1、 International Telecommunication Union ITU-T Q.3202.1TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (05/2008) SERIES Q: SWITCHING AND SIGNALLING Signalling requirements and protocols for the NGN Signalling and control requirements and protocols to support attachment in NGN environments Authenticati
2、on protocols based on EAP-AKA for interworking among 3GPP, WiMax, and WLAN in NGN Recommendation ITU-T Q.3202.1 ITU-T Q-SERIES RECOMMENDATIONS SWITCHING AND SIGNALLING SIGNALLING IN THE INTERNATIONAL MANUAL SERVICE Q.1Q.3 INTERNATIONAL AUTOMATIC AND SEMI-AUTOMATIC WORKING Q.4Q.59 FUNCTIONS AND INFOR
3、MATION FLOWS FOR SERVICES IN THE ISDN Q.60Q.99 CLAUSES APPLICABLE TO ITU-T STANDARD SYSTEMS Q.100Q.119 SPECIFICATIONS OF SIGNALLING SYSTEMS No. 4, 5, 6, R1 AND R2 Q.120Q.499 DIGITAL EXCHANGES Q.500Q.599 INTERWORKING OF SIGNALLING SYSTEMS Q.600Q.699 SPECIFICATIONS OF SIGNALLING SYSTEM No. 7 Q.700Q.79
4、9 Q3 INTERFACE Q.800Q.849 DIGITAL SUBSCRIBER SIGNALLING SYSTEM No. 1 Q.850Q.999 PUBLIC LAND MOBILE NETWORK Q.1000Q.1099 INTERWORKING WITH SATELLITE MOBILE SYSTEMS Q.1100Q.1199 INTELLIGENT NETWORK Q.1200Q.1699 SIGNALLING REQUIREMENTS AND PROTOCOLS FOR IMT-2000 Q.1700Q.1799 SPECIFICATIONS OF SIGNALLIN
5、G RELATED TO BEARER INDEPENDENT CALL CONTROL (BICC) Q.1900Q.1999 BROADBAND ISDN Q.2000Q.2999 SIGNALLING REQUIREMENTS AND PROTOCOLS FOR THE NGN Q.3000Q.3999 General Q.3000Q.3029 Network signalling and control functional architecture Q.3030Q.3099 Network data organization within the NGN Q.3100Q.3129 B
6、earer control signalling Q.3130Q.3179 Signalling and control requirements and protocols to support attachment in NGN environments Q.3200Q.3249 Resource control protocols Q.3300Q.3369 Service and session control protocols Q.3400Q.3499 Service and session control protocols supplementary services Q.360
7、0Q.3649 NGN applications Q.3700Q.3849 Testing for NGN networks Q.3900Q.3999 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T Q.3202.1 (05/2008) i Recommendation ITU-T Q.3202.1 Authentication protocols based on EAP-AKA for interworking among 3GPP, WiMax, and WLAN in
8、NGN Summary In Recommendation ITU-T Q.3202.1, a couple of authentication protocols for heterogeneous access authentication are discussed. 3GPP has standardized the 3GPP system-based EAP-AKA for interworking 3GPP and WLAN networks. The WiMax or WLAN device requires an external UICC reader for applyin
9、g the current EAP-AKA defined in 3GPP TS 33.234. This Recommendation proposes to apply the EAP-AKA protocol to non-3GPP network devices not equipped with UICC for interworking among 3GPP, WiMax, and WLAN in NGN. Source Recommendation ITU-T Q.3202.1 was approved on 22 May 2008 by ITU-T Study Group 11
10、 (2005-2008) under Recommendation ITU-T A.8 procedure. ii Rec. ITU-T Q.3202.1 (05/2008) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication S
11、tandardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA)
12、, which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall wit
13、hin ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recomme
14、ndation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as
15、 “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendati
16、on may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval o
17、f this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent
18、 database at http:/www.itu.int/ITU-T/ipr/. ITU 2009 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T Q.3202.1 (05/2008) iii CONTENTS Page 1 Scope 1 1.1 Relationship 1 2 References. 1 3 Abbreviations 1
19、 4 Security Requirements for Authentication Interworking . 2 5 Network architecture for access authentication interworking in NGN 3 6 Authentication protocols based on EAP-AKA for heterogeneous access authentication 5 7 Security considerations. 5 Appendix I Example authentication in heterogeneous en
20、vironments. 7 I.1 Example using EAP-AKA with UICC authentication mechanism 7 I.2 Example using EAP-AKA based on a password and the Diffie-Hellman algorithm. 10 I.3 Example of fast re-authentication procedure 14 Bibliography 16 Rec. ITU-T Q.3202.1 (05/2008) 1 Recommendation ITU-T Q.3202.1 Authenticat
21、ion protocols based on EAP-AKA for interworking among 3GPP, WiMax, and WLAN in NGN 1 Scope This Recommendation describes the authentication protocol based on the EAP-AKA for interworking 3GPP, WiMax b-IEEE 802.16e, and WLAN b-IEEE 802.11 access in NGN. 3GPP has standardized the 3GPP system-based EAP
22、-AKA for interworking 3GPP and WLAN networks. The WiMax or WLAN device, however, requires an external UICC reader. Without UICC, the EAP-AKA mechanism loses its own advantages in security and portability aspects. This Recommendation proposes a modified version of the EAP-AKA protocol for extending i
23、ts usage to existing WiMax/WLAN devices. In this Recommendation, two EAP-AKA full authentication protocols are described and proposed. Also, the fast re-authentication procedure of EAP-AKA is described. 1.1 Relationship Work for this Recommendation is based upon the context of ITU-T Q.3201. This Rec
24、ommendation complies with the EAP-based security signalling architecture for network attachment in ITU-T Q.3201, and considers the compatibility with the functional architecture in ITU-T Y.2012. This Recommendation refers to ETSI TS 133 234 for authentication protocol based on EAP-AKA with UICC and
25、fast re-authentication procedure. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other
26、 references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The refe
27、rence to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T Q.3201 Recommendation ITU-T Q.3201 (2007), EAP-based security signalling protocol architecture for network attachment. ITU-T Y.2012 Recommendation ITU-T Y.2012 (2006), Fu
28、nctional requirements and architecture of the NGN Release 1. ETSI TS 133 102 ETSI TS 133 102 (2006), Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture (3GPP TS 33.102 version 7.1.0 Release 7). ETSI TS 133 234 ETSI TS 133 234 (2007), Universal Mobile Telecommunicat
29、ions System (UMTS); 3G security; Wireless Local Area Network (WLAN) interworking security (3GPP TS 33.234 version 7.5.0 Release 7). 3 Abbreviations This Recommendation uses the following abbreviations: AAA Authentication, Authorization and Accounting 2 Rec. ITU-T Q.3202.1 (05/2008) ACR Access Contro
30、l Router AK Authentication Key AKA Authentication and Key Agreement AM-FE Access Management Functional Entity AS Authentication Server AV Authentication Vector CK Confidentiality Key DH Diffie-Hellman EAP Extensible Authentication Protocol EP Enforcement Point GGSN Gateway GPRS Support Node ID IDent
31、ity IK Integrity Key IMSI International Mobile Subscriber Identity MAC Message Authentication Code NACF Network Attachment Control Functions RAS Radio Access Station SGSN Serving GPRS Support Node TAA-FE Transport Authentication and Authorization Functional Entity TUP-FE Transport User Profile Funct
32、ional Entity UE User Equipment UICC UMTS IC Card USIM Universal Subscriber Identity Module UTRAN UMTS Terrestrial Radio Access Network VPLMN Visited Public Land Mobile Network WAG Wireless Access Gateway WiMax Worldwide Interoperability for Microwave Access WLAN Wireless Local Area Network 4 Securit
33、y Requirements for Authentication Interworking The EAP-AKA authentication protocol shall be applied easily to any mobile networks in NGN. Mobile terminals equipped with UICC Mobile terminals not equipped with UICC Authentication mechanisms in NGN shall include mutual authentication and key agreement
34、. The key distribution and freshness for protecting signalling and user data on the wireless link shall be supported. Rec. ITU-T Q.3202.1 (05/2008) 3 Authentication protocols shall be secure against several attacks: Man-in-the-middle attack (MITM) Replay attack Impersonation attack Forgery attack Di
35、ctionary attack Eavesdropping A full re-authentication procedure shall be supported. A fast re-authentication procedure may be supported. 5 Network architecture for access authentication interworking in NGN This clause describes the network model for access authentications interworking among the 3GP
36、P, WiMax, and WLAN in NGN. There are two approaches. One approach is to apply WLAN authentication model based on the 3GPP system, defined in ETSI TS 133 234, for heterogeneous access authentication. Figure 1 shows the 3GPP system-based authentication. Figure 1 3GPP system-based authentication model
37、The other proposal is the authentication model, based on the function entities of NGN, as shown in Figure 2. The network architecture might be classified into four components of NGN: AR-FE, AM-FE, TAA-FE, and TUP-FE. This Recommendation describes signalling protocols for access authentication in thi
38、s architecture. Also, the signalling protocols based on authentication model specified in ITU-T Q.3201 are provided. Figures 3 and 4 show an integrated authentication model defined in ITU-T Q.3201. 4 Rec. ITU-T Q.3202.1 (05/2008) Figure 2 An example authentication architecture for interworking among
39、 wireless access networks in NGN Figure 3 shows an integrated authentication model, which is being controlled by an authenticator. The peer sends authentication information to the enforcement point, and the enforcement points forward it to the authenticator. This architecture helps the authenticator
40、 manage the authentication procedure. Figure 3 Integrated authentication model Figure 4 illustrates an integrated authentication model in NGN. It is assumed that the network attachment control function entities are the authenticator (AM-FE) and authentication server (TUP-FE/TAA-FE), and the AR-FE in
41、 access transport acts as the enforcement point. The AR-FE performs filtering data packet allowing only the authenticated packets. After successful authentication of the end-user function, the access transport allows the packets from the end-user function to be entered into the access network. Rec.
42、ITU-T Q.3202.1 (05/2008) 5 Figure 4 An example of an integrated authentication model in NGN 6 Authentication protocols based on EAP-AKA for heterogeneous access authentication The authentication protocols based on EAP-AKA for heterogeneous access authentication are shown in Appendix I. Appendix I de
43、scribes how three authentication protocols based on EAP-AKA, two EAP-AKA authentication protocols for interworking authentication in wireless access (e.g., 3GPP, b-IEEE 802.16e, and b-IEEE 802.11) and the fast re-authentication procedure of the EAP-AKA in NGN, could be used to provide authentication
44、 in heterogeneous access network. The existing EAP-AKA with UICC is basically used for access authentication mechanism in 3GPP, WiMax, and WLAN networks. This scheme requires that the WiMax or WLAN UE should be equipped with UICC card for access authentication. To solve this problem, this Recommenda
45、tion proposes an access authentication scheme without UICC: EAP-AKA based on a password. The EAP-AKA based on a password provides access authentication for the UE without UICC. The UE equipped with the AKA algorithm uses Diffie-Hellman key instead of the long-term secret key stored in UICC. 7 Securi
46、ty considerations Since the 3GPP system-based EAP-AKA uses a long-term key shared between the UICC and HSS/HLR, it can provide strong security and portability. Compared to the 3GPP system-based EAP-AKA, the proposed EAP-AKA based on non-UICC can also provide robust and enhanced security functions. T
47、he dictionary attack in authentication protocol based on a password is the most critical attack. In the proposed protocol with non-UICC, it is impossible for an attacker to guess a legitimate password by obtaining public values during authentication session. The password in the authentication messag
48、es is protected against dictionary attack owing to the one-way hash function, random numbers, and discrete logarithm problem (DLP). The perfect forward secrecy (PFS) and perfect backward secrecy (PBS) are very important security requirements, which mean that disclosure of a long-term key in the EAP-
49、AKA should not reveal all the previous and upcoming communications. If an attacker gets a UICC, the attacker can disclose a long-term key by a physical access to the storage medium, which means that PFS and PBS are not provided. The EAP-AKA with non-UICC, however, provides PFS and PBS because the DH session 6 Rec. ITU-T Q.3202.1 (05/2008) key is changed whenever the authentication procedure for generating a set of AVs is performed. In other words, it uses a short-term key. The proposed EAP-AK
