international roaming access protocols (irap) framework

®

© 2005 Intel Corporation

International Roaming Access Protocols (IRAP) Framework

International Roaming International Roaming Access Protocols (IRAP) Access Protocols (IRAP) FrameworkFramework

An overview for the Broadband Working Group An overview for the Broadband Working Group of the Communications Futures Program, MITof the Communications Futures Program, MITby by Intel CorporationIntel CorporationDan DahleDan Dahle25 January 200525 January 2005

� 2 �


* Third party brands/names are property of their respective owners

AgendaAgendaAgenda!! Roaming Vision Roaming Vision !! IP Services IP Services !! IRAP IRAP

� 3 �



Personal Profiles & Preferences

Roaming VisionRoaming Vision

Context Context

EnterpriseLAN / WLAN

Networks2.5G / 3.0GNetworks

Public WLANHotspots

Residential WLAN

Voice Services

Location Info

Internet

Commerce SMS & MMS

CRMFleet MgmtE-MailVideo Svcs VPN

� 4 �



� 5 �




� 6 �



Enables New Service OpportunitiesEnables New Service OpportunitiesEnables New Service Opportunities!! Bring Internet growth to wireless servicesBring Internet growth to wireless services

Universal IP Connectivity

Fiel

d A

utom

atio

n

CR

M

IMS

emai

l

New

Ser

vice

s

Web

Acc

ess

Voic

e

� 7 �



AuthorizationAccounting

AuthenticationUniversal IP Connectivity

All IP Svcs Require IP ConnectionAll IP All IP SvcsSvcs Require IP ConnectionRequire IP Connection

Step 1

Step 2 �Enhanced service� authorization & provisioning

3GPP R7

UMA or SIP voice

NGN svcs: Voice, IMS (3GPP, TISPAN, ITU, etc.)

Client Svc ProviderAccess network

IPSEC, VPN, etc.

Steps 3, 4, 5, �

Association Roaming Agmt

Services Support Discovery

� 8 �



No IP Connection """" No IP SvcsNo IP Connection No IP Connection """""""" No IP No IP SvcsSvcs

Step 2 �Enhanced service� authorization & provisioning

3GPP R7

UMA or SIP voice

NGN svcs: Voice, IMS (3GPP, TISPAN, ITU, etc.)

IPSEC, VPN, etc.

Steps 3, 4, 5, �

Client Svc ProviderAccess networkAssociation Roaming Agmt

AuthorizationAccounting

AuthenticationUniversal IP ConnectivityStep 1

Services Support Discovery

� 9 �




� 10 �



Need for standard interfacesNeed for standard interfacesNeed for standard interfacesClients Access

Network Home operators Billing/Clearing

1

2

2

2

3

3

3

2 Authentication & Authorization3 Accounting Data

1 Network Access

� 11 �



WLAN Standards and ForumsWLAN Standards and ForumsWLAN Standards and Forums

ITU 3GPP2

Protocols TestingForums

Standards Interop

IETF:common AAA protocols

GSMA:consistent usage and deployment models

3GPP:Promoting use of IETF, IEEE standards

IPDR:settlement format for billing exchange

IEEE:Wireless, Security, QoSfoundation

DomainSolutions

Wi-Fi Alliance:Overall Wi-Fi focus, client � AP interaction

IRAPIRAP

� 12 �



PMKv2

802.16e

Roaming Architecture & ProtocolsRoaming Architecture & ProtocolsRoaming Architecture & ProtocolsAccess Network (hot spot)

802.1X

802.11

PEAP / TTLS

EAP

RADIUS

Access Controller

Wireless Station

RADIUS AAA Server / gateway

EAP Methods (e.g. EAP-SIM, EAP-MSCHAPv2, �)

802.3 / IP

Mutual Authentication & over- the-air

Encryption

WPA

*

Provisioning and Authentication over

PEAP or TTLS

Home Network

� 13 �



IRAP Roaming InterfacesIRAP Roaming InterfacesIRAP Roaming Interfaces

� Develop industry-standard Interface Profiles1. Wireless Station to Access Network � Roaming user login2. Access Network to Home Service Provider authentication system

� Roaming user authentication 3. Access Network to billing system

� Session accounting for One Bill Roaming4. Access Network to Home Service Provider operations subsystem

� services support discovery & customer support services

AuthenticationAuthorization

Accounting1 3

2

4 Network Ops

Hot Spot

IRAP = International Roaming Access Protocols

Roaminguser

Access Network Home Service Provider

� 14 �



IRAP Supports Service ProvidersIRAP Supports Service ProvidersIRAP Supports Service Providers!! Better customer identification and support than Better customer identification and support than

anonymous scratch cardsanonymous scratch cards!! Better support for roaming customers at Better support for roaming customers at

independent roaming partner hotspots independent roaming partner hotspots !! Various billing models supported Various billing models supported

-- subscription, onesubscription, one--time, prepaid, timetime, prepaid, time--based, etc.based, etc.

!! One stop spec for all types of deploymentOne stop spec for all types of deployment-- harmonized for WISP, 3GPP/GSMA and 3GPP2/CDGharmonized for WISP, 3GPP/GSMA and 3GPP2/CDG

!! Lower cost and time for roaming interconnectsLower cost and time for roaming interconnects!! Lower maintenance costs for supporting multiple Lower maintenance costs for supporting multiple

roaming partners roaming partners

� 15 �



IRAP Supports Customers IRAP Supports Customers IRAP Supports Customers !! Safer loginSafer login

! over the air encryption ! connected network verification

!! Simpler loginSimpler login! Roaming login same as in home network

!! Seamless experience Seamless experience ! enabled with automated login using security

� 16 �



IRAP Program OutlineIRAP Program OutlineIRAP Program Outline

!! Use existing standardsUse existing standards! Industry feedback: �We have enough WLAN standards. Don�t define more,

make the ones we have work.�

!! End to end solutionEnd to end solution! Unique aspect is the end to end approach � crosses multiple standards

bodies and unifies the otherwise fragmented landscape.

InterworkingStudy

Architecture Validation

IDA / Inteloperatortestbeds

DetailedInterfaces

IRAP Interfaces

Testprogram

Test specs,Test ecosystem

PWLANArch Deployment

Summits,Trials, Pilots,

Interop

Done In Process

ETSI TISPAN work

� 17 �



IRAP StatusIRAP StatusIRAP Status!! Interface specs @ 1.0 (Interface specs @ 1.0 (intfcintfc 11--3 stable, 4 @ 60%)3 stable, 4 @ 60%)!! Test specs @ 1.0 for Test specs @ 1.0 for intfcintfc 11--33!! 17 Jan 17 Jan �� ETSI TISPAN#5 ETSI TISPAN#5 !! 7 Feb 7 Feb �� ETSI hosted IRAP test pilotETSI hosted IRAP test pilot!! 14 Feb 14 Feb �� IRAP at 3GSM in the Intel Connect CafIRAP at 3GSM in the Intel Connect Caféé

� 18 �



SummarySummarySummary!! Industry needs global WLAN interoperability specs & Industry needs global WLAN interoperability specs &

testing methodologiestesting methodologies!! IRAP program goals:IRAP program goals:

! Well-defined architectural blueprint for PWLANs, allows for migrationto safer, simpler authentication

! A standards-based set of interfaces to facilitate global roaming and interoperability

! A complete validation package

!! Enables future seamless IP service modelsEnables future seamless IP service models!! Start with 802.1X/WPA todayStart with 802.1X/WPA today

� 19 �



For more informationFor more informationFor more information!! Documentation and Information on Intel roaming programsDocumentation and Information on Intel roaming programs

!http://www.intel.com/technology/roaming! Direct link to Wireless LAN End to End Guidelines

http://www.intel.com/labs/roaming/download/WLAN_E2E_Guide.pdf

! For more information on Intel R&D http://www.intel.com/technology

!! Direct link to IRAP documentation and information Direct link to IRAP documentation and information !http://www.irap.nl

!! GSMA IR61 (GSMA IR61 (��InterOperatorInterOperator HandbookHandbook��))!http://www.gsmworld.com/documents/index.shtml

!! WiWi--Fi Alliance Fi Alliance ��WPA Deployment Guide for Public AccessWPA Deployment Guide for Public Access��!http://www.wi-fi.org/OpenSection/MediaResources.asp?TID=5

� 20 �



BackupBackupBackup

� 21 �



Mutual authentication using multiple

wireless devices

Home

EnterpriseWISP C

Operator A Operator BConsistent sign-on for different

wireless networks

Consolidated bill for wireless usage

Multi-credential support within & across

roaming alliances

Security consistent with Enterprise WLAN

policies

Achieving "Seamless Roaming"Achieving "Seamless Roaming"Achieving "Seamless Roaming"

� 22 �



Serve Your Customers Anywhere Serve Your Customers Anywhere Serve Your Customers Anywhere

Internet

Local Hotspot /

Access Network

Home Service Provider

Operator owned

Access Network Network Access Authorization

Access Network Association

� 23 �



The issue at handThe issue at handThe issue at hand!! Fragmentation in the PWLAN ecosystemFragmentation in the PWLAN ecosystem

! Rapid deployment of PWLAN hotspots and equipment! Variety of deployment strategies could result in

fragmented and incompatible implementations! Many choices exist within the standards

! Increases the cost and complexity of supporting global PWLAN roaming between operators

Need to enable safer, simpler, Need to enable safer, simpler, standardsstandards--based methods of network accessbased methods of network access

� 24 �



Universal IP Connectivity GoalsUniversal IP Connectivity GoalsUniversal IP Connectivity Goals!! Define common interoperable interfaces or Define common interoperable interfaces or

profiles between network entitiesprofiles between network entities!! Reduce fragmentation by early alignment with Reduce fragmentation by early alignment with

existing and emerging standardsexisting and emerging standards!! Facilitate operator / vendor adoption of the Facilitate operator / vendor adoption of the

interfacesinterfaces!! Better security and roaming enables more Better security and roaming enables more

advanced services advanced services !! Scope: AAA Scope: AAA interworkinginterworking for Universal IP for Universal IP

ConnectivityConnectivity

� 25 �



Architectural TenetsArchitectural TenetsArchitectural Tenets!! UsabilityUsability

! Common login process! Simplified client provisioning ! Seamless roaming experience

!! Security Security ! Mutual authentication to protect user & network

! Multiple client credential types, e.g. password, SIM, certificates! Secure tunnels for back-end authentication! Support VPN for remote enterprise access

!! Scalability / ExtensibilityScalability / Extensibility! Accommodate various wireless topologies! Ability to share infrastructure safely! Support advanced services efficiently! Common accounting data

� 26 �



Trust Model for WLANTrust Model for WLANTrust Model for WLAN

Mobile Client

Foreign WLAN

Home WLAN

� Foreign WLAN and Home WLAN trust each other to pay Mobile Client charges

� Foreign WLAN and Home WLAN trust each other to bill only for legitimate activity

?

√

� Mobile Client doesn�t trust Foreign WLAN to provide safe service

� Foreign WLAN doesn�t trust Mobile Client to pay its bill

� Mobile Client trusts Home WLAN to provide safe service

� Home WLAN trusts the Mobile Client to pay its bill

√

� 27 �



Trust Model: Cellular ≠ Wi-FiTrust Model: Cellular Trust Model: Cellular ≠≠ WiWi--FiFi

A rouge AP is transportable anywhereA rouge AP is transportable anywhereCellular base stations and towers occupy fixed Cellular base stations and towers occupy fixed locationslocations

The number of access point operators is legionThe number of access point operators is legionThere are only a small number of Cellular There are only a small number of Cellular operators worldoperators world--widewide

The IPR on computer hard drives is more The IPR on computer hard drives is more valuable than the WLAN communication itselfvaluable than the WLAN communication itself

Except for special cases, the only thing worth Except for special cases, the only thing worth stealing in a cellular network is service, and there stealing in a cellular network is service, and there are easier ways to accomplish this than are easier ways to accomplish this than cryptanalysiscryptanalysis

Session keys can be transported to (rogue) APs Session keys can be transported to (rogue) APs that are not auditablethat are not auditable

Session keys can only be used within the cellular Session keys can only be used within the cellular network itself, where their use can be auditednetwork itself, where their use can be audited

WiWi--Fi equipment is owned by a mix of carriers, Fi equipment is owned by a mix of carriers, hot spot providers, enterprises, and individuals in hot spot providers, enterprises, and individuals in sites with varying security levelssites with varying security levels

The cellular operator owns all the equipment, in The cellular operator owns all the equipment, in physically secure sitesphysically secure sites

You can deploy and operate a WiYou can deploy and operate a Wi--Fi access point Fi access point for < $100for < $100

Erecting and operating a cellular tower costs Erecting and operating a cellular tower costs significant $$$ssignificant $$$s

Anyone can legally deploy a WiAnyone can legally deploy a Wi--Fi access point Fi access point (unlicensed band)(unlicensed band)

You will be prosecuted if you operate an You will be prosecuted if you operate an unlicensed transmitter in a cellular bandunlicensed transmitter in a cellular band

� 28 �



802.1X Overview802.1X Overview802.1X Overview

� 29 �



Need for WLAN SecurityNeed for WLAN SecurityNeed for WLAN Security!! Expect enterprise users to drive most of the early Expect enterprise users to drive most of the early

revenues for public WLAN usagerevenues for public WLAN usage! Improved security solutions will impact deployment

decision for 90% of executives**!! User concernsUser concerns

! Authentication! Can user credentials be stolen?

! Data privacy! Can wireless traffic be decrypted?! Can data be intercepted?

! Network �goodness�! Are users connected to valid networks?

** Source: Jupiter Research, executive surveys, 2003

� 30 �



Public Access and VPNsPublic Access and Public Access and VPNsVPNs!! Ability to secure traffic with a VPN connection is Ability to secure traffic with a VPN connection is

��necessary but not sufficientnecessary but not sufficient��! VPNs do not secure the authentication process! Users may not want to connect back to the corporate

network! Users may still connect to the internet if the VPN server

happens to be unreachable

� 31 �



Interoperable InterfacesInteroperable InterfacesInteroperable Interfaces!! Interface definition: Interface definition: specification of a set of protocols and specification of a set of protocols and

associated behavior through which two components of a associated behavior through which two components of a network system interactnetwork system interact

!! WellWell--designed interfaces foster both interoperation and designed interfaces foster both interoperation and innovationinnovation! Interfaces should be designed with end-to-end system operation in

mind! Innovation occurs within components and subsystems

!! Interface requirementsInterface requirements! Standards-based! Concrete and testable for conformance verification! Coexistence with legacy solutions, provide migration path

� 32 �



Intel/IDA ProgramIntel/IDA ProgramIntel/IDA Program!! Intel and Singapore Intel and Singapore InfocomInfocom Development Authority Development Authority

hosting trials test bed hosting trials test bed !! Operators include Operators include

China MobileChina Mobile, , MobileOneMobileOne, , SingTelSingTel, , StarHubStarHub and and PCCWPCCW

!! Validation test bed Validation test bed vendors include vendors include CISCOCISCO, , Dan NetDan Net, , iPASSiPASS, , MicrosoftMicrosoft, , Funk SoftwareFunk Software, , TransatTransat, , GemtekGemtek SystemsSystems, , HuaweiHuawei TechnologiesTechnologies, , RadiatorRadiator and and ANTLabsANTLabs. .

Intel Quickens Race To Expand Range Of Wireless World

... the chip maker said five Asian telecommunications companies were joining its collaboration ... China Mobile Ltd. in China; MobileOne Ltd., Singapore Telecommunications Ltd.and StarHub Pte. Ltd. in Singapore; and PCCW Ltd. in Hong Kong.

The Asian Wall Street Journal,16 September 2003

* Other names and brands may be claimed as the property of others.

� 33 �



Intel Contributions: Roaming SpecificationsIntel Contributions: Intel Contributions: Roaming SpecificationsRoaming Specifications

!! Industry standards workIndustry standards work! IEEE � .11e chair, .11i editor, 802.21 editor, �! IETF � AAA, EAP! 3GPP � SA2, SA3, CN4 ! 3GPP2 � WLAN Interworking! ETSI � TISPAN

!! Industry Forum workIndustry Forum work! GSMA � WLAN Task Group, e-Commerce, �! WiFi Alliance � board member, Ease of Use chair,

Public Access editor, etc.

� 34 �



DeploymentDeploymentDeployment!! Completed Trials in SingaporeCompleted Trials in Singapore!! Industry influenceIndustry influence

! Wi-Fi Alliance, 3GPP, 3GPP2, IETF RADEXT and GEOPriv WGs, GSMA IREG, ETSI TISPAN

!! IRAP SupportersIRAP Supporters

SingTelRoamPointMicrosoft

iCELL NetworkHuaWeiCisco

T-SystemsThe CloudTelus Mobility

TeliaSoneraTelia HomeRunSwissCom Ltd

MACH DanNetiPassIntel

CETECOMBoingo WirelessAntLabs

international roaming access protocols (irap) framework

Documents