[ieee 2007 ieee globecom workshops - washington, dc, usa (2007.11.26-2007.11.30)] 2007 ieee globecom...

Download [IEEE 2007 IEEE Globecom Workshops - Washington, DC, USA (2007.11.26-2007.11.30)] 2007 IEEE Globecom Workshops - UMTS-AKA and EAP-AKA Inter-working for Fast Handovers in All-IP Networks

Post on 06-Mar-2017




1 download

Embed Size (px)


  • UMTS-AKA and EAP-AKA Inter-working for Fast Handovers in All-IP Networks

    M.S Bargh, R.J. Hulsebosch and E.H. Eertink Telematica Instituut

    Enschede, The Netherlands

    J. Laganier, A. Zugenmaier and A.R. Prasad DoCoMo Communications Labs Europe GmbH

    Munich, Germany

    Abstract3GPP Service Architecture Evolution (SAE) / Long Term Evolution (LTE) activity sets the requirement of provisioning secure and seamless handover. In handover, however, key management (i.e., key derivation and key transfer) and mutual authentication form a significant source of latency. Together with the seamlessness requirement 3GPP also requires the reuse of Universal Subscriber Identity Module (USIM) and the existing authentication and key management procedure or Authentication and Key Agreement (AKA).

    In this paper we consider UMTS-AKA and Extensible Authentication Protocol-AKA (EAP-AKA) as the two USIM-based authentication and key management protocols. We propose an architecture that can be used in SAE/LTE for efficient inter-working between UMTS-AKA and EAP-AKA during handover. Efficient inter-working here translates to avoiding signaling with the home domain during handover. Our focus is on the top-level key management aspect and we do not address derivation of child keys. Our solution speeds up handover signaling by one Round Trip Time (RTT) to the home domain. We investigate also the relevance of key hierarchy solutions proposed in IETF for speeding up re-authentications.

    Keywords- key management, seamless handovers, security, wireless networks, IP.

    I. INTRODUCTION Generation Partnership Project (3GPP) standardization

    body is developing specifications for next generation mobile communication systems under its System Architecture Evolution (SAE) / Long Term Evolution (LTE) activity [1]. The SAE/LTE architecture aims at integrating multiple wireless network technologies to deliver secure services to users. A key requirement for such integration of wireless network technologies is to support seamless handovers between these technologies without adversely affecting the security. During a handover it is desired by the user to continue receiving the service seamlessly. This requires the overall handover latency to be contained within 50ms [2] and TR25.932-[1]. Unfortunately, the vast majority of the handovers do not currently meet this goal due to the latencies associated with, for example, signaling, authentication, and reconfiguration overhead [3].

    The delay associated with the process of mutual authentication of mobile-devices and network and with key management, i.e., keying material establishment and distribution contributes significantly to the total handover

    latency when switching between wireless network technologies and domains. The process enables mutual authentication of the mobile device and target network, handover authorization, as well as keying material establishment and distribution. The keying material is then used to secure subsequent communications.

    There are many protocols for realizing the process of network authentication and key distribution, which are often specific to the wireless network technology. It is required for SAE/LTE to have a security level at least the same as that of Universal Mobile Telecommunications System (UMTS) and it is required to base the security protocols on Universal Subscriber Identity Module (USIM) TR23.882-[1]. There are two main USIM based protocols for authentication and key management, namely: UMTS Authentication and Key Agreement (AKA), specified in TS33.102-[1], and Extensible Authentication Protocol (EAP) AKA (EAP-AKA, specified in RFC4187-[4]). UMTS-AKA is the protocol adopted by 3GPP for UMTS and is seriously considered for LTE [12]. EAP-AKA, which uses the AKA protocol of UMTS as the authentication method on top of the generic EAP framework, can be used for accessing a vast variety of wireless networks like Wi-Fi (IEEE 802.11) and WiMAX (IEEE 802.16). Having a fast EAP-AKA requires using an efficient handover key management solution. Such a solution is being specified in the Internet Engineering Task Force (IETF) Handover Keying (HOKEY) Working Group (WG) [4]. HOKEY intends to make home server authentication obsolete by defining a key hierarchy in visited domains.

    In this contribution we aim at accelerating the mutual authentication and key management process for handovers between two environments that are based on UMTS-AKA and EAP-AKA. Example handover scenarios include handover from Wi-Fi to UMTS and vice versa. Our objective is to eliminate signaling to the home domain when a User Equipment (UE) roams between UMTS-AKA and EAP-AKA environments in a foreign domain. Moreover, in case of EAP-AKA, we aim at reducing the number of referrals to the EAP-server that executes the full AKA method. The latter objective requires integrating AKA-based solutions with HOKEY solutions. We identify two possible solutions and indicate their impacts on the SAE/LTE architecture.

    The rest of this paper is organized as follows. Section II presents an overview of SAE/LTE and its requirements on secure handover. Section III gives an overview of the relevant

  • protocols for network access authentication. Section IV proposes solutions for inter-working between the existing solutions and their impacts on the SAE/LTE architecture. Finally, Section V draws some conclusions and outlines future directions.

    II. SAE/LTE SYSTEM OVERVIEW 3GPP is developing the specifications of next generation

    wireless networks within its SAE/LTE activities. An overview of SAE/LTE is given in this section, for detail see [6-19].

    A. Scope LTE specifies the Evolved UMTS Terrestrial Radio Access

    (E-UTRA) and Evolved UMTS Terrestrial Radio Access Network (E-UTRAN). It is expected that in LTE there will be support for (1) shared networks during mobility and initial access, (2) various cell sizes and planned or ad-hoc deployments, and (3) efficient mobility with an intra-LTE handover interruption time of 30ms [6]. LTE will provide data rates up to 100 Mbps with end-to-end Quality of Service (QoS) support to ensure that the Voice over IP (VoIP) latency is no more than that of the voice traffic over Circuit Switched (CS) UMTS.

    The SAE activity focuses on enhancing the 3GPP core network to cope with the growth in IP traffic. The enhancement includes reduced latency, higher data rates, improved capacity and coverage, and reduced cost for the operator. From the 3GPP core network based services will be provided through various access technologies together with mechanisms to support seamless mobility between them [18].

    B. Architecture In the LTE architecture, the enhanced NodeBs (eNBs) are

    interconnected by X2 interfaces and to the Evolved Packet Core (EPC), i.e., the SAE architecture, by the S1 interface [6]. The EPC includes the Mobility Management Entity (MME) and User Plane Entity (UPE), see Figure 1.

    eNB eNB









    Figure 1. LTE architecture.

    The LTE architecture differentiates between User plane (U-plane) and Control plane (C-plane). The eNB hosts the radio resource management unit that includes the connection mobility control.

    The SAE architecture for non-roaming case is given in Figure 2. The MME in Figure 2 provides Non Access Stratum (NAS) signaling, NAS security, and inter core-network-node

    signaling for mobility between 3GPP access networks, etc. The Serving Gateway (or UPE) is the interface towards E-UTRAN with the function of the Local Mobility Anchor (LMA) point for inter-eNB handover, mobility anchoring for inter-3GPP mobility, packet routing and forwarding, etc. The functions of the Public Data Network (PDN) Gateway include amongst others policy enforcement, per-user packet filtering, charging support, and IP-address allocation. 3GPP decided to proceed with two specifications for SAE; one that is based on the existing mobility management protocol for packet communications, i.e., the GPRS Tunneling Protocol (GTP) [14], and the other based on IETF protocols [15]. SAE architectural principles are described in [8] and [19].


    Non-3GPP IP Access or 3GPP Access








    Serving Gateway


    3GPP AAA Server

    Operators IP Services

    (e.g. IMS, PSS etc.)



    Untrusted Non-3GPP IP


    Trusted Non-3GPP IP




    Non-3GPP Networks




    2G/3G SGSN



    S5 S6c



    PDN Gateway

    MME S11




    * Untrusted non-3GPP access requires ePDG in the data

    Figure 2. Non-roaming architecture for SAE.

    C. Security and Seamless Handovers in SAE/LTE In terms of security [12-13], NAS signaling requires

    confidentiality and integrity protection. U-plane must be confidentiality protected (between UE and eNB), while the necessity of integrity protection is still under study. For Access Stratum (AS) signaling: Medium Access Control (MAC) security and requirement for confidentiality protection of Radio Resource Control (RRC) signaling are yet to be studied, while integrity protection of RRC is required.

    SAE will support mobility between heterogeneous wireless networks with service continuity in Packet Switched (PS) domains while maintaining the same capabilities of access control (i.e., authentication and authorization), privacy, and charging between different technologies [6-8]. A few principles regarding security and mobility in SAE are:

    Subscriber security procedures in SAE/LTE shal


View more >