Convergence of Wifi and Cellular in Service Provider Network · 2G/3G/4G Consumer Business...

Session ID 20PT

Convergence of Wifi and Cellular in Service Provider Network

William Wan, CSA MIAP

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential BRKSPM-2604_c1 2

Agenda

Drivers for wifi-mobile convergence

Hotspot 2.0 for mobile like wifi roaming

Transparent Auto logon options & common wifi/mobile authentications

Network convergence


Drivers for wifi-mobile convergence


Future Networks Supporting the Mobile Internet Will Need to Integrate Smaller Cell Architectures to Scale

1000

100

10

1

1990 1995 2000 2005 2010 2015

Spectrum

Macro Capacity

26x Growth

Gro

wth

Source: Agilent

Macro 2G/3G/4G

Business Community Consumer Wi-Fi

Femto

Overall Capacity Not Keeping Pace with Data Demand

Small Cells Increase Existing Capacity


Driver for Change: Dealing with Non-Uniform Peaks

Mobile Internet Demand is non-uniform

Peaks of demand in certain hotspots can exceed cell capacity

Baseball stadium deployment – 5500 devices generating 52 Mbps traffic

• 12,000 devices attached to Wi-Fi during

Superbowl XLV

• How to scale metro – continuing splitting cells or do something different?


Wide scale adoption of Wi-Fi by tablet and Smartphone users


Macro Networks Mobile Internet Economics – significant incremental cost of production

Ranges from ~$2/GB (3 carrier config) to ~$6/GB (1 carrier config)

Indoor offload solutions deliver very low incremental cost of production, similar to fixed Internet economics

As consumption rises, becomes more cost effective to offload traffic:

Compared with a 1-carrier macro cell, femto delivers improved economics for users with >750 MB/mo consumption

Compared with a 3-carrier macro cell, SP Wi-Fi delivers improved economics for users with >500 MB/mo consumption

Source; ABI/Cisco Cost of Production Analysis,

assuming CPE offered without cost to consumer and

depreciated over 3 years

Busy Hour Mbps

$

Busy Hour Mbps

$

Macro

Femto

SP Wi-Fi


Phase 1: wifi as overlay

Wifi operated by mobile provider or 3rd party/home/business

Single Bill for wifi and mobile

Phase 2 – Seamless roaming

Common roaming experience for wifi and mobile

Common authentication for wifi and mobile

Phase 3 – User plane convergence

Service Convergence: Access 3G PS services via Wifi

Charging Convergence: Same mobile prepaid for wifi

Policy Convergence: Same mobile policy control for wifi

Phase 4 – Seamless Mobility

Seamless mobility between wifi and mobile; application continuity when UE moves among mobile and wifi

Operator policy control when user use wifi and mobile access

End Target: Wifi is an extension of Mobile networks


Hotspot 2.0 for mobile like wifi roaming


SEAMLESS Simplifies network

discovery and selection for

seamless cellular data offload

SECURE Extends existing

SIM-based authentication

techniques over encrypted Wi-Fi

RELIABLE Carrier class

solution

PROFITABLE Enables location-based and value-added services

802.1x , EAP-SIM

Auto SIM

credentials

Next Generation

Hotspot

Seamless authentication &

Wi-Fi roaming - Wireless

Broadband Alliance

Encrypted

Wi-Fi Link

802.11i

Next Generation Hotspot …Roam, Authenticate, Monetize

1

802.11u

2 3 4

Mobile “concierge” service

Mobile Service Advertisement Protocol (MSAP)


Next Generation Hotspot (Hotspot 2.0) 3G-like End-user Experience for Wi-Fi

HS 2.0 Experience

Home SP

HS 2.0 Network

Home SP

HS 2.0

Home SP

HS 2.0

HS 2.0 Network

Roaming

SP name

HS 2.0

SP name

HS 2.0

3G Experience

Home SP

3G Territory

3G

Roaming

Phone Phone

with HS 2.0

Laptop with

HS 2.0

Camera

with HS2.0

Phone

Automatic, Secure, EAP-based

Phone

with HS 2.0

Laptop with

HS 2.0

Camera

with HS2.0

Home SP

3G

Visited SP

3G

Home SP

3G Home SP

HS 2.0

Visited SP

3G SP name

HS 2.0

Automatic, Secure, EAP-based


How client can make auto-connection ?

Client reads 11u information from the network

Client will look after 11u information in the beacon and query realm name, if realm name is matched with their roamable realm name policy, it will initiate connection, using received auth. protocol

Network Name

Operator Name

Network Type

Authentication Info

HotSpot 2.0 info

Can you tell me network

info for SSID “Hotspot”?

Before I associate?

Yes! Here it is,

Realm Name = cisco.com

Auth.type = EAP-SIM

…


Reach customers at the moment of choice

A New Mobile Experience for Mobile Subscribers

Receive transient applications without

user intervention

Special offers today

Secure Wi-Fi Network Discovery

T-Systems

Multimedia

Solutions Hotspot 2.0 MSAP Next Gen mobile advertizing over wifi


Hotspot 2.0 SIG – Update 802.11u

Develop an industry spec to bring a 3G-like experience to Wi-Fi Automatic and secure Wi-Fi authentication and roaming

Release spec to the Wi-Fi Alliance for certification program

Launched at key US mobile operator - May 2010

24 technical architects; Over 300 hours in conference calls and face-to-face meetings

Hotspot 2.0 Spec completed in Dec 2010; Released to the Wi-Fi Alliance in March 2011; WBA Hotspot 2.0 trials in Oct-Nov 2011; Hotspot 2.0 Certification – 1H 2012

Hotspot 2.0 SIG has ended


HotSpot 2.0/NGH System Component Seamless Roaming

Chipset (Broadcom,Atheros,TI,etc..)

Driver (11u)

802.1x (EAP)

AP

I ANQP Supplicant

HA

ND

SE

T

AP

Air interface (WPA2-AES Encrypted)

WLC

AP

Infr

a

NAS Client AAA Server/Proxy

Subscriber DB

/HLR

Subscriber DB

/HLR AAA Server

Roaming Partner

EAP-x

EAP-x ANQP


WiFi Advertising via HotSpot 2.0

Chipset (Broadcom,Atheros,TI,etc..)

Driver (11u)

802.1x (EAP)

AP

I ANQP Supplicant

HA

ND

SE

T

AP

Air interface (WPA2-AES Encrypted)

WLC

AP

Infr

a

NAS Client WiFi Advertisement

Push Server

Subscriber DB

/HLR

Mobility

Service

Engine

MSAP


Hotspot 2.0 Specifications & Client Implications

Built directly

into device

Built directly

into device

Multitude of 3rd Party Connection Managers:


NGH 2011 Trial Timeline

April May Jun Jul Aug Sept Oct Nov

2011

NGH Trial

Team

formed

NGH Trial

Scope

Doc

NGH Trial

Launch

(Jun 20)

HS2.0 Spec

Draft

(WFA)

HS2.0 Equipment

Vendor

Test Event

(WFA)

Align

operators

and

vendors

Refine test script

Vendors implement

HS2.0 spec

NGH Trial

Execution

(Oct – Nov)

WBA-GSMA

Wi-Fi

Roaming

Taskgroup

Taskforce

Recommendation

(Nov)

Results

WBA Conference

End-to-end NGH

Roaming Prototype

(Jun 20)


Transparent Auto logon options & common wifi/mobile authentications


Roaming Across WiFi and Cellular Transparent wifi logon

Com

ple

xity

Security

MAC

MAC-TAL

EAP (Cert)

EAP (SIM)

IPSEC/

I-WLAN

WISPr2.0

802.1x

WEB-

Name/Pwd.

WISPr1.0

Un-Encrypted

Credentials

Encrypted WiFi Data

& Credentials

Encrypted

E2E tunnel

HTTPS Encrypted

Credentials

Clientless


Transparent Auto Login Clientless Options

Wed login: User name password in web portal

WISPr

Web logon in the background

WISPr support in browser. Supported by most smartphone

Mac address login

Web login once and core stores the mac address of terminal.

Users registers the terminal mac with operator

EAP-SIM/802.1x

Uses SIM card in terminal to do authentication with AAA/HLR

Encryption of air interface base on keys from 802.1x

Apple iPhone, Symbian, Android Samsung, HTC/LG to come in 2011

EAP-PEAP/802.1x

One time User name password and certificate based authentication

Encryption of air interface base on keys from 802.1x

Most Android phones


Benefits of 802.1x EAP authentication

Automatic login

Security

Mutual Authentication

One time encryption key generated per session

No more un-authenticated users

User can only associated with 802.1x Wifi if they are authenticated

In weblogin, i-wlan, mac-TAL authentication lots un-authenticated users from other SP can associate with the wifi network and gets IP address – wasting resource


802.1X AAA 802.1X

EAP EAP

SIM

802.1x EAP-SIM transparent login

SIM Card– Authentication for Wi-Fi

AAA

EAP

SIM

SCCP

TCAP

MAP

SCCP

TCAP

MAP

AP AAA HLR

AP

AAA HLR

IP

EAP

SIM i-WLAN EAP-SIM-IKE transparent login

AAA

EAP

SIM

SCCP

TCAP

MAP

SCCP

TCAP

MAP

TTG/

PDG

IP

EAP

Client

Encrypted

IPSec

802.1x

SSID

OPEN

SSID

802.1x

SSID


ITP

AAA

HLR/AuC AP SIM

GSM-SIM Authentication Basic Call Flow

EAP Req/Resp ID

(IMSI@realm)

EAP Resp ID (IMSI@realm)

EAP Req/Resp SIM Start

(Nonce, version supported)

EAP Req/Resp SIM Start

(Nonce, version supported) MAP SAI (IMSI)

MAP SAI Ack (SRES, RAND, Kc) EAP Req/Resp SIM Challenge

(RAND, AT_MAC)

EAP Req/Resp SIM Challenge

(RAND, AT_MAC)


AT_MAC_SRES


AT_MAC_SRES

EAP Req/Resp Suucess (K)

EAP Req/Resp Suucess

Ki + RAND

A3 A8

SRES Kc

AAA server calculates

AT_MAC = HMAC_SHA1

(EAP Packet | nonce)

SIM calculates (n*SRES, n*RAND)

SIM checks AT_MAC = HMAC_SHA1 (EAP

packet | Nonce)

SIM calculates AT_MAC = HMAC_SHA1

(EAP Packet | n * SRES)

SIM calculates key K = HMAC_SHA1 (Identity | n*Kc |

Nonce| Version List | Selected Version)

Encrypted Traffic (use K as WPA/TKIP key)

DHCP

DHCP Request/Response

802.1x SSID

WLC


Network convergence


SP WiFi Architecture: Addressing the deployment and offload issues

Mobile

Wifi

3G/4G

Packet

Core

Converged

Operator

BB

Infra.

Convergence

• Service

• Billing

• Policy


SP WiFi Architecture: Addressing the SP WiFi Definition Issue

Before 3GPP Release 8, all non-3GPP access networks, including WiFi, were treated as the poor relations and deemed “not trusted”

“WLAN security was considered poor in both strength and ease of use, compared with that taken for granted in 3G networks and devices…. Hence it made sense for the mobile network operators to use .. IPsec between the UE and ePDG for the security of the user data - iWLAN.”

3GPP Release 8, changed all that, allowing non-3GPP access networks (including WiFi) to be trusted and treated as peers:

“Now, with the deployment of 802.1x, 802.11u, 802.11i and Hotspot 2.0, it may be considered by some operators that the security strength and ease of use is as acceptable as 3G/LTE security. For example, for the radio air link, the operator controlled hotspot with 802.11i could be treated as the trusted Non-3GPP Access.”

In 2010, Cisco SP WiFi Architecture team agreed to build a converged approach that allows SP WiFi to be treated as “trusted non-3GPP access”

Quotes from 3GPP 23.852 (2011)


3GPP Standards Wifi offload Options

Untrusted Wifi network (3G/wifi) – 3GPP 23.234

i-WLAN

Mobile core integration (TTG/PDG/ePDG over S2b)

Needs an IPSec client but not available to Smartphones

IPSec-less/Clientless variant is needed for commercial deployment

Trusted Wifi network (4G/3G/wifi) – 3GPP 23.402

PMIPv6 over S2a interface between wifi and 4G mobile core

Clientless

Seamless migration from 3G to 4G solution is needed


SP WiFi as “Trusted Non 3GPP Access”

SGi

PCRF

Gx

HSS

S2b

Ope rator's IP Services

(e.g. IMS,. etc)

SWm

SWx

HPLMN

Non - 3GPP Networks

S6b

Rx

PDN Gateway

ePDG 3GPP AAA Server

Gxb

S2a

Gxa

STa

Gxc

S5

S6a

3GPP Access

Serving Gateway

SP WiFi as

trusted

Non-3GPP IP

Access

Integrated EPC

Based Subscriber

Control

SP WiFi as

Trusted Non-

3GPP Access

Integrated

Mobility

Multi-Vendor

Standards

S2c: DSMIPv6

Client MIP

Enabled

WiFi Device

Able to leverage

client capability for

heterogeneous

mobility when

available


NB

Wifi Network

Internet

Off-net

NAT-FW Mobile

On-net

Content

Gx Gy

Ga

WiSPr 1/web

login/EAP-SIM/AKA

Gn

Trusted

Wifi

WAP

GW

Internet

Gi/IP

AP

i-WLAN

Un-Trusted

Wifi

IPSG/LM

A

AP

AP

TTG

GGSN

AAA/

Portal HLR OCS PCRF CGF

WAG/

MAG

SGSN

WLC

Secured

i-WLAN

Client

IPSec

PDG

DPI

Mobile charging

Mobile policy

Mobile Services

SP Wifi architecture (Current) Seamless roaming/mobile integration

WAG


eNB/NB

Wifi Access Network

Internet

Off-net

PMIPv6-

S2a

GTP

S5

NAT-FW Mobile

Walled

Garden

Content

3GPP i-WLAN login

Converged Core Values:

• Wifi/3/4G Mobility

• Common Subscriber control:

• Authentication

• Charging

• Policy

• Common Services

Trusted

Un-Trusted PMIPv6-

S2b

WLC

AP

AP

ePDG

SGSN

SGW

Gx Gy Ga

AAA/

Portal HLR OCS PCRF CGF

WAG/

MAG

PGW

i-WLAN

Client IPSec

SP Wifi target architecture Converged Core for wifi/3/4G


Key Take-aways

With the explosion of mobile data traffic and the abundance of wifi equipped smartphone, wifi has become an economic and efficient way to offload mobile data

Making wifi as extension of mobile network for offload has the benefits of service, charging and policy convergence

Key wifi/mobile convergence methods:

Hotspot 2.0/802.11u: Provides mobile like wifi roaming experience and advertising capability

EAP-SIM: Common authentication for wifi/mobile via HLR

Network convergence: User and Control plane integration of wifi and mobile to provide service/charging/policy convergence.


Complete Your Session Evaluation

Please give us your feedback!!

Complete the evaluation form you were given when you entered the room

This is session 5.1

Don’t forget to complete the overall event evaluation form included in your registration kit

YOUR FEEDBACK IS VERY IMPORTANT FOR US!!! THANKS

Convergence of Wifi and Cellular in Service Provider Network · 2G/3G/4G Consumer Business...

Documents

Transcript of Convergence of Wifi and Cellular in Service Provider Network · 2G/3G/4G Consumer Business...