Wireless LAN Medium Access Control MAC and Physical Layer PHY Specifications by 7o3NJoP

VIEWS: 6 PAGES: 33

									     X.P0028                                        3GPP2



 1
 2
 3                                                                     China: CCSA
 4                                                                      xx-xxxx-xxx
 5                                                              (to be published as xxxxxx)
 6                                                             Contact: Rajesh Bhalla - ZTE
 7                                                      +1-858-554-0387 rabhalla@ztesandiego.com
 8
 9
                                                                       Japan: TTC
10                                                                       xx-xxxx-xxx
11
                 TSG-X (PSN/PDS)
12                                                                (to be published as xxxxxx)
13
                                                             Contact: Toru Owai - NEC Corporation
14
15               X.P0028                                    +81-3-3798-8551    t-owai@ah.jp.nec.com
16
17                                                                     Korea: TTA
18
         (to be published as 3GPP2 X.S0028)                              xx-xxxx-xxx
19
20                                                                (to be published as xxxxxx)
21
22                   Chair: Serge Manning                    Chair: Jin Sung Choi – LG Electronics
23                        Sprint PCS
                                                             +82-31-450-2062    jinsungc@lge.com
24               Address + phone number (TBD)
                 smanni05@sprintspectrum.com
                                                              North America: TIA TR-45.6
25
                                                                           PN-3-0174
26
                                                                 (to be published as TIA-1050)
27
                                                                  Chair: Parviz Yagani – Cisco
28                                                              Phone nb? pyegani@cisco.com
29
30
31
32
33
                     Wireless Local Area Network (WLAN) Interworking
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                                i                             3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                          3GPP2



 1
 2
 3   Revision History
 4
 5    REVISION HISTORY
 6
      Ver.   Content changes.                                                             Date
 7
 8    0.1    Accepted skeleton document                                                   March    15,
 9             X31-20031208-007                                                           2004
10           Added Architecture:
11
12
               X31-20031208-010R2
13           Incorporated RADIUS attribute table from:
14             X31-20040112-013
15    0.2    Incorporated:                                                                June 7, 2004
16
17
             X31-20040419-021-Nortel-USC-Sprint-
18           WLAN_auth_EAP_TLS_sharedkeys.pdf
19    0.3    Incorporated:                                                                June 22,2004
20             X31-20040419-023R1-Ericsson-WLANauthentication-non8021x-baseline.doc
21             X31-20040607-030-Eric-Qcom-Intc-Sam-Hua-Nok-WLANEAPAKA.doc
22             X31-20040607-033R1 Sprint-WLAN Network Section.pdf
23
               X31-20040607-034 Sprint-WLAN Coexistance.pdf
24
25
26    0.4      Incorporated:                                                              June 30,2004
27             Added place holder for WKEY
28             X31-20040628-003R1-Nortel_PSK_updates.doc
29
               X31-20040628-004R1 Sprint-WLAN-Service-Desc.doc
30
31             Eliminated 3GPP2 term from the document (as per email discussion)
32             X31-20040630-002R1 Ericsson-WLAN Accounting.doc
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                                  i                      3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                                                  3GPP2



 1
 2
 3
 4
 5   Table of Contents
 6
 7   Revision History .............................................................................................................................. i
 8   Table of Contents ............................................................................................................................ ii
 9
     List of Figures ................................................................................................................................ iii
10
11   List of Tables ................................................................................................................................. iv
12   1               Introduction ............................................................................................................. 5
13
14
             1.1     Scope ............................................................................................................5
15   2               References ............................................................................................................... 6
16
             2.1     Normative References ..................................................................................6
17
18           2.2     Informative References ................................................................................7
19
20           2.3     3GPP2 Specifications and SDO Standards ..................................................7
21   3               Definitions, Symbols and Abbreviations ................................................................ 8
22
23
             3.1     Definitions....................................................................................................8
24           3.2     Symbols and Abbreviations .........................................................................8
25
     4               Interworking Architecture ....................................................................................... 9
26
27           4.1     Reference Model ..........................................................................................9
28
29           4.2     Network Entities ........................................................................................10
30           4.3     Interfaces ....................................................................................................11
31
32
     5               Service Description ............................................................................................... 12
33   6               WLAN Interworking Access ................................................................................ 13
34
             6.1     Network Advertisement and Selection ......................................................13
35
36           6.2     Wireless LAN Requirements .....................................................................13
37
38
             6.3     MS Requirements.......................................................................................13
39   7               Authentication Methods ........................................................................................ 14
40
41
             7.1     802.1x WLAN............................................................................................14
42       7.1.1       WKEY Derivation ................................................................................................ 14
43       7.1.2       EAP-TLS with Pre-Shared Key ............................................................................ 20
44       7.1.3       EAP-AKA ............................................................................................................. 25
45
46           7.2     Non-802.1x WLAN ...................................................................................27
47       7.2.1       WLAN Requirements ........................................................................................... 27
48
         7.2.2       MS Requirements.................................................................................................. 27
49
50
         7.2.3       Security considerations ......................................................................................... 27
51   8               Accounting ............................................................................................................ 29
52   9               RADIUS attributes ................................................................................................ 30
53
54
55
56
57
58



                                                                         ii                               3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                                 3GPP2



 1
 2
 3   List of Figures
 4
 5   Figure 1 WLAN Interworking Architecture for Scenario 2 .......................................................... 10
 6
     Figure 2 WLAN access authentication using EAP-TLS with pre-shared keys ............................ 22
 7
 8
     Figure 3. Successful Authentication with EAP-AKA................................................................... 25
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                                           iii                        3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                                    3GPP2



 1
 2
 3   List of Tables
 4
 5   Table 1 Supported RADIUS Attributes. ....................................................................................... 30
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                                               iv                           3GPP2 TSG-X/TIA TR-45.6
   X.P0028                                             3GPP2



 1
 2
 3 1             Introduction
 4
 5
 6                This specification defines requirements for support Wireless Local Area Network
 7                Interworking for the cdma2000®1 networks. This specification supports scenario 1
 8                and 2 described in WLAN Interworking Stage 1 Requirements [3].
 9
10
11
12 1.1           Scope
13
14
15                The main objective of this document is to provide Common billing, customer care
16
17
                  and cdma2000 based Access Control and Charging, and Access to the Internet to
18                cdma2000 user via a WLAN system operated by cdma2000 operators or Wireless
19                LAN System operator who have a business relationship with cdma2000 operators.
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56 1 “cdma2000® is the trademark for the technical nomenclature for certain specifications and standards of the
57 Organizational Partners (OPs) of 3GPP2. Geographically (and as of the date of publication), cdma2000 ® is a
58 registered trademark of the Telecommunications Industry Association (TIA-USA) in the United States.”



                                                      5                        3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                     3GPP2



 1
 2
 3   2         References
 4
 5
 6
 7
 8
 9
     2.1       Normative References
10
11             This section provides references to other specifications and standards that are
12
13
               necessary to implement this document.
14
15
16   [RFC 2246]        T. Dierks, et al, “The TLS Protocol Version 1.0”, RFC 2246, January 1999.
17   [RFC 2716]        B. Aboba, D. Simon, “PPP EAP-TLS Authentication protocol”, RFC 2716,
18                     October 1999
19
20
     [RFC 2284bis]     “Extensible Authentication Protocol (EAP)”, RFC 2284bis-09
21   [RFC 3579]        B. Aboba, P. Calhoun,“RADIUS (Remote Authentication Dial In User
22                     Service) Support For Extensible Authentication Protocol (EAP)”, RFC 3579,
23                     September 2003
24
25
26   [RFC TLSPSK]      “Pre-Shared Key Cipher suites for TLS”, draft-ietf-tls-psk-00.txt
27   [RFC bbbb]        J. Arko., Extensible Authentication Protocol Method for UMTS
28                     Authentication and Key Agreement (EAP-AKA), (draft-arkko-pppext-eap-
29
30
                       aka-13.txt), June 2004.
31
32   [RFC 2516]        L. Mamakos & al. “A Method for Transmitting PPP Over Ethernet
33                     (PPPoE)”, Feb. 1999.
34
35
     [RFC 2865]        Rigney, et al, “Remote Authentication Dial In User Service (RADIUS)”,
36                     RFC 2865 June 2000
37   [RFC 2866]        Rigney, “RADIUS Accounting”, RFC 2866, June 2000
38   [RFC 3580]        P. Congdon, et al, “IEEE 802.1X Remote Authentication Dial In User
39
40
                       Service (RADIUS) Usage Guidelines”, RFC 3580, September 2003
41
42
43   [WPA]            WPA
44
45
     [802.11i]        IEEE802.11i
46   [WFABCP]         Wi-Fi Alliance, Best current practices for Wireless ISP roaming, v1.0, Feb.
47                    2003
48                    Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)
     [IEEE80211]
49
50
                      Specifications, IEEE Std. 802.11-1999.
51
52
53
54
55
56
57
58



                                                6                      3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                    3GPP2



 1
     2.2       Informative References
 2
 3
 4
               This section provides references to other documents that may be useful for the reader
 5             of this document.
 6
 7
 8
 9   2.3       3GPP2 Specifications and SDO Standards
10
11
12             Number of      SDO Project               Document Title
13
               specifications Number
14
15             [1]            3GPP2: S.S0055-A          Enhanced    Cryptographic       Algorithms,
16                            ARIB:                     September 2003.
17                            CWTS:
18
19
                              TIA:
20                            TTA:
21             [2]            3GPP2: X.S0011-C          cdma2000 Wireless IP Network Standard,
22                            ARIB:                     Nov. 2003.
23
24
                              CWTS:
25                            TIA:
26                            TTA:
27             [3]            3GPP2 : S.P0087-0         WLAN Interworking Stage 1 Requirements
28
29
                              ARIB :
30                            CWTS :
31                            TIA :
32
                              TTA :
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                               7                     3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                    3GPP2



 1
 2
 3   3         Definitions, Symbols and Abbreviations
 4
 5
 6             This section contains definitions, symbols and abbreviations that are used throughout
 7             the document.
 8
 9
10
11   3.1       Definitions
12
13   [EDITOR INSERTED DEFINITIONS:]
14
15                        EAP Server
16
17
18
19
20
21             [END OF EDITOR INSERTED DEFINITIONS]
22
23
24
25   3.2       Symbols and Abbreviations
26
27   [EDITOR INSERTED ITEMS]
28   AP          Access Point
29
     EAP         Extensible Authentication Protocol
30
31   EAPoL       EAP over LAN
32   MS          Mobile Station
33   NAI         Network Address Identifier
34
     PRF         Pseudo random function
35
36   RADIUS      Remote Authentication Dial In User Service
37   TLS         Transport Layer Security
38   WLAN        Wireless Local Area Network
39
     SSID        Service Set Identifier
40
41   [END OF EDITOR INSERTED ITEMS]
42
43
44
     AAA           Authentication Authorization and Accounting
45
46   AC            Authentication Center
47   HLR           Home Location Register
48   MSK           Master Session Key
49
50
     PMK           Pairwise Master Key
51   UIM           User Identity Module
52   PPP           Point to Point Protocol
53   UAM           Universal Access Method
54
55
     PSK           Pre Shared Key
56
57
58



                                               8                     3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                       3GPP2



 1
 2
 3   4             Interworking Architecture
 4
 5   [EDITOR NOTE: THE FOLLOWING INTRO SECTION NEEDS TO BE CLEANED UP]
 6
 7
 8
     The Phase-1WLAN Interworking architecture along with its network functional entities and
 9   interfaces supports Scenarios 1 and 2 of the four (4) Scenarios described in the stage 1 document
10   as follows:
11
12
13            Scenario 1: Common billing and customer care.
14            Scenario 2: cdma2000 based Access Control and Charging and Access to the Internet via
15                         the WLAN system.
16
              Scenario 3: Access to the cdma2000 Packet Data Services via the WLAN system.
17
18            Scenario 4: Session continuity.
19
20   Phase-1 WLAN Interworking architecture and its associated functionality will be supported in
21
     the same timeframe as the X.P0011-D release. The support for Scenarios 3 and 4 may be
22
23   provided in a later release.
24
25
26
27
28
29
     4.1           Reference Model
30
31
32   Figure 1 shows high-level network architecture for the support of the WLAN interworking for
33   scenario 2. The WLAN is connected to the cdma2000 home network either directly or via one or
34   more intermediate broker network(s). In this architecture model, either a cdma2000 operator or a
35
36
     Wireless ISP may own the WLAN. The Mobile Station (MS) gains access to the Internet via the
37   WLAN after it is successfully authenticated by the cdma2000 home system. The network
38   (functional) entities and interfaces are described in the following sections.
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                                  9                    3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                       3GPP2



 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28                       Figure 1 WLAN Interworking Architecture for Scenario 2
29
30
31
32
33   4.2           Network Entities
34
35
36
     The following describes the network entities that appear in Figure 1 WLAN Interworking
37   Architecture for Scenario 2.
38
39            H-AAA: AAA in a home cdma2000 network - The home AAA server (H-AAA) is the
40
41
               AAA server managed by the cdma2000 home operator. The AAA server authenticates
42             and authorizes the MS for access to the WLAN interworking service.
43
44            B-AAA: AAA in a broker network - A broker AAA (B-AAA) resides in a broker
45
46
               network. The broker network is an intermediate network between the WLAN and
47             cdma2000 home network. There may be zero, one, or more broker networks between the
48             WLAN and the cdma2000 home network.
49
50
51
              W-AAA: The AAA in the WLAN, if available, interacts with the MS’s H-AAA server,
52             possibly through one or more broker networks, to authenticate and authorize the MS for
53             WLAN access.
54
55
56
              Database - The database is in the MS’s cdma2000 home network where authentication
57             and subscriber service profile information is stored.
58



                                                  10                   3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                         3GPP2



              WLAN: The Wireless Local Area Network supports 802.11 types of accesses. It may
 1
 2             support 802.1x and/or 802.11i. The topology of the WLAN is outside the scope of this
 3             specification.
 4
 5
 6
 7
 8
 9   4.3           Interfaces
10
11   The following describes the interfaces that appear in Figure 1 WLAN Interworking Architecture
12   for Scenario 2.
13
14
15
              Interface 1 between MS and WLAN - The interface between MS and WLAN specifies the
16             physical and link layers protocols. The 802.11 specifications should not be affected by the
17             3GPP2 specifications. WLAN interworking may designate IEEE standards as preferred
18
               interfaces, e.g. 802.1x and 802.11i for security mechanisms.
19
20
21            Interface 2 between AAA in WLAN and H-AAA - This interface is used to authenticate
22             the MS from the cdma2000 home system and forward requests and responses between the
23
               W-AAA and the H-AAA. The interface should follow IETF specifications. This interface
24
25             may consist of the following two interfaces in case a broker network(s) is present.
26
27                 o An interface between W-AAA and B-AAA - This interface is used to proxy
28
                     requests/responses between W-AAA and B-AAA.
29
30
31                 o An interface between B-AAA and H-AAA - This interface is used to proxy
32                   requests/responses between B-AAA and H-AAA.
33
34
35            Interface 3 between the WLAN System and the Internet should follow IETF standards.
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                                    11                     3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                     3GPP2



 1
 2
 3   5          Service Description
 4
 5   The Interworking function supports scenarios 1 and 2 [3] that together provide users with a
 6
     cdma2000 subscription WLAN access to Internet services charged on a single bill. Since
 7
 8
     authentication, authorization, and accounting functions are common between WLAN and
 9   cdma2000 systems, the security credentials and methods may be shared between the systems
10   reducing administrative and implementation burdens.
11
12
13   This specification offers users entering the coverage area of one or more WLAN systems the
14   ability to detect and connect to a particular WLAN system (see section 6.1). Once attached, the
15   user may utilize the Universal Access Method or 802.1X/EAP to get service depending on
16
     whether the user and WLAN are equipped with 802.1X. This specification supports the general
17
18   EAP framework and recommends a number of specific EAP methods for authentication and
19   authorization (see section 7). AAA attributes are exchanged with the home cdma2000 network to
20   authenticate and authorize the user (see section 9). Once authorized, the WLAN system directly
21
     carries the user’s bearer traffic to the Internet. The WLAN system generates accounting records
22
23   that enable the cdma2000 service provider to make available to the user one single bill (see
24   section 8).
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                                12                    3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                       3GPP2



 1
 2
 3   6           WLAN Interworking Access
 4
 5
 6
 7
 8
 9
     6.1         Network Advertisement and Selection
10
11
     The MS may enter an area served by a single WLAN network that is affiliated with multiple
12   cdma2000 home systems directly or through broker networks. Alternatively, the MS may enter
13   an area served by multiple WLAN networks affiliated with multiple cdma2000 home systems
14   directly or through broker networks. In either case, the user needs to discover the availability of
15
16
     service from all the cdma2000 home systems and attach to the WLAN network with the
17   appropriate home provider.
18
19
20   6.2         Wireless LAN Requirements
21
22   Each cdma2000 home system affiliated with a WLAN system shall have a corresponding Service
23
     Set Identifier (SSID). More than one cdma2000 home system may share the same corresponding
24
25   SSID. However, the same cdma2000 home system shall not be represented by more than one
26   SSID within the same WLAN coverage area. The WLAN system should publicly advertise all
27   cdma2000 affiliated SSIDs in Beacon Frames as described in [IEEE80211]. If some cdma2000
28
29
     affiliated SSIDs are not publicly advertised, the WLAN system shall respond to Probe Request
30   frames from an MS as described in [IEEE80211] for these SSIDs.
31
32
33   6.3         MS Requirements
34
35   For automatic network selection without user input, the MS shall be configured with a list of one
36
     or more preferred cdma2000 related SSIDs. For example, this list may be pre-provisioned in the
37
38
     MS or determined through user interaction or computed based on some set of criteria. The
39   determination of this list is outside the scope of this specification.
40
41
     To discover WLAN service, the MS shall perform passive scanning as described in [IEEE80211]
42
43   for broadcast SSIDs. For manual network selection, the available SSIDs are presented to the user
44   to choose. The MS shall attempt to associate with the chosen SSID after which network selection
45   completes.
46
47
48   For automatic network selection, the MS may optionally perform active scanning as described in
49   [IEEE80211] by transmitting Probe Request frames for preferred SSIDs in addition to passive
50   scanning to determine the available SSIDs. If a preferred SSID from the list of 3GPP2 related
51
     SSIDs is found among the available SSIDs, the MS shall attempt to associate with that particular
52
53   SSID and begin authentication.
54
55
56
57
58



                                                 13                      3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                      3GPP2



 1
 2
 3   7           Authentication Methods
 4
 5
 6
 7   7.1         802.1x WLAN
 8
 9   This specification addresses user authentication accessing an 802.1x hotspot when the
10
     authentication is based on common security credentials with cdma2000 access. The common
11
12   security credentials consist of a shared key WKEY, which is derived from a common shared key
13   stored in the UIM and in the home system using the procedure defined in section 7.1.1.
14
15
     For 802.1x hotspots, authentication is based on EAP [RFC aaaa]. This specification recommends
16
17   the following EAP methods:
18                - EAP-TLS with Pre Shared Key. [RFC TLSPSK]
19                - EAP-AKA [RFC bbbb]
20
21
22
     7.1.1       WKEY Derivation
23
24
25   This section details the procedures to generate a long term WLAN KEY (WKEY) based on the
26   CDMA2000 Legacy session key material (SMEKEY) or the Mobile IP key material (MN-AAA). The
27   WKEY is cryptographically separated from both the SMEKEY and the MN-AAA by the procedure
28   detailed below. The method used to achieve cryptographic separation (Perfect Forward Secrecy –
29   PFS) is the same for both methods, and the Password Protected Diffie-Helman (D-H) procedure
30   used is defined in C.P0016-C (IS-683 rev.D) sections 5.5 and 5.6.
31
32
33   For clarity, the generation of WKEY using the SMEKEY and the MN-AAA key are defined
34   separately, although there is a significant amount of commonality between the two procedures.
35   The WKEY generated by either method has the same cryptographic strength (128-bit).
36
37
     7.1.1.1     WKEY (D-H protected by the SMEKEY)
38
39
40   7.1.1.1.1   Assumptions
41
42               It is assumed that the EAP Client has the capability to communicate with the R-
43               UIM/UICC or the MS in a hybrid WLAN/1X terminal configuration. The EAP-
44
                 Server (e.g., AAA, also called EAP authenticator) shall be able to interface with a
45
46
                 CDMA2000 CAVE-based AC, therefore the EAP-server back-end has to support a
47               minimum subset of the SS7 authentication protocol (i.e., AUTHREQ/authreq).
48
49               The identity of the EAP Client is received by the EAP Server, and the 1X terminal
50               (ME) responds to the EAP-Server challenge (32-bit RAND) with its calculated
51               AUTHR (note that the R-UIM does not distinguish between an EAP generated
52
                 challenge or a VLR generated challenge.
53
54
55   7.1.1.1.2   EAP-Server requirements
56
57               The EAP Server shall be capable of issuing a conventional IS-41 AUTHREQ
58               transaction to the HLR/AC. This transaction includes the RAND value and the


                                                14                     3GPP2 TSG-X/TIA TR-45.6
   X.P0028                                          3GPP2



                AUTHR received from the ME. This transaction, when executed, shall not affect IS-
 1
 2               2000 mobility management of the ME, i.e. ANSI-41 Re-Registration procedures
 3               should not be invoked2..
 4
 5
 6
 7
                 In response to the AUTHREQ message, the HLR/AC returns an authreq with the
 8               current session keys, including the SMEKEY parameter and the authentication
 9               status. Note that the H-AAA looks just like a VLR to the HLR/AC.
10
11
   7.1.1.1.3      EAP Client Requirement
12
13               The EAP Client shall be able to receive the SMEKEY from the IS-2000 part of the
14
15
                 mobile station, based on currently defined ME/R-UIM interface protocols and
16               methods. In practice, the secure EAP Client and IS-2000 security module will be
17               utilized on the same secure UIM, R-UIM, UICC, etc., so secure data is contained in
18
                 the protected environment.
19
20
21
22 7.1.1.1.4     WKEY Generation Process
23
24               Once the EAP Client and the EAP-Server possess the SMEKEY, they are ready to
25               perform the authentication and key agreement protocol that allows the EAP-Server
26
                 and EAP Client to securely agree on a WKEY.
27
28
29               To ensure cryptographic separation between the SMEKEY (session key) and the
30               EAP Client WKEY (long-term key), the cryptographic procedures in C.P0016-C (IS-
31
32
                 683 rev.D) sections 5.5 and 5.6 is used, i.e., use the SMEKEY as the password for
33               authenticating the Diffie-Helman key exchange between the ME and the AAA
34               (MS_PW and BS_PW will both be set equal to the SMEKEY).
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57 2 For example, a new access type parameter may be required to uniquely identify the source of the AUTHREQ
58 message (e.g., TERMINAL TYPE=WLAN).



                                                  15                       3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                           3GPP2



 1
 2   7.1.1.1.5     High Level Diagram
 3
 4
 5
 6
 7
                      Legacy
 8                                             WLAN Terminal                   EAP-
 9                   Terminal                                                                                     HRL/AC
                                                EAP Client                     Server
10                   (CAVE)
11                                                                                              EAP Server Does
12                                                          EAP Request Identity                  not have the
13             a                                                                                WLAN Identity
14                                                          EAP Response Identity
15                                                         (e.g., IMSI@realm.com)
               b
16
17                                                         EAP Request CAVE/Start
                                                            (type=CAVE), RAND
18             c
19                                   RAND
               d
20                           Session key-material
21                          [AUTHR, SMEKey,..]
               e
22                                                     EAP-Response [Keyupdate,
23                                                            AUTHR,
24                                                      H1'(MS_PW)•g X mod p]
               f                MS_PW=SMEKEY                                                   AUTHREQ
25                                                                                           [AUTHR, RAND,
26                                                                                        ACCTYPE=originations,
                                                                                           TERMTYPE=WLAN]
27             g
28
29                                                                                          authreq[ SMEKEY,..]
               h
30
31                                                              EAP-Sucess
                                                               [ Keyupdate,
32
                                                        H1'(BS_PW)•g Y mod p]
33             i
34                               WKEY (128-bit)                                          WKEY (128-bit)
35
                                 calculated as per                                       calculated as per
36                              C.P0016-C sec. 5.5)                                     C.P0016-C sec. 5.6)
37                              MS_PW=SMEKEY                                            BS_PW=SMEKEY
38
                                (e.g., PSK=WKEY)                   SA                   (e.g., PSK=WKEY)
39                                                          (e.g., psk TLS
40             j
41
42
43                          SMEKEY is the Password for the D-H key exchange
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                                      16                            3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                     3GPP2



 1
 2      a. The WLAN attempts to access the EAP Server and the EAP server detects that it does not
 3
 4
           have the new client’s (WLAN card) identity. The Server initiates an EAP Request
 5         Identity message.
 6
 7
        b. The WLAN responds with its own EAP Response Identity (the identity can be
 8         MSID@real.com or IMSI@real.com (the IMSI or the MSID is required to identify the
 9         user at the AC). Steps (a) and (b) represent standard EAP protocol.
10
11      c. The EAP Server initiates a new EAP transaction – EAP Request CAVE/Start (method
12         type=CAVE).
13
14      d. The 32-bit RAND challenge value from the EAP Request CAVE/Start, received by the
15         EAP Client, is sent to the R-UIM 1X terminal as a simulated Global Challenge.
16
17      e. The 1X terminal (or the R-UIM) responds to the global challenge with an AUTHR and
18         the SMEKEY. The AUTHR and the SMEKEY are then delivered to the EAP Client.
19
20      f. The EAP Client responds to the EAP- Request (step c) with an EAP-Response message,
21         including the AUTHR, and the gX mod p covered by the hash of the SMEKEY (as per
22
23
           C.P0016-C sec. 5.5 defined procedures with MS-PW=SMEKEY). Note: “x” is a secret
24         random number generated by the WLAN device.
25
26
        g. The EAP Server, acting as a VLR, sends an ANSI-41 AUTHREQ message to the
27         HLR/AC. The AUTHREQ includes the RAND, ACCESSTYPE=page response and
28         AUTHR)
29
30      h. The HLR/AC responds with an ANSI-41 authreq, which includes the SMEKEY and an
31         authentication success indictor. If authentication fails, then the authreq will include an
32
           access deny indication, and the EAP Server will terminate the session with the WLAN.
33
34      i. EAP-Server replies to the EAP Client with an EAP-Success indicating a successful
35
           HLR/AC authentication, as well as the gy mod p, covered by the hash of SMEKEY (as
36
37         per C.P0016-C sec. 5.6 defined procedures with BS-PW=SMEKEY). Note: “y” is a
38         secret random number generated by the EAP-Server following the C.P0016-C procedure.
39         The WKEY is calculated in the EAP Client and the EAP-Server as per C.P0016-C.
40
41      j. Verification that the WKEY provisioning has been successful is achieved when the
42         subsequent WLAN authentication procedure is executed. As an example, this step shows
43
44
           execution of EAP-TLS-PSK authentication and session key generation procedure. If the
45         EAP-TLS-PSK successfully completes with the WKEY generated in steps a- i, then the
46         WKEY is valid and can be used for establishing multiple subsequent SAs. Otherwise, the
47         WKEY shall revert to its previous state.
48
49
50
51
52
53
54
55
56
57
58



                                                17                    3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                      3GPP2



     7.1.1.2     WKEY (D-H protected by the MN-AAA)
 1
 2
 3   7.1.1.2.1   Assumptions
 4
 5               It is assumed that the EAP Client has the capability access the MN-AAA. The EAP-
 6               Server (e.g., AAA, also called EAP authenticator) shall be able to interface with a H-
 7               AAA, to get the MN-AAA.
 8
 9
10
     7.1.1.2.2   EAP-Server requirements
11
12
                 The EAP Authenticator shall be able to obtain the MN-AAA associated with the
13               hybrid AT.
14
15   7.1.1.2.3   EAP Client Requirement
16
17               EAP Client shall have accesses to the MN-AAA.
18
19
20
21   7.1.1.2.4   WKEY Generation Process
22
23
                 Once the EAP Client and the EAP-Server possess the MN-AAA, they are ready to
24               perform the authentication and key agreement protocol that allows the EAP-Server
25               and EAP Client to securely agree on a WKEY.
26
27
28               To ensure cryptographic separation between the MN-AAA (session key) and the
29               EAP Client WKEY (long-term key), the cryptographic procedures in C.P0016-C (IS-
30               683 rev.D) sections 5.5 and 5.6 is used, i.e., use the SMEKEY as the password for
31
                 authenticating the Diffie-Helman key exchange between the ME and the AAA
32
33               (MS_PW and BS_PW will both be set equal to the MN-AAA).
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                                 18                     3GPP2 TSG-X/TIA TR-45.6
     X.P0028                           3GPP2



 1
 2   7.1.1.2.5   High Level Diagram
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                      19
                                                a
                                               3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                      3GPP2



 1
 2
 3
 4
         a. The WLAN attempts to access the EAP Server and the EAP server detects that it does not
 5          have the new client’s (WLAN card) identity. The Server initiates an EAP Request
 6          Identity message.
 7
 8       b. The WLAN responds with its own EAP Response Identity
 9
10
         c. The EAP Server initiates a new EAP transaction – EAP Request MN-AAA/Start
11
         d. The EAP Client responds to the EAP- Request with an EAP-Response message,
12
13          including the gX mod p covered by the hash of the MN-AAA (as per C.P0016-C sec. 5.5
14          defined procedures with MS-PW=MN-AAA). Note: “x” is a secret random number
15          generated by the WLAN device.
16
17       e. EAP-Server replies to the EAP Client with an EAP-Success as well as the gy mod p,
18          covered by the hash of the MN-AAA (as per C.P0016-C sec. 5.6 defined procedures with
19
20
            BS-PW=MN-AAA). Note: “y” is a secret random number generated by the EAP-Server
21          following the C.P0016-C procedure. The WKEY is calculated in the EAP Client and the
22          EAP-Server as per C.P0016-C.
23
24       f. Verification that the WKEY provisioning has been successful is achieved when the
25          subsequent WLAN authentication procedure is executed. As an example, this step shows
26          execution of EAP-TLS-PSK authentication and session key generation procedure. If the
27
28
            EAP-TLS-PSK successfully completes with the WKEY generated in steps a- i, then the
29          WKEY is valid and can be used for establishing multiple subsequent SAs. Otherwise, the
30          WKEY shall revert to its previous state.
31
32
33
34
35
36
37
38
39   7.1.2      EAP-TLS with Pre-Shared Key
40
41   The EAP-TLS [RFC 2716] specifies how the TLS tunnel [RFC 2246] is established using EAP
42   [RFC 2284bis]. If client authentication is required, EAP-TLS method requires a client certificate
43
     to be available in the WLAN client. This requirement is considered to be a major disadvantage of
44
45   TLS, since public key cryptography is considered complex. As an alternative, EAP-TLS with
46   Pre-Shared Key [RFC TLSPSK] uses pre-configured or pre-existing shared secret in order to
47   establish the TLS tunnel. While this method does not require the management of client-side
48
49
     certificates, for operators that already have PKI available, EAP-TLS with Pre-Shared Key
50   method shall not disallow the use of EAP-TLS with server and client certificates.
51
52
     7.1.2.1    Assumptions
53
54
     EAP-TLS with Pre-Shared key assumes the following:
55      That the Pre-Shared Key (PSK) is available and is stored in a secure memory of the MS
56        or in the WLAN access client.
57
58



                                                20                     3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                      3GPP2



 1
              The WLAN access client has the capability to communicate with the cdma2000 MS, if
 2             the PSK is not configured in the WLAN access client.
 3
 4
 5
     7.1.2.2       EAP-TLS with Pre-Shared Key Message flow
 6
 7   EAP-TLS with Pre-Shared Key (PSK) method involves elimination of public key operations
 8
 9
     during the TLS handshake, while providing equivalent level of security using shared symmetric
10   keys. This is accomplished by defining new cipher suites for TLS to support authentication based
11   on pre-shared keys, i.e., WKEY (see section 7.1.1). The pre-shared key is used to explicitly
12   derive the 48 bytes premaster secret, which takes the place of TLS standard premaster secret,
13
14
     which is normally derived using the public keys.
15   The following diagram shows the message flows:
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                                21                    3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                               3GPP2



 1                 MS
 2                           WLAN
                                                                                            EAP Server
                                                          AP
 3     (R)UIM                                                                                 (AAA)
                             client
 4
 5
 6
 7       Pre-Shared Key                                                                     Pre-Shared Key      a
 8          available                                                                          available
 9
10
11                          WLAN Access Association                                                             b
12
13
                              EAP-Request / Identity
14                                                                                                              c
15                                                                     Access-Request
                           EAP-Response / Identity(NAI)           EAP-Response/Identity (NAI)
16                                                                                                              d
17
18                                                                    Access-Challenge                          e
19                                                              EAP-Request/EAP-Type=EAP-TLS
                                 EAP-Request/
20                        EAP-Type=EAP-TLS (TLS Start)                   (TLS Start)
21                                                                                                              f
22                   EAP-Response/EAP-Type=EAP-TLS                       Access-Request
23                            (Client Hello)                     EAP-Response/EAP-Type=EAP-TLS
24                                                                        (Client Hello)                        g
25
                                                                          Access-Challenge
26
                      EAP-Request/EAP-Type=EAP-TLS                EAP-Request/EAP-Type=EAP-TLS
27                    (ServerHello, ServerKeyExchange,            (ServerHello, ServerKeyExchange,
28                            ServerHelloDone)                            ServerHelloDone                       h
29
                                                                           Access Request
30                       EAP-Response/EAP-Type=EAP-TLS           EAP-Response/EAP-Type=EAP-TLS
31                    (ClientKeyExchange, ChangeCipher Spec,   (ClientKeyExchange, ChangeCipherSpec,
32                                   Finished)                                Finished)
33                                                                                                              i
34
35       Derive premaster secret                                                     Derive premaster secret    j
36        from pre-shared key                                                         from pre-shared key
37                                                                   Access-Challenge
                      EAP-Request/EAP-Type=EAP-TLS             EAP-Request/EAP-Type=EAP-TLS
38
                       (ChangeCipher Spec, Finished)            (ChangeCipherSpec, Finished )
39
                                                                                                                k
40                                                                     Access-Request
                      EAP-Response/EAP-Type=EAP-TLS            EAP-Response/EAP-Type=EAP-TLS
41                                                                                                              l
42
43     Derive keys for WLAN access (e.g.                                    Derive keys for WLAN access (e.g.
         PMK) from TLS master secret                                          PMK) from TLS master secret       m
44
45                                                                                                              n
                                                               Access-Accept (EAP-Success +keys)
46                                 EAP-Success
47
48
               Figure 2 WLAN access authentication using EAP-TLS with pre-shared keys
49
50
51
52
53      a) Both the WLAN client and the EAP Server have access to the pre-shared key (i.e.,
54         WKEY see section 7.1.1) used for the WLAN access service authentication.
55      b) MS wishing to access WLAN access service establishes an 802.11association with the
56
           WLAN AP.
57
58



                                                          22                         3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                     3GPP2



        c) The WLAN AP issues an EAP Identity Request to request the user’s identity using EAP
 1
 2         over LAN (EAPoL)
 3      d) The WLAN client replies with the NAI as the user’s identity (e.g.,
 4         username@realm.com). The AP encapsulates the EAP Response with the identity in a
 5
           Access-Request message (RADIUS support for EAP is specified in [RFC 3579]) and
 6
 7         forwards it to the back-end authentication server (EAP Server) responsible for
 8         authenticating subscribers belonging to that realm
 9      e) The EAP Server verifies that the NAI is valid for WLAN access service and determines
10
11
           that EAP-TLS is to be used for authentication. Otherwise, Access-Reject will be sent.
12      f) The EAP Server sends the EAP Request with EAP-Type as EAP-TLS in an Access-
13         Challenge message. The AP forwards the EAP request to the WLAN client. This starts
14         the TLS tunnel establishment process.
15
16
17      g) Upon receiving the TLS Start indication, the EAP peer sends the EAP-Response with
18         “Client Hello” handshake message as specified in [RFC 2716]. The EAP client shall
19         indicate its willingness to use pre-shared key authentication by including one or more of
20
21
           the supported PSK cipher-suites in the Client Hello TLS record. The AP forwards this
22         message to the EAP server using Access-Request message.
23      h) The EAP Server responds with an Access-Challenge containing EAP-Response with
24         Server Hello, Server Key Exchange and Server Hello Done handshake TLS records,
25
26
           which is forwarded to the MS by the AP. The EAP Server shall select one of the cipher-
27         suites and include it in the server hello message. If the EAP server shares more than one
28         PSK with the client, to help the client in selecting which PSK identity to use, the “PSK
29         identity hint” is included in the Server Key Exchange message.
30
31
        i) The MS responds with an EAP-Response with Client Key Exchange, Change Cipher
32         Spec and Finished TLS records, which is forwarded to the EAP Server by the AP. If the
33         EAP client shares more than one PSK with the EAP Server, the “PSK identity” is
34         included in the Client Key Exchange message. This completes the server and client key
35
36
           exchanges.
37      j) At this point, both the EAP client and server have derived the 48 byte TLS premaster
38         secret from the PSK as specified in [RFC TLSPSK].
39      k) The EAP Server responds with an EAP-Response with change cipher spec and finished
40
41
           handshake TLS records to the AP using Access-Challenge message, which is forwarded
42         to the MS as an EAP request.
43      l) The MS sends the EAP response with EAP Type=EAP-TLS and no data to the AP, which
44         is forwarded to EAP Server using Access-Request message.
45
46
        m) This completes the mutual authentication of both EAP server and the EAP peer. In case
47         the client authentication fails, TLS Alert message is send to the client and the user is
48         disconnected. In case the server authentication fails, the EAP peer will respond with the
49         TLS Alert message and the user is disconnected. Handling of various failure scenarios are
50
51
           specified in [RFC 2716]. If the mutual authentication succeeds, the server derives the
52         needed WLAN session key (PMK). Similarly, the EAP peer also derives the needed
53         WLAN session keys. The session key derivation procedures for both EAP peer and EAP
54
           server are specified in [RFC 2716]
55
56      n) After deriving the needed WLAN session key (PMK), the EAP server sends Access-
57         Accept message (along with the PMK in the MS-MPPE-Recv-Key attribute of RADIUS)
58



                                               23                     3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                      3GPP2



               to the AP with the PMK and EAP success indication. The AP forwards the EAP Success
 1
 2             indication to the EAP peer. This completes the WLAN access authentication.
 3
 4
 5   7.1.2.3       Home AAA Requirements
 6
 7
 8   If the Home AAA supports EAP-TLS with Pre-Shared Key, it shall be compliant with [RFC
 9   TLSPSK] and [RFC 2716] for authentication and key exchange. The PSKs shall be accessible to
10
11
     the Home AAA during the TLS tunnel establishment. At the least, the following cipher suites
12   shall be supported:
13        CipherSuite TLS_PSK_WITH_3DES_EDE_CBC_SHA = {0x00, 0xTBD}
14
          CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA = {0x00, 0xTBD}
15
16
17   The Home AAA shall support TLS session resumption.
18
19
     Since the normal TLS keys are used in the handshake, and therefore shall not be used in a
20
21   different context, new encryption and integrity keys shall be derived from the TLS master secret
22   for use over the wireless link. The derivation procedure shall be as follows (as specified in [RFC
23   2716]): Given the master secret negotiated by the TLS handshake, the pseudorandom function
24
     (PRF) defined in the specification for the version of TLS in use, and the value random defined as
25
26   the concatenation of the handshake message fields client_hello.random and server_hello.random
27   (in that order), the value PRF (master secret, "", random) is computed. The first 32 bytes of the
28   PRF output is used as a Pairwise Master Key (PMK) for encryption and data integrity over the
29
     wireless link based on WPA or 802.11i algorithms. The Home AAA shall send the PMK to the
30
31   WLAN system in the MS-MPPE-Recv-Key RADIUS attribute at successful user authentication,
32   in the final RADIUS Access-Accept message.
33
34
35   7.1.2.4       MS Requirements
36
37   If the MS supports EAP-TLS with Pre-Shared Key, it shall be compliant with [RFC TLSPSK]
38   and [RFC 2716] for authentication and key exchange. The PSKs shall be accessible to the MS
39
     during the TLS tunnel establishment. At least one of the following cipher suites shall be
40
41   supported:
42        CipherSuite TLS_PSK_WITH_3DES_EDE_CBC_SHA = {0x00, 0xTBD}
43
          CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA = {0x00, 0xTBD}
44
45
46   The MS may support TLS session resumption.
47
48
     Similar to the operations in the Home AAA, the MS key derivation shall follow the same
49
50   procedure that is used by the Home AAA (section 7.1.1.3) and the first 32 bytes of the computed
51   value is used as a Pairwise Master Key (PMK) for encryption and data integrity over the wireless
52   link based on WPA or 802.11i algorithms. Note that WLAN system should have received the
53
     same PMK from the Home AAA.
54
55
56
57
58



                                                 24                     3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                                 3GPP2



 1
     7.1.3        EAP-AKA
 2
 3
     EAP-AKA provides mutual authentication, optional identity privacy, optional fast re-
 4   authentication and session key generation [RFC bbbb]. This specification describes the use of
 5   MN-AAA as the common shared key. Future version of this specification may describe the use
 6   of a common shared key used in the HLR/AC. The sequence diagram in figure 1 illustrates a
 7
 8
     successful authentication operation.
 9
10
11
12                     MS                              WLAN-AN                                Home AAA
13
14
15
                            EAP-Request/Identity (1)
16
17
18
19
                            EAP-Response/Identity (2)           Access-Request (EAP-Response/
20
                                                                         Identity) (2)
21
22                                                                                           Server runs 3GPP2
                                                                                           algorithm and generate
23
                                                                                              RAND and AUTN
24
25                                                                      Access-Challenge
                                                                       (EAP-Request/AKA-
26
                                                                 Challenge(AT_RAND, AT_MAC,
27                       EAP-Request/AKA-Challenge(3)                    AT_AUTN)) (3)
28
29             MS runs 3GPP2 algorithm,
30              verifies AUTN and MAC,
31              derives RES, IK and CK
32                       EAP-Response/AKA-Challenge
33                          (AT_RES, AT_MAC)(4)             Access-Request (EAP-Response/AKA-
34                                                                    Challenge) (4)
35
36                                                         Access-Accept ( EAP-success, PMK) (5)
37
                                EAP-Success (5)
38
39
40                MS generates PMK
41
42
43
44
45
46                           Figure 3. Successful Authentication with EAP-AKA
47
             1. The MS establishes an 802.11 association with an 802.1X compliant WLAN system. The
48
49
                WLAN system requests for the user identity of the terminal using EAPoL.
50
51
             2. The MS responds with the corresponding user identity (e.g., IMSI based NAI). The WLAN
52              system sends a RADIUS Access-Request containing the EAP packet (i.e., the user identity).
53
54
55
56
57
58



                                                           25                           3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                             3GPP2



               3. The home AAA decides that EAP-AKA authentication is suitable based on the user profile;
 1
 2
                  generates a random value RAND and AUTN based on the shared secret key MN-AAA and a
 3                sequence number. The AAA sends a RADIUS Access-Challenge that transports the EAP-
 4                AKA Challenge. The message contains the RAND, AUTN, and the AT_MAC attribute to
 5                protect the integrity of the EAP message. The RADIUS message arrives to the WLAN system,
 6                which extracts the EAP-AKA challenge from the RADIUS message and sends it to the MS.
 7
 8             4. The MS verifies the AUTN, and if the verification is successful, it generates a response in the
 9                AT_ RES attribute that allows the home AAA in turn to authenticate the peer, and the
10
                  AT_MAC attribute to protect the integrity of the EAP packet. The WLAN system forwards
11
12
                  this response inside a RADIUS Access-Request.
13
14
               5. The home AAA checks the challenge response. If the authentication is successful, the AAA
15                sends a RADIUS Access-Accept transporting an EAP-Success. The server generates the
16                Pairwise Master Key (PMK) (256 bits) by taking the first 32 bytes of a master key generated
17                based on the user identity, CK and IK and sends it to the WLAN system in the MS-MPPE-
18                Recv-Key RADIUS attribute. The WLAN system stores the key and does not forward it to the
19                MS. The MS generates the PMK upon receiving the EAP-Success message.
20
21
22
23   7.1.3.1        Home AAA Requirements
24
25   If the Home AAA supports EAP-AKA, the AAA shall generate an authentication vector based
26   on the configured key (i.e., MN-AAA key) and a sequence number using the 3GPP2 AKA
27
28
     algorithm and functions [1]. Each authentication vector consists of a random part RAND, an
29   authentication part AUTN used to authenticate the network to the UIM, an expected result part
30   XRES, a session key IK for integrity check, and a session key CK for encryption.
31
32
33
     The Home AAA may support identity privacy and fast re-authentication.
34
35   The Home AAA shall use the user identity, CK and IK in master key generation as specified in
36   [RFC bbbb]. The Home AAA shall use the master key to generate the Master Session Key
37
38
     (MSK) (64 bytes) and the first 32 bytes of the MSK is used as a Pairwise Master Key (PMK) for
39   encryption and data integrity over the wireless link based on WPA or 802.11i algorithms. The
40   Home AAA shall send the PMK to the WLAN system in the MS-MPPE-Recv-Key RADIUS
41   attribute at successful user authentication, in the final RADIUS Access-Accept message.
42
43
44
     7.1.3.2        MS Requirements
45
46
47
48
     If the MS supports EAP-AKA, the MS shall use the 3GPP2 AKA algorithm and functions [1] and [RFC
49   bbbb] to authenticate the network as well as generating a session key IK for integrity check, and a session
50   key CK for encryption.
51
52   Similar to the operations in the Home AAA, the MS shall use the user identity, CK and IK to generate the
53   master key as specified in [RFC bbbb]. The MS shall use the master key to generate the Master Session
54   Key (MSK) (64 bytes) and the first 32 bytes of the MSK is used as a Pairwise Master Key (PMK) for
55
     encryption and data integrity over the wireless link based on WPA or 802.11i algorithms. Note that
56
57
     WLAN system should have received the same PMK from the Home AAA.
58



                                                       26                       3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                            3GPP2



     If the MS does not support fast re-authentication and/or identity privacy, it shall discard the encrypted fast
 1
 2
     re-authentication username and the encrypted pseudonym username if received in the EAP (AKA-
 3   Challenge).
 4
 5
 6
 7   7.2          Non-802.1x WLAN
 8
 9
10   User authentication in a non-802.1x hotspot can be performed using any of the available legacy
11
12
     methods:
13      - The UAM method defined in the Wireless ISP roaming practices [WFABCP].
14      - CHAP/PAP if WLAN system supports PPP over Ethernet [RFC 2516].
15
16
17
     Although UAM authentication methods are vulnerable to various security weaknesses, many
18   legacy WLAN networks and MSs will continue to require UAM support. Migration from UAM
19   authentication to 802.1X authentication, however, is expected to occur gradually over time. For
20   this reason, it is important to support co-existence of both methods in the same WLAN system
21
22
     during the transition phase.
23
24   The UAM requires the MS to enter a user password when presented with a logon web page. How
25   the MS acquires the password is outside the scope of this specification.
26
27
28   If the WLAN system supports PPP over Ethernet, CHAP/PAP methods as specified in X.S0011-
29   C [2] for cdma2000 packet data access can be used to authenticate the WLAN user’s credentials
30   with the cdma2000 AAA infrastructure.
31
32
33
34   7.2.1        WLAN Requirements
35
36   If both UAM and 802.1X authentication methods co-exist in the same WLAN system, the
37   WLAN system shall support different SSIDs for each type of authentication method. In this case,
38   the WLAN system should publicly advertise SSIDs in Beacon Frames as described in
39
40
     [IEEE80211] for both types of authentication methods. Otherwise if a WLAN system publicly
41   advertises only a single SSID, it should correspond to the UAM authentication method. The
42   SSID for UAM authentication shall not have any link layer security, but the user shall be limited
43   to accessing a local web portal prior to successful UAM authentication.
44
45
46
47
     7.2.2        MS Requirements
48
49
     None identified.
50
51
52   7.2.3        Security considerations
53
54
55   For legacy-based authentication based on username/password, it is recommended to use separate
56
     user profile credentials from the cdma2000, so to not compromise the security of the cdma2000
57
58   accesses.


                                                      27                        3GPP2 TSG-X/TIA TR-45.6
     X.P0028    3GPP2



 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



               28       3GPP2 TSG-X/TIA TR-45.6
     X.P0028                                   3GPP2



 1
 2
 3   8          Accounting
 4
 5    The WLAN System shall generate accounting parameters according to the RADIUS parameter
 6
     table [section x]. The WLAN shall send a RADIUS Accounting-Request message (start) when
 7
 8
     the user is successfully authenticated and authorized for the access.
 9
10   The WLAN System shall send a RADIUS Accounting-Request (stop) message when the WLAN
11
     session is terminated.
12
13
14   The WLAN System should send Interim accounting records.
15
16
     During the lifetime of a WLAN session, the WLAN System may generate additional RADIUS
17
18   Accounting-Request starts and stops messages.
19
20   [EDITORS NOTE: accounting session termination cause for intermediate accounting stops needs
21
     further discussion.]
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58



                                              29                   3GPP2 TSG-X/TIA TR-45.6
       X.P0028                                            3GPP2



      1
      2
      39            RADIUS attributes
      4
      5 [EDITOR NOTE add informative text bringing RFC we use such as 3580 ]
      6
      7
      8
         The following table lists all RADIUS attributes that must be supported by implementations that
      9 are compliant with this specification. This specification does not introduce any new RADIUS
     10 attributes. The RADIUS attributes have been derived from the various IETF RFCs such as RFC
     11
         2865, RFC 2866, and RFC 3580.
     12
     13
     14 In the following table an X indicates that the corresponding RADIUS attribute must be supported
     15 in the RADIUS packet as per the IETF RFC specifications. Note that the Access Response
     16
         column covers RADIUS Access-Accept, RADIUS Access-Reject and RADIUS Access
     17
     18 Challenge messages.
     19
         Table 1 Supported RADIUS Attributes.
     20
     21
     22
     23
                                   Access Access Acct Acct Acct
      Attribute
     24                # Typ         Req    Resp Start Intr           Stop Comments
     25                    e                                    m
User26Name            1    String  X       X          X       X       X      User's NAI, Case Sensitive
User27Password        2    String  X                                         Must only be used if client authenticating via
     28                                                                      UAM
     29
NAS-IP Address        4    IP      X                  X       X       X      IP Addr of RADIUS client
     30                    Addr
     31
NAS-Port              5    Integer X                  X       X       X      Is the Association ID between client & AP
     32                                                                      per RFC 3580
Service Type
     33               6    Integer X                                         Various Service Types used for UAM are
     34                                                                      described in RFC 2865. Service types for
     35                                                                      use with 1x are described in RFC 3580.
Framed IP Address
     36               8    IP                         X       X       X      Client's IP Address. See RFC 3580 - Not
     37                    Addr                                              used for L2 Authenticators with 802.1x.
     38                                                                      Attribute required for TAP & IPDR
Framed-IP-Netmask
     39               9    Integer X       X                                 Netmask of the user; For local use. See RFC
     40                                                                      3580 (not used for L2 Authenticators)
Reply Message
     41               18 String            X                                 Text to display to user
State42               24 String    X       X                                 Opaque string from AAA in Access
     43                                                                      Challenge
Session Timeout
     44               27 Integer           X                                 Seconds until forced session termination and
     45                                                                      re-authentication required (may be used for
     46
                                                                             prepaid subs); See Termination-Action
     Timeout
Idle 47               28 Integer           X                                 Seconds of idle time before auto-termination
                                                                             of session
     48
Termination Action    29 Integer           X                                 0-Default (end of session) 1-RADIUS re-
     49
                                                                             authentication
     50
Called Station ID     30 String    X                  X       X       X      Per RFC 3580=MAC Address of NAS +
     51
                                                                             SSID (if known)
     52
Calling Station ID    31 String    X                  X       X       X      Per RFC 3580=Client's MAC Address
     53
NAS Identifier        32 String    X                  X       X       X      Alternative to NAS-IP_Address to identify
     54
                                                                             NAS
     55
Acct Status Type      40 Integer                      X       X       X      1=Start 2=Stop 3=Interim update
     56
Acct Input Octets     42 Integer                              X       X
     57
Acct Output Octets    43 Integer                              X       X
     58



                                                        30                        3GPP2 TSG-X/TIA TR-45.6
       X.P0028                                          3GPP2



     1
                                       Access Access   Acct     Acct   Acct
     Attribute
     2                  #    Typ        Req   Resp     Start    Intr   Stop     Comments
     3                       e                                   m
     4
Acct Session ID         44   String                    X        X      X        NAS unique ID to correlate all accounting
     5                                                                          records in a session; May be used to correlate
     6                                                                          with Auth Records
Acct Session Time
     7                  46   Integer                            X      X        Session duration in seconds
Acct Input Packets
     8                  47   Integer                            X      X
Acct Output Packets
     9                  48   Integer                            X      X
     Termination
Acct10                  49   Integer                                   X        1=User Request 2=Lost Carrier/Link 4=idle
Cause
    11                                                                          timeout 5=session timeout 6=admin reset
    12                                                                          9=NAS error 10=NAS request 11=NAS
    13                                                                          reboot 19=Supplicant (Client) Restart
    14                                                                          20=Re-Auth Failure; See RFC 3580 for more
    15                                                                          info
Acct-Input-Gigawords
    16                  52   Integer                            X      X        Number of times the Acct-Input-Octets
    17                                                                          counter has wrapped around
Acct-Ouput-
    18                  53   Integer                            X      X        Number of times the Acct-Output-Octets
Gigawords
    19
                                                                                counter has wrapped around
Event Time Stamp
    20
                        55   Integer                   X        X      X        Seconds since Jan 1 1970 UTC
     Port
NAS21 Type              61   Integer   X               X        X      X        15=Ethernet 19=802.11
EAP-Message
    22                  79   String    X      X        X        X      X        Required per RFC 3579
Message Authenticator
    23                  80   String    X      X        X        X      X        Required per RFC 3579
     Interim Interval
Acct24                  85   Integer          X                                 Interval in seconds between Acct updates
MS-MPPE-Recv-Key
    25                       String           X                                 .1x Encryption Key
MS-MPPE-Send-Key
    26                       String           X                                 .1x Encryption Key
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58



                                                       31                     3GPP2 TSG-X/TIA TR-45.6

								
To top