Sei sulla pagina 1di 32

TTG Interface Reference

SECURITY GATEWAY
SEG-100
SOFTWARE RELEASE 1.1

February 2012

007-03472-0001

Revision history
Version
-0000
-0001

Date
October 2011
February 2012

Description
First edition.
Second edition. Updated for the 1.1.2 software release. See Whats new in this manual on page 4 for a
description of changes in this edition.

20112012byRadiSysCorporation.Allrightsreserved.
RadisysisaregisteredtrademarkofRadiSysCorporation.AdvancedTCA,ATCA,andPIGMGareregisteredtrademarksofPCIIndustrial
ComputerManufacturersGroup.
Allothertrademarks,registeredtrademarks,servicemarks,andtradenamesarethepropertyoftheirrespectiveowners.

Table of Contents
Preface ................................................................................................................................................ 4
About this manual........................................................................................................................................4
Whats new in this manual...........................................................................................................................4
Where to get more product information .......................................................................................................4
Notational conventions ................................................................................................................................5

Chapter 1: Introduction...................................................................................................................... 6
I-WLAN network overview ...........................................................................................................................6
Components ................................................................................................................................................7

Chapter 2: I-WLAN Message Flows .................................................................................................. 8


Payloads......................................................................................................................................................8
AKA full authentication: Request-identity disabled ......................................................................................9
AKA full authentication: Request-Identity enabled.....................................................................................15
UE-initiated tunnel termination ..................................................................................................................19
GGSN-initiated tunnel termination.............................................................................................................21
TTG-initiated tunnel termination ................................................................................................................22
IKE/IPsec Dead Peer Detection (DPD)......................................................................................................24
UE-initiated IKE rekey, IPsec rekey...........................................................................................................25
TTG-initiated IKE rekey, IPsec rekey.........................................................................................................26

Appendix A: I-WLAN Authentication Methods............................................................................... 28


Certificates used in I-WLAN ......................................................................................................................28
X.509 certificates ......................................................................................................................................29
Extensible Authentication Protocol (EAP)..................................................................................................31

Preface
About this manual
ThisdocumentisaninterfacedescriptionfortheRadisysSEGTunnelTerminatingGateway
(TTG).ItdescribestheWuinterface,whichisthereferencepointbetweentheWLANUser
Equipment(UE)andtheTTG,theWminterface,whichisthereferencepointbetweentheTTG
andtheAAAserver,andtheGninterface,whichisthereferencepointbetweentheTTGand
theGGSN.

Whats new in this manual

UpdatedtheGGSNinitiatedtunnelterminationflowonpage21.
Minorupdatesandclarifications.

Where to get more product information


VisittheRadisyswebsiteatwww.radisys.comforproductinformationandotherresources.
Downloads(manuals,releasenotes,software,etc.)areavailableat
www.radisys.com/downloads.

Related Radisys manuals


SeethefollowingresourcesforinformationontheSEGnotdescribedinthismanual:
TheSEG100GettingStartedGuidedescribeshowtosetuptheSEG100modulesandthe
SEG11002system,andhowtoconfiguretheSEGsoftwareforinitialuse.
TheSEG100AdministrationGuidedescribesSEGconceptsandservesasareferencefor
proceduralandusageinformation.
TheSEG100CommandLineInterfaceReferencedescribestheSEGcommandline
interfaceandservesasareferenceforcommandsyntaxandoptions.
TheSEG100LogReferencedescribesalllogmessagesgeneratedbytheSEG.
TheSEG100StatisticsReferencedescribesallstatisticalvaluesandassociatedparameters
thataremaintainedbytheSEG.

Preface
Specifications and standards documents
3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June
2007,3GPP.
3GPPTS29.060GPRSTunnelingProtocol(GTP)acrosstheGnandGpinterface,Release9,
December2009,3GPP.
3GPPTS23.2343GPPSystemtoWirelessLocalAreaNetwork(WLAN)interworkingSystem
Description,Release7,June2007,3GPP.
RFC4187,ExtensibleAuthenticationProtocolMethodfor3rdGenerationAuthenticationand
KeyAgreement(EAPAKA),IETF,January2006.
RFC4306,InternetKeyExchange(IKEv2)Protocol,IETF,December2005.

Notational conventions
Thismanualusesthefollowingconventions
ItalicText

File,function,andutilitynames.

MonoText

Screentextandsyntaxstrings.

BoldMonoText

Acommandtoenter.

ItalicMonoText

Variableparameters.

Brackets[]

Commandoptions.

Curlybraces{}

Agroupedlistofparameters.

Verticalline|

AnORinthesyntax.Indicatesachoiceofparameters.

Allnumbersaredecimalunlessotherwisestated.

Chapter

Introduction
I-WLAN network overview
3GPPIPAccess,orInterworkingWLANasspecifiedby3GPP1,isamethodforestablishing
connectivitywithexternalnetworkssuchas3Goperatornetworks,corporateintranets,orthe
Internetviaa3GPPsystemforotheraccessnetworks,besidesGPRSandWCDMA,suchas
PublicWLAN,DSL,orWiMAX.3GPPIPAccessallowsanoperatortoreuseitsGiinfrastructure
andtoopenaccesstoitsservicestoagreaterrangeofusers.
Figure 1. I-WLAN network overview

1. 3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,
3GPP.

Introduction
Components

Toaccomplish3GPPIPAccess(IWLAN),anewnodecalledPacketDataGateway(PDG)was
introducedby3GPPspecifications.TheGGSNissupplementedwithaTunnelTermination
Gateway(TTG)toproduceaPDG.ATTGprovidesthe3GPPIPAccessspecificfunctionsthat
arenotincludedinGGSN.SeeaconceptualoverviewofaPDGbelow.
Figure 2. Conceptual overview of a PDG with its components and interfaces

Chapter

I-WLAN Message Flows


ThischapterspecifiesthenormalflowsinanIWLANusecase.Theeventsdescribe
communicationbetweentheTTGandexternaldevicessuchastheAAA,GGSN,andUE.
Note:FlowsoutlinedinthisdocumentareapplicableonlywhentheTTGoperatesinan
IWLANnetworkthatcomplieswith3GPPspecificationsandwhentheTTGhasbeen
configuredasrecommended.

Payloads
TheIKEpayloadscontainedinthemessagesareindicatedbynamesaslistedbelow.
Notation
AUTH
CERT
CERTREQ
CP
D
E
EAP
HDR
IDi
IDr
KE
Ni, Nr
N
SA

Payload
Authentication
Certificate
Certificate Request
Configuration Payload
Delete
Encrypted
Extensible Authentication
IKE Header
Identification - Initiator
Identification - Responder
Key Exchange
Nonce
Notify
Security Association

I-WLAN Message Flows


AKA full authentication: Request-identity disabled
Flow 1

Inthisflow,Requestidentityisdisabled,whichisthedesignedapproachfortheSEGTTG.The
TTGwillalwayssendtheidentity(compiledfromtheclientusername)intheAccessRequest
message.Thiscanbecomparedwithflow2inwhichRequestIdentityisenabled,which
meansthattheidentityisrequestedbytheAAA.
Figure 3. IPsec/GTP tunnel establishment with full EAP-AKA authentication, request identity disabled

I-WLAN Message Flows


Message details

1. IKE_SA_INIT(SA,KE,Ni,N,N)
UEinitiatesIKE_SA_INITwithIKEproposalsinSApayload.
Payloads:
SA
KE
Ni
N(NAT_DETECTION_SOURCE_IP)
N(NAT_DETECTION_DESTINATION_IP)
ProposalPayloadsinSA:
(protocol=IKE)
EncryptionAlgorithm
IntegrityAlgorithm
PseudorandomFunction
DiffieHellmanGroup:DHGroup21024bitMODP
Note:TheseproposalsareUEdependent.
2. IKE_SA_INIT(SA,KE,Nr,N,N,CERTREQ)
TTGrespondsIKE_SA_INITwithIKEproposalsinSApayload.
Payloads:
SA
KE
Nr
N(NAT_DETECTION_SOURCE_IP)
N(NAT_DETECTION_DESTINATION_IP)
CERTREQ(X.509CertificateSignature)
ProposalPayloadsinSA:
(protocol=IKE)
EncryptionAlgorithm
PseudorandomFunction
IntegrityAlgorithm
DiffieHellmanGroup:DHGroup21024bitMODP
Insteps1and2,theWLANUEperformstheIKE_SA_INITproceduretowardstheTTG.
Duringthisprocedure,thecryptographicalgorithmsarenegotiatedandNONCEsand
DiffieHellmanvaluesareexchangedbetweentheWLANUEandtheTTG.AnIKESAis
achievedthatwillbeusedtoestablishthechildSAforsubsequentESPIPsecpackets.The
WLANUEmightchoosetoincludeNATTraversalpayloadsaswelltodetermineifthereare
anyintermediateNATs.

10

I-WLAN Message Flows

3. IKE_AUTH(IDi,CP,SA,TSi,TSr,CERTREQ,IDr,N
UEinitiatesIKE_AUTHrequestwithIPsecproposalsinSApayload.
EncryptedPayloads:
IDi(permanentIDorpseudonymID)
CP(CFG_REQUEST,Novalues)
SA
TSi(0,065536,0.0.0.0255.255.255.255)
TSr(0,065536,0.0.0.0255.255.255.255)
CERTREQ(X.509)
IDr(FQDN)
(N)
Note:NoESNisUEdependent.
PayloadsinSAforCHILD_SAnegotiation:
(protocol=ESP)
EncryptionAlgorithm
IntegrityAlgorithm
NoESN
Note:NoESNisUEdependent.
Inthisexample,CP:(type=1,requiredattributeswithnovalues)
TheWLANUEsendsanIKE_AUTH_Request.TheIDipayloadcontainstheNAI(username
andoptionalrealmpart)oftheuser,andtheIDrpayloadcontainsthenameoftheWAPN
thattheuserisrequestingaccessto.TheIDtypeisID_RFC822_ADDRforIDiandID_FQDN
forIDr,respectively.Thesevaluesaresubjectedtoabasicvalidation,suchastheTTGcould
resolvetheWAPNusingtheDNSserverlocatedinthe3GPPnetwork.Forthispurpose,
theTTGcouldmaintainacacheformappingsbetweenWAPNsandIPaddressestoavoid
frequentDNSlookups.TheWAPN(thevalueoftheIDr)shouldberecordedforlateruse.
ThisIKE_AUTH_Requestdoesnotcontainanyauthenticationpayload,whichindicates
thattheWLANUEwishestouseEAPforauthentication.
AconfigurationpayloadoftypeCFG_REQUESTshouldalsobepresentaswellastraffic
selectors.

11

I-WLAN Message Flows

4. IKE_AUTH(IDr,CERT,AUTH,EAP)
TTGrespondsIKE_AUTHuponRADIUSAccessChallenge(EAPRequest/AKA/Challenge).
EncryptedPayloads:
IDr(FQDN):Sameasreceivedinstep3.
CERT(X.509):TTGendentitycertificateaccordingwithprofileinTS33.234.
AUTH(RSADigitalSignature):Containsauthenticationdata.
EAP/Request/AKA/Challenge(AT_RAND,AT_AUTN,AT_IV,AT_ENCR_DATA,AT_MAC):
InformationinthepacketreceivedfromAAA.
AT_ENCR_DATAcontainsAT_NEXT_PSEUDONYM(andAT_NEXT_REAUTH_ID)for
pseudonymuseridentitywhennecessary.
ThisIDwillbevalidafterasuccessfulauthentication.Thisattributeisincludedwhenitis
necessary.AT_IVmustbepresentonlyiftheAT_ENCR_DATAattributeisincluded.
5. IKE_AUTH(EAP)
UEinitiatesIKE_AUTHwiththecomputedresult.
EncryptedPayload:
EAP/Response/AKA/Challenge(AT_RES,<AT_CHECKCODE>,AT_MAC)
6. IKE_AUTH(EAP)
TTGrespondswithIKE_AUTHEAPSuccesstoUEiftheauthenticationandthePDPcontext
activationsucceeded.
EncryptedPayload:
EAP/Success
7. IKE_AUTH(AUTH)
UEinitiatesIKE_AUTHtoTTG.
EncryptedPayload:
AUTH(SharedKeyMessageIntegrityCode)
8. IKE_AUTH(AUTH,CP,SA,TSi,TSr,N,N)
TTGrespondsIKE_AUTHtoUEwithIPsecproposalsinSApayload.
EncryptedPayloads:
AUTH(SharedKeyMessageIntegrityCode)
CP(CFG_REPLY,IPv4address,IPv4netmask,IPv4dns,IPv4subnet)
SA
TSi(0,065536,UEsipUEsip)
TSr(0,065536,0.0.0.0255.255.255.255)
N(ESP_TFC_PADDING_NOT_SUPPORTED)
N(NON_FIRST_FRAGMENTS_ALSO)

12

I-WLAN Message Flows

PayloadsinSAforCHILD_SAnegotiationcompletion:
(protocol=ESP)
EncryptionAlgorithm
IntegrityAlgorithm
NoESN
9. AccessRequest(EAP/Response/Identity)
TTGsendsAccessRequesttoAAAtoinitiateEAPAKAnegotiation.
Attributes:
UserName(1)(<imsi>@realm)
EAPMessage(79)(Response(2)/Identity(1))
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
CallingStationId(31)(<imsi>@realm)
CalledStationId(30)(APN)
NASIPAddress(4)(IPoftherequestingentity)
NASPort(5)(Theportusedontherequestingentity,typically0)
NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport)
FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)
10. AccessChallenge(EAP/Request/AKAChallenge)
AAAsendsAccessChallengetoTTGaspartofEAPAKAauthentication.
Attributes:
EAPMessage(79)(Request(1)/AKAChallenge(23,1))
State(24)(StatefornegotiationinAAA)
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
11. AccessRequest(EAP/Response/AKA/Challenge)
TTGsendsAccessRequesttoAAAwithAKAchallengeresponse.
Attributes:
UserName(1)(<imsi>@realm)
EAPMessage(79)(Response(2)/AKAChallenge(23,1))
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
CallingStationId(31)(<imsi>@realm)
CalledStationId(30)(APN)
NASIPAddress(4)(IPoftherequestingentity)
NASPort(5)(Theportusedontherequestingentity,typically0)
NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport)
FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)

13

I-WLAN Message Flows

12. AccessAccept(EAP/Success)
AAAsendsAccessAccepttoTTGtocompletesuccessfulEAPAKAauthentication.
Attributes:
UserName(1)(<imsi>@realm)
EAPMessage(79)(Success(3))
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
VendorSpecific(26),Vendor=311(Microsoft),MSMPPERecvKey(17)(Sessionkey)
VendorSpecific(26),Vendor=311(Microsoft),MSMPPESendKey(16)(Sessionkey)
13. DNSQuery
TTGsendsDNSquerytoDNSserverqueryingtheAPNnametogetGGSNIPaddress.
14. DNSResponse
DNSserversendsIPfortheresolvedAPNname(theGGSNIPaddress).
15. CreatePDPContextRequest
TTGinitiatesPDPContextActivationtoGGSN.
GTPEncapsulatedPayload:
IMSI
Recovery
SelectionMode
TunnelEndpointIdentifierDataI
TunnelEndpointIdentifierControlPlane
NSAPI
ChargingCharacteristics
EndUserAddress
AccessPointName
SGSNAddressforsignaling
SGSNAddressforusertraffic
MSISDN
QualityofServiceProfile
RATType

14

I-WLAN Message Flows


16. CreatePDPContextResponse
GGSNrespondstothePDPContextActivationtoTTG.
GTPEncapsulatedPayload:
Cause
ReorderingRequired
TunnelEndpointIdentifierDataI
TunnelEndpointIdentifierControlPlane
ChargingID
EndUserAddress
GGSNAddressforControlPlane
GGSNAddressforUserTraffic
QualityofServiceProfile
Recovery
ProtocolConfigurationOptions

AKA full authentication: Request-Identity enabled


Flow 2
Inthisflow,Requestidentityisenabled,whichmeansthattheidentityisrequestedbythe
AAA.ThiscanbecomparedwiththedesignedapproachoftheSEGTTGinwhichRequest
Identityisdisabled(flow1).

15

I-WLAN Message Flows


Figure 4. IPsec/GTP tunnel establishment with full EAP-AKA authentication, request identity enabled

16

I-WLAN Message Flows


Message details

1. IKE_SA_INIT(SA,KE,Ni,N,N)
Sameas1inflow1.
2. IKE_SA_INIT(SA,KE,Nr,N,N,CERTREQ)
Sameas2inflow1.
3. IKE_AUTH(IDi,CP,SA,TSi,TSr,CERTREQ,IDr,N)
Sameas3inflow1.
4. IKE_AUTH(IDr,CERT,AUTH,EAP)
TTGrespondsIKE_AUTHuponRADIUSAccessChallenge(EAPRequest/AKA/Identity).
EncryptedPayloads:
IDr(FQDN)
CERT(X.509)
AUTH(RSADigitalSignature)
EAP/Request/AKA/Identity(AT_FULLAUTH_ID_REQ)
Note:IfFastReAuthenticationisenabled,AT_ANY_ID_REQmightbeincluded.Ifrequired,
AT_PERMANENT_ID_REQwillbesent.
5. IKE_AUTH(EAP)
UEinitiatesIKE_AUTHwiththeID.
EncryptedPayload:
EAP/Response/AKA/Identity(AT_IDENTITY)
6. IKE_AUTH(EAP)
TTGrespondstoIKE_AUTHuponRADIUSAccessChallenge(EAP/Request/AKA/Challenge).
EncryptedPayloads:
EAP/Request/AKA/Challenge(AT_RAND,AT_AUTN,AT_IV,AT_ENCR_DATA,AT_MAC)
AT_ENCR_DATAcontainsAT_NEXT_PSEUDONYM(andAT_NEXT_REAUTH_ID)for
pseudonymuseridentitywhennecessary.
ThisIDwillbevalidafterthesuccessfulauthentication.Thisattributeisincludedwhenitis
necessary.AT_IVmustbepresentonlyiftheAT_ENCR_DATAattributeisincluded.
AT_PADDINGwillbeincludedifnecessary.
7. IKE_AUTH(EAP).
Sameas5inflow1.
8. IKE_AUTH(EAP).
Sameas6inflow1.
9. IKE_AUTH(AUTH).
Sameas7inflow1.

17

I-WLAN Message Flows

10. IKE_AUTH(AUTH,CP,SA,TSi,TSr,N,N).
Sameas8inflow1.
11. AccessRequest(EAP/Response/Identity)
TTGsendsAccessRequesttoAAAtoinitiateEAPIdentityrequest.
Attributes:
UserName(1)(<imsi>@realm)
EAPMessage(79)(Response(2))
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
CallingStationId(31)(<imsi>@realm)
CalledStationId(30)(APN)
NASIPAddress(4)(IPoftherequestingentity)
NASPort(5)(Theportusedontherequestingentity,typically0)
NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport)
FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)
12. AccessChallenge(EAP/Request/AKAIdentity)
AAAsendsAccessChallengetoTTGaspartofAKAidentityrequestresponse.
Attributes:
EAPMessage(79)(Request(1)/AKAIdentity(23,5))
State(24)(StatefornegotiationinAAA)
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
13. AccessRequest(EAP/Response/AKAIdentity)
TTGsendsAccessRequesttoAAAtoinitiateEAPAKAnegotiation.
Attributes:
UserName(1)(<imsi>@realm)
EAPMessage(79)(Response(2)/Identity(23,5))
MessageAuthenticator(80)(MD5hashofmessage,sharedsecretaskey)
CallingStationId(31)(<imsi>@realm)
CalledStationId(30)(APN)
NASIPAddress(4)(IPoftherequestingentity)
NASPort(5)(Theportusedontherequestingentity,typically0)
NASPortType(61)(Typicallyvirtualtoindicatethattheuserwasnotaphysicalport)
FramedMTU(12)(ThemaxMTUforpayloadto/fromtheuser)
14. AccessChallenge(EAP/Request/AKA/Challenge).
Sameas10inflow1.
15. AccessRequest(EAP/Response/AKA/Challenge).
Sameas11inflow1.

18

I-WLAN Message Flows


16. AccessAccept(EAP/Success).
Sameas12inflow1.
17. DNSQuery.
Sameas13inflow1.
18. DNSResponse.
Sameas14inflow1.
19. CreatePDPContextRequest.
Sameas15inflow1.
20. CreatePDPContextResponse.
See16inflow1.

IfAAAusedAT_FULLAUTH_ID_REQ,andifAT_IDENTITYcontainsavalidpermanentidentity
oravalidpseudonymidentity,theAAAproceedswithfullauthentication.IfAT_IDENTITY
containsapseudonymidentitynotfoundindatabaseoritsvalidityperiodhasbeenexceeded,
theAAAsendsEAP/Request/AKA/IdentitywithAT_PERMANENT_ID_REQ.

UE-initiated tunnel termination


Flow 3
Figure 5. UE-initiated tunnel termination

19

I-WLAN Message Flows


Message details
1. INFORMATIONAL(DELETE)
EncryptedPayload:
DELETE(protocol=IKE(1),numberofspis=0spi_size=0)
2. INFORMATIONAL
Nopayloads.
3. DeletePDPContextRequest
TTGinitiatesPDPContextremovaltoGGSN.
GTPEncapsulatedPayload:
TeardownInd
NSAPI
4. DeletePDPContextResponse
GGSNrespondstoDeletePDPContextRequest.
GTPEncapsulatedPayload:
Cause

Note:WLANUEwillusetheproceduresdefinedintheIKEv2protocol(seeIETFRFC4306)to
disconnectanIPsectunnelfromtheTTG.TheWLANUEwillclosetheincomingsecurity
associationsassociatedwiththetunnelandinstructtheTTGtodothesamebysendingthe
INFORMATIONALrequestmessagewithaDELETEpayload.TheDELETEpayloadwillcontain
either:
ProtocolIDsetto1andnosubsequentSecurityParametersIndexes(SPIs)inthe
payload.ThisindicatesclosingofIKEsecurityassociation,andimpliesthedeletionofall
IPsecESPsecurityassociationsthatwerenegotiatedwithintheIKEsecurityassociation.
ProtocolIDsetto3forESP.TheSecurityParametersIndexesincludedinthepayloadwill
correspondtotheparticularincomingESPsecurityassociationsattheWLANUEforthe
giventunnel.

20

I-WLAN Message Flows


GGSN-initiated tunnel termination
Flow 4
Figure 6. GGSN-initiated tunnel termination

Message details
1. DeletePDPContextRequest
GGSNinitiatesPDPContextremovaltoTTG.
GTPEncapsulatedPayload:
TeardownInd
NSAPI
2. DeletePDPContextResponse
3. INFORMATIONAL(DELETE)
EncryptedPayload:
DELETE(protocol=IKE(1),numberofspis=0spi_size=0)
4. INFORMATIONAL(DELETE)
Nopayloads.

21

I-WLAN Message Flows


TTG-initiated tunnel termination
Flow 5

PossibletriggersforTTGinitiatedtunnelterminationare:
DPDclientdoesnotrespondtokeepalivemessages(INFORMATIONAL).
UserAdmindelete(CLIcommand).
AbsenceofGTPechorepliesinDataPlane(GGSNdoesntrespondonechorequests).
AbsenceofGTPechorepliesinControlPlane(GGSNdoesntrespondonechorequests).
Usersessiontimeout(AuthenticationSystem).
Figure 7. Tunnel termination initiated from TTG

Note:TheexactsequenceofthemessageflowuponTTGinitiatedtunnelterminationmay
differdependingonthetriggeringaction.

Message details
Normally,TTGsendsIKE_SAdeletion.
1. INFORMATIONAL(DELETE)
EncryptedPayload:
DELETE(protocol=IKE(1),numberofspis=0spi_size=0)
2. PDPContextDeleteRequest
TTGsendsPDPDeleteContextRequesttoGGSN.
3. INFORMATIONAL(DELETE)
Nopayloads.
4. PDPDeleteContextResponsesentfromGGSN

22

I-WLAN Message Flows


Sequence when CHILD_SA delete is sent

1. INFORMATIONAL(DELETE)
EncryptedPayload:
DELETE(protocol=ESP(3),numberofspis=1spi_size=4)
Note:ThenumberofspiswillvarydependingonhowmanySAaretobedeleted.
2. INFORMATIONAL(DELETE)
EncryptedPayload:
DELETE(protocol=ESP(3),numberofspis=1spi_size=4)
Inthisreplay,theSPIfieldofthedeletepayloadreferencesthepairedSAgoinginthe
otherdirection.
Forexample,CHILD_SAdeletionwillhappeniftheoperatorissuesthecommandtokill
theSAintheCLI.
OnreceiptoftheINFORMATIONALrequestmessagewithDELETEpayload,indicating
thattheTTGisattemptingtunneldisconnection,theWLANUEwill:
a. CloseallsecurityassociationsidentifiedwithintheDELETEpayload(thesesecurity
associationscorrespondtooutgoingsecurityassociationsfromtheWLANUE
perspective).IfnosecurityassociationswerepresentintheDELETEpayloadandthe
protocolIDwassetto1,theWLANUEwillclosetheIKEsecurityassociationandall
IPsecESPsecurityassociationsthatwerenegotiatedwithinittowardstheTTG.
b. TheWLANUEwilldeletetheincomingsecurityassociationscorrespondingtothe
outgoingsecurityassociationsidentifiedintheDELETEpayload.
TheWLANUEwillsendanINFORMATIONALresponsemessage.IftheINFORMATIONAL
requestmessagecontainedalistofsecurityassociations,theINFORMATIONALresponse
messagewillcontainalistofsecurityassociationsdeletedinstepbabove.IftheWLANUE
isunabletocomplywiththeINFORMATIONALrequestmessage,theWLANUEwillsend
anINFORMATIONresponsemessagewitheither:
ANOTIFYpayloadoftypeINVALID_SPIifitcouldnotidentifyoneormoreofthe
SecurityParametersIndexesinthemessagefromtheTTG;or
AmoregeneralNOTIFYpayloadtype.Thispayloadtypeisimplementationdependent.

23

I-WLAN Message Flows


IKE/IPsec Dead Peer Detection (DPD)
Flow 6
Figure 8. IKE/IPsec keepalive

Message details
Normally,TTGsendsIKE_SAdeletion.
1. INFORMATIONAL()
Nopayloads.
2. INFORMATIONAL()
Nopayloads.

24

I-WLAN Message Flows


UE-initiated IKE rekey, IPsec rekey
Flow 7
Figure 9. UE-initiated IKE/IPsec rekey

Message details: IKE rekey


1. CREATE_CHILD_SA(SA,Ni,KE)
EncryptedPayloads:
SA:(protocol=IKE,ProposalisUEdependent)
Ni
KE
Note:TheseproposalsareUEdependent.
2. CREATE_CHILD_SA(SA,Ni,KE)
EncryptedPayloads:
SA:(Proposalswillbeaccepted)
Ni
KE

25

I-WLAN Message Flows


Message details: IPsec rekey

1. CREATE_CHILD_SA(SA,Ni,TSi,TSr,N)
EncryptedPayloads:
SA:(protocol=ESP,ProposalisUEdependent,remoteSPIistheonethatwouldbe
expectedinaESPpacketincomingontheSAtoberekeyed)
Ni
TSi:(0,065536,UEsipUEsip)
TSr:(0,065536,0.0.0.0255.255.255.255)
N(REKEY_SA),ThispayloadidentifiestheCHILD_SAbeingrekeyed,anditcontainsthe
SPIthattheinitiatorexpectsintheheadersofinboundpackets.
2. CREATE_CHILD_SA(SA,Ni,TSi,TSr)
EncryptedPayloads:
SA:(protocol=ESP,Proposalswillbeaccepted)
Ni
TSi:(0,065536,UEsipUEsip)
TSr:(0,065536,0.0.0.0255.255.255.255)
N(ESP_TFC_PADDING_NOT_SUPPORTED)
N(NON_FIRST_FRAGMENTS_ALSO)
Note:DeletionofoldCHILD_SAwillfollowaftertheChildSAexchange.

TTG-initiated IKE rekey, IPsec rekey


Flow 8
Figure 10. TTG-initiated IKE/IPsec rekey

26

I-WLAN Message Flows


Message details - IKE rekey

1. CREATE_CHILD_SA(SA,Ni,KE)
EncryptedPayloads:
SA:(protocol=IKE,Normally,proposalswillbeadjustedtothepreviousexchange,
suchasduringIKE_SA_INIT)
Ni
KE
2. CREATE_CHILD_SA(SA,Ni,KE)
EncryptedPayloads:
SA:(Proposalswillbeaccepted)
Ni
KE
Note:ItisUEdependentforwhichalgorithmtobetaken.

Message details - IPsec rekey


1. CREATE_CHILD_SA(SA,Ni,TSi,TSr,N)
EncryptedPayloads:
SA:(protocol=ESP,ProposalisUEdependent,remoteSPIistheonethatwouldbe
expectedinaESPpacketincomingontheSAtoberekeyed)
Ni
TSi:(0,065536,UEsipUEsip)
TSr:(0,065536,0.0.0.0255.255.255.255)
N(REKEY_SA),ThispayloadidentifiestheCHILD_SAbeingrekeyed,anditcontainsthe
SPIthattheinitiatorexpectsintheheadersofinboundpackets.
2. CREATE_CHILD_SA(SA,Ni,TSi,TSr)
EncryptedPayloads:
SA:(protocol=ESP,Proposalswillbeaccepted)
Ni
TSi:(0,065536,UEsipUEsip)
TSr:(0,065536,0.0.0.0255.255.255.255)
N(ESP_TFC_PADDING_NOT_SUPPORTED)
N(NON_FIRST_FRAGMENTS_ALSO)
Note:DeletionofoldCHILD_SAwillfollowaftertheChildSAexchange.

27

Appendix

I-WLAN Authentication Methods


Thisappendixcontainssupplementaryinformationaboutauthenticationmethodsthatapply
whenoperatinginanIWLANscenario,including:
CertificatesusedinIWLAN
X.509certificates
ExtensibleAuthenticationProtocol(EAP)

Certificates used in I-WLAN


ThisusecasedescribeshowcertificatesareusedasanauthenticationmethodinanIWLAN
scenario.
TheSEG,referredtoastheTTGinIWLANterminology,authenticatesitselftotheUEby
usingcertificates.
TheUEauthenticatestotheTTGbymeansofanExtendedAuthenticationsProtocol
(EAPAKA).
IKEv2mandatesthatthisisusedinconjunctionwithapublickeysignaturebased
authenticationbetweentheSEGTTGtotheuserendpoint.
ThecertificatesusedtoauthenticatetheTTGmustconformtothecertificateprofile
describedin3GPPTS33.234section6.71.
TobeabletoauthenticatetheTTG,theUEmustbeconfiguredwiththerootCAcertificate
thatcorrespondstothebeginningofacertificationpathfortheTTGendentitycertificate.

Certificate setup
ThecertificatesthatmustbesetupforproperIWLANaccessinclude:
1. ThegatewayendentitycertificatesignedbytheCAused.
2. TherootcertificatefromthesigningCA.
TheIDrpayloadforthetunnelmustbeaFullyQualifiedDomainName(FQDN)that
correspondstotheAccessPointName(APN)ofaGGSNintheDNSusedbytheGTPinterface.
TheAPNdecideswhichGGSNthattheGTPinterfacewillconnecttheusertunnelagainst.The
SEGTTGsupportsshortAPN.AccessPointName(APN)isasetoflabelsseparatedusingdots
(.),forexample,testggsn.mynetwork.com.ByapplyingShortAPN,onlythefirstlabelofthe
APN(testggsninthepreviousexample)willbeusedinthePDPcontextactivation.Itis
configurableviatheGTPinterface.

1. 3GPPTS33.234WirelessLocalAreaNetwork(WLAN)interworkingsecurity,Release7,June2007,
3GPP.

28

I-WLAN Authentication Methods

X.509 certificates
TheSEGsupportsdigitalcertificatesthatcomplywiththeITUTX.509standard.Thisinvolves
theuseofanX.509certificatehierarchywithpublickeycryptographytoaccomplishkey
distributionandentityauthentication.Anyreferencestocertificateinthismanualmeanan
X.509certificate.Acertificateisadigitalproofofidentity.Itlinksanidentitytoapublickeyto
establishwhetherapublickeytrulybelongstothesupposedowner.Bydoingthis,itprevents
datatransferinterceptionbyamaliciousthirdpartywhomightpostafakekeywiththename
anduserIDofanintendedrecipient.

Certificates with VPN tunnels


ThemainuseofcertificatesintheSEGisforVPNtunnels.Thesimplestandfastestwayto
providesecuritybetweentheendsofatunnelistousePresharedKeys(PSKs).AsaVPN
networkgrowssodoesthecomplexityofusingPSKs.Certificatesprovideawaytobetter
managesecurityinmuchlargernetworks.

Certificate components
Acertificateisadigitalobjectbindingapublickeytotheendentityconsideredtheownerof
thecorrespondingprivatekey.Theassertionofthebindingisprovidedbythedigitalsignature
ofthecertificatedatabyatrustedthirdparty.Thistrustedthirdpartyisthecertificateissuer.
Acertificateconsistsofthefollowing:
Identityinformationaboutthecertificateowner.
Identityinformationaboutthecertificateissuer.
Thepublickeyoftheowner.
Thesignatureoftheaboveitemsperformedbytheissuerusingitsownprivatekey.
Bybindingtheaboveinformationtogether,acertificateisapublickeywithattached
identification,coupledwithastampofapprovalbyatrustedparty.

Certification authorities
Acertificateauthority(CA)isatrustedentitythatissuescertificatestootherentities.TheCA
digitallysignsallcertificatesitissues.AvalidCAsignatureinacertificateverifiestheidentity
ofthecertificateholderandguaranteesthatthecertificatehasnotbeentamperedwithby
anythirdparty.ACAisresponsibleformakingsurethattheinformationineverycertificateit
issuesiscorrect.Italsohastomakesurethattheidentityofthecertificatematchesthe
identityofthecertificateholder.ACAcanalsoissuecertificatestootherCAs.Thisleadstoa
treelikecertificatehierarchy.ThehighestCAiscalledtherootCA.Inthishierarchy,eachCAis
signedbytheCAdirectlyaboveit,exceptfortherootCA,whichisselfsigned.

29

I-WLAN Authentication Methods

Acertificationpathreferstothepathofcertificatesfromonecertificatetoanother.When
verifyingthevalidityofausercertificate,theentirepathfromtheusercertificateuptothe
trustedrootcertificatehastobeexaminedbeforeestablishingthevalidityoftheuser
certificate.TheCAcertificateisjustlikeanyothercertificates,exceptthatitallowsthe
correspondingprivatekeytosignothercertificates.ShouldtheprivatekeyoftheCAbe
compromised,thewholeCA,includingeverycertificateithassigned,isalsocompromised.

Validity time
Acertificateisnotvalidforever.Eachcertificatecontainsthedatesbetweenwhichthe
certificateisvalid.Whenthisvalidityperiodexpires,thecertificatecannolongerbeused,and
anewcertificatehastobeissued.

Certificate Revocation Lists


ACertificateRevocationList(CRL)containsalistofallcertificatesthathavebeencancelled
beforetheirexpirationdate.Theyarenormallyheldonanexternalserverthatisaccessedto
determineifthecertificateisstillvalid.Theabilitytovalidateausercertificateinthiswayisa
keyreasonwhycertificatesecuritysimplifiestheadministrationoflargeusercommunities.
UsingeitherLDAPorHTTPprotocols,CRLsarepublishedonserversthatallcertificateusers
canaccess.Revocationcanhappenforseveralreasons.Onereasoncouldbethatthekeysof
thecertificatehavebeencompromisedinsomeway.Anotherreasonisthattheownerofthe
certificatehaslosttherightstoauthenticateusingthatcertificate,perhapsbecausethe
ownerhasleftthecompany.Whateverthereason,serverCRLscanbeupdatedtochangethe
validityofoneormanycertificates.CertificatesoftencontainaCRLDistributionPoint(CDP)
field,whichspecifiesthelocationfromwheretheCRLcanbedownloaded.Insomecases
certificatesdonotcontainthisfield.InthosecasesthelocationoftheCRLhastobe
configuredmanually.ACAusuallyupdatesitsCRLatagiveninterval.Thelengthofthis
intervaldependsonhowtheCAisconfigured.Typically,thisissomewherebetweenanhour
toseveraldays.

Trusting certificates
Whenusingcertificates,theSEGtrustsanyonewhosecertificateissignedbyagivenCA.
Beforeacertificateisaccepted,thefollowingstepsaretakentoverifythevalidityofthe
certificate:
1. ConstructacertificationpathuptothetrustedrootCA.
2. Verifythesignaturesofallcertificatesinthecertificationpath.
3. FetchtheCRLforeachcertificatetoverifythatnoneofthecertificateshavebeenrevoked.

30

I-WLAN Authentication Methods

Extensible Authentication Protocol (EAP)


TheEAPagentimplementedintheSEGprovidestheoptiontouseEAPmethodsforuser
authentication.Theagentisconfiguredinanauthenticationprofileandusedbyaninterface
orrulethatrequiresauthenticationforitspeers.
TheSEGdoesnotsupporttheEAPmethodsusedforverifyingauser.ItreliesonexternalEAP
servers,actingasapassthroughauthenticatorbetweenthepeerandtheauthentication
server.TheusedEAPmethodisnegotiatedbetweenthepeerandtheserver,andtheSEG
relaystheEAPattributesforthechosenmethodovertheprotocolsusedbetweenthepeer
andtheSEG,andtheauthenticationserverandtheSEG.
TheAuthenticationSourceAPIprovidesaninterfacefortheauthenticationsystemto
communicatewiththeauthenticationsources.ViatheAPI,theauthenticationsystemcan
requestvalidationorinformationaboutauserfromtheEAPauthenticationservers.
TheEAPagentsupportstheEAPSIMandEAPAKAmethodsandtheSEGsupports
EAPAKA/EAPSIMfullauthenticationbypermanentIDandpseudonymID,andfast
reauthentication.

EAP-AKA full authentication


FullauthenticationwillbeperformedwhenthepermanentID,pseudonymID,orinvalidIDis
sentfromUE.

Permanent ID
IfEAPAKAisusedfortheauthentication,thepermanentIDwillfollowtheformat:
0<imsi>@realm
Whentheclient/UEhasnopseudonymIDorfastreauthenticationIDinitsdatabase,orifthe
client/UEisrequestedtosendthepermanentIDfromthesystem(AT_PERMANENT_ID_REQ),
thepermanentIDwillbesent.

Pseudonym ID
Whentheclient/UEreceivesthepseudonymusernameinAT_NEXT_PSEUDONYMduringthe
authentication,theclient/UEcanstoreandusethepseudonymIDinthenextauthentication
afterthesuccessfulauthentication.ThepseudonymIDwillfollowtheformat:
<PseudonymUsername>@realm
Note:Serversendsthepseudonymusernamewithouttherealm.

31

I-WLAN Authentication Methods

Fast re-authentication
AAAviatheSEGcansupportfastreauthentication.Thisauthenticationmethodisoptional
andreliesontheconfigurationoftheAAA.Whentheclient/UEreceivesAT_NEXT_REAUTH_ID
duringtheauthentication,theclient/UEcanstoreandusethefastreauthenticationIDinthe
nextauthenticationafterthesuccessfulauthentication.ThefastreauthenticationIDsent
fromthesystemwillfollowtheformat:
<FastReauthUsername>@FastReauthRealm

32

Potrebbero piacerti anche