4G Cellular/WLAN Interworking Mr. S. Velentzas Motorola Ltd. (UK), NSAM, SETA, ATKE Thamesdown Drive, Groundwell, Swindon, Wiltshire, SN25 XY, UK tel: +44-(0)1793-565364, e-mail:
[email protected]
Dr. T. Dagiuklas University of Aegean Information and Communication Systems Engineering Karlovassi 83200, Samos Greece tel: +30-22730-82259, email:
[email protected]
Abstract This tutorial presents the principles and technical issues relevant to 4G Cellular/WLAN Interworking at mobile communications, concentrating on UMTS and 802.11. The main motivation regarding this interworking, stems from the fact that these technologies are complementary rather than competitive. It addresses four interworking scenarios between 3G and WLAN networks. The proposed scenarios are namely: open-coupling, loose-coupling, tight-coupling and very-tight coupling. A qualitative analysis among the different scenarios is presented. It also presents the extended functionality of the needed entities in the cellular and WAN architecture for facilitating the authentication mechanism of a cellular user roaming in a WLAN hot spot. Details are presented in a loose-coupling model by utilizing an enhanced HLR and SIM-Access Gateway. An introduction on EAP-SIM authentication, requirements for an authentication translator and an enhanced HLR that accommodates both WLAN as well as cellular user profiles are described. Enhancements made to an HLR emulator to support WLAN user authentication and authorization mechanisms further to 3GPP release features are also presented.
Indexing Terms: All-IP Network Architectures, 3G and WLAN Interworking, 4G, Seamless Mobility, SIM based Authentication 1 Introduction Not too long ago, communications meant voice and mobility meant cellular. But today we see that subscribers are increasingly relying upon diverse communications solutions for a complex array of voice, data, and multi-media needs, many of which are being addressed by Internet/Intranet connected networks, e.g. at offices, homes, shopping areas, transport facilities, and the like. As these forces converge, the demand for new services, increasing bandwidth and ubiquitous connectivity continuously grows. The next-generation mobile systems will be based solely, (or in a large extent), on IP protocol [1]. The objective is to offer seamless multimedia services to users who access an all-IP infrastructure via a variety of heterogeneous access technologies, meeting the demands of both enterprise and public environments anywhere and anytime. A key role of IP in nextgeneration mobile systems will be the efficient and cost-effective interworking between overlay networks for the seamless provisioning of current and future applications and services. IP is assumed to act as an adhesive to provide global connectivity, mobility among networks, and a common platform for service provisioning across different types of access networks [2].
T07/1
Motorola, ATKE
Total Pages: 13
Moreover, the mobile communication environment is changing. The cellular community has a unique opportunity to leverage their current strengths to turn threat into opportunity by using the seamless mobility solution paradigm: • A family of handsets that will operate simultaneously in both cellular and WLAN networks and allow vertical hand-offs between the two environments (seamless mobility). •
Intelligent gateways that will interface between the cellular and the WLAN systems to hand off connections and enable the consolidated mobility tracking, authentication, subscriber administration and accounting services.
What is missing is any overlaying strategy for integration of these disparate solutions into what, from the customers’ perspective, appears as a single fabric. The core components for this integration strategy include cross network and service solutions for mobility, authentication, subscriber administration and consolidated accounting and billing. These are all elements which today’s cellular world does better than anybody, but only for themselves. The opportunity for the cellular community is to broaden its focus and associations by extending these core services to enterprise networks, ISPs, public access hot spots, such as airports and shopping malls, and to private hot spots, such as home networks. This paper focuses on different scenarios regarding the 3G and WLAN interworking. Section 2 outlines the benefits of convergence towards an All-IP network. Section 3 presents the main drivers and barriers for 3G and WLAN technologies and makes a comparison of their characteristics. Section 4 contains the main motivation for this interworking and analyses the different proposed interworking scenarios. In Section 5 three different business models are discussed. Conclusions are given in section 6.
2
CONVERGENCE AND ALL-IP NETWORK ARCHITECTURES
The major benefits that drive towards an all-IP based core network, are the following [3]: •
Cost saving on ownership and management: network operators need to own and manage one single network, instead of multiple.
•
Cost saving on transport e.g. the cost to provide IP transport is lower.
•
Future proof: it can be claimed that the future of backbone network, both for voice and data, is IP based. An IP-based network allows smooth interworking with an IP backbone and efficient usage of network resources.
•
Smooth integration of heterogeneous wireless access technologies
•
The IP Multimedia domain can support different access technologies and greatly assist towards fix/mobile convergence.
•
Capacity increase: the capacity enhancement of IP based transport network is quicker and cheaper. The same is also true to service capacity, thanks to the distributed nature of the service architecture.
•
Rich services: the benefits of VoIP are available for improved and new services e.g. voice/multimedia calls can be integrated with other services, providing a powerful and flexible platform for service creation. Enable peer-to-peer networking and service model.
•
T07/2
Motorola, ATKE
3
Total Pages: 13
3G versus WLANs
3.1 Technologies 3G will offer data speeds ranging from 384 Kbps up to 2 Mbps on the frequencies 1885-2025 MHz and 2110-2200 MHz. The 3G Core Network supports both circuit-switched and packetswitched services. Spectral efficiency in 3G is about three – to four times higher than GPRS, but one issue for consideration is the 3G deployment [4]. Currently, GSM infrastructure has been deployed over 150 countries worldwide. At its early stage, 3G coverage will inferior to GSM/GPRS in cities. On the other hand, WLAN is a relative cheap technology. Today’s WLAN technology is based mainly around IEEE standards. These standards are collectively referred to as “the 802.11 family”. The vast majority of WLANs that have been deployed today are based on IEEE 802.11b standard supporting data rates up 11 Mbps. It is expected that this technology will be replaced by his successors. As an example, IEEE 802.11a,g that support data rates up to 54 Mbps. WLAN technology is being used more and more in homes, offices and indoor public areas. Mobile service providers are exploring opportunities to extend their service portfolios by providing limited, indoor WLAN public access (hotspot areas). The same basic configuration, that is a laptop computer with a WLAN adapter, can be used to gain access in indoor public and private environments. End-users can thus access their office environments without any noticeable change in network performance [5]. Figure 1 illustrates the main drivers and barriers for WLANs and 3G technologies, as already have been identified and addressed by the UMTS Forum [6]. Wireless LAN Dri ve rs
Ba rri er s
UMTS 3G
Low price for access technology and terminal equipment Expected low price of use for public access Technology is available and performance visible Simple configuration
Area -wide coverage “Convenience ” (no gap in media) Roaming Suitable for mass market (only mobile phone required)
Security Restricted freedom of movement Problematic installation on devices, login problems Niche solution (business users)
Expected high prices – no cost control Technology still not available (time of availability still unknown), performance not yet proven Lack of availability vis -a-vis terminal equipment Limitation due to mobility of the devices (display, input)
Figure 1: Drivers and Barriers for WLANs and 3G
3.2 Comparison Figure 2 makes a comparison between the two technologies in terms of network equipment, license cost, CAPEX (Capital Expenditure), Coverage and Speed. This table highlights that the two technologies can be considered complementary rather than competitive.
T07/3
Motorola, ATKE
Total Pages: 13
Technology
WLAN
Network Equipment
IEEE 802.11b already widely deployed. Forthcoming IEEE 802.11a and IEEE 802.11 x with higher bandwidth
End user equipment
License cost
CAPEX
Coverage Speed
3G
Rolling out of WCDMA networks in Europe and Asia has been slown down with many commercial launches delayed to 2004 80211.b infrastructure already available. 3G infrastructure is at entry/testing level. WCDMA end user devices available commercially in Japan. Operator access to unlicensed WLANs Licenses are paid through license auctions or awarded after national ‘beauty contests’ 3500 Euro: 42% for the WLAN APs 100,000 Euro : 20% equipment, 80% and 58% for E1/DSL Lines construction/installation (ASSUMPTIONS (ASSUMPTIONS 18 MHz spectrum, capacity 5.5 Mbits) 15MHz spectrum, total capacity 4,5 50-100 times less expensive than Mbits, 45 users) WLANs Limited to local areas Citywide to nationwide, but indoor coverage suffers 11 Mbps to 54 Mbps
384 Kbps to 2 Mbps
Figure 2: Comparison between 3G and WLANs It is expected that 3G will benefit over WLAN in terms of mobility and connectivity. On the other hand, WLAN benefits over 3G in terms of throughput. Therefore, it is obvious that if the advantages of both technologies are combined, we will have a very powerful network covering the needs of the most demanding users. WLAN is currently considered as a complementary service offering for mobile operators. Operator’s WLAN solutions may vary but all of them combine the wide-area benefits of second- and third-generation mobile systems, including unlimited roaming and mobility, with additional throughput and capacity in indoor hotspots via WLAN technologies. This combined architecture enables broadband mobile public access to the Internet and to corporate intranets with relatively small additional investment.
4 3G and WLANs Interworking 4.1 Motivation The main motivation for mobile operators to get involved in the WLAN business is the following: •
Public WLANs provide the opportunity to mobile operators to increase their revenues significantly from mobile data traffic
•
WLANs can be considered as an environment for testing new applications at initial stage
•
High-demand data traffic from hotspot areas can be diverted from 3G to WLAN relieving potential network congestion.
•
Location-based services in hotspot areas could be based on WLAN technology rather than using more-complex GPS-like systems
On the other hand, a shift from WLAN to 3G could take place due to the following reasons: • Poor coverage: users may be able to use WLAN services at the airport of departure, but not at the airport of arrival, or at the hotel • Lack of brand recognition: the service operators are often new start-ups, which causes end-users to hesitate to use the service.
T07/4
Motorola, ATKE •
Total Pages: 13
Lack of roaming agreements: end-users are forced to locate different service providers at the places they roam to.
The service provider value proposition for utilizing integrated WLANs with cellular networks includes the following benefits for carrier as well as their subscribers: 1. Extension of current service offering by: • Integrating cellular data and WLAN solutions. •
Positioning for voice phone service in hotspots.
•
Engaging enterprises with in-building solutions.
2. Improve bottom line with new revenue and lower churn: •
The carrier provides improved in-building coverage by using intranet bandwidth instead of in-building cell sites to provide coverage.
•
Cross system/service integration features become a competitive advantage for the carriers offering Seamless Mobility services.
•
The cellular provider derives service revenue for authentication services, mobility services, and calls that do not use cellular bearer channels.
•
The cellular handset becomes an indispensable element.
•
The handset can operate with more functionality e.g. even as gateway.
•
The subscriber increases his dependency on the handset
3. Payload traffic trade-off: • •
Some calls will hand over from cellular channels to WLAN connections when subscribers enter these coverage areas Other calls will hand over to cellular bearer channels when people leave WLAN coverage areas.
•
A more integrated approach to data traffic will probably increase the use of data transferred over cellular.
•
As subscribers become more dependent on their much more useful handsets, they will call more and be called more, everywhere.
4.2 Interworking Requirements The interworking between 3G and WLAN issue is an important issue that is under investigation by international standardization fora (i.e. ETSI, 3GPP, UMTS Forum) [2]. The basic requirements regarding the interworking between 3G and WLANs are the following: 1. Partnership between the 3G operator and the WISP: a roaming agreement must be established allowing the 3G subscribers to use WISP in order to access the Internet. 2. Uniform billing and accounting between roaming partners must be handled. 3. Single Subscription: the users ideally prefer to have one stop-shop, where with a single subscription can have access at services through both 3G and WLANs. 4. The subscriber database could either be shared or it could be separate for the two networks but sharing the subscribers’ security association. The subscriber database could be an HLR/ HSS (3GPP terminology) or an AAA server (IETF terminology).
T07/5
Motorola, ATKE
Total Pages: 13
5. User notification: the user must be aware of any possible degradation of the perceived QoS due to the change of the wireless technology
4.3 Scenarios Within the context of this paper, four scenarios have been considered regarding the 3G and WLAN interworking: 1. Open Coupling: In the open coupling interworking scenario, no specific WLAN access is required and a separate authentication procedure is used from the 3G and the WLAN network. Such a scenario is shown in the next Figure. ard nd Sta NIC
WLAN
Billing system The link between 2 independent access networks (WLAN & RAN)
RAN
Figure 3: Open Coupling scenario 2.
Loose Coupling. In this scenario (Figure 4), no specific WLAN access network is required. There is a common customer database and authentication procedure. This means that the 3G-HLR database is also used by WLAN for both access and authentication. This means that a gateway is placed between the HLR and the ISP AAA server, performing translation from MAP to RADIUS/DIAMETER and vice versa. IC c N ed cifi rd us e Sp ca IM if S
WLAN
AAA-HLR link RAN
Figure 4: Loose Coupling scenario 3.
Tight Coupling. The key characteristics of this scenario (Figure 5) include seamless handover between 3G and WLANs, as well as, WLAN access similar to UTRAN (3GPP radio protocols). This necessitates the definition of an interface interconnection the WLAN in SGSN node. As an effect, this approach requires additional standardization versus loose coupling.
T07/6
Motorola, ATKE
Total Pages: 13
IC cN i f i ed ec Sp equir r
WLAN
New interface definition Iu (RNC-SGSN ) Iub (RAN-RNC)
RAN
Figure 5: Tight Coupling scenario 4.
Very Tight Coupling: This interworking approach is similar to the previous case. However in this case, WLAN is considered as part of UTRAN and a new interface has been defined interconnecting the WLAN in the RNC of the UTRAN. IC cN cifi ired e Sp equ r
WLAN
New interface definition Iu (RNC-WLAN), WLAN seen as a cell Management at the RNC level
RAN
Figure 6: Very Tight Coupling scenario
4.4 Qqualitative Comparison The choice between the most appropriate solution for the interworking is mainly a trade-off between the required degree of modifications to standards and subsystems and the seamlessness of the interworking and amount of infrastructure commonality. The most important scenarios from a mobile operator point of view (willing to deploy WLAN hotspots) relate with the loose coupling and tight/very tight coupling. The main characteristics of the loose coupling scenario are the following: 1.
It is independent of the access technology used.
2.
It is consistent with hotspot and enterprise environments.
3.
It is based on the implementation of existing and well established technology.
On the other hand, tight and very tight coupling exhibits the following characteristics: 1.
It is dependent on the access technology used, due to the fact that a new interface must be defined.
2.
This approach requires significant standardisation effort in the relevant bodies (i.e. ETSI-BRAN, 3GPP).
3.
It is a more complex solution.
4.
The operator is required to install infrastructure at the hotspot (i.e. E1 line interconnecting the WLAN in the SGSN).
T07/7
Motorola, ATKE
Total Pages: 13
5 SIM Based Authentication One of the major issues of roaming within different Radio Access Technologies (RATs) is the provision of authentication and authorization, to allow a subscriber in one RAT to have access to a different one. As for GPRS-WLAN roaming in Evolute, the subscriber information in the SIM is stored in an Enhanced HLR (e-HLR) to allow the user in the WLAN region to authenticate via the GPRS access region. The EAP – SIM authentication is an EAP authentication mechanism and session key distribution using the GSM subscription. Several RAND challenges are used for generating the Kc keys, which are combined to provide a longer session key.
* * ! "
#
$ %&
$
* * ($ $) * * +
*
'
$
* * ($ $)
*
($ $)
* * ($ $) * *
* *
* *
Figure 7 - SIM-based authentication Figure 7 depicts the EAP/SIM authentication process, and the message flow between the client and the authenticator. It is assumed that the user is authenticated by a AAA server which supports EAP and that there is a gateway that interfaces the IP network to the GSM network. This Message Sequence Chart will be further discussed.
5.1 Network Elements Figure 8 depicts the authentication path from the client to the user information database. The rest of this article will elaborate on two innovative nodes introduced in Evolute authentication scenarios, SAG and e-HLR, and the quantitative results of Evolute experiments. A. SIM Access Gateway (SAG) The purpose of the SIM Access Gateway (SAG) is to translate the authentication and authorisation mechanisms between a WLAN and a mobile network. It is an entity located between the WLAN and the mobile network. Its role is to provide AAA services with respect to the users of the mobile network that have moved to the WLAN area and seek for services
T07/8
Motorola, ATKE
Total Pages: 13
in this network. Its EAP Server characteristic is required for supporting the EAP/SIM based authentication. Since this kind of authentication requires the involvement of standard GSM related authentication material (GSM triplets) and taking into account that such material should not be transferred in cleartext form outside the premises of the corresponding operator over IP networks, the need for embodying the end point of EAP/SIM authentication in SAG arises.
2G/3G Network HLR SS7/MAP
Radius/EAP SIM Access Gateway
AAA Server
WLAN 802.1x Access Point
Figure 8 - Authentication entities in WLAN-GPRS roaming The EAP-SIM module has been enhanced to include a socket interface through which it will communicate with the client side of a web service, which in turn communicates with the corresponding WSDL server (Figure 9). This server will be responsible to handle MAP for the proper communication with the HLR.
Figure 9 - SAG Internal Communication With reference to Figure 7, the authentication mechanism operates according to the following procedure: 1. According to the EAP/SIM authentication draft, the Authenticator requests the Identity of the Client sending the corresponding EAP message. 2. The client responds accordingly indicating that it is a SIM based user using the form of 1IMSI@realm for its identity. 3. Upon reception of the previous message the Authenticator encapsulates the EAPResponse/Identity in a Radius Access Request and sends it to the SAG.
T07/9
Motorola, ATKE
Total Pages: 13
4. The SAG deduces that it should start the EAP/SIM authentication procedure. Therefore it sends the respective EAP-Request/SIM/Start message encapsulated in a Radius Access Challenge. This message is decapsulated and forwarded to the client. 5. The client responds sending back an EAP-Response/SIM/Start. 6. This message is encapsulated in a Radius Access Request and sent to the SAG. The SAG contacts the HLR in order to obtain the GSM triplets for the specific user. After having received the triplets, the SAG uses them in order to prepare the content of the challenge message that should be returned. The SAG composes an EAP-Request SIM/Challenge and encapsulates it inside a Radius Access Challenge that is sent to the Authenticator. 7. The EAP-Request SIM/Challenge is extracted by the Authenticator and sent to the client. 8. The client using its SIM prepares the EAP-Response SIM/Challenge and sends it to the Authenticator. 9. The Authenticator encapsulates the EAP-Response SIM/Challenge inside a Radius Access Request and sends it to the SAG. 10. The SAG verifies the validity of the response and responds with an EAP success inside a Radius Access Accept that is sent to the Authenticator. 11. The Authenticator forwards the EAP Success to the supplicant.
EAP
WSDL
WSDL
MAP
RADIUS
SOAP
SOAP
TCAP
UDP
TCP
TCP
SCCP
IP
IP
IP
MTP-3
Ethernet
Ethernet
Ethernet
MTP-2
Figure 10 - SAG Protocol architecture
The IP based interface of SAG is based on the utilisation of the Radius protocol. This interface is invoked both during user authentication and service authorisation. These interactions are performed by the exchange of Radius messages.
B. Enhanced HLR (e-HLR) The Release 99 HLR emulator was enhanced in order to meet the needs of a combined WLAN-2G/3G environment. As far as the User Authentication is concerned the HLR emulator is contacted in a GSM based manner (MAP_SEND_AUTHENTICATION_INFO) for retrieval of GSM Authentication Triplets. On the other hand, for the Service Authorization, the HLR emulator stores and sends (MAPUPDATE-WLAN-LOCATION, MAP-INSERT-SUBSCRIBER-DATA-FOR-WLAN) enhanced Packet Domain subscriber data through which the user is granted or not access to use specific WLAN services. For the Service Authorization therefore, the HLR emulator was enhanced with respect to the storage and maintenance of Packet Domain Subscription Data (Figure 11).
T07/10
Motorola, ATKE
Total Pages: 13
IMSI
CS
Password
Basic Services
BS1
BS2
BS3
PDP1
SS1 Status
SS1 Status
SS1 Status
GPRS
PDP2
Suppl. Services
PDP3
SS1 Prov.
SS2 Prov.
Supplementary Service 2 Activation Status
WLAN Services
Password
Service #1
Password
Service #2
Password
Service #n
Figure 11 - Packet Domain Subscription Data The existing HLR emulator was offering GSM and GPRS functionality but it had to be enhanced in order to meet the needs of a combined WLAN-2G/3G environment. The enhancements were achieved by software updates to the available hardware platform as well as with the addition of a new interface through which the HLR emulator becomes accessible from the SAG node (Figure 12). With these enhancements the HLR emulator is able to provide the required services for User Authentication and Service Authorization as described in the previous paragraphs.
Figure 12 - e-HLR interfaces
C. SAG to e-HLR interaction User Authentication is based on a dynamic procedure the outcome of which is observed by the Access Point granting access or not to the Supplicant. On the other hand Service Authorisation is based on the transfer of the user’s 2G/3G subscription profile from the eHLR to the SAG and the corresponding translation of it into information that can be used by the FreeRadius software. This translation is achieved by appending records in a mySQL database depicted in Figure 13. The values contained in these records are a concatenation of the MSISDN value and the WLAN Service Description to which the user possesses a valid subscription (user name) and the Password value for the specific service (user password).
T07/11
Motorola, ATKE
Total Pages: 13
Figure 13 - Empty mySQL Database These values are contained in the Extended Packet Domain Data inside the e-HLR and retrieved by use of the corresponding Extended MAP Services.
Figure 14 - mySQL Records Holding User's Profile After the User Authentication has been successfully performed the SAG retrieves from the eHLR the aforementioned data in order to be able to validate the service access requests that the user may initiate while roaming in the WLAN environment. Figure 14 depicts the retrieved data in mySQL records.
6 CONCLUSIONS This tutorial presented the technical issues involved and an analysis regarding the interworking of 3G and WLAN networks. Four different interworking scenarios were presented namely: open coupling, loose coupling, tight coupling and very tight coupling. Among them, the loose coupling and the tight coupling are the most interesting scenarios from both manufacturer and operator point of view. In addition, the SIM based authentication was outlined and the usage of two new entities that facilitate the authentication of a cellular subscriber roaming in a WLAN hot spot was described. The SIM Access Gateway (SAG) translates the authentication of WLAN user with the subscription profile in the HLR. The HLR in turn is enhanced from the 3GPP releases to contain WLAN user data, too. ACKNOWLEDGEMENTS This work has been performed in the framework of the IST-2001-32449 project EVOLUTE, which is partly funded by the European Union. The authors would like to acknowledge the contribution of their colleagues from Intracom, FhG Fokus, Alcatel-SEL, Motorola UK, University of Surrey, CERFRIEL. REFERENCES [1] J. De Vriendt et al , “Mobile network evolution: A revolution on the move”, IEEE Communications Magazine, vol. 4, 2002, pp. 104-111.
T07/12
Motorola, ATKE
Total Pages: 13
[2] T. Dagiuklas et al, “Seamless Multimedia Services over All-IP Network Infrastructures: The EVOLUTE Approach”, Proceedings of the IST Summit 2002, pp. 75-78 [3] D. Wisely et al, IP for 3G: Networking Technologies for Mobile Communications, John Wiley, 2002. [4] J. Lind, “The 3G Blacklash-depts and Wireless Local Area Networks as the 3G Reaper”, Business Briefing:Wireless Technology, 2002, pp. 107-109 [5] R. Van Nee et al, “New High-Rate Wireless LAN standards”, IEEE Communications Magazine, Vol. 40, May 2002. [6] UMTS Forum, Report 22: Impact and Opportunity: Public WLANs and 3G Businsess Models, 2002. [7] D. Alven and R. Farhang, Analysis of the WLAN market from a WISP perspective, Master Thesis, Royal Institute of Technology, Sweden, 2001.
T07/13
