Seite Drucken

OpenEPC AAA for non-3GPP accesses

OpenEPC Rel. 3 sustains the authentication and the authorization of the subscribers for both the trusted and non-trusted non-3GPP access networks. It enables the showcasing of full connectivity establishment procedures according to the non-3GPP accesses integration specification. The non-3GPP AAA functionality relies on the OpenEPC AAA Server, which is able to communicate via DIAMETER with the HSS and with access and data path specific entities.

web-epc-AAA-non3gpp

OpenEPC enables the following authentication mechanisms:

  • Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement(EAP-AKA) defined in RFC 4187

  • Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA') RFC 5448

    The Mobility Enabler running on the Client is configured to use the wpa_supplicant tool in order to authenticate at Layer2 to the OpenEPC core components. Based on the options entered by the user at installation step the Client can use either EAP-AKA or EAP-AKA' authentication protocol methods.

For the AAA procedures of the subscribers over the different non-3GPP accesses, the OpenEPC AAA Server uses the following interfaces:

  • SWx - the interface enables the AAA Server to retrieve subscription profile information, the current AAA server of the UE (if the case) and keying material related to the supported authentication protocol methods

  • S6b - the interface which enables the PDN GW to retrieve information on the connectivity status of the UE. Additionally, it enables the notification of the HSS on the dynamic connectivity parameters of the UE such as the allocated IP address

  • STa and SWa - interfaces enable the specific access network gateways for trusted and untrusted non-3GPP accesses (ePDG) transporting the information for the authentication and authorization between the access networks and the HSS

  • SWm reference point will be implemented upon a firm customer requirement.

OpenEPC includes also a Radius Server which enables the communication with commercial available access points capable only of Radius authentication. The OpenEPC Radius Server enable the exchange of EAP-AKA and EAP-AKA' authentication information with the access point which will be further translated using the STa reference point into DIAMETER messages for the AAA Server. The Radius Server is implemented using a modified version of HostAPd.

Limitations:

  • Integration of IKEv2 authentication procedures

  • Integration of IPsec tunnel support for untrusted non-3GPP accesses


  back     top  

Sitemap
Data Protection
Publishing Notes
Linking Policy