3G & WLAN Dual Network Integration
and Proposed Applications
邱文裕
Chiou Wen-Yuh
Senior Engineer
Chunghwa Telecom
Mobile Business Group
07/Apr/2005
Forward
•
•
•
•
•
The NICI (National Information Communications Initiative) has established
the “iB3G Dual Band Integration Office” to promote and move forward the
integration of both platform infrastructure and applications between Cellular
and WLAN.
The “M-Taiwan” project goals are to provide a dual band wireless roaming
environment by bringing together all aspects of broadband, dual band
integration and wireless networking, in hopes to stimulate the growth and
innovation revolving around this platform to incubate many new
industries/products for the communications industry.
Mobile operators including CHT, FET and TCC are in the process of rolling
out the 3G network. Very soon, new mobile services on 384Kbps wireless
bandwidths will be available to local subs.
The meaning of dual band integration is to select the right solutions from the
two modes based on technology, bandwidth resources, security, end
devices, costs and application support to provide an acceptable quality of
services for end users to access high speed mobile services.
This report will go through integration issues between Wi-Fi&3G,advanteges
of the integration, also, we will discuss upon the proposed applications of
the dual-band network.
The Definition of Dual Band Services
• A single terminal device to access WLAN and mobile
network
• Realization of the “virtual office”
– At least 128Kbps (or higher) of wireless bandwidth
– Direct access to Internet/Intranet services without security issues.
• Seamless access and handover to both networks
transparent to the user
• Seamless International and local roaming capabilities
• Seamless integrated single billing policies
– WLAN (indoor /low, Hotspot /low)+3G(outdoor/high) ?
• New Services and new deployments of making Wireless
“broadband” and making Broadband “wireless”
– Video Conferencing
The Definition of Dual Band Integration
• Create a mobile device which is reasonable in both
dimensions and weight that accesses both WLAN and
mobile networks.
– Wireless, mobile and small form factor
– Single devices that accesses both voice and data services
• A wireless broadband and highly secure seamless
network
– 128K full mobility network. Speeds should be adequate for video applications
– Seamless roaming between two networks
– Secure enough for commerce applications (SIM CARD based)
• Payment methods and fees which are acceptable by
both the subscriber and network provider.
– Single billing integration
– Integrated fees (Indoor WLAN/Outdoor 2.5G/3G usage fee integration)
– User paid services and billing mechanisms to sustain content services and
overall industry.
How two networks complement each other
• Mobile network characteristics in a dual mode network
–
–
–
–
–
High portability and range (2km)
Outdoor 384Kbps
High access fees
Mobile Internet
Highly secure OTA authentication and billing
• WLAN characteristics in a dual mode network
–
–
–
–
–
Low portability and range (100m)
Indoor 3Mbps speed
Low access fees
Unsecured OTA access
Utilizes pre-paid points by credit card or scratch cards for billing
WLAN Interworking Drivers
•
Access network support for fixed
mobile convergence of packet
switched services
•
Users will require access to operator
services from any location over any
access network
•
Users will have multiple terminals
and multi-mode terminals
•
People are getting mobile, expecting
services to also be mobile
•
Emerging access types require
higher bandwidth for services
CDMA/UMTS vs. WLAN Pico / Indoor Cells
• For CDMA/UMTS, there are engineering solutions for each of the
mentioned challenges, however, it takes very experienced
engineers to deploy these indoor solutions
• For WLAN pico-/ indoor cells, the situation is very different
– WLAN uses different frequency spectra from cellular or PCS, so there
is no interference between indoor WLAN with outdoor cellular / PCS
– The multi-mode NIC will always choose WLAN over cellular/PCS if
WLAN signal can be detected. This guarantees micro/pico/indoor
high-speed users using WLAN and release micro/pico/indoor traffic
load from the outdoor cellular/PCS system
– WLAN coverage is very limited, that means less signal will be spilled
over to neighboring cells and less interference between neighboring
WLAN cells.
– WLAN indoor cell deployment is much easier, less experienced
people can do it. Most of time one only needs to provide coverage in
a certain area.
• Increasing challenge for larger area deployment. In this case some frequency
planning will improve capacity
Key factor to integrate WLAN/3G
- To Simplified Network Selection
WAN (1000M)
• Drive simple connectivity
Carrier A
LAN (100M)
PAN (10M)
802.11
Desktop
Wired
Carrier B
• Enable single billing &
authentication & secure
communication
Access Point
CellModem
3GPP scenario 2; GSMA IR61; IRAP
BT*
Enterprise
• Enable seamless roaming
Hot Spots
Carrier C
Notebook Connectivity As Easy As Voice
Calling
Wi-Fi Security Issues
Wi-Fi security issues and
authentication standards
• Under normal conditions, if a user is within range of a
WiFi AP, the user can obtain an IP via DHCP and intrude
into the network.
– WEP (Wired Equivalent Privacy) key，is a single static
encryption key and can be broken within seconds.
• Due to the demand of higher security, 802.1x was
developed
– 802.1x defined as:
• Server side authentication
• EAP (Extensible Authentication Protocol) Dynamic WEP key
for authentication
• WPA( Wi-Fi Protected Access)
– WPA is part of the 802.11i standards. 802.11i includes encryption
protocols such as TKIP, AES, etc.
WPA as a total secure solution
• User Authentication
– 802.1x + EAP
• Data encryption protocols
– Temporal Key Integrity Protocol (TKIP)
– 802.1x Dynamic WEP keys
– Message integrity check (MIC)
• WPA=802.1x + EAP +TKIP + MIC
• SOHO uses Pre-Shared Key authentication
methods (no need for server side authentication)
3GPP Dual-Mode Integration
3GPP Standards
• 3GPP Standards Process on 3GPP-WLAN Interworking
– 2000. 06: A new feature “FS on WLAN-UMTS Interworking” was
proposed and supported by Telenor, Ericsson, Telia, Nokia,
Sonera, Voicestream, Nortel, Alcatel, Toshiba, Cisco, Vodafone
– Two work items for Feasibility study on WLAN-UMTS
Interworking work in progress
• 3GPP SA1(service requirements)
• 3GPP SA2(Interworking architectures)
• WLAN-UMTS Interworking is a Feature of 3GPP
Release 6
• Related Specifications
– 3GPP TR 22.934 V6.2.0 (2003-09): " Feasibility study on 3GPP
system to Wireless Local Area Network (WLAN) interworking”
– 3GPP TS 23.234 V2.4.0 (2004-01) : “3GPP system to Wireless
Local Area Network (WLAN) Interworking; System Description”
– 3GPP TR 23.934 V1.0.0 (2002-08) : "3GPP system to Wireless
Local Area Network (WLAN) Interworking; Functional and
architectural definition
– 3GPP TS 33.234 V1.0.1 (2004-02) : “Wireless Local Area
Network (WLAN) Interworking Security”
3GPP WLAN-3G interworking (six phases)
•
•
•
•
•
•
Scenario 1 – Common Billing and Customer Care
– Integrated single billing and customer services
– 3G and WLAN security mechanisms can be independent of each other
Scenario 2 – 3G system based Access Control and Charging
– WLAN (AAA) handled by 3G standards backend
Scenario 3 – Access to 3G system PS based services
– Subscribers can access 3G packet services ( PS services) via WLAN
Scenario 4 – Service Continuity
– PS services roaming between WLAN & 3G will remain connected
(handover)
– When a change in network occurs, the user might experience a data
stream loss
Scenario 5 – Seamless Service
– Roaming from different networks handles transparent handover
– The handover is seamless, no interruption of data stream or service to
the user
Scenario 6 – Access to 3G CS Services
– Access to 3G Circuit Switched (CS) services via WLAN
– Seamless handover of CS services across hybrid networks
Scenario 2
Scenario 2 is an access authentication method, where the access is of type 802.1x
EAP-SIM
authentication
WLAN-AN
802.1x
UE EAPOL
NAS Client
•
AAA-proxy
AAA-Server
EAP over
Diameter/Radius –
Wa/Wd
interface
Authentication is “outsourced” from WLAN-AN to PLMN via AAA infra
– 3GPP defined the Wa/Wd interface from NAS client to AAA-Server
Scenario 3
•
•
•
Scenario 3 is a means of connecting to the packet core to make use of packet core services
IP enabled mobile sets up an IPSec tunnel using IKE_v2 to the PDG.
– Need to establish user credentials => authentication/authorization needed => SIM/AKA
auth.
– Path from user to PDG may be over untrusted networks => IPSec tunnel in the user
plane
PDG is the gateway to the (Gi/Wi) services
IPSec
UE
EAP-SIM over IKE_v2
PDG
EAP-SIM over
Diameter
AAA-Server
Services
•
WLAN Access Network
WLAN Ww
UE
Wg
WAG
Wd
Wn
W
Packet Data
Gateway
m
SLF
HSS
HLR
f
Wu
3GPP AAA
Server
Dw
Wx
W
•
Wa
Offline
Charging
System
'
Gr
•
3GPP AAA Wf
Proxy
Wo
•
3GPP Visited Network
Wp
•
Intranet / Internet
Wy
OCS
Wz
Wi
•
EAP-AKA authentication
New well defined AAA
entities (AAA Server and
Proxy)
Packet Data Gateway
role and description
Wireless Access
Gateway role and
description
DNS usage, 802.1X
migration guidelines and
AN requirements in
WLAN AN deployments
W-APN resolution and
end-2-end IKEv2 IPSec
VPN tunnel use
scenarios & profiles for
PS data services
RADIUS-Diameter
translation issues on Wa
& Wd interfaces
General migration and
alignment towards 3GPP
WLAN 3GPP IP Access
•
•
/
D'
Association
New topics to be added to IR.61 roaming
guidelines from 3GPP Rel-6 I-WLAN
3GPP Home Network
Offline
Charging
System
n
3GPP Evolution Vision
Services
FW
MIPv4 HA
Gi/Wi
IPsec GW
(3GPP PDG)
GGSN
IP subnet
IP subnet
WLAN AP
GPRS
WLAN
WLAN AP
WLAN AP
WLAN
Multi-access
mobile device
Multi-access
mobile device
WLAN
MIPv4 signaling
user-plane traffic
IPsec protected traffic
Multi-access
mobile device
mobility signalling
EAP-SIM Dual-mode sign on process
• Sign-on process
– Utilize the SIM card as authentication token. No need for NAI and
password
• Needs GSM/WLAN Dual mode network card or device
• Allows WLAN to utilize existing GSM authentication
infrastructure
• Mutual authentication of the Mobile Terminal and the
Network(HLR)
• Basic IMSI privacy protection
• An optimized re-authentication procedure
The advantages of
EAP-SIM dual mode integration
One bill and single authentication
SIM PIN authentication. Unique SIM card is safe and reliable.
WLAN and mobile billing is integrated as one
International/Network roaming uses existing GSM
roaming mechanisms. Mature and established.
Multi-vendor systems based on EAP-SIM and
802.1x/WPA
GSM/WPA Over The Air encryption. Resolving WiFi
security concerns.
 Works for dual band handsets
iBake-off EAP-SIM based network
architecture
CHT mobile network and emome
1M band-width
for Internet /mobile
Internet access
Cellular Network
HLR
CGW
Packet based
services
3GPP AAA
Server
802.1X AP
SIM
WLAN/Cellular
Dual Mode UE
Internet
WISP
(數分)
Printer
Apple
Music Store
Fax
WISP
International Conventional Center
Key functions of integrated network
• WLAN Interworking will enable mobile operators
to deliver PS services over any access
• committed to developing 3GPP WLAN
Interworking compliant solutions
– Scenario 2 for for 3GPP based access control and
charging
– Scenario 3 for access to PS based services
– Scenario 4 for service continuity
Current Status of IR.61
• IR.61 describes & defines best practices and roaming
guidelines for RADIUS based WLAN roaming..
– Web based login using username/password authentication or
one-time passwords
– 802.1X based login using EAP-SIM authentication
– Interoperator RADIUS profiles for both web based and EAPSIM based WLAN roaming -> authentication and accounting
• Migration & co-existence guidance for pre-802.1X and
802.1X WLAN AN deployments
Visited Network
Authentication
Authorization
Accounting
Open Interface
Copyright GSM Association
Open Interface
Home Network
WLAN /
Home PLMN
Proposed Applications
Revenue drivers
WLAN Interworking will increase data services as well as
mobile multi-media usage.
• Business data services
– Corporate application connectivity/hosting
– Adopted to all terminal types and any access type
• Mobile content services
– Personalization, entertainment, streaming and
multimedia
– Adopted to all terminal types and any access type
• IP communication services
– IMS, RTVS, PoC, content sharing, instant messaging
– Adopted to terminal terminals and any access type
Marketing strategy
• WLAN is “another bearer” for mobile services,
Multi-bearer offering provides a ubiquitous
mobile data service
– Enterprise case
• Managed VPN for enterprises private applications
• Bundling package, building credibility in business market,
substantially halving customer churn in core cellular business
– At the beginning stage, most of the dual-band customers will be
business people, then consumers and younger generations
• Becoming a teen-age status symbol to have a WLAN
subscription and a laptop
Daul-mode integration to create
wireless’’ sweet-spots’’
SAT
ubiquitous
GPRS
vast
CDMA
1xRTT
EDGE
Soft
Cert.
WiMax
3G
Extended
spotty
WiFi
Dial-up
ISDN
spotty
WiFi
ADSL
Ethernet
512k
>2M
local
10k
Copyright GSM Association
56k
128k
Services VS. Bandwidth
GPRS
3G/WLAN
Remote LAN
Various applications via dual-band wireless access
Voice & music
1.Remote surveillance
2.Remote education &
Medication
1.FTP
2.Email
Internet Application:
1.Web browsering
2.Email
3.On-line game
4.E-commerce
Video
conference
Intranet
Internet
Server
Server
Enterprise
ISP & ICP
Mobile Internet Access
GPRS
無線通訊協定閘道
(WAP Gateway)
GPRS handset subs
• SIM-based authentication and
billing
• 4 Mbps transmission speed
• High service quality ,support
high quality of multimedia
services
AAA
Server
SIM-based
AAA
網際網路
代理伺服器
(HTTP Proxy)
WLAN
Dual-mode handset subs
加入網際網路代
理伺服器就可以
使用
服務
GPRS/3G contentr
Enterprise Internet/Intranet access
Outdoor
HotSpot
Or other
AP
Wireless+GPRS
ADSL
AP
ERX (LAC)
ADSL
Indoor
基本型(PPPoE)
GPRS
Modem
加強型(PPPoE+IPsec)
HiNet
ERX (LNS w/IPSec)
Internet
CHT-D
CHT-M/GPRS
SGSN
FW/VPN
Gn
GI
GGSN
(台北)
Indoor+HiBox認證
Enterprise
VPN
E1專
線
emome手機網
Corp.
intranet
Radius/DHCP
Outdoor
GPRS+PC Base Internet Browser GPRS+Cell Phone Browser
Corp A Handset
AP
Server
DNS
Conclusions
• WLAN Interworking will increase data services as well as
mobile multi-media usage.
• EAP-SIM methodology can solve WLAN security and
provide roaming scheme for inter-network across country
• Following 3GPP revolution and GSMA IR.61
standardization, WLAN has no boundary limitation and
makes contribution to wireless broadband data service
• Enterprise Internet/Intranet access via notebook/PDA
with Wi-Fi whenever at work or at play as the
fundamental application.
• Dual-band wireless access basic services are main on
E-mail, IMS and VoIP. Consequent applications and
digital contents development depends on collaboration of
all walks of life.
Thank You!
Chiou Wen-Yuh
Senior Engineer
Mobile Business Group
Chunghwa Telecom(TAIWAN)
e-mail: chiouwy@cht.com.tw
Tel:
+886 23316-6205
Mobile: + 886 937400416