03472-01 SEG-100 TTG Interface Reference
-
Upload
sunny-sapru -
Category
Documents
-
view
218 -
download
0
description
Transcript of 03472-01 SEG-100 TTG Interface Reference
-
TTG Interface ReferenceSECURITY GATEWAYSEG-100
SOFTWARE RELEASE 1.1February 2012 007-03472-0001
-
Revision historyVersion Date Description-0000 October 2011 First edition.-0001 February 2012 Second edition. Updated for the 1.1.2 software release. See Whats new in this manual on page 4 for a
description of changes in this edition.
20112012byRadiSysCorporation.Allrightsreserved.RadisysisaregisteredtrademarkofRadiSysCorporation.AdvancedTCA,ATCA,andPIGMGareregisteredtrademarksofPCIIndustrialComputerManufacturersGroup.Allothertrademarks,registeredtrademarks,servicemarks,andtradenamesarethepropertyoftheirrespectiveowners.
-
Table of Contents
3
Preface ................................................................................................................................................ 4About this manual........................................................................................................................................4Whats new in this manual ...........................................................................................................................4Where to get more product information .......................................................................................................4Notational conventions ................................................................................................................................5
Chapter 1: Introduction...................................................................................................................... 6I-WLAN network overview ...........................................................................................................................6Components ................................................................................................................................................7
Chapter 2: I-WLAN Message Flows .................................................................................................. 8Payloads......................................................................................................................................................8AKA full authentication: Request-identity disabled ......................................................................................9AKA full authentication: Request-Identity enabled.....................................................................................15UE-initiated tunnel termination ..................................................................................................................19GGSN-initiated tunnel termination.............................................................................................................21TTG-initiated tunnel termination ................................................................................................................22IKE/IPsec Dead Peer Detection (DPD)......................................................................................................24UE-initiated IKE rekey, IPsec rekey...........................................................................................................25TTG-initiated IKE rekey, IPsec rekey.........................................................................................................26
Appendix A: I-WLAN Authentication Methods............................................................................... 28Certificates used in I-WLAN ......................................................................................................................28X.509 certificates ......................................................................................................................................29Extensible Authentication Protocol (EAP)..................................................................................................31
-
Preface
About this manualThisdocumentisaninterfacedescriptionfortheRadisysSEGTunnelTerminatingGateway(TTG).ItdescribestheWuinterface,whichisthereferencepointbetweentheWLANUserEquipment(UE)andtheTTG,theWminterface,whichisthereferencepointbetweentheTTGandtheAAAserver,andtheGninterface,whichisthereferencepointbetweentheTTGandtheGGSN.
Whats new in this manual UpdatedtheGGSNinitiatedtunnelterminationflowonpage21. Minorupdatesandclarifications.
Where to get more product information VisittheRadisyswebsiteatwww.radisys.comforproductinformationandotherresources.Downloads(manuals,releasenotes,software,etc.)areavailableatwww.radisys.com/downloads.
Related Radisys manualsSeethefollowingresourcesforinformationontheSEGnotdescribedinthismanual: TheSEG100GettingStartedGuidedescribeshowtosetuptheSEG100modulesandthe
SEG11002system,andhowtoconfiguretheSEGsoftwareforinitialuse. TheSEG100AdministrationGuidedescribesSEGconceptsandservesasareferencefor
proceduralandusageinformation. TheSEG100CommandLineInterfaceReferencedescribestheSEGcommandline
interfaceandservesasareferenceforcommandsyntaxandoptions. TheSEG100LogReferencedescribesalllogmessagesgeneratedbytheSEG. TheSEG100StatisticsReferencedescribesallstatisticalvaluesandassociatedparameters
thataremaintainedbytheSEG.4
-
PrefaceSpecifications and standards documents3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,3GPP.3GPPTS29.060GPRSTunnelingProtocol(GTP)acrosstheGnandGpinterface,Release9,December2009,3GPP.3GPPTS23.2343GPPSystemtoWirelessLocalAreaNetwork(WLAN)interworkingSystemDescription,Release7,June2007,3GPP.RFC4187,ExtensibleAuthenticationProtocolMethodfor3rdGenerationAuthenticationandKeyAgreement(EAPAKA),IETF,January2006.RFC4306,InternetKeyExchange(IKEv2)Protocol,IETF,December2005.
Notational conventionsThismanualusesthefollowingconventions
Allnumbersaredecimalunlessotherwisestated.
ItalicText File,function,andutilitynames.MonoText Screentextandsyntaxstrings.BoldMonoText Acommandtoenter.ItalicMonoText Variableparameters.Brackets[] Commandoptions.Curlybraces{} Agroupedlistofparameters.Verticalline| AnORinthesyntax.Indicatesachoiceofparameters.5
-
1Chapter 1. 3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,3GPP.Introduction
I-WLAN network overview3GPPIPAccess,orInterworkingWLANasspecifiedby3GPP1,isamethodforestablishingconnectivitywithexternalnetworkssuchas3Goperatornetworks,corporateintranets,ortheInternetviaa3GPPsystemforotheraccessnetworks,besidesGPRSandWCDMA,suchasPublicWLAN,DSL,orWiMAX.3GPPIPAccessallowsanoperatortoreuseitsGiinfrastructureandtoopenaccesstoitsservicestoagreaterrangeofusers.
Figure 1. I-WLAN network overview6
-
1IntroductionComponentsToaccomplish3GPPIPAccess(IWLAN),anewnodecalledPacketDataGateway(PDG)wasintroducedby3GPPspecifications.TheGGSNissupplementedwithaTunnelTerminationGateway(TTG)toproduceaPDG.ATTGprovidesthe3GPPIPAccessspecificfunctionsthatarenotincludedinGGSN.SeeaconceptualoverviewofaPDGbelow.
Figure 2. Conceptual overview of a PDG with its components and interfaces7
-
2Chapter
I-WLAN Message Flows
ThischapterspecifiesthenormalflowsinanIWLANusecase.TheeventsdescribecommunicationbetweentheTTGandexternaldevicessuchastheAAA,GGSN,andUE.Note:FlowsoutlinedinthisdocumentareapplicableonlywhentheTTGoperatesinanIWLANnetworkthatcomplieswith3GPPspecificationsandwhentheTTGhasbeenconfiguredasrecommended.
PayloadsTheIKEpayloadscontainedinthemessagesareindicatedbynamesaslistedbelow.Notation PayloadAUTH AuthenticationCERT CertificateCERTREQ Certificate RequestCP Configuration PayloadD DeleteE EncryptedEAP Extensible AuthenticationHDR IKE HeaderIDi Identification - InitiatorIDr Identification - ResponderKE Key ExchangeNi, Nr NonceN NotifySA Security Association8
-
2I-WLAN Message FlowsAKA full authentication: Request-identity disabled
Flow 1Inthisflow,Requestidentityisdisabled,whichisthedesignedapproachfortheSEGTTG.TheTTGwillalwayssendtheidentity(compiledfromtheclientusername)intheAccessRequestmessage.Thiscanbecomparedwithflow2inwhichRequestIdentityisenabled,whichmeansthattheidentityisrequestedbytheAAA.
Figure 3. IPsec/GTP tunnel establishment with full EAP-AKA authentication, request identity disabled9
-
2I-WLAN Message FlowsMessage details1. IKE_SA_INIT(SA,KE,Ni,N,N)
UEinitiatesIKE_SA_INITwithIKEproposalsinSApayload.Payloads: SA KE Ni N(NAT_DETECTION_SOURCE_IP) N(NAT_DETECTION_DESTINATION_IP)ProposalPayloadsinSA:(protocol=IKE) EncryptionAlgorithm IntegrityAlgorithm PseudorandomFunction DiffieHellmanGroup:DHGroup21024bitMODPNote:TheseproposalsareUEdependent.
2. IKE_SA_INIT(SA,KE,Nr,N,N,CERTREQ)TTGrespondsIKE_SA_INITwithIKEproposalsinSApayload.Payloads: SA KE Nr N(NAT_DETECTION_SOURCE_IP) N(NAT_DETECTION_DESTINATION_IP) CERTREQ(X.509CertificateSignature)ProposalPayloadsinSA:(protocol=IKE) EncryptionAlgorithm PseudorandomFunction IntegrityAlgorithm DiffieHellmanGroup:DHGroup21024bitMODPInsteps1and2,theWLANUEperformstheIKE_SA_INITproceduretowardstheTTG.Duringthisprocedure,thecryptographicalgorithmsarenegotiatedandNONCEsandDiffieHellmanvaluesareexchangedbetweentheWLANUEandtheTTG.AnIKESAisachievedthatwillbeusedtoestablishthechildSAforsubsequentESPIPsecpackets.TheWLANUEmightchoosetoincludeNATTraversalpayloadsaswelltodetermineifthereareanyintermediateNATs.10
-
2I-WLAN Message Flows3. IKE_AUTH(IDi,CP,SA,TSi,TSr,CERTREQ,IDr,NUEinitiatesIKE_AUTHrequestwithIPsecproposalsinSApayload.EncryptedPayloads: IDi(permanentIDorpseudonymID) CP(CFG_REQUEST,Novalues) SA TSi(0,065536,0.0.0.0255.255.255.255) TSr(0,065536,0.0.0.0255.255.255.255) CERTREQ(X.509) IDr(FQDN) (N)
Note:NoESNisUEdependent.PayloadsinSAforCHILD_SAnegotiation:(protocol=ESP) EncryptionAlgorithm IntegrityAlgorithm NoESNNote:NoESNisUEdependent.Inthisexample,CP:(type=1,requiredattributeswithnovalues)TheWLANUEsendsanIKE_AUTH_Request.TheIDipayloadcontainstheNAI(usernameandoptionalrealmpart)oftheuser,andtheIDrpayloadcontainsthenameoftheWAPNthattheuserisrequestingaccessto.TheIDtypeisID_RFC822_ADDRforIDiandID_FQDNforIDr,respectively.Thesevaluesaresubjectedtoabasicvalidation,suchastheTTGcouldresolvetheWAPNusingtheDNSserverlocatedinthe3GPPnetwork.Forthispurpose,theTTGcouldmaintainacacheformappingsbetweenWAPNsandIPaddressestoavoidfrequentDNSlookups.TheWAPN(thevalueoftheIDr)shouldberecordedforlateruse.ThisIKE_AUTH_Requestdoesnotcontainanyauthenticationpayload,whichindicatesthattheWLANUEwishestouseEAPforauthentication.AconfigurationpayloadoftypeCFG_REQUESTshouldalsobepresentaswellastrafficselectors.11
-
2I-WLAN Message Flows4. IKE_AUTH(IDr,CERT,AUTH,EAP)TTGrespondsIKE_AUTHuponRADIUSAccessChallenge(EAPRequest/AKA/Challenge).EncryptedPayloads: IDr(FQDN):Sameasreceivedinstep3. CERT(X.509):TTGendentitycertificateaccordingwithprofileinTS33.234. AUTH(RSADigitalSignature):Containsauthenticationdata. EAP/Request/AKA/Challenge(AT_RAND,AT_AUTN,AT_IV,AT_ENCR_DATA,AT_MAC):
InformationinthepacketreceivedfromAAA. AT_ENCR_DATAcontainsAT_NEXT_PSEUDONYM(andAT_NEXT_REAUTH_ID)for
pseudonymuseridentitywhennecessary.ThisIDwillbevalidafterasuccessfulauthentication.Thisattributeisincludedwhenitisnecessary.AT_IVmustbepresentonlyiftheAT_ENCR_DATAattributeisincluded.
5. IKE_AUTH(EAP)UEinitiatesIKE_AUTHwiththecomputedresult.EncryptedPayload: EAP/Response/AKA/Challenge(AT_RES,,AT_MAC)
6. IKE_AUTH(EAP)TTGrespondswithIKE_AUTHEAPSuccesstoUEiftheauthenticationandthePDPcontextactivationsucceeded.EncryptedPayload: EAP/Success
7. IKE_AUTH(AUTH)UEinitiatesIKE_AUTHtoTTG.EncryptedPayload: AUTH(SharedKeyMessageIntegrityCode)
8. IKE_AUTH(AUTH,CP,SA,TSi,TSr,N,N)TTGrespondsIKE_AUTHtoUEwithIPsecproposalsinSApayload.EncryptedPayloads: AUTH(SharedKeyMessageIntegrityCode) CP(CFG_REPLY,IPv4address,IPv4netmask,IPv4dns,IPv4subnet) SA TSi(0,065536,UEsipUEsip) TSr(0,065536,0.0.0.0255.255.255.255) N(ESP_TFC_PADDING_NOT_SUPPORTED) N(NON_FIRST_FRAGMENTS_ALSO)12
-
2I-WLAN Message FlowsPayloadsinSAforCHILD_SAnegotiationcompletion:(protocol=ESP) EncryptionAlgorithm IntegrityAlgorithm NoESN
9. AccessRequest(EAP/Response/Identity)TTGsendsAccessRequesttoAAAtoinitiateEAPAKAnegotiation.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)/Identity(1)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)
10. AccessChallenge(EAP/Request/AKAChallenge)AAAsendsAccessChallengetoTTGaspartofEAPAKAauthentication.Attributes: EAPMessage(79)(Request(1)/AKAChallenge(23,1)) State(24)(StatefornegotiationinAAA) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
11. AccessRequest(EAP/Response/AKA/Challenge)TTGsendsAccessRequesttoAAAwithAKAchallengeresponse.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)/AKAChallenge(23,1)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)13
-
2I-WLAN Message Flows12. AccessAccept(EAP/Success)AAAsendsAccessAccepttoTTGtocompletesuccessfulEAPAKAauthentication.Attributes: UserName(1)(@realm) EAPMessage(79)(Success(3)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) VendorSpecific(26),Vendor=311(Microsoft),MSMPPERecvKey(17)(Sessionkey) VendorSpecific(26),Vendor=311(Microsoft),MSMPPESendKey(16)(Sessionkey)
13. DNSQueryTTGsendsDNSquerytoDNSserverqueryingtheAPNnametogetGGSNIPaddress.
14. DNSResponseDNSserversendsIPfortheresolvedAPNname(theGGSNIPaddress).
15. CreatePDPContextRequestTTGinitiatesPDPContextActivationtoGGSN.GTPEncapsulatedPayload: IMSI Recovery SelectionMode TunnelEndpointIdentifierDataI TunnelEndpointIdentifierControlPlane NSAPI ChargingCharacteristics EndUserAddress AccessPointName SGSNAddressforsignaling SGSNAddressforusertraffic MSISDN QualityofServiceProfile RATType14
-
2I-WLAN Message Flows16. CreatePDPContextResponseGGSNrespondstothePDPContextActivationtoTTG.GTPEncapsulatedPayload: Cause ReorderingRequired TunnelEndpointIdentifierDataI TunnelEndpointIdentifierControlPlane ChargingID EndUserAddress GGSNAddressforControlPlane GGSNAddressforUserTraffic QualityofServiceProfile Recovery ProtocolConfigurationOptions
AKA full authentication: Request-Identity enabled
Flow 2Inthisflow,Requestidentityisenabled,whichmeansthattheidentityisrequestedbytheAAA.ThiscanbecomparedwiththedesignedapproachoftheSEGTTGinwhichRequestIdentityisdisabled(flow1).15
-
2I-WLAN Message FlowsFigure 4. IPsec/GTP tunnel establishment with full EAP-AKA authentication, request identity enabled16
-
2I-WLAN Message FlowsMessage details1. IKE_SA_INIT(SA,KE,Ni,N,N)
Sameas1inflow1.2. IKE_SA_INIT(SA,KE,Nr,N,N,CERTREQ)
Sameas2inflow1.3. IKE_AUTH(IDi,CP,SA,TSi,TSr,CERTREQ,IDr,N)
Sameas3inflow1.4. IKE_AUTH(IDr,CERT,AUTH,EAP)
TTGrespondsIKE_AUTHuponRADIUSAccessChallenge(EAPRequest/AKA/Identity).EncryptedPayloads: IDr(FQDN) CERT(X.509) AUTH(RSADigitalSignature) EAP/Request/AKA/Identity(AT_FULLAUTH_ID_REQ)Note:IfFastReAuthenticationisenabled,AT_ANY_ID_REQmightbeincluded.Ifrequired,AT_PERMANENT_ID_REQwillbesent.
5. IKE_AUTH(EAP)UEinitiatesIKE_AUTHwiththeID.EncryptedPayload: EAP/Response/AKA/Identity(AT_IDENTITY)
6. IKE_AUTH(EAP)TTGrespondstoIKE_AUTHuponRADIUSAccessChallenge(EAP/Request/AKA/Challenge).EncryptedPayloads: EAP/Request/AKA/Challenge(AT_RAND,AT_AUTN,AT_IV,AT_ENCR_DATA,AT_MAC) AT_ENCR_DATAcontainsAT_NEXT_PSEUDONYM(andAT_NEXT_REAUTH_ID)for
pseudonymuseridentitywhennecessary.ThisIDwillbevalidafterthesuccessfulauthentication.Thisattributeisincludedwhenitisnecessary.AT_IVmustbepresentonlyiftheAT_ENCR_DATAattributeisincluded.AT_PADDINGwillbeincludedifnecessary.
7. IKE_AUTH(EAP).Sameas5inflow1.
8. IKE_AUTH(EAP).Sameas6inflow1.
9. IKE_AUTH(AUTH).Sameas7inflow1.17
-
2I-WLAN Message Flows10. IKE_AUTH(AUTH,CP,SA,TSi,TSr,N,N).Sameas8inflow1.
11. AccessRequest(EAP/Response/Identity)TTGsendsAccessRequesttoAAAtoinitiateEAPIdentityrequest.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)
12. AccessChallenge(EAP/Request/AKAIdentity)AAAsendsAccessChallengetoTTGaspartofAKAidentityrequestresponse.Attributes: EAPMessage(79)(Request(1)/AKAIdentity(23,5)) State(24)(StatefornegotiationinAAA) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
13. AccessRequest(EAP/Response/AKAIdentity)TTGsendsAccessRequesttoAAAtoinitiateEAPAKAnegotiation.Attributes: UserName(1)(@realm) EAPMessage(79)(Response(2)/Identity(23,5)) MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey) CallingStationId(31)(@realm) CalledStationId(30)(APN) NASIPAddress(4)(IPoftherequestingentity) NASPort(5)(Theportusedontherequestingentity,typically0) NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport) FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)
14. AccessChallenge(EAP/Request/AKA/Challenge).Sameas10inflow1.
15. AccessRequest(EAP/Response/AKA/Challenge).Sameas11inflow1.18
-
2I-WLAN Message Flows16. AccessAccept(EAP/Success).Sameas12inflow1.
17. DNSQuery.Sameas13inflow1.
18. DNSResponse.Sameas14inflow1.
19. CreatePDPContextRequest.Sameas15inflow1.
20. CreatePDPContextResponse.See16inflow1.
IfAAAusedAT_FULLAUTH_ID_REQ,andifAT_IDENTITYcontainsavalidpermanentidentityoravalidpseudonymidentity,theAAAproceedswithfullauthentication.IfAT_IDENTITYcontainsapseudonymidentitynotfoundindatabaseoritsvalidityperiodhasbeenexceeded,theAAAsendsEAP/Request/AKA/IdentitywithAT_PERMANENT_ID_REQ.
UE-initiated tunnel termination
Flow 3Figure 5. UE-initiated tunnel termination19
-
2I-WLAN Message FlowsMessage details1. INFORMATIONAL(DELETE)
EncryptedPayload: DELETE(protocol=IKE(1),numberofspis=0spi_size=0)
2. INFORMATIONAL
Nopayloads.3. DeletePDPContextRequest
TTGinitiatesPDPContextremovaltoGGSN.GTPEncapsulatedPayload: TeardownInd NSAPI
4. DeletePDPContextResponseGGSNrespondstoDeletePDPContextRequest.GTPEncapsulatedPayload: Cause
Note:WLANUEwillusetheproceduresdefinedintheIKEv2protocol(seeIETFRFC4306)todisconnectanIPsectunnelfromtheTTG.TheWLANUEwillclosetheincomingsecurityassociationsassociatedwiththetunnelandinstructtheTTGtodothesamebysendingtheINFORMATIONALrequestmessagewithaDELETEpayload.TheDELETEpayloadwillcontaineither: ProtocolIDsetto1andnosubsequentSecurityParametersIndexes(SPIs)inthe
payload.ThisindicatesclosingofIKEsecurityassociation,andimpliesthedeletionofallIPsecESPsecurityassociationsthatwerenegotiatedwithintheIKEsecurityassociation.
ProtocolIDsetto3forESP.TheSecurityParametersIndexesincludedinthepayloadwillcorrespondtotheparticularincomingESPsecurityassociationsattheWLANUEforthegiventunnel.20
-
2I-WLAN Message FlowsGGSN-initiated tunnel termination
Flow 4Figure 6. GGSN-initiated tunnel termination
Message details1. DeletePDPContextRequest
GGSNinitiatesPDPContextremovaltoTTG.GTPEncapsulatedPayload: TeardownInd NSAPI
2. DeletePDPContextResponse3. INFORMATIONAL(DELETE)
EncryptedPayload: DELETE(protocol=IKE(1),numberofspis=0spi_size=0)
4. INFORMATIONAL(DELETE)Nopayloads.21
-
2I-WLAN Message FlowsTTG-initiated tunnel termination
Flow 5PossibletriggersforTTGinitiatedtunnelterminationare: DPDclientdoesnotrespondtokeepalivemessages(INFORMATIONAL). UserAdmindelete(CLIcommand). AbsenceofGTPechorepliesinDataPlane(GGSNdoesntrespondonechorequests). AbsenceofGTPechorepliesinControlPlane(GGSNdoesntrespondonechorequests). Usersessiontimeout(AuthenticationSystem).
Figure 7. Tunnel termination initiated from TTG
Note:TheexactsequenceofthemessageflowuponTTGinitiatedtunnelterminationmaydifferdependingonthetriggeringaction.
Message detailsNormally,TTGsendsIKE_SAdeletion.1. INFORMATIONAL(DELETE)
EncryptedPayload: DELETE(protocol=IKE(1),numberofspis=0spi_size=0)
2. PDPContextDeleteRequestTTGsendsPDPDeleteContextRequesttoGGSN.
3. INFORMATIONAL(DELETE)Nopayloads.
4. PDPDeleteContextResponsesentfromGGSN22
-
2I-WLAN Message FlowsSequence when CHILD_SA delete is sent1. INFORMATIONAL(DELETE)
EncryptedPayload: DELETE(protocol=ESP(3),numberofspis=1spi_size=4)Note:ThenumberofspiswillvarydependingonhowmanySAaretobedeleted.
2. INFORMATIONAL(DELETE)EncryptedPayload: DELETE(protocol=ESP(3),numberofspis=1spi_size=4)Inthisreplay,theSPIfieldofthedeletepayloadreferencesthepairedSAgoingintheotherdirection.Forexample,CHILD_SAdeletionwillhappeniftheoperatorissuesthecommandtokilltheSAintheCLI.OnreceiptoftheINFORMATIONALrequestmessagewithDELETEpayload,indicatingthattheTTGisattemptingtunneldisconnection,theWLANUEwill:a. CloseallsecurityassociationsidentifiedwithintheDELETEpayload(thesesecurity
associationscorrespondtooutgoingsecurityassociationsfromtheWLANUEperspective).IfnosecurityassociationswerepresentintheDELETEpayloadandtheprotocolIDwassetto1,theWLANUEwillclosetheIKEsecurityassociationandallIPsecESPsecurityassociationsthatwerenegotiatedwithinittowardstheTTG.
b. TheWLANUEwilldeletetheincomingsecurityassociationscorrespondingtotheoutgoingsecurityassociationsidentifiedintheDELETEpayload.
TheWLANUEwillsendanINFORMATIONALresponsemessage.IftheINFORMATIONALrequestmessagecontainedalistofsecurityassociations,theINFORMATIONALresponsemessagewillcontainalistofsecurityassociationsdeletedinstepbabove.IftheWLANUEisunabletocomplywiththeINFORMATIONALrequestmessage,theWLANUEwillsendanINFORMATIONresponsemessagewitheither: ANOTIFYpayloadoftypeINVALID_SPIifitcouldnotidentifyoneormoreofthe
SecurityParametersIndexesinthemessagefromtheTTG;or AmoregeneralNOTIFYpayloadtype.Thispayloadtypeisimplementationdependent.23
-
2I-WLAN Message FlowsIKE/IPsec Dead Peer Detection (DPD)
Flow 6Figure 8. IKE/IPsec keepalive
Message detailsNormally,TTGsendsIKE_SAdeletion.1. INFORMATIONAL()
Nopayloads.2. INFORMATIONAL()
Nopayloads.24
-
2I-WLAN Message FlowsUE-initiated IKE rekey, IPsec rekey
Flow 7Figure 9. UE-initiated IKE/IPsec rekey
Message details: IKE rekey1. CREATE_CHILD_SA(SA,Ni,KE)
EncryptedPayloads: SA:(protocol=IKE,ProposalisUEdependent) Ni KE
Note:TheseproposalsareUEdependent.2. CREATE_CHILD_SA(SA,Ni,KE)
EncryptedPayloads: SA:(Proposalswillbeaccepted) Ni KE25
-
2I-WLAN Message FlowsMessage details: IPsec rekey1. CREATE_CHILD_SA(SA,Ni,TSi,TSr,N)
EncryptedPayloads: SA:(protocol=ESP,ProposalisUEdependent,remoteSPIistheonethatwouldbe
expectedinaESPpacketincomingontheSAtoberekeyed) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(REKEY_SA),ThispayloadidentifiestheCHILD_SAbeingrekeyed,anditcontainsthe
SPIthattheinitiatorexpectsintheheadersofinboundpackets.2. CREATE_CHILD_SA(SA,Ni,TSi,TSr)
EncryptedPayloads: SA:(protocol=ESP,Proposalswillbeaccepted) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(ESP_TFC_PADDING_NOT_SUPPORTED) N(NON_FIRST_FRAGMENTS_ALSO)Note:DeletionofoldCHILD_SAwillfollowaftertheChildSAexchange.
TTG-initiated IKE rekey, IPsec rekey
Flow 8Figure 10. TTG-initiated IKE/IPsec rekey26
-
2I-WLAN Message FlowsMessage details - IKE rekey1. CREATE_CHILD_SA(SA,Ni,KE)
EncryptedPayloads: SA:(protocol=IKE,Normally,proposalswillbeadjustedtothepreviousexchange,
suchasduringIKE_SA_INIT) Ni KE
2. CREATE_CHILD_SA(SA,Ni,KE)EncryptedPayloads: SA:(Proposalswillbeaccepted) Ni KE
Note:ItisUEdependentforwhichalgorithmtobetaken.
Message details - IPsec rekey1. CREATE_CHILD_SA(SA,Ni,TSi,TSr,N)
EncryptedPayloads: SA:(protocol=ESP,ProposalisUEdependent,remoteSPIistheonethatwouldbe
expectedinaESPpacketincomingontheSAtoberekeyed) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(REKEY_SA),ThispayloadidentifiestheCHILD_SAbeingrekeyed,anditcontainsthe
SPIthattheinitiatorexpectsintheheadersofinboundpackets.2. CREATE_CHILD_SA(SA,Ni,TSi,TSr)
EncryptedPayloads: SA:(protocol=ESP,Proposalswillbeaccepted) Ni TSi:(0,065536,UEsipUEsip) TSr:(0,065536,0.0.0.0255.255.255.255) N(ESP_TFC_PADDING_NOT_SUPPORTED) N(NON_FIRST_FRAGMENTS_ALSO)Note:DeletionofoldCHILD_SAwillfollowaftertheChildSAexchange.27
-
AAppendix 1. 3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,3GPP.I-WLAN Authentication MethodsThisappendixcontainssupplementaryinformationaboutauthenticationmethodsthatapplywhenoperatinginanIWLANscenario,including: CertificatesusedinIWLAN X.509certificates ExtensibleAuthenticationProtocol(EAP)
Certificates used in I-WLANThisusecasedescribeshowcertificatesareusedasanauthenticationmethodinanIWLANscenario. TheSEG,referredtoastheTTGinIWLANterminology,authenticatesitselftotheUEby
usingcertificates. TheUEauthenticatestotheTTGbymeansofanExtendedAuthenticationsProtocol
(EAPAKA). IKEv2mandatesthatthisisusedinconjunctionwithapublickeysignaturebased
authenticationbetweentheSEGTTGtotheuserendpoint. ThecertificatesusedtoauthenticatetheTTGmustconformtothecertificateprofile
describedin3GPPTS33.234section6.71. TobeabletoauthenticatetheTTG,theUEmustbeconfiguredwiththerootCAcertificate
thatcorrespondstothebeginningofacertificationpathfortheTTGendentitycertificate.
Certificate setupThecertificatesthatmustbesetupforproperIWLANaccessinclude:1. ThegatewayendentitycertificatesignedbytheCAused.2. TherootcertificatefromthesigningCA.TheIDrpayloadforthetunnelmustbeaFullyQualifiedDomainName(FQDN)thatcorrespondstotheAccessPointName(APN)ofaGGSNintheDNSusedbytheGTPinterface.TheAPNdecideswhichGGSNthattheGTPinterfacewillconnecttheusertunnelagainst.TheSEGTTGsupportsshortAPN.AccessPointName(APN)isasetoflabelsseparatedusingdots(.),forexample,testggsn.mynetwork.com.ByapplyingShortAPN,onlythefirstlabeloftheAPN(testggsninthepreviousexample)willbeusedinthePDPcontextactivation.ItisconfigurableviatheGTPinterface.28
-
AI-WLAN Authentication MethodsX.509 certificates TheSEGsupportsdigitalcertificatesthatcomplywiththeITUTX.509standard.ThisinvolvestheuseofanX.509certificatehierarchywithpublickeycryptographytoaccomplishkeydistributionandentityauthentication.AnyreferencestocertificateinthismanualmeananX.509certificate.Acertificateisadigitalproofofidentity.Itlinksanidentitytoapublickeytoestablishwhetherapublickeytrulybelongstothesupposedowner.Bydoingthis,itpreventsdatatransferinterceptionbyamaliciousthirdpartywhomightpostafakekeywiththenameanduserIDofanintendedrecipient.
Certificates with VPN tunnelsThemainuseofcertificatesintheSEGisforVPNtunnels.ThesimplestandfastestwaytoprovidesecuritybetweentheendsofatunnelistousePresharedKeys(PSKs).AsaVPNnetworkgrowssodoesthecomplexityofusingPSKs.Certificatesprovideawaytobettermanagesecurityinmuchlargernetworks.
Certificate componentsAcertificateisadigitalobjectbindingapublickeytotheendentityconsideredtheownerofthecorrespondingprivatekey.Theassertionofthebindingisprovidedbythedigitalsignatureofthecertificatedatabyatrustedthirdparty.Thistrustedthirdpartyisthecertificateissuer.Acertificateconsistsofthefollowing: Identityinformationaboutthecertificateowner. Identityinformationaboutthecertificateissuer. Thepublickeyoftheowner. Thesignatureoftheaboveitemsperformedbytheissuerusingitsownprivatekey.Bybindingtheaboveinformationtogether,acertificateisapublickeywithattachedidentification,coupledwithastampofapprovalbyatrustedparty.
Certification authoritiesAcertificateauthority(CA)isatrustedentitythatissuescertificatestootherentities.TheCAdigitallysignsallcertificatesitissues.AvalidCAsignatureinacertificateverifiestheidentityofthecertificateholderandguaranteesthatthecertificatehasnotbeentamperedwithbyanythirdparty.ACAisresponsibleformakingsurethattheinformationineverycertificateitissuesiscorrect.Italsohastomakesurethattheidentityofthecertificatematchestheidentityofthecertificateholder.ACAcanalsoissuecertificatestootherCAs.Thisleadstoatreelikecertificatehierarchy.ThehighestCAiscalledtherootCA.Inthishierarchy,eachCAissignedbytheCAdirectlyaboveit,exceptfortherootCA,whichisselfsigned.29
-
AI-WLAN Authentication MethodsAcertificationpathreferstothepathofcertificatesfromonecertificatetoanother.Whenverifyingthevalidityofausercertificate,theentirepathfromtheusercertificateuptothetrustedrootcertificatehastobeexaminedbeforeestablishingthevalidityoftheusercertificate.TheCAcertificateisjustlikeanyothercertificates,exceptthatitallowsthecorrespondingprivatekeytosignothercertificates.ShouldtheprivatekeyoftheCAbecompromised,thewholeCA,includingeverycertificateithassigned,isalsocompromised.
Validity timeAcertificateisnotvalidforever.Eachcertificatecontainsthedatesbetweenwhichthecertificateisvalid.Whenthisvalidityperiodexpires,thecertificatecannolongerbeused,andanewcertificatehastobeissued.
Certificate Revocation ListsACertificateRevocationList(CRL)containsalistofallcertificatesthathavebeencancelledbeforetheirexpirationdate.Theyarenormallyheldonanexternalserverthatisaccessedtodetermineifthecertificateisstillvalid.Theabilitytovalidateausercertificateinthiswayisakeyreasonwhycertificatesecuritysimplifiestheadministrationoflargeusercommunities.UsingeitherLDAPorHTTPprotocols,CRLsarepublishedonserversthatallcertificateuserscanaccess.Revocationcanhappenforseveralreasons.Onereasoncouldbethatthekeysofthecertificatehavebeencompromisedinsomeway.Anotherreasonisthattheownerofthecertificatehaslosttherightstoauthenticateusingthatcertificate,perhapsbecausetheownerhasleftthecompany.Whateverthereason,serverCRLscanbeupdatedtochangethevalidityofoneormanycertificates.CertificatesoftencontainaCRLDistributionPoint(CDP)field,whichspecifiesthelocationfromwheretheCRLcanbedownloaded.Insomecasescertificatesdonotcontainthisfield.InthosecasesthelocationoftheCRLhastobeconfiguredmanually.ACAusuallyupdatesitsCRLatagiveninterval.ThelengthofthisintervaldependsonhowtheCAisconfigured.Typically,thisissomewherebetweenanhourtoseveraldays.
Trusting certificatesWhenusingcertificates,theSEGtrustsanyonewhosecertificateissignedbyagivenCA.Beforeacertificateisaccepted,thefollowingstepsaretakentoverifythevalidityofthecertificate:1. ConstructacertificationpathuptothetrustedrootCA.2. Verifythesignaturesofallcertificatesinthecertificationpath.3. FetchtheCRLforeachcertificatetoverifythatnoneofthecertificateshavebeenrevoked.30
-
AI-WLAN Authentication MethodsExtensible Authentication Protocol (EAP)TheEAPagentimplementedintheSEGprovidestheoptiontouseEAPmethodsforuserauthentication.Theagentisconfiguredinanauthenticationprofileandusedbyaninterfaceorrulethatrequiresauthenticationforitspeers.TheSEGdoesnotsupporttheEAPmethodsusedforverifyingauser.ItreliesonexternalEAPservers,actingasapassthroughauthenticatorbetweenthepeerandtheauthenticationserver.TheusedEAPmethodisnegotiatedbetweenthepeerandtheserver,andtheSEGrelaystheEAPattributesforthechosenmethodovertheprotocolsusedbetweenthepeerandtheSEG,andtheauthenticationserverandtheSEG.TheAuthenticationSourceAPIprovidesaninterfacefortheauthenticationsystemtocommunicatewiththeauthenticationsources.ViatheAPI,theauthenticationsystemcanrequestvalidationorinformationaboutauserfromtheEAPauthenticationservers.TheEAPagentsupportstheEAPSIMandEAPAKAmethodsandtheSEGsupportsEAPAKA/EAPSIMfullauthenticationbypermanentIDandpseudonymID,andfastreauthentication.
EAP-AKA full authenticationFullauthenticationwillbeperformedwhenthepermanentID,pseudonymID,orinvalidIDissentfromUE.
Permanent IDIfEAPAKAisusedfortheauthentication,thepermanentIDwillfollowtheformat:0@realmWhentheclient/UEhasnopseudonymIDorfastreauthenticationIDinitsdatabase,oriftheclient/UEisrequestedtosendthepermanentIDfromthesystem(AT_PERMANENT_ID_REQ),thepermanentIDwillbesent.
Pseudonym ID Whentheclient/UEreceivesthepseudonymusernameinAT_NEXT_PSEUDONYMduringtheauthentication,theclient/UEcanstoreandusethepseudonymIDinthenextauthenticationafterthesuccessfulauthentication.ThepseudonymIDwillfollowtheformat:@realmNote:Serversendsthepseudonymusernamewithouttherealm.31
-
AI-WLAN Authentication MethodsFast re-authentication AAAviatheSEGcansupportfastreauthentication.ThisauthenticationmethodisoptionalandreliesontheconfigurationoftheAAA.Whentheclient/UEreceivesAT_NEXT_REAUTH_IDduringtheauthentication,theclient/UEcanstoreandusethefastreauthenticationIDinthenextauthenticationafterthesuccessfulauthentication.ThefastreauthenticationIDsentfromthesystemwillfollowtheformat:@FastReauthRealm32
PrefaceAbout this manualWhats new in this manualWhere to get more product informationRelated Radisys manualsSpecifications and standards documents
Notational conventions
IntroductionI-WLAN network overviewComponents
I-WLAN Message FlowsPayloadsAKA full authentication: Request-identity disabledFlow 1
AKA full authentication: Request-Identity enabledFlow 2
UE-initiated tunnel terminationFlow 3
GGSN-initiated tunnel terminationFlow 4
TTG-initiated tunnel terminationFlow 5
IKE/IPsec Dead Peer Detection (DPD)Flow 6
UE-initiated IKE rekey, IPsec rekeyFlow 7
TTG-initiated IKE rekey, IPsec rekeyFlow 8
I-WLAN Authentication MethodsCertificates used in I-WLANCertificate setup
X.509 certificatesCertificates with VPN tunnelsCertificate componentsCertification authoritiesValidity timeCertificate Revocation ListsTrusting certificates
Extensible Authentication Protocol (EAP)EAP-AKA full authenticationPermanent IDPseudonym IDFast re-authentication