No Slide Title
Download
Report
Transcript No Slide Title
Nomadism/FMC Use Cases and AAA Impact
Mohit Thakur
14th December, 2006
www.ist-muse.eu
Outline
1.
Introduction.
2.
Understanding FMC challenges.
3.
MUSE Business Roles.
4.
FMC Use Case 1: Nomadism with video call and IPTV service upgrade.
5.
Authentication and Authorisation Requirements For Use Case 1.
6.
FMC Use Case 2: Session Continuity with conversational services (Voice and Video
over IP).
7.
Authentication and Authorisation Requirements For Use Case 2 Using IWLAN.
8.
Authentication and Authorisation Requirements For Use Case 2 Using SIP.
9.
FMC Use Case 3: Nomadic user with public access over private domain.
10.
Authentication and Authorisation Requirements For Use Case 3.
11.
Conclusion.
Slide Nr.: 2
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
Introduction
Project Introduction
>
MUSE is a large integrated R&D project on Broadband Access.
>
Objective: The overall objective of MUSE is the research and development of a future, low cost,
multi-service access network. The access network should provide secure connectivity between
end-user terminals and edge nodes in a multi-provider environment. It should be suited for the
ubiquitous delivery of broadband services to every European citizen.
Paper Introduction
>
We (in MUSE) analyse and understand the FMC (Fixed Mobile Convergence) aspects in the
todays access network.
>
Use Case formulation to cover evolving current and futuristic scenarios to represent users
behaviour while accessing his services namely:
1.
Nomadism.
2.
Session Continuity.
3.
Public access through private WLAN.
>
Proposition of high level AAA requirements to meet the goal of above mentioned scenarios.
Slide Nr.: 3
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
MUSE Business Roles
>
Packager
•
•
•
>
Network Service Provider (NSP)
•
•
>
Offers application services.
Connectivity Provider (CP)
•
•
•
•
>
Assignment of public IP addresses and connects to internet or corporate network.
NSP definitely needs to have a AAA infrastructure
Application Service Provider (ASP)
•
>
Keeps customer profiles (e.g. desired policy in case of conflicting requests for different
services)
Keeps customer information for session authentication.
Collects accounting information
End-to-end (e2e) connectivity between the Customer and ASP, guaranteeing and monitoring
agreed e2e QoS and security
Provides the means to perform AAA.
Assembly of billing info for packager
Assignment of private IP addresses to retail end-user (or NAP)
Network Access Provider (NAP) / Regional Network Provider (RNP)
•
•
Slide Nr.: 4
Transport and resource management between the RGW and the edge router with the QoS
requested by the CP(s)
RNP aggregates traffic from different edge nodes and delivers this to the appropriate service (or
other) edge nodes.
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
Understanding FMC challenges
>
Nomadism: Ability of the user to change his network access point on moving; when changing the
network access point, the user's service session is completely stopped and then started again, i.e.
there is no session continuity or handover possible.
>
Session Continuity: Ability of the user or terminal to change the network access point while
maintaining the ongoing session.
>
Roaming: Ability of the user to access services according to his/her profile while moving outside of
his/her subscribed home network, i.e. by using an access point of a visited network.
>
Nomadism put new requirements like:
1.
2.
>
Authentication.
QoS.
FMC puts even more:
1.
Roaming between home and visited networks from different providers, degrees of service continuity etc.
Roaming
Nomadism
Nomadism
Session
Session
Continuity
Continuity
Continuous Mobility
Handover
Seamless
SeamlessHandover
Handover
Figure 1: MUSE view on FMC related definitions
Slide Nr.: 5
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
FMC Use Case 1: Nomadism with video call and IPTV service
upgrade
Use Case Description
User Aspects
Network Aspects
Service Aspects
Jose starts his parents PC and access the Web portal of this SP,
authenticates himself and due to his nomadic features he has
access to all his services.
Access to services from
remote terminal.
AA, ACC, ARD, NRP, LOC
AA, SEC, SEP, LOC
He then initiates a video over IP call from the PC to his video
capable multimedia phone at home using his own subscription
Video call service can be
used from a different
access network
connection
ARD, NRP, LOC, MSA
ACC, MEA, SEC, SEP,
LOC
He uses the Internet to access his media-center, where he has
stored all the pictures from his daughter’s last birthday, and
shows it on the TV screen at his parents home
Remote access to private
server
ARD, NLR, SEC
SEP, Photo viewing
software (e.g. web server)
or FTP server in the CPN
As Jose has a HDTV subscription, he contacts his service
provider and upgrades the IP TV service to HDTV
DRM, Service quality
upgrade for a nomadic
user
ACC, ARD, NRP, LOC
DRM, MEA, SEP, LOC
Slide Nr.: 6
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
Authentication and Authorisation Requirements For Use Case 1
1.
Authentication could be based on: a) Per Device; b) Per Session; c) Per User.
2.
User would authenticate with NSP (Network Service Provider) to gain its high speed access network. The authentication is done over an
already existing internet connection.
3.
To upgrade the quality of IPTV to HDTV, bandwidth enhancement and QoS should be guaranteed by the service provider. Application
based authentication would enforce the authentication result backwards from provider end to user end.
4.
The 2 sessions, Jose’s parents initial normal internet connection and Jose’s high speed internet connection with HDTV have to exist in
parallel.
Slide Nr.: 7
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
FMC Use Case 2: Session Continuity with conversational
services (Voice and Video over IP)
Company's
building
Bob's home
Park
Access network
Home Gateway
802.11b/g
audio + video
audio+video
Wifi / WiMAX /
UMTS
audio
Use Case Description
User Aspects
Network Aspects
Service Aspects
Shortly after, Bob’s phone gets out of the reach of the wireless
home network, the phone is connected to a WIMAX (or UMTS)
base station.
Session continuity between
private home network and a
WiMAX / UMTS network or
public hotspot
AA, ACC, SEC, HOV, ROA,
LOC
SEP, LOC
Since bandwidth is more expensive on this network, Bob receives
a message on his screen asking whether he wants to continue
with the video path. Since video is not really important while
walking, Bob decides to save money and tells his colleague that
he will end the video path. The audio path stays active, so they
will be able to continue their conversation.
Media adaptation based on
network capability and price
ACC, LOC
ACC, MEA, SEP, LOC
At his office he transfers the running video call from the mobile
terminal (WiMAX, UMTS) to his Notebook connected to a fixed
access network
Continue session on
different terminal
AA, SEC, HOV, ROA, LOC
AA, SEP, LOC
Slide Nr.: 8
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
Authentication and Authorisation Requirements For Use Case 2
Using IWLAN
Slide Nr.: 9
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
1.
Wireless user device must have
several interfaces for e.g. WLAN,
UMTS etc.
2.
IWLAN provides only network
layer authentication solution,
other protocols like SIP should
take care of service level
authentication.
3.
EAP-AKA and EAP-SIM could be
used for mutual authentication to
create IPsec security tunnel
between UE and Packet Data
Gateway.
4.
IWLAN provides either ‘Direct IP
Access’ or ‘3GPP IP access’.
Authentication and Authorisation Requirements For Use Case
2 Using SIP
Slide Nr.: 10
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
1.
SIP based service
authentication is a
mandatory method in
IMS.
2.
IT does not require
network layer tunelling
(IPsec).
3.
Service layer mutual
authentication
employing SIP
registration
mechanisms (AKA,
SIM) normally are
sufficient.
4.
Security of SIP
authentication signaling
is provided by
SIPSecure and
SecureRTP.
FMC Use Case 3: Nomadic user with public access over
private domain
Company's
building
Private network owner who
offers public network access
to visitors
Bob's home
Park
Access network
Access network
Home Gateway
Home Gateway
settop box
802.11b/g
802.11b/g
Television
Wifi / WiMAX / UMTS
Bobs multi media device
Use Case Description
User Aspects
Network Aspects
Service Aspects
Some of the houses nearby
provide public access over their
private WiFi network. According
to the network settings on his
multimedia device, Bob gets
connected to one of these
networks and orders the pizza
over the Internet.
Public access over a private
domain
AA, ACC, ARD, RP, SEC, LOC
AA, LOC
Slide Nr.: 11
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
Authentication and Authorisation Requirements For Use Case 3
>
The difference between use cases 1, 2 and 3 is that in the latter one the owner of the
private network does not necessarily have to know the visitor.
>
There could be 2 possibilities for specifying the AA requirements here:
1. The visitor authenticates to his service provider who has a direct relationship with
the host’s NAP (Network Access Provider). Due to the relationship, it is possible
to support QoS in the access network, e.g. by separating the host’s and visitor’s
traffic by means of VLANs.
2. In the second scenario the visitor authenticates against a third party (like in FON).
QoS in the access network can only be supported if the third party has a direct
relationship with the host’s SP.
Slide Nr.: 12
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu
Conclusion
>
“Anytime & Anywhere” services are constantly growing which leads to FMC
technologies are being developed to provide nomadism, session continuity
and roaming between fixed networks and mobile networks.
>
Multiprovider and multiservice networks have to be taken into consideration
before designing any sort of AAA architecture.
Slide Nr.: 13
Mohit Thakur, Siemens
AGMohit Thakur, Siemens
AG
www.ist-muse.eu