1 / 18

Unlicensed Mobile Access ( UMA)

Unlicensed Mobile Access ( UMA). Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London. Agenda. What is UMA UMA Architecture Security in UMA Authentication Encryption EAP-AKA Authentication Future Work. What is UMA.

caesar-cervantes
Download Presentation

Unlicensed Mobile Access ( UMA)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London

  2. Agenda • What is UMA • UMA Architecture • Security in UMA • Authentication • Encryption • EAP-AKA Authentication • Future Work

  3. What is UMA • UMA allows to access the mobile voice and data services of the cellular network over a Wireless LAN • Subscribers are enabled to roam and handover between cellular networks and wireless networks • UMA Technology specification was published in September 2004 • 3GPP approved the specification as “Generic Access to A/Gb interfaces” • Pilot project by Nokia in Finland

  4. What is UMA ( Contd..)

  5. UMA Architecture • Mobile devices access the Core Network through Unlicensed Mobile Access Network (UMAN). • UMAN has 3 major entities • Unlicensed wireless network • IP access network • UMA Network controller (UNC) • UNC authorizes and authenticates the Mobile devices for accessing the Core Network

  6. UMA Architecture ( Contd..)

  7. UMA Security • Authentication • Authenticate MS with UNC to make secure tunnel • Based GSM or UMTS credentials • Protocol of authentication is IKEv2 • GSM : EAP-SIM or UMTS : EAP-AKA • Mutual Authentication of MS and Mobile Network • Session Key Generation – IK and CK

  8. UMA Security – EAP Authentication • Steps in Authentication ( EAP ) • MS establish a link with AP • Determines the UNC to be connected • Initiate the connection with UNC with IKE • UNC connects with the local AAA

  9. UMA Security - EAP Authentication(Contd..) • Local AAA linked to the Home AAA • EAP procedure is performed between MS and AAA • UNC is a relay for EAP messages

  10. EAP-AKA

  11. EAP-AKA steps • MS finds an AP • MS finds the UNC-SGW and initiates the IKEv2 authentication procedure • MS sends to NAI to UNC-SGW which contains IMSI • UNC-SGW communicates with local AAA • Local server determines the Home AAA by using the NAI. Routing path may include several AAA proxies • Leading digits in NAI indicates the authentication procedure is EAP - AKA

  12. EAP-AKA steps ( contd..) • AAA requests the user profile and UMTS authentication vectors from HSS • UMTS authentication vector consists with RAND, authentication part (AUTH), expected result, IK and CK • AAA send the EAP Request/AKA Challenge to UNC-SGW with RAND, AUTH, MAC ( message authentication key ) and re-authentication identity. • UNG-SGW forwards the EAP Request/AKA Challenge to MA

  13. EAP-AKA steps ( contd..) • MS runs the UMTS algorithm and verifies the AUTH. It computes the RES, IK, CK and calculates MAC using the generated IK and CK • MS sends EAP Response/AKA Challenge with RES and MAC • AAA verifies the received MAC and compares RES with XRES • AAA sends IK and CK to UNC-SGW for the communication with MS • UNC-SGW informs the successful authentication to MS

  14. EAP-AKA Fast Re-Authentication • Used to reduce the network load due to the authentication • AAA server authenticates the user based on the keys derived by the last full authentication • Re-authentication ID is generated by the AAA in the full authentication process

  15. EAP-AKA Fast Re-Authentication (Contd..)

  16. EAP-AKA Fast Re-Authentication Steps • MS initiates the IKEv2 authentication procedure • Re-Authentication identity is sent to the UNC-SGW • UNC-SGW sends EAP Response/Identity to AAA with re-authentication Id • AAA initiates a counter and sends EAP Request/AKA-Reauthentication message with counter value, MAC and re-authentication id for the next fast authentication. • MS verifies the counter value and the MAC and send the EAP Response/AKA-Reauthentication with the same counter value and calculated MAC. • AAA server verifies the counter value and MAC • EAP success message is sent to MS

  17. Encryption • CK is generated during the authentication process • Negotiated cryptographic algorithms are used.

  18. Future Work • Calls handing off between the cellular network and the wireless LAN with fast authentication process • SSO from one UNC to another • Introduce UNC to the Mobile Shopping Mall. UNC can be a web service. • Introduce XML security to the communication between MS and UNC • Authentication of the UNC to the network • Some security holes in Fast authentication

More Related