  • 2I-WLAN Message FlowsSequence when CHILD_SA delete is sent1. INFORMATIONAL(DELETE)

    EncryptedPayload: DELETE(protocol=ESP(3),numberofspis=1spi_size=4)Note:ThenumberofspiswillvarydependingonhowmanySAaretobedeleted.

    2. INFORMATIONAL(DELETE)EncryptedPayload: DELETE(protocol=ESP(3),numberofspis=1spi_size=4)Inthisreplay,theSPIfieldofthedeletepayloadreferencesthepairedSAgoingintheotherdirection.Forexample,CHILD_SAdeletionwillhappeniftheoperatorissuesthecommandtokilltheSAintheCLI.OnreceiptoftheINFORMATIONALrequestmessagewithDELETEpayload,indicatingthattheTTGisattemptingtunneldisconnection,theWLANUEwill:a. CloseallsecurityassociationsidentifiedwithintheDELETEpayload(thesesecurity

    associationscorrespondtooutgoingsecurityassociationsfromtheWLANUEperspective).IfnosecurityassociationswerepresentintheDELETEpayloadandtheprotocolIDwassetto1,theWLANUEwillclosetheIKEsecurityassociationandallIPsecESPsecurityassociationsthatwerenegotiatedwithinittowardstheTTG.

    b. TheWLANUEwilldeletetheincomingsecurityassociationscorrespondingtotheoutgoingsecurityassociationsidentifiedintheDELETEpayload.

    TheWLANUEwillsendanINFORMATIONALresponsemessage.IftheINFORMATIONALrequestmessagecontainedalistofsecurityassociations,theINFORMATIONALresponsemessagewillcontainalistofsecurityassociationsdeletedinstepbabove.IftheWLANUEisunabletocomplywiththeINFORMATIONALrequestmessage,theWLANUEwillsendanINFORMATIONresponsemessagewitheither: ANOTIFYpayloadoftypeINVALID_SPIifitcouldnotidentifyoneormoreofthe

    SecurityParametersIndexesinthemessagefromtheTTG;or AmoregeneralNOTIFYpayloadtype.Thispayloadtypeisimplementationdependent.23

  • 2I-WLAN Message FlowsIKE/IPsec Dead Peer Detection (DPD)

    Flow 6Figure 8. IKE/IPsec keepalive

    Message detailsNormally,TTGsendsIKE_SAdeletion.1. INFORMATIONAL()

    Nopayloads.2. INFORMATIONAL()

    Nopayloads.24

  • 2I-WLAN Message FlowsUE-initiated IKE rekey, IPsec rekey

    Flow 7Figure 9. UE-initiated IKE/IPsec rekey

    Message details: IKE rekey1. CREATE_CHILD_SA(SA,Ni,KE)

    EncryptedPayloads: SA:(protocol=IKE,ProposalisUEdependent) Ni KE

    Note:TheseproposalsareUEdependent.2. CREATE_CHILD_SA(SA,Ni,KE)

    EncryptedPayloads: SA:(Proposalswillbeaccepted) Ni KE25

  • 2I-WLAN Message FlowsMessage details: IPsec rekey1. CREATE_CHILD_SA(SA,Ni,TSi,TSr,N)

    EncryptedPayloads: SA:(protocol=ESP,ProposalisUEdependent,remoteSPIistheonethatwouldbe

    expectedinaESPpacketincomingontheSAtoberekeyed) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(REKEY_SA),ThispayloadidentifiestheCHILD_SAbeingrekeyed,anditcontainsthe

    SPIthattheinitiatorexpectsintheheadersofinboundpackets.2. CREATE_CHILD_SA(SA,Ni,TSi,TSr)

    EncryptedPayloads: SA:(protocol=ESP,Proposalswillbeaccepted) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(ESP_TFC_PADDING_NOT_SUPPORTED) N(NON_FIRST_FRAGMENTS_ALSO)Note:DeletionofoldCHILD_SAwillfollowaftertheChildSAexchange.

    TTG-initiated IKE rekey, IPsec rekey

    Flow 8Figure 10. TTG-initiated IKE/IPsec rekey26

  • 2I-WLAN Message FlowsMessage details - IKE rekey1. CREATE_CHILD_SA(SA,Ni,KE)

    EncryptedPayloads: SA:(protocol=IKE,Normally,proposalswillbeadjustedtothepreviousexchange,

    suchasduringIKE_SA_INIT) Ni KE

    2. CREATE_CHILD_SA(SA,Ni,KE)EncryptedPayloads: SA:(Proposalswillbeaccepted) Ni KE

    Note:ItisUEdependentforwhichalgorithmtobetaken.

    Message details - IPsec rekey1. CREATE_CHILD_SA(SA,Ni,TSi,TSr,N)

    EncryptedPayloads: SA:(protocol=ESP,ProposalisUEdependent,remoteSPIistheonethatwouldbe

    expectedinaESPpacketincomingontheSAtoberekeyed) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(REKEY_SA),ThispayloadidentifiestheCHILD_SAbeingrekeyed,anditcontainsthe

    SPIthattheinitiatorexpectsintheheadersofinboundpackets.2. CREATE_CHILD_SA(SA,Ni,TSi,TSr)

    EncryptedPayloads: SA:(protocol=ESP,Proposalswillbeaccepted) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(ESP_TFC_PADDING_NOT_SUPPORTED) N(NON_FIRST_FRAGMENTS_ALSO)Note:DeletionofoldCHILD_SAwillfollowaftertheChildSAexchange.27

  • AAppendix 1. 3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,3GPP.I-WLAN Authentication MethodsThisappendixcontainssupplementaryinformationaboutauthenticationmethodsthatapplywhenoperatinginanIWLANscenario,including: CertificatesusedinIWLAN X.509certificates ExtensibleAuthenticationProtocol(EAP)

    Certificates used in I-WLANThisusecasedescribeshowcertificatesareusedasanauthenticationmethodinanIWLANscenario. TheSEG,referredtoastheTTGinIWLANterminology,authenticatesitselftotheUEby

    usingcertificates. TheUEauthenticatestotheTTGbymeansofanExtendedAuthenticationsProtocol

    (EAPAKA). IKEv2mandatesthatthisisusedinconjunctionwithapublickeysignaturebased

    authenticationbetweentheSEGTTGtotheuserendpoint. ThecertificatesusedtoauthenticatetheTTGmustconformtothecertificateprofile

    describedin3GPPTS33.234section6.71. TobeabletoauthenticatetheTTG,theUEmustbeconfiguredwiththerootCAcertificate

    thatcorrespondstothebeginningofacertificationpathfortheTTGendentitycertificate.

    Certificate setupThecertificatesthatmustbesetupforproperIWLANaccessinclude:1. ThegatewayendentitycertificatesignedbytheCAused.2. TherootcertificatefromthesigningCA.TheIDrpayloadforthetunnelmustbeaFullyQualifiedDomainName(FQDN)thatcorrespondstotheAccessPointName(APN)ofaGGSNintheDNSusedbytheGTPinterface.TheAPNdecideswhichGGSNthattheGTPinterfacewillconnecttheusertunnelagainst.TheSEGTTGsupportsshortAPN.AccessPointName(APN)isasetoflabelsseparatedusingdots(.),forexample,testggsn.mynetwork.com.ByapplyingShortAPN,onlythefirstlabeloftheAPN(testggsninthepreviousexample)willbeusedinthePDPcontextactivation.ItisconfigurableviatheGTPinterface.28

  • AI-WLAN Authentication MethodsX.509 certificates TheSEGsupportsdigitalcertificatesthatcomplywiththeITUTX.509standard.ThisinvolvestheuseofanX.509certificatehierarchywithpublickeycryptographytoaccomplishkeydistributionandentityauthentication.AnyreferencestocertificateinthismanualmeananX.509certificate.Acertificateisadigitalproofofidentity.Itlinksanidentitytoapublickeytoestablishwhetherapublickeytrulybelongstothesupposedowner.Bydoingthis,itpreventsdatatransferinterceptionbyamaliciousthirdpartywhomightpostafakekeywiththenameanduserIDofanintendedrecipient.

    Certificates with VPN tunnelsThemainuseofcertificatesintheSEGisforVPNtunnels.ThesimplestandfastestwaytoprovidesecuritybetweentheendsofatunnelistousePresharedKeys(PSKs).AsaVPNnetworkgrowssodoesthecomplexityofusingPSKs.Certificatesprovideawaytobettermanagesecurityinmuchlargernetworks.

    Certificate componentsAcertificateisadigitalobjectbindingapublickeytotheendentityconsideredtheownerofthecorrespondingprivatekey.Theassertionofthebindingisprovidedbythedigitalsignatureofthecertificatedatabyatrustedthirdparty.Thistrustedthirdpartyisthecertificateissuer.Acertificateconsistsofthefollowing: Identityinformationaboutthecertificateowner. Identityinformationaboutthecertificateissuer. Thepublickeyoftheowner. Thesignatureoftheaboveitemsperformedbytheissuerusingitsownprivatekey.Bybindingtheaboveinformationtogether,acertificateisapublickeywithattachedidentification,coupledwithastampofapprovalbyatrustedparty.

    Certification authoritiesAcertificateauthority(CA)isatrustedentitythatissuescertificatestootherentities.TheCAdigitallysignsallcertificatesitissues.AvalidCAsignatureinacertificateverifiestheidentityofthecertificateholderandguaranteesthatthecertificatehasnotbeentamperedwithbyanythirdparty.ACAisresponsibleformakingsurethattheinformationineverycertificateitissuesiscorrect.Italsohastomakesurethattheidentityofthecertificatematchestheidentityofthecertificateholder.ACAcanalsoissuecertificatestootherCAs.Thisleadstoatreelikecertificatehierarchy.ThehighestCAiscalledtherootCA.Inthishierarchy,eachCAissignedbytheCAdirectlyaboveit,exceptfortherootCA,whichisselfsigned.29

  • AI-WLAN Authentication MethodsAcertificationpathreferstothepathofcertificatesfromonecertificatetoanother.Whenverifyingthevalidityofausercertificate,theentirepathfromtheusercertificateuptothetrustedrootcertificatehastobeexaminedbeforeestablishingthevalidityoftheusercertificate.TheCAcertificateisjustlikeanyothercertificates,exceptthatitallowsthecorrespondingprivatekeytosignothercertificates.ShouldtheprivatekeyoftheCAbecompromised,thewholeCA,includingeverycertificateithassigned,isalsocompromised.

    Validity timeAcertificateisnotvalidforever.Eachcertificatecontainsthedatesbetweenwhichthecertificateisvalid.Whenthisvalidityperiodexpires,thecertificatecannolongerbeused,andanewcertificatehastobeissued.

    Certificate Revocation ListsACertificateRevocationList(CRL)containsalistofallcertificatesthathavebeencancelledbeforetheirexpirationdate.Theyarenormallyheldonanexternalserverthatisaccessedtodetermineifthecertificateisstillvalid.Theabilitytovalidateausercertificateinthiswayisakeyreasonwhycertificatesecuritysimplifiestheadministrationoflargeusercommunities.UsingeitherLDAPorHTTPprotocols,CRLsarepublishedonserversthatallcertificateuserscanaccess.Revocationcanhappenforseveralreasons.Onereasoncouldbethatthekeysofthecertificatehavebeencompromisedinsomeway.Anotherreasonisthattheownerofthecertificatehaslosttherightstoauthenticateusingthatcertificate,perhapsbecausetheownerhasleftthecompany.Whateverthereason,serverCRLscanbeupdatedtochangethevalidityofoneormanycertificates.CertificatesoftencontainaCRLDistributionPoint(CDP)field,whichspecifiesthelocationfromwheretheCRLcanbedownloaded.Insomecasescertificatesdonotcontainthisfield.InthosecasesthelocationoftheCRLhastobeconfiguredmanually.ACAusuallyupdatesitsCRLatagiveninterval.ThelengthofthisintervaldependsonhowtheCAisconfigured.Typically,thisissomewherebetweenanhourtoseveraldays.

    Trusting certificatesWhenusingcertificates,theSEGtrustsanyonewhosecertificateissignedbyagivenCA.Beforeacertificateisaccepted,thefollowingstepsaretakentoverifythevalidityofthecertificate:1. ConstructacertificationpathuptothetrustedrootCA.2. Verifythesignaturesofallcertificatesinthecertificationpath.3. FetchtheCRLforeachcertificatetoverifythatnoneofthecertificateshavebeenrevoked.30

  • AI-WLAN Authentication MethodsExtensible Authentication Protocol (EAP)TheEAPagentimplementedintheSEGprovidestheoptiontouseEAPmethodsforuserauthentication.Theagentisconfiguredinanauthenticationprofileandusedbyaninterfaceorrulethatrequiresauthenticationforitspeers.TheSEGdoesnotsupporttheEAPmethodsusedforverifyingauser.ItreliesonexternalEAPservers,actingasapassthroughauthenticatorbetweenthepeerandtheauthenticationserver.TheusedEAPmethodisnegotiatedbetweenthepeerandtheserver,andtheSEGrelaystheEAPattributesforthechosenmethodovertheprotocolsusedbetweenthepeerandtheSEG,andtheauthenticationserverandtheSEG.TheAuthenticationSourceAPIprovidesaninterfacefortheauthenticationsystemtocommunicatewiththeauthenticationsources.ViatheAPI,theauthenticationsystemcanrequestvalidationorinformationaboutauserfromtheEAPauthenticationservers.TheEAPagentsupportstheEAPSIMandEAPAKAmethodsandtheSEGsupportsEAPAKA/EAPSIMfullauthenticationbypermanentIDandpseudonymID,andfastreauthentication.

    EAP-AKA full authenticationFullauthenticationwillbeperformedwhenthepermanentID,pseudonymID,orinvalidIDissentfromUE.

    Permanent IDIfEAPAKAisusedfortheauthentication,thepermanentIDwillfollowtheformat:0@realmWhentheclient/UEhasnopseudonymIDorfastreauthenticationIDinitsdatabase,oriftheclient/UEisrequestedtosendthepermanentIDfromthesystem(AT_PERMANENT_ID_REQ),thepermanentIDwillbesent.

    Pseudonym ID Whentheclient/UEreceivesthepseudonymusernameinAT_NEXT_PSEUDONYMduringtheauthentication,theclient/UEcanstoreandusethepseudonymIDinthenextauthenticationafterthesuccessfulauthentication.ThepseudonymIDwillfollowtheformat:@realmNote:Serversendsthepseudonymusernamewithouttherealm.31

  • AI-WLAN Authentication MethodsFast re-authentication AAAviatheSEGcansupportfastreauthentication.ThisauthenticationmethodisoptionalandreliesontheconfigurationoftheAAA.Whentheclient/UEreceivesAT_NEXT_REAUTH_IDduringtheauthentication,theclient/UEcanstoreandusethefastreauthenticationIDinthenextauthenticationafterthesuccessfulauthentication.ThefastreauthenticationIDsentfromthesystemwillfollowtheformat:@FastReauthRealm32

    PrefaceAbout this manualWhats new in this manualWhere to get more product informationRelated Radisys manualsSpecifications and standards documents

    Notational conventions

    IntroductionI-WLAN network overviewComponents

    I-WLAN Message FlowsPayloadsAKA full authentication: Request-identity disabledFlow 1

    AKA full authentication: Request-Identity enabledFlow 2

    UE-initiated tunnel terminationFlow 3

    GGSN-initiated tunnel terminationFlow 4

    TTG-initiated tunnel terminationFlow 5

    IKE/IPsec Dead Peer Detection (DPD)Flow 6

    UE-initiated IKE rekey, IPsec rekeyFlow 7

    TTG-initiated IKE rekey, IPsec rekeyFlow 8

    I-WLAN Authentication MethodsCertificates used in I-WLANCertificate setup

    X.509 certificatesCertificates with VPN tunnelsCertificate componentsCertification authoritiesValidity timeCertificate Revocation ListsTrusting certificates

    Extensible Authentication Protocol (EAP)EAP-AKA full authenticationPermanent IDPseudonym IDFast re-authentication