Www.ist-muse.eu Nomadism/FMC Use Cases and AAA Impact Mohit Thakur 14th December, 2006.
-
Upload
gracie-reddan -
Category
Documents
-
view
218 -
download
0
Transcript of Www.ist-muse.eu Nomadism/FMC Use Cases and AAA Impact Mohit Thakur 14th December, 2006.
www.ist-muse.eu
Nomadism/FMC Use Cases and AAA Impact
Mohit Thakur14th December, 2006
www.ist-muse.euSlide Nr.: 2 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
Outline
1. Introduction.
2. Understanding FMC challenges.
3. MUSE Business Roles.
4. FMC Use Case 1: Nomadism with video call and IPTV service upgrade.
5. Authentication and Authorisation Requirements For Use Case 1.
6. FMC Use Case 2: Session Continuity with conversational services (Voice and Video over IP).
7. Authentication and Authorisation Requirements For Use Case 2 Using IWLAN.
8. Authentication and Authorisation Requirements For Use Case 2 Using SIP.
9. FMC Use Case 3: Nomadic user with public access over private domain.
10. Authentication and Authorisation Requirements For Use Case 3.
11. Conclusion.
www.ist-muse.euSlide Nr.: 3 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
Introduction
Project Introduction
> MUSE is a large integrated R&D project on Broadband Access.
> Objective: The overall objective of MUSE is the research and development of a future, low cost, multi-service access network. The access network should provide secure connectivity between end-user terminals and edge nodes in a multi-provider environment. It should be suited for the ubiquitous delivery of broadband services to every European citizen.
Paper Introduction
> We (in MUSE) analyse and understand the FMC (Fixed Mobile Convergence) aspects in the todays access network.
> Use Case formulation to cover evolving current and futuristic scenarios to represent users behaviour while accessing his services namely:
1. Nomadism.
2. Session Continuity.
3. Public access through private WLAN.
> Proposition of high level AAA requirements to meet the goal of above mentioned scenarios.
www.ist-muse.euSlide Nr.: 4 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
MUSE Business Roles
> Packager • Keeps customer profiles (e.g. desired policy in case of conflicting requests for different
services)• Keeps customer information for session authentication.• Collects accounting information
> Network Service Provider (NSP)• Assignment of public IP addresses and connects to internet or corporate network.• NSP definitely needs to have a AAA infrastructure
> Application Service Provider (ASP)• Offers application services.
> Connectivity Provider (CP)• End-to-end (e2e) connectivity between the Customer and ASP, guaranteeing and monitoring agreed e2e QoS and security • Provides the means to perform AAA. • Assembly of billing info for packager• Assignment of private IP addresses to retail end-user (or NAP)
> Network Access Provider (NAP) / Regional Network Provider (RNP)• Transport and resource management between the RGW and the edge router with the QoS requested by the CP(s)• RNP aggregates traffic from different edge nodes and delivers this to the appropriate service
(or other) edge nodes.
www.ist-muse.euSlide Nr.: 5 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
Understanding FMC challenges
> Nomadism: Ability of the user to change his network access point on moving; when changing the network access point, the user's service session is completely stopped and then started again, i.e. there is no session continuity or handover possible.
> Session Continuity: Ability of the user or terminal to change the network access point while maintaining the ongoing session.
> Roaming: Ability of the user to access services according to his/her profile while moving outside of his/her subscribed home network, i.e. by using an access point of a visited network.
> Nomadism put new requirements like:1. Authentication.
2. QoS.
> FMC puts even more:1. Roaming between home and visited networks from different providers, degrees of service continuity etc.
Roaming
Nomadism Session Continuity Continuous Mobility
Seamless Handover
Roaming
Nomadism Session Continuity Continuous Mobility
Seamless Handover Handover
Figure 1: MUSE view on FMC related definitions
www.ist-muse.euSlide Nr.: 6 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
FMC Use Case 1: Nomadism with video call and IPTV service upgrade
Use Case Description User Aspects Network Aspects Service Aspects
Jose starts his parents PC and access the Web portal of this SP, authenticates himself and due to his nomadic features he
has access to all his services.
Access to services from remote terminal.
AA, ACC, ARD, NRP, LOC AA, SEC, SEP, LOC
He then initiates a video over IP call from the PC to his video capable multimedia phone at home using his own subscription
Video call service can be used from a different
access network connection
ARD, NRP, LOC, MSA ACC, MEA, SEC, SEP, LOC
He uses the Internet to access his media-center, where he has stored all the pictures from his daughter’s last birthday, and
shows it on the TV screen at his parents home
Remote access to private server
ARD, NLR, SEC SEP, Photo viewing software (e.g. web server) or FTP server in the CPN
As Jose has a HDTV subscription, he contacts his service provider and upgrades the IP TV service to HDTV
DRM, Service quality upgrade for a nomadic
user
ACC, ARD, NRP, LOC DRM, MEA, SEP, LOC
www.ist-muse.euSlide Nr.: 7 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
Authentication and Authorisation Requirements For Use Case 1
1. Authentication could be based on: a) Per Device; b) Per Session; c) Per User.
2. User would authenticate with NSP (Network Service Provider) to gain its high speed access network. The authentication is done over an already existing internet connection.
3. To upgrade the quality of IPTV to HDTV, bandwidth enhancement and QoS should be guaranteed by the service provider. Application based authentication would enforce the authentication result backwards from provider end to user end.
4. The 2 sessions, Jose’s parents initial normal internet connection and Jose’s high speed internet connection with HDTV have to exist in parallel.
www.ist-muse.euSlide Nr.: 8 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
FMC Use Case 2: Session Continuity with conversational services (Voice and Video over IP)
802.11b/g
Home Gateway
audio + video
audio
audio+video
Park
Company'sbuildingBob's home
Access network
Wifi / WiMAX /UMTS
Use Case Description User Aspects Network Aspects Service AspectsShortly after, Bob’s phone gets out of the reach of the wireless home network, the phone is connected to a WIMAX (or UMTS)
base station.
Session continuity between private home network and a WiMAX / UMTS network or
public hotspot
AA, ACC, SEC, HOV, ROA, LOC
SEP, LOC
Since bandwidth is more expensive on this network, Bob receives a message on his screen asking whether he wants to continue
with the video path. Since video is not really important while walking, Bob decides to save money and tells his colleague that he will end the video path. The audio path stays active, so they
will be able to continue their conversation.
Media adaptation based on network capability and price
ACC, LOC ACC, MEA, SEP, LOC
At his office he transfers the running video call from the mobile terminal (WiMAX, UMTS) to his Notebook connected to a fixed
access network
Continue session on different terminal
AA, SEC, HOV, ROA, LOC AA, SEP, LOC
www.ist-muse.euSlide Nr.: 9 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
Authentication and Authorisation Requirements For Use Case 2 Using IWLAN
1. Wireless user device must have several interfaces for e.g. WLAN, UMTS etc.
2. IWLAN provides only network layer authentication solution, other protocols like SIP should take care of service level authentication.
3. EAP-AKA and EAP-SIM could be used for mutual authentication to create IPsec security tunnel between UE and Packet Data Gateway.
4. IWLAN provides either ‘Direct IP Access’ or ‘3GPP IP access’.
www.ist-muse.euSlide Nr.: 10 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
Authentication and Authorisation Requirements For Use Case 2 Using SIP
1. SIP based service authentication is a mandatory method in IMS.
2. IT does not require network layer tunelling (IPsec).
3. Service layer mutual authentication employing SIP registration mechanisms (AKA, SIM) normally are sufficient.
4. Security of SIP authentication signaling is provided by SIPSecure and SecureRTP.
www.ist-muse.euSlide Nr.: 11 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
FMC Use Case 3: Nomadic user with public access over private domain
802.11b/g
Home Gateway Home Gateway
Television
settop box
Bobs multi media device
Park
Company'sbuildingBob's home
Private network owner whooffers public network accessto visitors
Access network
Access network
802.11b/g
Wifi / WiMAX / UMTS
Use Case Description User Aspects Network Aspects Service Aspects
Some of the houses nearby provide public access over their private WiFi network. According to the network settings on his multimedia device, Bob gets connected to one of these
networks and orders the pizza over the Internet.
Public access over a private domain
AA, ACC, ARD, RP, SEC, LOC AA, LOC
www.ist-muse.euSlide Nr.: 12 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
Authentication and Authorisation Requirements For Use Case 3
> The difference between use cases 1, 2 and 3 is that in the latter one the owner of the private network does not necessarily have to know the visitor.
> There could be 2 possibilities for specifying the AA requirements here:
1. The visitor authenticates to his service provider who has a direct relationship with the host’s NAP (Network Access Provider). Due to the relationship, it is possible to support QoS in the access network, e.g. by separating the host’s and visitor’s traffic by means of VLANs.
2. In the second scenario the visitor authenticates against a third party (like in FON). QoS in the access network can only be supported if the third party has a direct relationship with the host’s SP.
www.ist-muse.euSlide Nr.: 13 Mohit Thakur, Siemens AG
Mohit Thakur, Siemens AG
Conclusion
> “Anytime & Anywhere” services are constantly growing which leads to FMC technologies are being developed to provide nomadism, session continuity and roaming between fixed networks and mobile networks.
> Multiprovider and multiservice networks have to be taken into consideration before designing any sort of AAA architecture.