Www.ist-muse.eu Nomadism/FMC Use Cases and AAA Impact Mohit Thakur 14th December, 2006.

www.ist-muse.eu

Nomadism/FMC Use Cases and AAA Impact

Mohit Thakur14th December, 2006

www.ist-muse.euSlide Nr.: 2 Mohit Thakur, Siemens AG

Mohit Thakur, Siemens AG

Outline

1. Introduction.

2. Understanding FMC challenges.

3. MUSE Business Roles.

4. FMC Use Case 1: Nomadism with video call and IPTV service upgrade.

5. Authentication and Authorisation Requirements For Use Case 1.

6. FMC Use Case 2: Session Continuity with conversational services (Voice and Video over IP).

7. Authentication and Authorisation Requirements For Use Case 2 Using IWLAN.

8. Authentication and Authorisation Requirements For Use Case 2 Using SIP.

9. FMC Use Case 3: Nomadic user with public access over private domain.

10. Authentication and Authorisation Requirements For Use Case 3.

11. Conclusion.



Introduction

Project Introduction

> MUSE is a large integrated R&D project on Broadband Access.

> Objective: The overall objective of MUSE is the research and development of a future, low cost, multi-service access network. The access network should provide secure connectivity between end-user terminals and edge nodes in a multi-provider environment. It should be suited for the ubiquitous delivery of broadband services to every European citizen.

Paper Introduction

> We (in MUSE) analyse and understand the FMC (Fixed Mobile Convergence) aspects in the todays access network.

> Use Case formulation to cover evolving current and futuristic scenarios to represent users behaviour while accessing his services namely:

1. Nomadism.

2. Session Continuity.

3. Public access through private WLAN.

> Proposition of high level AAA requirements to meet the goal of above mentioned scenarios.



MUSE Business Roles

> Packager • Keeps customer profiles (e.g. desired policy in case of conflicting requests for different

services)• Keeps customer information for session authentication.• Collects accounting information

> Network Service Provider (NSP)• Assignment of public IP addresses and connects to internet or corporate network.• NSP definitely needs to have a AAA infrastructure

> Application Service Provider (ASP)• Offers application services.

> Connectivity Provider (CP)• End-to-end (e2e) connectivity between the Customer and ASP, guaranteeing and monitoring agreed e2e QoS and security • Provides the means to perform AAA. • Assembly of billing info for packager• Assignment of private IP addresses to retail end-user (or NAP)

> Network Access Provider (NAP) / Regional Network Provider (RNP)• Transport and resource management between the RGW and the edge router with the QoS requested by the CP(s)• RNP aggregates traffic from different edge nodes and delivers this to the appropriate service

(or other) edge nodes.



Understanding FMC challenges

> Nomadism: Ability of the user to change his network access point on moving; when changing the network access point, the user's service session is completely stopped and then started again, i.e. there is no session continuity or handover possible.

> Session Continuity: Ability of the user or terminal to change the network access point while maintaining the ongoing session.

> Roaming: Ability of the user to access services according to his/her profile while moving outside of his/her subscribed home network, i.e. by using an access point of a visited network.

> Nomadism put new requirements like:1. Authentication.

2. QoS.

> FMC puts even more:1. Roaming between home and visited networks from different providers, degrees of service continuity etc.

Roaming

Nomadism Session Continuity Continuous Mobility

Seamless Handover

Roaming

Nomadism Session Continuity Continuous Mobility

Seamless Handover Handover

Figure 1: MUSE view on FMC related definitions



FMC Use Case 1: Nomadism with video call and IPTV service upgrade

Use Case Description User Aspects Network Aspects Service Aspects

Jose starts his parents PC and access the Web portal of this SP, authenticates himself and due to his nomadic features he

has access to all his services.

Access to services from remote terminal.

AA, ACC, ARD, NRP, LOC AA, SEC, SEP, LOC

He then initiates a video over IP call from the PC to his video capable multimedia phone at home using his own subscription

Video call service can be used from a different

access network connection

ARD, NRP, LOC, MSA ACC, MEA, SEC, SEP, LOC

He uses the Internet to access his media-center, where he has stored all the pictures from his daughter’s last birthday, and

shows it on the TV screen at his parents home

Remote access to private server

ARD, NLR, SEC SEP, Photo viewing software (e.g. web server) or FTP server in the CPN

As Jose has a HDTV subscription, he contacts his service provider and upgrades the IP TV service to HDTV

DRM, Service quality upgrade for a nomadic

user

ACC, ARD, NRP, LOC DRM, MEA, SEP, LOC



Authentication and Authorisation Requirements For Use Case 1

1. Authentication could be based on: a) Per Device; b) Per Session; c) Per User.

2. User would authenticate with NSP (Network Service Provider) to gain its high speed access network. The authentication is done over an already existing internet connection.

3. To upgrade the quality of IPTV to HDTV, bandwidth enhancement and QoS should be guaranteed by the service provider. Application based authentication would enforce the authentication result backwards from provider end to user end.

4. The 2 sessions, Jose’s parents initial normal internet connection and Jose’s high speed internet connection with HDTV have to exist in parallel.



FMC Use Case 2: Session Continuity with conversational services (Voice and Video over IP)

802.11b/g

Home Gateway

audio + video

audio

audio+video

Park

Company'sbuildingBob's home

Access network

Wifi / WiMAX /UMTS

Use Case Description User Aspects Network Aspects Service AspectsShortly after, Bob’s phone gets out of the reach of the wireless home network, the phone is connected to a WIMAX (or UMTS)

base station.

Session continuity between private home network and a WiMAX / UMTS network or

public hotspot

AA, ACC, SEC, HOV, ROA, LOC

SEP, LOC

Since bandwidth is more expensive on this network, Bob receives a message on his screen asking whether he wants to continue

with the video path. Since video is not really important while walking, Bob decides to save money and tells his colleague that he will end the video path. The audio path stays active, so they

will be able to continue their conversation.

Media adaptation based on network capability and price

ACC, LOC ACC, MEA, SEP, LOC

At his office he transfers the running video call from the mobile terminal (WiMAX, UMTS) to his Notebook connected to a fixed

access network

Continue session on different terminal

AA, SEC, HOV, ROA, LOC AA, SEP, LOC



Authentication and Authorisation Requirements For Use Case 2 Using IWLAN

1. Wireless user device must have several interfaces for e.g. WLAN, UMTS etc.

2. IWLAN provides only network layer authentication solution, other protocols like SIP should take care of service level authentication.

3. EAP-AKA and EAP-SIM could be used for mutual authentication to create IPsec security tunnel between UE and Packet Data Gateway.

4. IWLAN provides either ‘Direct IP Access’ or ‘3GPP IP access’.



Authentication and Authorisation Requirements For Use Case 2 Using SIP

1. SIP based service authentication is a mandatory method in IMS.

2. IT does not require network layer tunelling (IPsec).

3. Service layer mutual authentication employing SIP registration mechanisms (AKA, SIM) normally are sufficient.

4. Security of SIP authentication signaling is provided by SIPSecure and SecureRTP.



FMC Use Case 3: Nomadic user with public access over private domain

802.11b/g

Home Gateway Home Gateway

Television

settop box

Bobs multi media device

Park

Company'sbuildingBob's home

Private network owner whooffers public network accessto visitors

Access network

Access network

802.11b/g

Wifi / WiMAX / UMTS

Use Case Description User Aspects Network Aspects Service Aspects

Some of the houses nearby provide public access over their private WiFi network. According to the network settings on his multimedia device, Bob gets connected to one of these

networks and orders the pizza over the Internet.

Public access over a private domain

AA, ACC, ARD, RP, SEC, LOC AA, LOC



Authentication and Authorisation Requirements For Use Case 3

> The difference between use cases 1, 2 and 3 is that in the latter one the owner of the private network does not necessarily have to know the visitor.

> There could be 2 possibilities for specifying the AA requirements here:

1. The visitor authenticates to his service provider who has a direct relationship with the host’s NAP (Network Access Provider). Due to the relationship, it is possible to support QoS in the access network, e.g. by separating the host’s and visitor’s traffic by means of VLANs.

2. In the second scenario the visitor authenticates against a third party (like in FON). QoS in the access network can only be supported if the third party has a direct relationship with the host’s SP.



Conclusion

> “Anytime & Anywhere” services are constantly growing which leads to FMC technologies are being developed to provide nomadism, session continuity and roaming between fixed networks and mobile networks.

> Multiprovider and multiservice networks have to be taken into consideration before designing any sort of AAA architecture.

Www.ist-muse.eu Nomadism/FMC Use Cases and AAA Impact Mohit Thakur 14th December, 2006.

Documents

Transcript of Www.ist-muse.eu Nomadism/FMC Use Cases and AAA Impact Mohit Thakur 14th December, 2006.