03472-01 SEG-100 TTG Interface Reference

TTG Interface ReferenceSECURITY GATEWAYSEG-100

SOFTWARE RELEASE 1.1February 2012 007-03472-0001

Revision historyVersion Date Description-0000 October 2011 First edition.-0001 February 2012 Second edition. Updated for the 1.1.2 software release. See Whats new in this manual on page 4 for a

description of changes in this edition.

20112012byRadiSysCorporation.Allrightsreserved.RadisysisaregisteredtrademarkofRadiSysCorporation.AdvancedTCA,ATCA,andPIGMGareregisteredtrademarksofPCIIndustrialComputerManufacturersGroup.Allothertrademarks,registeredtrademarks,servicemarks,andtradenamesarethepropertyoftheirrespectiveowners.

Table of Contents

3

Preface ................................................................................................................................................ 4About this manual........................................................................................................................................4Whats new in this manual ...........................................................................................................................4Where to get more product information .......................................................................................................4Notational conventions ................................................................................................................................5

Chapter 1: Introduction...................................................................................................................... 6I-WLAN network overview ...........................................................................................................................6Components ................................................................................................................................................7

Chapter 2: I-WLAN Message Flows .................................................................................................. 8Payloads......................................................................................................................................................8AKA full authentication: Request-identity disabled ......................................................................................9AKA full authentication: Request-Identity enabled.....................................................................................15UE-initiated tunnel termination ..................................................................................................................19GGSN-initiated tunnel termination.............................................................................................................21TTG-initiated tunnel termination ................................................................................................................22IKE/IPsec Dead Peer Detection (DPD)......................................................................................................24UE-initiated IKE rekey, IPsec rekey...........................................................................................................25TTG-initiated IKE rekey, IPsec rekey.........................................................................................................26

Appendix A: I-WLAN Authentication Methods............................................................................... 28Certificates used in I-WLAN ......................................................................................................................28X.509 certificates ......................................................................................................................................29Extensible Authentication Protocol (EAP)..................................................................................................31

Preface

About this manualThisdocumentisaninterfacedescriptionfortheRadisysSEGTunnelTerminatingGateway(TTG).ItdescribestheWuinterface,whichisthereferencepointbetweentheWLANUserEquipment(UE)andtheTTG,theWminterface,whichisthereferencepointbetweentheTTGandtheAAAserver,andtheGninterface,whichisthereferencepointbetweentheTTGandtheGGSN.

Whats new in this manual UpdatedtheGGSNinitiatedtunnelterminationflowonpage21. Minorupdatesandclarifications.

Where to get more product information VisittheRadisyswebsiteatwww.radisys.comforproductinformationandotherresources.Downloads(manuals,releasenotes,software,etc.)areavailableatwww.radisys.com/downloads.

Related Radisys manualsSeethefollowingresourcesforinformationontheSEGnotdescribedinthismanual: TheSEG100GettingStartedGuidedescribeshowtosetuptheSEG100modulesandthe

SEG11002system,andhowtoconfiguretheSEGsoftwareforinitialuse. TheSEG100AdministrationGuidedescribesSEGconceptsandservesasareferencefor

proceduralandusageinformation. TheSEG100CommandLineInterfaceReferencedescribestheSEGcommandline

interfaceandservesasareferenceforcommandsyntaxandoptions. TheSEG100LogReferencedescribesalllogmessagesgeneratedbytheSEG. TheSEG100StatisticsReferencedescribesallstatisticalvaluesandassociatedparameters

thataremaintainedbytheSEG.4

PrefaceSpecifications and standards documents3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,3GPP.3GPPTS29.060GPRSTunnelingProtocol(GTP)acrosstheGnandGpinterface,Release9,December2009,3GPP.3GPPTS23.2343GPPSystemtoWirelessLocalAreaNetwork(WLAN)interworkingSystemDescription,Release7,June2007,3GPP.RFC4187,ExtensibleAuthenticationProtocolMethodfor3rdGenerationAuthenticationandKeyAgreement(EAPAKA),IETF,January2006.RFC4306,InternetKeyExchange(IKEv2)Protocol,IETF,December2005.

Notational conventionsThismanualusesthefollowingconventions

Allnumbersaredecimalunlessotherwisestated.

ItalicText File,function,andutilitynames.MonoText Screentextandsyntaxstrings.BoldMonoText Acommandtoenter.ItalicMonoText Variableparameters.Brackets[] Commandoptions.Curlybraces{} Agroupedlistofparameters.Verticalline| AnORinthesyntax.Indicatesachoiceofparameters.5

1Chapter 1. 3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,3GPP.Introduction

I-WLAN network overview3GPPIPAccess,orInterworkingWLANasspecifiedby3GPP1,isamethodforestablishingconnectivitywithexternalnetworkssuchas3Goperatornetworks,corporateintranets,ortheInternetviaa3GPPsystemforotheraccessnetworks,besidesGPRSandWCDMA,suchasPublicWLAN,DSL,orWiMAX.3GPPIPAccessallowsanoperatortoreuseitsGiinfrastructureandtoopenaccesstoitsservicestoagreaterrangeofusers.

Figure 1. I-WLAN network overview6

1IntroductionComponentsToaccomplish3GPPIPAccess(IWLAN),anewnodecalledPacketDataGateway(PDG)wasintroducedby3GPPspecifications.TheGGSNissupplementedwithaTunnelTerminationGateway(TTG)toproduceaPDG.ATTGprovidesthe3GPPIPAccessspecificfunctionsthatarenotincludedinGGSN.SeeaconceptualoverviewofaPDGbelow.

Figure 2. Conceptual overview of a PDG with its components and interfaces7

2Chapter

I-WLAN Message Flows

ThischapterspecifiesthenormalflowsinanIWLANusecase.TheeventsdescribecommunicationbetweentheTTGandexternaldevicessuchastheAAA,GGSN,andUE.Note:FlowsoutlinedinthisdocumentareapplicableonlywhentheTTGoperatesinanIWLANnetworkthatcomplieswith3GPPspecificationsandwhentheTTGhasbeenconfiguredasrecommended.

PayloadsTheIKEpayloadscontainedinthemessagesareindicatedbynamesaslistedbelow.Notation PayloadAUTH AuthenticationCERT CertificateCERTREQ Certificate RequestCP Configuration PayloadD DeleteE EncryptedEAP Extensible AuthenticationHDR IKE HeaderIDi Identification - InitiatorIDr Identification - ResponderKE Key ExchangeNi, Nr NonceN NotifySA Security Association8

2I-WLAN Message FlowsAKA full authentication: Request-identity disabled

Flow 1Inthisflow,Requestidentityisdisabled,whichisthedesignedapproachfortheSEGTTG.TheTTGwillalwayssendtheidentity(compiledfromtheclientusername)intheAccessRequestmessage.Thiscanbecomparedwithflow2inwhichRequestIdentityisenabled,whichmeansthattheidentityisrequestedbytheAAA.

Figure 3. IPsec/GTP tunnel establishment with full EAP-AKA authentication, request identity disabled9

2I-WLAN Message FlowsMessage details1. IKE_SA_INIT(SA,KE,Ni,N,N)

UEinitiatesIKE_SA_INITwithIKEproposalsinSApayload.Payloads: SA KE Ni N(NAT_DETECTION_SOURCE_IP) N(NAT_DETECTION_DESTINATION_IP)ProposalPayloadsinSA:(protocol=IKE) EncryptionAlgorithm IntegrityAlgorithm PseudorandomFunction DiffieHellmanGroup:DHGroup21024bitMODPNote:TheseproposalsareUEdependent.

2. IKE_SA_INIT(SA,KE,Nr,N,N,CERTREQ)TTGrespondsIKE_SA_INITwithIKEproposalsinSApayload.Payloads: SA KE Nr N(NAT_DETECTION_SOURCE_IP) N(NAT_DETECTION_DESTINATION_IP) CERTREQ(X.509CertificateSignature)ProposalPayloadsinSA:(protocol=IKE) EncryptionAlgorithm PseudorandomFunction IntegrityAlgorithm DiffieHellmanGroup:DHGroup21024bitMODPInsteps1and2,theWLANUEperformstheIKE_SA_INITproceduretowardstheTTG.Duringthisprocedure,thecryptographicalgorithmsarenegotiatedandNONCEsandDiffieHellmanvaluesareexchangedbetweentheWLANUEandtheTTG.AnIKESAisachievedthatwillbeusedtoestablishthechildSAforsubsequentESPIPsecpackets.TheWLANUEmightchoosetoincludeNATTraversalpayloadsaswelltodetermineifthereareanyintermediateNATs.10

2I-WLAN Message Flows3. IKE_AUTH(IDi,CP,SA,TSi,TSr,CERTREQ,IDr,NUEinitiatesIKE_AUTHrequestwithIPsecproposalsinSApayload.EncryptedPayloads: IDi(permanentIDorpseudonymID) CP(CFG_REQUEST,Novalues) SA TSi(0,065536,0.0.0.0255.255.255.255) TSr(0,065536,0.0.0.0255.255.255.255) CERTREQ(X.509) IDr(FQDN) (N)

Note:NoESNisUEdependent.PayloadsinSAforCHILD_SAnegotiation:(protocol=ESP) EncryptionAlgorithm IntegrityAlgorithm NoESNNote:NoESNisUEdependent.Inthisexample,CP:(type=1,requiredattributeswithnovalues)TheWLANUEsendsanIKE_AUTH_Request.TheIDipayloadcontainstheNAI(usernameandoptionalrealmpart)oftheuser,andtheIDrpayloadcontainsthenameoftheWAPNthattheuserisrequestingaccessto.TheIDtypeisID_RFC822_ADDRforIDiandID_FQDNforIDr,respectively.Thesevaluesaresubjectedtoabasicvalidation,suchastheTTGcouldresolvetheWAPNusingtheDNSserverlocatedinthe3GPPnetwork.Forthispurpose,theTTGcouldmaintainacacheformappingsbetweenWAPNsandIPaddressestoavoidfrequentDNSlookups.TheWAPN(thevalueoftheIDr)shouldberecordedforlateruse.ThisIKE_AUTH_Requestdoesnotcontainanyauthenticationpayload,whichindicatesthattheWLANUEwishestouseEAPforauthentication.AconfigurationpayloadoftypeCFG_REQUESTshouldalsobepresentaswellastrafficselectors.11

2I-WLAN Message Flows4. IKE_AUTH(IDr,CERT,AUTH,EAP)TTGrespondsIKE_AUTHuponRADIUSAccessChallenge(EAPRequest/AKA/Challenge).EncryptedPayloads: IDr(FQDN):Sameasreceivedinstep3. CERT(X.509):TTGendentitycertificateaccordingwithprofileinTS33.234. AUTH(RSADigitalSignature):Containsauthenticationdata. EAP/Request/AKA/Challenge(AT_RAND,AT_AUTN,AT_IV,AT_ENCR_DATA,AT_MAC):

InformationinthepacketreceivedfromAAA. AT_ENCR_DATAcontainsAT_NEXT_PSEUDONYM(andAT_NEXT_REAUTH_ID)for

pseudonymuseridentitywhennecessary.ThisIDwillbevalidafterasuccessfulauthentication.Thisattributeisincludedwhenitisnecessary.AT_IVmustbepresentonlyiftheAT_ENCR_DATAattributeisincluded.

5. IKE_AUTH(EAP)UEinitiatesIKE_AUTHwiththecomputedresult.EncryptedPayload: EAP/Response/AKA/Challenge(AT_RES,,AT_MAC)

6. IKE_AUTH(EAP)TTGrespondswithIKE_AUTHEAPSuccesstoUEiftheauthenticationandthePDPcontextactivationsucceeded.EncryptedPayload: EAP/Success

7. IKE_AUTH(AUTH)UEinitiatesIKE_AUTHtoTTG.EncryptedPayload: AUTH(SharedKeyMessageIntegrityCode)

8. IKE_AUTH(AUTH,CP,SA,TSi,TSr,N,N)TTGrespondsIKE_AUTHtoUEwithIPsecproposalsinSApayload.EncryptedPayloads: AUTH(SharedKeyMessageIntegrityCode) CP(CFG_REPLY,IPv4address,IPv4netmask,IPv4dns,IPv4subnet) SA TSi(0,065536,UEsipUEsip) TSr(0,065536,0.0.0.0255.255.255.255) N(ESP_TFC_PADDING_NOT_SUPPORTED) N(NON_FIRST_FRAGMENTS_ALSO)12

2I-WLAN Message FlowsPayloadsinSAforCHILD_SAnegotiationcompletion:(protocol=ESP) EncryptionAlgorithm IntegrityAlgorithm NoESN

9. AccessRequest(EAP/Response/Identity)TTGsendsAccessRequesttoAAAtoinitiateEAPAKAnegotiation.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)/Identity(1)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)

10. AccessChallenge(EAP/Request/AKAChallenge)AAAsendsAccessChallengetoTTGaspartofEAPAKAauthentication.Attributes: EAPMessage(79)(Request(1)/AKAChallenge(23,1)) State(24)(StatefornegotiationinAAA) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)

11. AccessRequest(EAP/Response/AKA/Challenge)TTGsendsAccessRequesttoAAAwithAKAchallengeresponse.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)/AKAChallenge(23,1)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)13

2I-WLAN Message Flows12. AccessAccept(EAP/Success)AAAsendsAccessAccepttoTTGtocompletesuccessfulEAPAKAauthentication.Attributes: UserName(1)(@realm) EAPMessage(79)(Success(3)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) VendorSpecific(26),Vendor=311(Microsoft),MSMPPERecvKey(17)(Sessionkey) VendorSpecific(26),Vendor=311(Microsoft),MSMPPESendKey(16)(Sessionkey)

13. DNSQueryTTGsendsDNSquerytoDNSserverqueryingtheAPNnametogetGGSNIPaddress.

14. DNSResponseDNSserversendsIPfortheresolvedAPNname(theGGSNIPaddress).

15. CreatePDPContextRequestTTGinitiatesPDPContextActivationtoGGSN.GTPEncapsulatedPayload: IMSI Recovery SelectionMode TunnelEndpointIdentifierDataI TunnelEndpointIdentifierControlPlane NSAPI ChargingCharacteristics EndUserAddress AccessPointName SGSNAddressforsignaling SGSNAddressforusertraffic MSISDN QualityofServiceProfile RATType14

2I-WLAN Message Flows16. CreatePDPContextResponseGGSNrespondstothePDPContextActivationtoTTG.GTPEncapsulatedPayload: Cause ReorderingRequired TunnelEndpointIdentifierDataI TunnelEndpointIdentifierControlPlane ChargingID EndUserAddress GGSNAddressforControlPlane GGSNAddressforUserTraffic QualityofServiceProfile Recovery ProtocolConfigurationOptions

AKA full authentication: Request-Identity enabled

Flow 2Inthisflow,Requestidentityisenabled,whichmeansthattheidentityisrequestedbytheAAA.ThiscanbecomparedwiththedesignedapproachoftheSEGTTGinwhichRequestIdentityisdisabled(flow1).15

2I-WLAN Message FlowsFigure 4. IPsec/GTP tunnel establishment with full EAP-AKA authentication, request identity enabled16

2I-WLAN Message FlowsMessage details1. IKE_SA_INIT(SA,KE,Ni,N,N)

Sameas1inflow1.2. IKE_SA_INIT(SA,KE,Nr,N,N,CERTREQ)

Sameas2inflow1.3. IKE_AUTH(IDi,CP,SA,TSi,TSr,CERTREQ,IDr,N)

Sameas3inflow1.4. IKE_AUTH(IDr,CERT,AUTH,EAP)

TTGrespondsIKE_AUTHuponRADIUSAccessChallenge(EAPRequest/AKA/Identity).EncryptedPayloads: IDr(FQDN) CERT(X.509) AUTH(RSADigitalSignature) EAP/Request/AKA/Identity(AT_FULLAUTH_ID_REQ)Note:IfFastReAuthenticationisenabled,AT_ANY_ID_REQmightbeincluded.Ifrequired,AT_PERMANENT_ID_REQwillbesent.

5. IKE_AUTH(EAP)UEinitiatesIKE_AUTHwiththeID.EncryptedPayload: EAP/Response/AKA/Identity(AT_IDENTITY)

6. IKE_AUTH(EAP)TTGrespondstoIKE_AUTHuponRADIUSAccessChallenge(EAP/Request/AKA/Challenge).EncryptedPayloads: EAP/Request/AKA/Challenge(AT_RAND,AT_AUTN,AT_IV,AT_ENCR_DATA,AT_MAC) AT_ENCR_DATAcontainsAT_NEXT_PSEUDONYM(andAT_NEXT_REAUTH_ID)for

pseudonymuseridentitywhennecessary.ThisIDwillbevalidafterthesuccessfulauthentication.Thisattributeisincludedwhenitisnecessary.AT_IVmustbepresentonlyiftheAT_ENCR_DATAattributeisincluded.AT_PADDINGwillbeincludedifnecessary.

7. IKE_AUTH(EAP).Sameas5inflow1.

8. IKE_AUTH(EAP).Sameas6inflow1.

9. IKE_AUTH(AUTH).Sameas7inflow1.17

2I-WLAN Message Flows10. IKE_AUTH(AUTH,CP,SA,TSi,TSr,N,N).Sameas8inflow1.

11. AccessRequest(EAP/Response/Identity)TTGsendsAccessRequesttoAAAtoinitiateEAPIdentityrequest.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)

12. AccessChallenge(EAP/Request/AKAIdentity)AAAsendsAccessChallengetoTTGaspartofAKAidentityrequestresponse.Attributes: EAPMessage(79)(Request(1)/AKAIdentity(23,5)) State(24)(StatefornegotiationinAAA) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)

13. AccessRequest(EAP/Response/AKAIdentity)TTGsendsAccessRequesttoAAAtoinitiateEAPAKAnegotiation.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)/Identity(23,5)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)

14. AccessChallenge(EAP/Request/AKA/Challenge).Sameas10inflow1.

15. AccessRequest(EAP/Response/AKA/Challenge).Sameas11inflow1.18

2I-WLAN Message Flows16. AccessAccept(EAP/Success).Sameas12inflow1.

17. DNSQuery.Sameas13inflow1.

18. DNSResponse.Sameas14inflow1.

19. CreatePDPContextRequest.Sameas15inflow1.

20. CreatePDPContextResponse.See16inflow1.

IfAAAusedAT_FULLAUTH_ID_REQ,andifAT_IDENTITYcontainsavalidpermanentidentityoravalidpseudonymidentity,theAAAproceedswithfullauthentication.IfAT_IDENTITYcontainsapseudonymidentitynotfoundindatabaseoritsvalidityperiodhasbeenexceeded,theAAAsendsEAP/Request/AKA/IdentitywithAT_PERMANENT_ID_REQ.

UE-initiated tunnel termination

Flow 3Figure 5. UE-initiated tunnel termination19

2I-WLAN Message FlowsMessage details1. INFORMATIONAL(DELETE)

EncryptedPayload: DELETE(protocol=IKE(1),numberofspis=0spi_size=0)

2. INFORMATIONAL

Nopayloads.3. DeletePDPContextRequest

TTGinitiatesPDPContextremovaltoGGSN.GTPEncapsulatedPayload: TeardownInd NSAPI

4. DeletePDPContextResponseGGSNrespondstoDeletePDPContextRequest.GTPEncapsulatedPayload: Cause

Note:WLANUEwillusetheproceduresdefinedintheIKEv2protocol(seeIETFRFC4306)todisconnectanIPsectunnelfromtheTTG.TheWLANUEwillclosetheincomingsecurityassociationsassociatedwiththetunnelandinstructtheTTGtodothesamebysendingtheINFORMATIONALrequestmessagewithaDELETEpayload.TheDELETEpayloadwillcontaineither: ProtocolIDsetto1andnosubsequentSecurityParametersIndexes(SPIs)inthe

payload.ThisindicatesclosingofIKEsecurityassociation,andimpliesthedeletionofallIPsecESPsecurityassociationsthatwerenegotiatedwithintheIKEsecurityassociation.

ProtocolIDsetto3forESP.TheSecurityParametersIndexesincludedinthepayloadwillcorrespondtotheparticularincomingESPsecurityassociationsattheWLANUEforthegiventunnel.20

2I-WLAN Message FlowsGGSN-initiated tunnel termination

Flow 4Figure 6. GGSN-initiated tunnel termination

Message details1. DeletePDPContextRequest

GGSNinitiatesPDPContextremovaltoTTG.GTPEncapsulatedPayload: TeardownInd NSAPI

2. DeletePDPContextResponse3. INFORMATIONAL(DELETE)


4. INFORMATIONAL(DELETE)Nopayloads.21

2I-WLAN Message FlowsTTG-initiated tunnel termination

Flow 5PossibletriggersforTTGinitiatedtunnelterminationare: DPDclientdoesnotrespondtokeepalivemessages(INFORMATIONAL). UserAdmindelete(CLIcommand). AbsenceofGTPechorepliesinDataPlane(GGSNdoesntrespondonechorequests). AbsenceofGTPechorepliesinControlPlane(GGSNdoesntrespondonechorequests). Usersessiontimeout(AuthenticationSystem).

Figure 7. Tunnel termination initiated from TTG

Note:TheexactsequenceofthemessageflowuponTTGinitiatedtunnelterminationmaydifferdependingonthetriggeringaction.

Message detailsNormally,TTGsendsIKE_SAdeletion.1. INFORMATIONAL(DELETE)


2. PDPContextDeleteRequestTTGsendsPDPDeleteContextRequesttoGGSN.

3. INFORMATIONAL(DELETE)Nopayloads.

4. PDPDeleteContextResponsesentfromGGSN22

2I-WLAN Message FlowsSequence when CHILD_SA delete is sent1. INFORMATIONAL(DELETE)

EncryptedPayload: DELETE(protocol=ESP(3),numberofspis=1spi_size=4)Note:ThenumberofspiswillvarydependingonhowmanySAaretobedeleted.

2. INFORMATIONAL(DELETE)EncryptedPayload: DELETE(protocol=ESP(3),numberofspis=1spi_size=4)Inthisreplay,theSPIfieldofthedeletepayloadreferencesthepairedSAgoingintheotherdirection.Forexample,CHILD_SAdeletionwillhappeniftheoperatorissuesthecommandtokilltheSAintheCLI.OnreceiptoftheINFORMATIONALrequestmessagewithDELETEpayload,indicatingthattheTTGisattemptingtunneldisconnection,theWLANUEwill:a. CloseallsecurityassociationsidentifiedwithintheDELETEpayload(thesesecurity

associationscorrespondtooutgoingsecurityassociationsfromtheWLANUEperspective).IfnosecurityassociationswerepresentintheDELETEpayloadandtheprotocolIDwassetto1,theWLANUEwillclosetheIKEsecurityassociationandallIPsecESPsecurityassociationsthatwerenegotiatedwithinittowardstheTTG.

b. TheWLANUEwilldeletetheincomingsecurityassociationscorrespondingtotheoutgoingsecurityassociationsidentifiedintheDELETEpayload.

TheWLANUEwillsendanINFORMATIONALresponsemessage.IftheINFORMATIONALrequestmessagecontainedalistofsecurityassociations,theINFORMATIONALresponsemessagewillcontainalistofsecurityassociationsdeletedinstepbabove.IftheWLANUEisunabletocomplywiththeINFORMATIONALrequestmessage,theWLANUEwillsendanINFORMATIONresponsemessagewitheither: ANOTIFYpayloadoftypeINVALID_SPIifitcouldnotidentifyoneormoreofthe

SecurityParametersIndexesinthemessagefromtheTTG;or AmoregeneralNOTIFYpayloadtype.Thispayloadtypeisimplementationdependent.23

2I-WLAN Message FlowsIKE/IPsec Dead Peer Detection (DPD)

Flow 6Figure 8. IKE/IPsec keepalive

Message detailsNormally,TTGsendsIKE_SAdeletion.1. INFORMATIONAL()

Nopayloads.2. INFORMATIONAL()

Nopayloads.24

2I-WLAN Message FlowsUE-initiated IKE rekey, IPsec rekey

Flow 7Figure 9. UE-initiated IKE/IPsec rekey

Message details: IKE rekey1. CREATE_CHILD_SA(SA,Ni,KE)

EncryptedPayloads: SA:(protocol=IKE,ProposalisUEdependent) Ni KE

Note:TheseproposalsareUEdependent.2. CREATE_CHILD_SA(SA,Ni,KE)

EncryptedPayloads: SA:(Proposalswillbeaccepted) Ni KE25

2I-WLAN Message FlowsMessage details: IPsec rekey1. CREATE_CHILD_SA(SA,Ni,TSi,TSr,N)

EncryptedPayloads: SA:(protocol=ESP,ProposalisUEdependent,remoteSPIistheonethatwouldbe

expectedinaESPpacketincomingontheSAtoberekeyed) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(REKEY_SA),ThispayloadidentifiestheCHILD_SAbeingrekeyed,anditcontainsthe

SPIthattheinitiatorexpectsintheheadersofinboundpackets.2. CREATE_CHILD_SA(SA,Ni,TSi,TSr)

EncryptedPayloads: SA:(protocol=ESP,Proposalswillbeaccepted) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(ESP_TFC_PADDING_NOT_SUPPORTED) N(NON_FIRST_FRAGMENTS_ALSO)Note:DeletionofoldCHILD_SAwillfollowaftertheChildSAexchange.

TTG-initiated IKE rekey, IPsec rekey

Flow 8Figure 10. TTG-initiated IKE/IPsec rekey26

2I-WLAN Message FlowsMessage details - IKE rekey1. CREATE_CHILD_SA(SA,Ni,KE)

EncryptedPayloads: SA:(protocol=IKE,Normally,proposalswillbeadjustedtothepreviousexchange,

suchasduringIKE_SA_INIT) Ni KE

2. CREATE_CHILD_SA(SA,Ni,KE)EncryptedPayloads: SA:(Proposalswillbeaccepted) Ni KE

Note:ItisUEdependentforwhichalgorithmtobetaken.

Message details - IPsec rekey1. CREATE_CHILD_SA(SA,Ni,TSi,TSr,N)

EncryptedPayloads: SA:(protocol=ESP,ProposalisUEdependent,remoteSPIistheonethatwouldbe

expectedinaESPpacketincomingontheSAtoberekeyed) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(REKEY_SA),ThispayloadidentifiestheCHILD_SAbeingrekeyed,anditcontainsthe

SPIthattheinitiatorexpectsintheheadersofinboundpackets.2. CREATE_CHILD_SA(SA,Ni,TSi,TSr)

EncryptedPayloads: SA:(protocol=ESP,Proposalswillbeaccepted) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(ESP_TFC_PADDING_NOT_SUPPORTED) N(NON_FIRST_FRAGMENTS_ALSO)Note:DeletionofoldCHILD_SAwillfollowaftertheChildSAexchange.27

AAppendix 1. 3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,3GPP.I-WLAN Authentication MethodsThisappendixcontainssupplementaryinformationaboutauthenticationmethodsthatapplywhenoperatinginanIWLANscenario,including: CertificatesusedinIWLAN X.509certificates ExtensibleAuthenticationProtocol(EAP)

Certificates used in I-WLANThisusecasedescribeshowcertificatesareusedasanauthenticationmethodinanIWLANscenario. TheSEG,referredtoastheTTGinIWLANterminology,authenticatesitselftotheUEby

usingcertificates. TheUEauthenticatestotheTTGbymeansofanExtendedAuthenticationsProtocol

(EAPAKA). IKEv2mandatesthatthisisusedinconjunctionwithapublickeysignaturebased

authenticationbetweentheSEGTTGtotheuserendpoint. ThecertificatesusedtoauthenticatetheTTGmustconformtothecertificateprofile

describedin3GPPTS33.234section6.71. TobeabletoauthenticatetheTTG,theUEmustbeconfiguredwiththerootCAcertificate

thatcorrespondstothebeginningofacertificationpathfortheTTGendentitycertificate.

Certificate setupThecertificatesthatmustbesetupforproperIWLANaccessinclude:1. ThegatewayendentitycertificatesignedbytheCAused.2. TherootcertificatefromthesigningCA.TheIDrpayloadforthetunnelmustbeaFullyQualifiedDomainName(FQDN)thatcorrespondstotheAccessPointName(APN)ofaGGSNintheDNSusedbytheGTPinterface.TheAPNdecideswhichGGSNthattheGTPinterfacewillconnecttheusertunnelagainst.TheSEGTTGsupportsshortAPN.AccessPointName(APN)isasetoflabelsseparatedusingdots(.),forexample,testggsn.mynetwork.com.ByapplyingShortAPN,onlythefirstlabeloftheAPN(testggsninthepreviousexample)willbeusedinthePDPcontextactivation.ItisconfigurableviatheGTPinterface.28

AI-WLAN Authentication MethodsX.509 certificates TheSEGsupportsdigitalcertificatesthatcomplywiththeITUTX.509standard.ThisinvolvestheuseofanX.509certificatehierarchywithpublickeycryptographytoaccomplishkeydistributionandentityauthentication.AnyreferencestocertificateinthismanualmeananX.509certificate.Acertificateisadigitalproofofidentity.Itlinksanidentitytoapublickeytoestablishwhetherapublickeytrulybelongstothesupposedowner.Bydoingthis,itpreventsdatatransferinterceptionbyamaliciousthirdpartywhomightpostafakekeywiththenameanduserIDofanintendedrecipient.

Certificates with VPN tunnelsThemainuseofcertificatesintheSEGisforVPNtunnels.ThesimplestandfastestwaytoprovidesecuritybetweentheendsofatunnelistousePresharedKeys(PSKs).AsaVPNnetworkgrowssodoesthecomplexityofusingPSKs.Certificatesprovideawaytobettermanagesecurityinmuchlargernetworks.

Certificate componentsAcertificateisadigitalobjectbindingapublickeytotheendentityconsideredtheownerofthecorrespondingprivatekey.Theassertionofthebindingisprovidedbythedigitalsignatureofthecertificatedatabyatrustedthirdparty.Thistrustedthirdpartyisthecertificateissuer.Acertificateconsistsofthefollowing: Identityinformationaboutthecertificateowner. Identityinformationaboutthecertificateissuer. Thepublickeyoftheowner. Thesignatureoftheaboveitemsperformedbytheissuerusingitsownprivatekey.Bybindingtheaboveinformationtogether,acertificateisapublickeywithattachedidentification,coupledwithastampofapprovalbyatrustedparty.

Certification authoritiesAcertificateauthority(CA)isatrustedentitythatissuescertificatestootherentities.TheCAdigitallysignsallcertificatesitissues.AvalidCAsignatureinacertificateverifiestheidentityofthecertificateholderandguaranteesthatthecertificatehasnotbeentamperedwithbyanythirdparty.ACAisresponsibleformakingsurethattheinformationineverycertificateitissuesiscorrect.Italsohastomakesurethattheidentityofthecertificatematchestheidentityofthecertificateholder.ACAcanalsoissuecertificatestootherCAs.Thisleadstoatreelikecertificatehierarchy.ThehighestCAiscalledtherootCA.Inthishierarchy,eachCAissignedbytheCAdirectlyaboveit,exceptfortherootCA,whichisselfsigned.29

AI-WLAN Authentication MethodsAcertificationpathreferstothepathofcertificatesfromonecertificatetoanother.Whenverifyingthevalidityofausercertificate,theentirepathfromtheusercertificateuptothetrustedrootcertificatehastobeexaminedbeforeestablishingthevalidityoftheusercertificate.TheCAcertificateisjustlikeanyothercertificates,exceptthatitallowsthecorrespondingprivatekeytosignothercertificates.ShouldtheprivatekeyoftheCAbecompromised,thewholeCA,includingeverycertificateithassigned,isalsocompromised.

Validity timeAcertificateisnotvalidforever.Eachcertificatecontainsthedatesbetweenwhichthecertificateisvalid.Whenthisvalidityperiodexpires,thecertificatecannolongerbeused,andanewcertificatehastobeissued.

Certificate Revocation ListsACertificateRevocationList(CRL)containsalistofallcertificatesthathavebeencancelledbeforetheirexpirationdate.Theyarenormallyheldonanexternalserverthatisaccessedtodetermineifthecertificateisstillvalid.Theabilitytovalidateausercertificateinthiswayisakeyreasonwhycertificatesecuritysimplifiestheadministrationoflargeusercommunities.UsingeitherLDAPorHTTPprotocols,CRLsarepublishedonserversthatallcertificateuserscanaccess.Revocationcanhappenforseveralreasons.Onereasoncouldbethatthekeysofthecertificatehavebeencompromisedinsomeway.Anotherreasonisthattheownerofthecertificatehaslosttherightstoauthenticateusingthatcertificate,perhapsbecausetheownerhasleftthecompany.Whateverthereason,serverCRLscanbeupdatedtochangethevalidityofoneormanycertificates.CertificatesoftencontainaCRLDistributionPoint(CDP)field,whichspecifiesthelocationfromwheretheCRLcanbedownloaded.Insomecasescertificatesdonotcontainthisfield.InthosecasesthelocationoftheCRLhastobeconfiguredmanually.ACAusuallyupdatesitsCRLatagiveninterval.ThelengthofthisintervaldependsonhowtheCAisconfigured.Typically,thisissomewherebetweenanhourtoseveraldays.

Trusting certificatesWhenusingcertificates,theSEGtrustsanyonewhosecertificateissignedbyagivenCA.Beforeacertificateisaccepted,thefollowingstepsaretakentoverifythevalidityofthecertificate:1. ConstructacertificationpathuptothetrustedrootCA.2. Verifythesignaturesofallcertificatesinthecertificationpath.3. FetchtheCRLforeachcertificatetoverifythatnoneofthecertificateshavebeenrevoked.30

AI-WLAN Authentication MethodsExtensible Authentication Protocol (EAP)TheEAPagentimplementedintheSEGprovidestheoptiontouseEAPmethodsforuserauthentication.Theagentisconfiguredinanauthenticationprofileandusedbyaninterfaceorrulethatrequiresauthenticationforitspeers.TheSEGdoesnotsupporttheEAPmethodsusedforverifyingauser.ItreliesonexternalEAPservers,actingasapassthroughauthenticatorbetweenthepeerandtheauthenticationserver.TheusedEAPmethodisnegotiatedbetweenthepeerandtheserver,andtheSEGrelaystheEAPattributesforthechosenmethodovertheprotocolsusedbetweenthepeerandtheSEG,andtheauthenticationserverandtheSEG.TheAuthenticationSourceAPIprovidesaninterfacefortheauthenticationsystemtocommunicatewiththeauthenticationsources.ViatheAPI,theauthenticationsystemcanrequestvalidationorinformationaboutauserfromtheEAPauthenticationservers.TheEAPagentsupportstheEAPSIMandEAPAKAmethodsandtheSEGsupportsEAPAKA/EAPSIMfullauthenticationbypermanentIDandpseudonymID,andfastreauthentication.

EAP-AKA full authenticationFullauthenticationwillbeperformedwhenthepermanentID,pseudonymID,orinvalidIDissentfromUE.

Permanent IDIfEAPAKAisusedfortheauthentication,thepermanentIDwillfollowtheformat:0@realmWhentheclient/UEhasnopseudonymIDorfastreauthenticationIDinitsdatabase,oriftheclient/UEisrequestedtosendthepermanentIDfromthesystem(AT_PERMANENT_ID_REQ),thepermanentIDwillbesent.

Pseudonym ID Whentheclient/UEreceivesthepseudonymusernameinAT_NEXT_PSEUDONYMduringtheauthentication,theclient/UEcanstoreandusethepseudonymIDinthenextauthenticationafterthesuccessfulauthentication.ThepseudonymIDwillfollowtheformat:@realmNote:Serversendsthepseudonymusernamewithouttherealm.31

AI-WLAN Authentication MethodsFast re-authentication AAAviatheSEGcansupportfastreauthentication.ThisauthenticationmethodisoptionalandreliesontheconfigurationoftheAAA.Whentheclient/UEreceivesAT_NEXT_REAUTH_IDduringtheauthentication,theclient/UEcanstoreandusethefastreauthenticationIDinthenextauthenticationafterthesuccessfulauthentication.ThefastreauthenticationIDsentfromthesystemwillfollowtheformat:@FastReauthRealm32

PrefaceAbout this manualWhats new in this manualWhere to get more product informationRelated Radisys manualsSpecifications and standards documents

Notational conventions

IntroductionI-WLAN network overviewComponents

I-WLAN Message FlowsPayloadsAKA full authentication: Request-identity disabledFlow 1

AKA full authentication: Request-Identity enabledFlow 2

UE-initiated tunnel terminationFlow 3

GGSN-initiated tunnel terminationFlow 4

TTG-initiated tunnel terminationFlow 5

IKE/IPsec Dead Peer Detection (DPD)Flow 6

UE-initiated IKE rekey, IPsec rekeyFlow 7

TTG-initiated IKE rekey, IPsec rekeyFlow 8

I-WLAN Authentication MethodsCertificates used in I-WLANCertificate setup

X.509 certificatesCertificates with VPN tunnelsCertificate componentsCertification authoritiesValidity timeCertificate Revocation ListsTrusting certificates

Extensible Authentication Protocol (EAP)EAP-AKA full authenticationPermanent IDPseudonym IDFast re-authentication

03472-01 SEG-100 TTG Interface Reference

Documents

Transcript of 03472-01 SEG-100 TTG Interface Reference