© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 2
Agenda
Drivers for wifi-mobile convergence
Hotspot 2.0 for mobile like wifi roaming
Transparent Auto logon options & common wifi/mobile authentications
Network convergence
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 3
Drivers for wifi-mobile convergence
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 4
Future Networks Supporting the Mobile Internet Will Need to Integrate Smaller Cell Architectures to Scale
1000
100
10
1
1990 1995 2000 2005 2010 2015
Spectrum
Macro Capacity
26x Growth
Gro
wth
Source: Agilent
Macro 2G/3G/4G
Business Community Consumer Wi-Fi
Femto
Overall Capacity Not Keeping Pace with Data Demand
Small Cells Increase Existing Capacity
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 5
Driver for Change: Dealing with Non-Uniform Peaks
Mobile Internet Demand is non-uniform
Peaks of demand in certain hotspots can exceed cell capacity
Baseball stadium deployment – 5500 devices generating 52 Mbps traffic
• 12,000 devices attached to Wi-Fi during
Superbowl XLV
• How to scale metro – continuing splitting cells or do something different?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 6
Wide scale adoption of Wi-Fi by tablet and Smartphone users
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 7
Macro Networks Mobile Internet Economics – significant incremental cost of production
Ranges from ~$2/GB (3 carrier config) to ~$6/GB (1 carrier config)
Indoor offload solutions deliver very low incremental cost of production, similar to fixed Internet economics
As consumption rises, becomes more cost effective to offload traffic:
Compared with a 1-carrier macro cell, femto delivers improved economics for users with >750 MB/mo consumption
Compared with a 3-carrier macro cell, SP Wi-Fi delivers improved economics for users with >500 MB/mo consumption
Source; ABI/Cisco Cost of Production Analysis,
assuming CPE offered without cost to consumer and
depreciated over 3 years
Busy Hour Mbps
$
Busy Hour Mbps
$
Macro
Femto
SP Wi-Fi
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 8
Phase 1: wifi as overlay
Wifi operated by mobile provider or 3rd party/home/business
Single Bill for wifi and mobile
Phase 2 – Seamless roaming
Common roaming experience for wifi and mobile
Common authentication for wifi and mobile
Phase 3 – User plane convergence
Service Convergence: Access 3G PS services via Wifi
Charging Convergence: Same mobile prepaid for wifi
Policy Convergence: Same mobile policy control for wifi
Phase 4 – Seamless Mobility
Seamless mobility between wifi and mobile; application continuity when UE moves among mobile and wifi
Operator policy control when user use wifi and mobile access
End Target: Wifi is an extension of Mobile networks
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 9
Hotspot 2.0 for mobile like wifi roaming
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 10
SEAMLESS Simplifies network
discovery and selection for
seamless cellular data offload
SECURE Extends existing
SIM-based authentication
techniques over encrypted Wi-Fi
RELIABLE Carrier class
solution
PROFITABLE Enables location-based and value-added services
802.1x , EAP-SIM
Auto SIM
credentials
Next Generation
Hotspot
Seamless authentication &
Wi-Fi roaming - Wireless
Broadband Alliance
Encrypted
Wi-Fi Link
802.11i
Next Generation Hotspot …Roam, Authenticate, Monetize
1
802.11u
2 3 4
Mobile “concierge” service
Mobile Service Advertisement Protocol (MSAP)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 11
Next Generation Hotspot (Hotspot 2.0) 3G-like End-user Experience for Wi-Fi
HS 2.0 Experience
Home SP
HS 2.0 Network
Home SP
HS 2.0
Home SP
HS 2.0
HS 2.0 Network
Roaming
SP name
HS 2.0
SP name
HS 2.0
3G Experience
Home SP
3G Territory
3G
Roaming
Phone Phone
with HS 2.0
Laptop with
HS 2.0
Camera
with HS2.0
Phone
Automatic, Secure, EAP-based
Phone
with HS 2.0
Laptop with
HS 2.0
Camera
with HS2.0
Home SP
3G
Visited SP
3G
Home SP
3G Home SP
HS 2.0
Visited SP
3G SP name
HS 2.0
Automatic, Secure, EAP-based
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 12
How client can make auto-connection ?
Client reads 11u information from the network
Client will look after 11u information in the beacon and query realm name, if realm name is matched with their roamable realm name policy, it will initiate connection, using received auth. protocol
Network Name
Operator Name
Network Type
Authentication Info
HotSpot 2.0 info
Can you tell me network
info for SSID “Hotspot”?
Before I associate?
Yes! Here it is,
Realm Name = cisco.com
Auth.type = EAP-SIM
…
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 13
Reach customers at the moment of choice
A New Mobile Experience for Mobile Subscribers
Receive transient applications without
user intervention
Special offers today
Secure Wi-Fi Network Discovery
T-Systems
Multimedia
Solutions Hotspot 2.0 MSAP Next Gen mobile advertizing over wifi
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 14
Hotspot 2.0 SIG – Update 802.11u
Develop an industry spec to bring a 3G-like experience to Wi-Fi Automatic and secure Wi-Fi authentication and roaming
Release spec to the Wi-Fi Alliance for certification program
Launched at key US mobile operator - May 2010
24 technical architects; Over 300 hours in conference calls and face-to-face meetings
Hotspot 2.0 Spec completed in Dec 2010; Released to the Wi-Fi Alliance in March 2011; WBA Hotspot 2.0 trials in Oct-Nov 2011; Hotspot 2.0 Certification – 1H 2012
Hotspot 2.0 SIG has ended
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 15
HotSpot 2.0/NGH System Component Seamless Roaming
Chipset (Broadcom,Atheros,TI,etc..)
Driver (11u)
802.1x (EAP)
AP
I ANQP Supplicant
HA
ND
SE
T
AP
Air interface (WPA2-AES Encrypted)
WLC
AP
Infr
a
NAS Client AAA Server/Proxy
Subscriber DB
/HLR
Subscriber DB
/HLR AAA Server
Roaming Partner
EAP-x
EAP-x ANQP
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 16
WiFi Advertising via HotSpot 2.0
Chipset (Broadcom,Atheros,TI,etc..)
Driver (11u)
802.1x (EAP)
AP
I ANQP Supplicant
HA
ND
SE
T
AP
Air interface (WPA2-AES Encrypted)
WLC
AP
Infr
a
NAS Client WiFi Advertisement
Push Server
Subscriber DB
/HLR
Mobility
Service
Engine
MSAP
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 17
Hotspot 2.0 Specifications & Client Implications
Built directly
into device
Built directly
into device
Multitude of 3rd Party Connection Managers:
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 18
NGH 2011 Trial Timeline
April May Jun Jul Aug Sept Oct Nov
2011
NGH Trial
Team
formed
NGH Trial
Scope
Doc
NGH Trial
Launch
(Jun 20)
HS2.0 Spec
Draft
(WFA)
HS2.0 Equipment
Vendor
Test Event
(WFA)
Align
operators
and
vendors
Refine test script
Vendors implement
HS2.0 spec
NGH Trial
Execution
(Oct – Nov)
WBA-GSMA
Wi-Fi
Roaming
Taskgroup
Taskforce
Recommendation
(Nov)
Results
WBA Conference
End-to-end NGH
Roaming Prototype
(Jun 20)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 19
Transparent Auto logon options & common wifi/mobile authentications
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 20
Roaming Across WiFi and Cellular Transparent wifi logon
Com
ple
xity
Security
MAC
MAC-TAL
EAP (Cert)
EAP (SIM)
IPSEC/
I-WLAN
WISPr2.0
802.1x
WEB-
Name/Pwd.
WISPr1.0
Un-Encrypted
Credentials
Encrypted WiFi Data
& Credentials
Encrypted
E2E tunnel
HTTPS Encrypted
Credentials
Clientless
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 21
Transparent Auto Login Clientless Options
Wed login: User name password in web portal
WISPr
Web logon in the background
WISPr support in browser. Supported by most smartphone
Mac address login
Web login once and core stores the mac address of terminal.
Users registers the terminal mac with operator
EAP-SIM/802.1x
Uses SIM card in terminal to do authentication with AAA/HLR
Encryption of air interface base on keys from 802.1x
Apple iPhone, Symbian, Android Samsung, HTC/LG to come in 2011
EAP-PEAP/802.1x
One time User name password and certificate based authentication
Encryption of air interface base on keys from 802.1x
Most Android phones
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 22
Benefits of 802.1x EAP authentication
Automatic login
Security
Mutual Authentication
One time encryption key generated per session
No more un-authenticated users
User can only associated with 802.1x Wifi if they are authenticated
In weblogin, i-wlan, mac-TAL authentication lots un-authenticated users from other SP can associate with the wifi network and gets IP address – wasting resource
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 23
802.1X AAA 802.1X
EAP EAP
SIM
802.1x EAP-SIM transparent login
SIM Card– Authentication for Wi-Fi
AAA
EAP
SIM
SCCP
TCAP
MAP
SCCP
TCAP
MAP
AP AAA HLR
AP
AAA HLR
IP
EAP
SIM i-WLAN EAP-SIM-IKE transparent login
AAA
EAP
SIM
SCCP
TCAP
MAP
SCCP
TCAP
MAP
TTG/
PDG
IP
EAP
Client
Encrypted
IPSec
802.1x
SSID
OPEN
SSID
802.1x
SSID
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 24
ITP
AAA
HLR/AuC AP SIM
GSM-SIM Authentication Basic Call Flow
EAP Req/Resp ID
(IMSI@realm)
EAP Resp ID (IMSI@realm)
EAP Req/Resp SIM Start
(Nonce, version supported)
EAP Req/Resp SIM Start
(Nonce, version supported) MAP SAI (IMSI)
MAP SAI Ack (SRES, RAND, Kc) EAP Req/Resp SIM Challenge
(RAND, AT_MAC)
EAP Req/Resp SIM Challenge
(RAND, AT_MAC)
EAP Req/Resp SIM Challenge
AT_MAC_SRES
EAP Req/Resp SIM Challenge
AT_MAC_SRES
EAP Req/Resp Suucess (K)
EAP Req/Resp Suucess
Ki + RAND
A3 A8
SRES Kc
AAA server calculates
AT_MAC = HMAC_SHA1
(EAP Packet | nonce)
SIM calculates (n*SRES, n*RAND)
SIM checks AT_MAC = HMAC_SHA1 (EAP
packet | Nonce)
SIM calculates AT_MAC = HMAC_SHA1
(EAP Packet | n * SRES)
SIM calculates key K = HMAC_SHA1 (Identity | n*Kc |
Nonce| Version List | Selected Version)
Encrypted Traffic (use K as WPA/TKIP key)
DHCP
DHCP Request/Response
802.1x SSID
WLC
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 25
Network convergence
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 26
SP WiFi Architecture: Addressing the deployment and offload issues
Mobile
Wifi
3G/4G
Packet
Core
Converged
Operator
BB
Infra.
Convergence
• Service
• Billing
• Policy
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 27
SP WiFi Architecture: Addressing the SP WiFi Definition Issue
Before 3GPP Release 8, all non-3GPP access networks, including WiFi, were treated as the poor relations and deemed “not trusted”
“WLAN security was considered poor in both strength and ease of use, compared with that taken for granted in 3G networks and devices…. Hence it made sense for the mobile network operators to use .. IPsec between the UE and ePDG for the security of the user data - iWLAN.”
3GPP Release 8, changed all that, allowing non-3GPP access networks (including WiFi) to be trusted and treated as peers:
“Now, with the deployment of 802.1x, 802.11u, 802.11i and Hotspot 2.0, it may be considered by some operators that the security strength and ease of use is as acceptable as 3G/LTE security. For example, for the radio air link, the operator controlled hotspot with 802.11i could be treated as the trusted Non-3GPP Access.”
In 2010, Cisco SP WiFi Architecture team agreed to build a converged approach that allows SP WiFi to be treated as “trusted non-3GPP access”
Quotes from 3GPP 23.852 (2011)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 28
3GPP Standards Wifi offload Options
Untrusted Wifi network (3G/wifi) – 3GPP 23.234
i-WLAN
Mobile core integration (TTG/PDG/ePDG over S2b)
Needs an IPSec client but not available to Smartphones
IPSec-less/Clientless variant is needed for commercial deployment
Trusted Wifi network (4G/3G/wifi) – 3GPP 23.402
PMIPv6 over S2a interface between wifi and 4G mobile core
Clientless
Seamless migration from 3G to 4G solution is needed
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 29
SP WiFi as “Trusted Non 3GPP Access”
SGi
PCRF
Gx
HSS
S2b
Ope rator's IP Services
(e.g. IMS,. etc)
SWm
SWx
HPLMN
Non - 3GPP Networks
S6b
Rx
PDN Gateway
ePDG 3GPP AAA Server
Gxb
S2a
Gxa
STa
Gxc
S5
S6a
3GPP Access
Serving Gateway
SP WiFi as
trusted
Non-3GPP IP
Access
Integrated EPC
Based Subscriber
Control
SP WiFi as
Trusted Non-
3GPP Access
Integrated
Mobility
Multi-Vendor
Standards
S2c: DSMIPv6
Client MIP
Enabled
WiFi Device
Able to leverage
client capability for
heterogeneous
mobility when
available
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 30
NB
Wifi Network
Internet
Off-net
NAT-FW Mobile
On-net
Content
Gx Gy
Ga
WiSPr 1/web
login/EAP-SIM/AKA
Gn
Trusted
Wifi
WAP
GW
Internet
Gi/IP
AP
i-WLAN
Un-Trusted
Wifi
IPSG/LM
A
AP
AP
TTG
GGSN
AAA/
Portal HLR OCS PCRF CGF
WAG/
MAG
SGSN
WLC
Secured
i-WLAN
Client
IPSec
PDG
DPI
Mobile charging
Mobile policy
Mobile Services
SP Wifi architecture (Current) Seamless roaming/mobile integration
WAG
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 31
eNB/NB
Wifi Access Network
Internet
Off-net
PMIPv6-
S2a
GTP
S5
NAT-FW Mobile
Walled
Garden
Content
3GPP i-WLAN login
Converged Core Values:
• Wifi/3/4G Mobility
• Common Subscriber control:
• Authentication
• Charging
• Policy
• Common Services
Trusted
Un-Trusted PMIPv6-
S2b
WLC
AP
AP
ePDG
SGSN
SGW
Gx Gy Ga
AAA/
Portal HLR OCS PCRF CGF
WAG/
MAG
PGW
i-WLAN
Client IPSec
SP Wifi target architecture Converged Core for wifi/3/4G
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 32
Key Take-aways
With the explosion of mobile data traffic and the abundance of wifi equipped smartphone, wifi has become an economic and efficient way to offload mobile data
Making wifi as extension of mobile network for offload has the benefits of service, charging and policy convergence
Key wifi/mobile convergence methods:
Hotspot 2.0/802.11u: Provides mobile like wifi roaming experience and advertising capability
EAP-SIM: Common authentication for wifi/mobile via HLR
Network convergence: User and Control plane integration of wifi and mobile to provide service/charging/policy convergence.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 33
Complete Your Session Evaluation
Please give us your feedback!!
Complete the evaluation form you were given when you entered the room
This is session 5.1
Don’t forget to complete the overall event evaluation form included in your registration kit
YOUR FEEDBACK IS VERY IMPORTANT FOR US!!! THANKS
Top Related