Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SECURITY GATEWAY
SEG-100
SOFTWARE RELEASE 1.1
February 2012
007-03472-0001
Revision history
Version
-0000
-0001
Date
October 2011
February 2012
Description
First edition.
Second edition. Updated for the 1.1.2 software release. See Whats new in this manual on page 4 for a
description of changes in this edition.
20112012byRadiSysCorporation.Allrightsreserved.
RadisysisaregisteredtrademarkofRadiSysCorporation.AdvancedTCA,ATCA,andPIGMGareregisteredtrademarksofPCIIndustrial
ComputerManufacturersGroup.
Allothertrademarks,registeredtrademarks,servicemarks,andtradenamesarethepropertyoftheirrespectiveowners.
Table of Contents
Preface ................................................................................................................................................ 4
About this manual........................................................................................................................................4
Whats new in this manual...........................................................................................................................4
Where to get more product information .......................................................................................................4
Notational conventions ................................................................................................................................5
Chapter 1: Introduction...................................................................................................................... 6
I-WLAN network overview ...........................................................................................................................6
Components ................................................................................................................................................7
Preface
About this manual
ThisdocumentisaninterfacedescriptionfortheRadisysSEGTunnelTerminatingGateway
(TTG).ItdescribestheWuinterface,whichisthereferencepointbetweentheWLANUser
Equipment(UE)andtheTTG,theWminterface,whichisthereferencepointbetweentheTTG
andtheAAAserver,andtheGninterface,whichisthereferencepointbetweentheTTGand
theGGSN.
UpdatedtheGGSNinitiatedtunnelterminationflowonpage21.
Minorupdatesandclarifications.
Preface
Specifications and standards documents
3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June
2007,3GPP.
3GPPTS29.060GPRSTunnelingProtocol(GTP)acrosstheGnandGpinterface,Release9,
December2009,3GPP.
3GPPTS23.2343GPPSystemtoWirelessLocalAreaNetwork(WLAN)interworkingSystem
Description,Release7,June2007,3GPP.
RFC4187,ExtensibleAuthenticationProtocolMethodfor3rdGenerationAuthenticationand
KeyAgreement(EAPAKA),IETF,January2006.
RFC4306,InternetKeyExchange(IKEv2)Protocol,IETF,December2005.
Notational conventions
Thismanualusesthefollowingconventions
ItalicText
File,function,andutilitynames.
MonoText
Screentextandsyntaxstrings.
BoldMonoText
Acommandtoenter.
ItalicMonoText
Variableparameters.
Brackets[]
Commandoptions.
Curlybraces{}
Agroupedlistofparameters.
Verticalline|
AnORinthesyntax.Indicatesachoiceofparameters.
Allnumbersaredecimalunlessotherwisestated.
Chapter
Introduction
I-WLAN network overview
3GPPIPAccess,orInterworkingWLANasspecifiedby3GPP1,isamethodforestablishing
connectivitywithexternalnetworkssuchas3Goperatornetworks,corporateintranets,orthe
Internetviaa3GPPsystemforotheraccessnetworks,besidesGPRSandWCDMA,suchas
PublicWLAN,DSL,orWiMAX.3GPPIPAccessallowsanoperatortoreuseitsGiinfrastructure
andtoopenaccesstoitsservicestoagreaterrangeofusers.
Figure 1. I-WLAN network overview
1. 3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,
3GPP.
Introduction
Components
Toaccomplish3GPPIPAccess(IWLAN),anewnodecalledPacketDataGateway(PDG)was
introducedby3GPPspecifications.TheGGSNissupplementedwithaTunnelTermination
Gateway(TTG)toproduceaPDG.ATTGprovidesthe3GPPIPAccessspecificfunctionsthat
arenotincludedinGGSN.SeeaconceptualoverviewofaPDGbelow.
Figure 2. Conceptual overview of a PDG with its components and interfaces
Chapter
Payloads
TheIKEpayloadscontainedinthemessagesareindicatedbynamesaslistedbelow.
Notation
AUTH
CERT
CERTREQ
CP
D
E
EAP
HDR
IDi
IDr
KE
Ni, Nr
N
SA
Payload
Authentication
Certificate
Certificate Request
Configuration Payload
Delete
Encrypted
Extensible Authentication
IKE Header
Identification - Initiator
Identification - Responder
Key Exchange
Nonce
Notify
Security Association
Inthisflow,Requestidentityisdisabled,whichisthedesignedapproachfortheSEGTTG.The
TTGwillalwayssendtheidentity(compiledfromtheclientusername)intheAccessRequest
message.Thiscanbecomparedwithflow2inwhichRequestIdentityisenabled,which
meansthattheidentityisrequestedbytheAAA.
Figure 3. IPsec/GTP tunnel establishment with full EAP-AKA authentication, request identity disabled
1. IKE_SA_INIT(SA,KE,Ni,N,N)
UEinitiatesIKE_SA_INITwithIKEproposalsinSApayload.
Payloads:
SA
KE
Ni
N(NAT_DETECTION_SOURCE_IP)
N(NAT_DETECTION_DESTINATION_IP)
ProposalPayloadsinSA:
(protocol=IKE)
EncryptionAlgorithm
IntegrityAlgorithm
PseudorandomFunction
DiffieHellmanGroup:DHGroup21024bitMODP
Note:TheseproposalsareUEdependent.
2. IKE_SA_INIT(SA,KE,Nr,N,N,CERTREQ)
TTGrespondsIKE_SA_INITwithIKEproposalsinSApayload.
Payloads:
SA
KE
Nr
N(NAT_DETECTION_SOURCE_IP)
N(NAT_DETECTION_DESTINATION_IP)
CERTREQ(X.509CertificateSignature)
ProposalPayloadsinSA:
(protocol=IKE)
EncryptionAlgorithm
PseudorandomFunction
IntegrityAlgorithm
DiffieHellmanGroup:DHGroup21024bitMODP
Insteps1and2,theWLANUEperformstheIKE_SA_INITproceduretowardstheTTG.
Duringthisprocedure,thecryptographicalgorithmsarenegotiatedandNONCEsand
DiffieHellmanvaluesareexchangedbetweentheWLANUEandtheTTG.AnIKESAis
achievedthatwillbeusedtoestablishthechildSAforsubsequentESPIPsecpackets.The
WLANUEmightchoosetoincludeNATTraversalpayloadsaswelltodetermineifthereare
anyintermediateNATs.
10
3. IKE_AUTH(IDi,CP,SA,TSi,TSr,CERTREQ,IDr,N
UEinitiatesIKE_AUTHrequestwithIPsecproposalsinSApayload.
EncryptedPayloads:
IDi(permanentIDorpseudonymID)
CP(CFG_REQUEST,Novalues)
SA
TSi(0,065536,0.0.0.0255.255.255.255)
TSr(0,065536,0.0.0.0255.255.255.255)
CERTREQ(X.509)
IDr(FQDN)
(N)
Note:NoESNisUEdependent.
PayloadsinSAforCHILD_SAnegotiation:
(protocol=ESP)
EncryptionAlgorithm
IntegrityAlgorithm
NoESN
Note:NoESNisUEdependent.
Inthisexample,CP:(type=1,requiredattributeswithnovalues)
TheWLANUEsendsanIKE_AUTH_Request.TheIDipayloadcontainstheNAI(username
andoptionalrealmpart)oftheuser,andtheIDrpayloadcontainsthenameoftheWAPN
thattheuserisrequestingaccessto.TheIDtypeisID_RFC822_ADDRforIDiandID_FQDN
forIDr,respectively.Thesevaluesaresubjectedtoabasicvalidation,suchastheTTGcould
resolvetheWAPNusingtheDNSserverlocatedinthe3GPPnetwork.Forthispurpose,
theTTGcouldmaintainacacheformappingsbetweenWAPNsandIPaddressestoavoid
frequentDNSlookups.TheWAPN(thevalueoftheIDr)shouldberecordedforlateruse.
ThisIKE_AUTH_Requestdoesnotcontainanyauthenticationpayload,whichindicates
thattheWLANUEwishestouseEAPforauthentication.
AconfigurationpayloadoftypeCFG_REQUESTshouldalsobepresentaswellastraffic
selectors.
11
4. IKE_AUTH(IDr,CERT,AUTH,EAP)
TTGrespondsIKE_AUTHuponRADIUSAccessChallenge(EAPRequest/AKA/Challenge).
EncryptedPayloads:
IDr(FQDN):Sameasreceivedinstep3.
CERT(X.509):TTGendentitycertificateaccordingwithprofileinTS33.234.
AUTH(RSADigitalSignature):Containsauthenticationdata.
EAP/Request/AKA/Challenge(AT_RAND,AT_AUTN,AT_IV,AT_ENCR_DATA,AT_MAC):
InformationinthepacketreceivedfromAAA.
AT_ENCR_DATAcontainsAT_NEXT_PSEUDONYM(andAT_NEXT_REAUTH_ID)for
pseudonymuseridentitywhennecessary.
ThisIDwillbevalidafterasuccessfulauthentication.Thisattributeisincludedwhenitis
necessary.AT_IVmustbepresentonlyiftheAT_ENCR_DATAattributeisincluded.
5. IKE_AUTH(EAP)
UEinitiatesIKE_AUTHwiththecomputedresult.
EncryptedPayload:
EAP/Response/AKA/Challenge(AT_RES,<AT_CHECKCODE>,AT_MAC)
6. IKE_AUTH(EAP)
TTGrespondswithIKE_AUTHEAPSuccesstoUEiftheauthenticationandthePDPcontext
activationsucceeded.
EncryptedPayload:
EAP/Success
7. IKE_AUTH(AUTH)
UEinitiatesIKE_AUTHtoTTG.
EncryptedPayload:
AUTH(SharedKeyMessageIntegrityCode)
8. IKE_AUTH(AUTH,CP,SA,TSi,TSr,N,N)
TTGrespondsIKE_AUTHtoUEwithIPsecproposalsinSApayload.
EncryptedPayloads:
AUTH(SharedKeyMessageIntegrityCode)
CP(CFG_REPLY,IPv4address,IPv4netmask,IPv4dns,IPv4subnet)
SA
TSi(0,065536,UEsipUEsip)
TSr(0,065536,0.0.0.0255.255.255.255)
N(ESP_TFC_PADDING_NOT_SUPPORTED)
N(NON_FIRST_FRAGMENTS_ALSO)
12
PayloadsinSAforCHILD_SAnegotiationcompletion:
(protocol=ESP)
EncryptionAlgorithm
IntegrityAlgorithm
NoESN
9. AccessRequest(EAP/Response/Identity)
TTGsendsAccessRequesttoAAAtoinitiateEAPAKAnegotiation.
Attributes:
UserName(1)(<imsi>@realm)
EAPMessage(79)(Response(2)/Identity(1))
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
CallingStationId(31)(<imsi>@realm)
CalledStationId(30)(APN)
NASIPAddress(4)(IPoftherequestingentity)
NASPort(5)(Theportusedontherequestingentity,typically0)
NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport)
FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)
10. AccessChallenge(EAP/Request/AKAChallenge)
AAAsendsAccessChallengetoTTGaspartofEAPAKAauthentication.
Attributes:
EAPMessage(79)(Request(1)/AKAChallenge(23,1))
State(24)(StatefornegotiationinAAA)
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
11. AccessRequest(EAP/Response/AKA/Challenge)
TTGsendsAccessRequesttoAAAwithAKAchallengeresponse.
Attributes:
UserName(1)(<imsi>@realm)
EAPMessage(79)(Response(2)/AKAChallenge(23,1))
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
CallingStationId(31)(<imsi>@realm)
CalledStationId(30)(APN)
NASIPAddress(4)(IPoftherequestingentity)
NASPort(5)(Theportusedontherequestingentity,typically0)
NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport)
FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)
13
12. AccessAccept(EAP/Success)
AAAsendsAccessAccepttoTTGtocompletesuccessfulEAPAKAauthentication.
Attributes:
UserName(1)(<imsi>@realm)
EAPMessage(79)(Success(3))
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
VendorSpecific(26),Vendor=311(Microsoft),MSMPPERecvKey(17)(Sessionkey)
VendorSpecific(26),Vendor=311(Microsoft),MSMPPESendKey(16)(Sessionkey)
13. DNSQuery
TTGsendsDNSquerytoDNSserverqueryingtheAPNnametogetGGSNIPaddress.
14. DNSResponse
DNSserversendsIPfortheresolvedAPNname(theGGSNIPaddress).
15. CreatePDPContextRequest
TTGinitiatesPDPContextActivationtoGGSN.
GTPEncapsulatedPayload:
IMSI
Recovery
SelectionMode
TunnelEndpointIdentifierDataI
TunnelEndpointIdentifierControlPlane
NSAPI
ChargingCharacteristics
EndUserAddress
AccessPointName
SGSNAddressforsignaling
SGSNAddressforusertraffic
MSISDN
QualityofServiceProfile
RATType
14
15
16
1. IKE_SA_INIT(SA,KE,Ni,N,N)
Sameas1inflow1.
2. IKE_SA_INIT(SA,KE,Nr,N,N,CERTREQ)
Sameas2inflow1.
3. IKE_AUTH(IDi,CP,SA,TSi,TSr,CERTREQ,IDr,N)
Sameas3inflow1.
4. IKE_AUTH(IDr,CERT,AUTH,EAP)
TTGrespondsIKE_AUTHuponRADIUSAccessChallenge(EAPRequest/AKA/Identity).
EncryptedPayloads:
IDr(FQDN)
CERT(X.509)
AUTH(RSADigitalSignature)
EAP/Request/AKA/Identity(AT_FULLAUTH_ID_REQ)
Note:IfFastReAuthenticationisenabled,AT_ANY_ID_REQmightbeincluded.Ifrequired,
AT_PERMANENT_ID_REQwillbesent.
5. IKE_AUTH(EAP)
UEinitiatesIKE_AUTHwiththeID.
EncryptedPayload:
EAP/Response/AKA/Identity(AT_IDENTITY)
6. IKE_AUTH(EAP)
TTGrespondstoIKE_AUTHuponRADIUSAccessChallenge(EAP/Request/AKA/Challenge).
EncryptedPayloads:
EAP/Request/AKA/Challenge(AT_RAND,AT_AUTN,AT_IV,AT_ENCR_DATA,AT_MAC)
AT_ENCR_DATAcontainsAT_NEXT_PSEUDONYM(andAT_NEXT_REAUTH_ID)for
pseudonymuseridentitywhennecessary.
ThisIDwillbevalidafterthesuccessfulauthentication.Thisattributeisincludedwhenitis
necessary.AT_IVmustbepresentonlyiftheAT_ENCR_DATAattributeisincluded.
AT_PADDINGwillbeincludedifnecessary.
7. IKE_AUTH(EAP).
Sameas5inflow1.
8. IKE_AUTH(EAP).
Sameas6inflow1.
9. IKE_AUTH(AUTH).
Sameas7inflow1.
17
10. IKE_AUTH(AUTH,CP,SA,TSi,TSr,N,N).
Sameas8inflow1.
11. AccessRequest(EAP/Response/Identity)
TTGsendsAccessRequesttoAAAtoinitiateEAPIdentityrequest.
Attributes:
UserName(1)(<imsi>@realm)
EAPMessage(79)(Response(2))
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
CallingStationId(31)(<imsi>@realm)
CalledStationId(30)(APN)
NASIPAddress(4)(IPoftherequestingentity)
NASPort(5)(Theportusedontherequestingentity,typically0)
NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport)
FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)
12. AccessChallenge(EAP/Request/AKAIdentity)
AAAsendsAccessChallengetoTTGaspartofAKAidentityrequestresponse.
Attributes:
EAPMessage(79)(Request(1)/AKAIdentity(23,5))
State(24)(StatefornegotiationinAAA)
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
13. AccessRequest(EAP/Response/AKAIdentity)
TTGsendsAccessRequesttoAAAtoinitiateEAPAKAnegotiation.
Attributes:
UserName(1)(<imsi>@realm)
EAPMessage(79)(Response(2)/Identity(23,5))
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
CallingStationId(31)(<imsi>@realm)
CalledStationId(30)(APN)
NASIPAddress(4)(IPoftherequestingentity)
NASPort(5)(Theportusedontherequestingentity,typically0)
NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport)
FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)
14. AccessChallenge(EAP/Request/AKA/Challenge).
Sameas10inflow1.
15. AccessRequest(EAP/Response/AKA/Challenge).
Sameas11inflow1.
18
IfAAAusedAT_FULLAUTH_ID_REQ,andifAT_IDENTITYcontainsavalidpermanentidentity
oravalidpseudonymidentity,theAAAproceedswithfullauthentication.IfAT_IDENTITY
containsapseudonymidentitynotfoundindatabaseoritsvalidityperiodhasbeenexceeded,
theAAAsendsEAP/Request/AKA/IdentitywithAT_PERMANENT_ID_REQ.
19
Note:WLANUEwillusetheproceduresdefinedintheIKEv2protocol(seeIETFRFC4306)to
disconnectanIPsectunnelfromtheTTG.TheWLANUEwillclosetheincomingsecurity
associationsassociatedwiththetunnelandinstructtheTTGtodothesamebysendingthe
INFORMATIONALrequestmessagewithaDELETEpayload.TheDELETEpayloadwillcontain
either:
ProtocolIDsetto1andnosubsequentSecurityParametersIndexes(SPIs)inthe
payload.ThisindicatesclosingofIKEsecurityassociation,andimpliesthedeletionofall
IPsecESPsecurityassociationsthatwerenegotiatedwithintheIKEsecurityassociation.
ProtocolIDsetto3forESP.TheSecurityParametersIndexesincludedinthepayloadwill
correspondtotheparticularincomingESPsecurityassociationsattheWLANUEforthe
giventunnel.
20
Message details
1. DeletePDPContextRequest
GGSNinitiatesPDPContextremovaltoTTG.
GTPEncapsulatedPayload:
TeardownInd
NSAPI
2. DeletePDPContextResponse
3. INFORMATIONAL(DELETE)
EncryptedPayload:
DELETE(protocol=IKE(1),numberofspis=0spi_size=0)
4. INFORMATIONAL(DELETE)
Nopayloads.
21
PossibletriggersforTTGinitiatedtunnelterminationare:
DPDclientdoesnotrespondtokeepalivemessages(INFORMATIONAL).
UserAdmindelete(CLIcommand).
AbsenceofGTPechorepliesinDataPlane(GGSNdoesntrespondonechorequests).
AbsenceofGTPechorepliesinControlPlane(GGSNdoesntrespondonechorequests).
Usersessiontimeout(AuthenticationSystem).
Figure 7. Tunnel termination initiated from TTG
Note:TheexactsequenceofthemessageflowuponTTGinitiatedtunnelterminationmay
differdependingonthetriggeringaction.
Message details
Normally,TTGsendsIKE_SAdeletion.
1. INFORMATIONAL(DELETE)
EncryptedPayload:
DELETE(protocol=IKE(1),numberofspis=0spi_size=0)
2. PDPContextDeleteRequest
TTGsendsPDPDeleteContextRequesttoGGSN.
3. INFORMATIONAL(DELETE)
Nopayloads.
4. PDPDeleteContextResponsesentfromGGSN
22
1. INFORMATIONAL(DELETE)
EncryptedPayload:
DELETE(protocol=ESP(3),numberofspis=1spi_size=4)
Note:ThenumberofspiswillvarydependingonhowmanySAaretobedeleted.
2. INFORMATIONAL(DELETE)
EncryptedPayload:
DELETE(protocol=ESP(3),numberofspis=1spi_size=4)
Inthisreplay,theSPIfieldofthedeletepayloadreferencesthepairedSAgoinginthe
otherdirection.
Forexample,CHILD_SAdeletionwillhappeniftheoperatorissuesthecommandtokill
theSAintheCLI.
OnreceiptoftheINFORMATIONALrequestmessagewithDELETEpayload,indicating
thattheTTGisattemptingtunneldisconnection,theWLANUEwill:
a. CloseallsecurityassociationsidentifiedwithintheDELETEpayload(thesesecurity
associationscorrespondtooutgoingsecurityassociationsfromtheWLANUE
perspective).IfnosecurityassociationswerepresentintheDELETEpayloadandthe
protocolIDwassetto1,theWLANUEwillclosetheIKEsecurityassociationandall
IPsecESPsecurityassociationsthatwerenegotiatedwithinittowardstheTTG.
b. TheWLANUEwilldeletetheincomingsecurityassociationscorrespondingtothe
outgoingsecurityassociationsidentifiedintheDELETEpayload.
TheWLANUEwillsendanINFORMATIONALresponsemessage.IftheINFORMATIONAL
requestmessagecontainedalistofsecurityassociations,theINFORMATIONALresponse
messagewillcontainalistofsecurityassociationsdeletedinstepbabove.IftheWLANUE
isunabletocomplywiththeINFORMATIONALrequestmessage,theWLANUEwillsend
anINFORMATIONresponsemessagewitheither:
ANOTIFYpayloadoftypeINVALID_SPIifitcouldnotidentifyoneormoreofthe
SecurityParametersIndexesinthemessagefromtheTTG;or
AmoregeneralNOTIFYpayloadtype.Thispayloadtypeisimplementationdependent.
23
Message details
Normally,TTGsendsIKE_SAdeletion.
1. INFORMATIONAL()
Nopayloads.
2. INFORMATIONAL()
Nopayloads.
24
25
1. CREATE_CHILD_SA(SA,Ni,TSi,TSr,N)
EncryptedPayloads:
SA:(protocol=ESP,ProposalisUEdependent,remoteSPIistheonethatwouldbe
expectedinaESPpacketincomingontheSAtoberekeyed)
Ni
TSi:(0,065536,UEsipUEsip)
TSr:(0,065536,0.0.0.0255.255.255.255)
N(REKEY_SA),ThispayloadidentifiestheCHILD_SAbeingrekeyed,anditcontainsthe
SPIthattheinitiatorexpectsintheheadersofinboundpackets.
2. CREATE_CHILD_SA(SA,Ni,TSi,TSr)
EncryptedPayloads:
SA:(protocol=ESP,Proposalswillbeaccepted)
Ni
TSi:(0,065536,UEsipUEsip)
TSr:(0,065536,0.0.0.0255.255.255.255)
N(ESP_TFC_PADDING_NOT_SUPPORTED)
N(NON_FIRST_FRAGMENTS_ALSO)
Note:DeletionofoldCHILD_SAwillfollowaftertheChildSAexchange.
26
1. CREATE_CHILD_SA(SA,Ni,KE)
EncryptedPayloads:
SA:(protocol=IKE,Normally,proposalswillbeadjustedtothepreviousexchange,
suchasduringIKE_SA_INIT)
Ni
KE
2. CREATE_CHILD_SA(SA,Ni,KE)
EncryptedPayloads:
SA:(Proposalswillbeaccepted)
Ni
KE
Note:ItisUEdependentforwhichalgorithmtobetaken.
27
Appendix
Certificate setup
ThecertificatesthatmustbesetupforproperIWLANaccessinclude:
1. ThegatewayendentitycertificatesignedbytheCAused.
2. TherootcertificatefromthesigningCA.
TheIDrpayloadforthetunnelmustbeaFullyQualifiedDomainName(FQDN)that
correspondstotheAccessPointName(APN)ofaGGSNintheDNSusedbytheGTPinterface.
TheAPNdecideswhichGGSNthattheGTPinterfacewillconnecttheusertunnelagainst.The
SEGTTGsupportsshortAPN.AccessPointName(APN)isasetoflabelsseparatedusingdots
(.),forexample,testggsn.mynetwork.com.ByapplyingShortAPN,onlythefirstlabelofthe
APN(testggsninthepreviousexample)willbeusedinthePDPcontextactivation.Itis
configurableviatheGTPinterface.
1. 3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,
3GPP.
28
X.509 certificates
TheSEGsupportsdigitalcertificatesthatcomplywiththeITUTX.509standard.Thisinvolves
theuseofanX.509certificatehierarchywithpublickeycryptographytoaccomplishkey
distributionandentityauthentication.Anyreferencestocertificateinthismanualmeanan
X.509certificate.Acertificateisadigitalproofofidentity.Itlinksanidentitytoapublickeyto
establishwhetherapublickeytrulybelongstothesupposedowner.Bydoingthis,itprevents
datatransferinterceptionbyamaliciousthirdpartywhomightpostafakekeywiththename
anduserIDofanintendedrecipient.
Certificate components
Acertificateisadigitalobjectbindingapublickeytotheendentityconsideredtheownerof
thecorrespondingprivatekey.Theassertionofthebindingisprovidedbythedigitalsignature
ofthecertificatedatabyatrustedthirdparty.Thistrustedthirdpartyisthecertificateissuer.
Acertificateconsistsofthefollowing:
Identityinformationaboutthecertificateowner.
Identityinformationaboutthecertificateissuer.
Thepublickeyoftheowner.
Thesignatureoftheaboveitemsperformedbytheissuerusingitsownprivatekey.
Bybindingtheaboveinformationtogether,acertificateisapublickeywithattached
identification,coupledwithastampofapprovalbyatrustedparty.
Certification authorities
Acertificateauthority(CA)isatrustedentitythatissuescertificatestootherentities.TheCA
digitallysignsallcertificatesitissues.AvalidCAsignatureinacertificateverifiestheidentity
ofthecertificateholderandguaranteesthatthecertificatehasnotbeentamperedwithby
anythirdparty.ACAisresponsibleformakingsurethattheinformationineverycertificateit
issuesiscorrect.Italsohastomakesurethattheidentityofthecertificatematchesthe
identityofthecertificateholder.ACAcanalsoissuecertificatestootherCAs.Thisleadstoa
treelikecertificatehierarchy.ThehighestCAiscalledtherootCA.Inthishierarchy,eachCAis
signedbytheCAdirectlyaboveit,exceptfortherootCA,whichisselfsigned.
29
Acertificationpathreferstothepathofcertificatesfromonecertificatetoanother.When
verifyingthevalidityofausercertificate,theentirepathfromtheusercertificateuptothe
trustedrootcertificatehastobeexaminedbeforeestablishingthevalidityoftheuser
certificate.TheCAcertificateisjustlikeanyothercertificates,exceptthatitallowsthe
correspondingprivatekeytosignothercertificates.ShouldtheprivatekeyoftheCAbe
compromised,thewholeCA,includingeverycertificateithassigned,isalsocompromised.
Validity time
Acertificateisnotvalidforever.Eachcertificatecontainsthedatesbetweenwhichthe
certificateisvalid.Whenthisvalidityperiodexpires,thecertificatecannolongerbeused,and
anewcertificatehastobeissued.
Trusting certificates
Whenusingcertificates,theSEGtrustsanyonewhosecertificateissignedbyagivenCA.
Beforeacertificateisaccepted,thefollowingstepsaretakentoverifythevalidityofthe
certificate:
1. ConstructacertificationpathuptothetrustedrootCA.
2. Verifythesignaturesofallcertificatesinthecertificationpath.
3. FetchtheCRLforeachcertificatetoverifythatnoneofthecertificateshavebeenrevoked.
30
Permanent ID
IfEAPAKAisusedfortheauthentication,thepermanentIDwillfollowtheformat:
0<imsi>@realm
Whentheclient/UEhasnopseudonymIDorfastreauthenticationIDinitsdatabase,orifthe
client/UEisrequestedtosendthepermanentIDfromthesystem(AT_PERMANENT_ID_REQ),
thepermanentIDwillbesent.
Pseudonym ID
Whentheclient/UEreceivesthepseudonymusernameinAT_NEXT_PSEUDONYMduringthe
authentication,theclient/UEcanstoreandusethepseudonymIDinthenextauthentication
afterthesuccessfulauthentication.ThepseudonymIDwillfollowtheformat:
<PseudonymUsername>@realm
Note:Serversendsthepseudonymusernamewithouttherealm.
31
Fast re-authentication
AAAviatheSEGcansupportfastreauthentication.Thisauthenticationmethodisoptional
andreliesontheconfigurationoftheAAA.Whentheclient/UEreceivesAT_NEXT_REAUTH_ID
duringtheauthentication,theclient/UEcanstoreandusethefastreauthenticationIDinthe
nextauthenticationafterthesuccessfulauthentication.ThefastreauthenticationIDsent
fromthesystemwillfollowtheformat:
<FastReauthUsername>@FastReauthRealm
32