Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Published byJustice Fain Modified over 10 years ago

Similar presentations

Presentation on theme: "Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London."— Presentation transcript:

1 Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London

2 Agenda What is UMA UMA Architecture Security in UMA Authentication Encryption EAP-AKA Authentication Future Work

3 What is UMA UMA allows to access the mobile voice and data services of the cellular network over a Wireless LAN Subscribers are enabled to roam and handover between cellular networks and wireless networks UMA Technology specification was published in September 2004 3GPP approved the specification as “Generic Access to A/Gb interfaces” Pilot project by Nokia in Finland

4 What is UMA ( Contd..)

5 UMA Architecture Mobile devices access the Core Network through Unlicensed Mobile Access Network (UMAN). UMAN has 3 major entities Unlicensed wireless network IP access network UMA Network controller (UNC) UNC authorizes and authenticates the Mobile devices for accessing the Core Network

6 UMA Architecture ( Contd..)

7 UMA Security Authentication Authenticate MS with UNC to make secure tunnel Based GSM or UMTS credentials Protocol of authentication is IKEv2 GSM : EAP-SIM or UMTS : EAP-AKA Mutual Authentication of MS and Mobile Network Session Key Generation – IK and CK

8 UMA Security – EAP Authentication Steps in Authentication ( EAP ) MS establish a link with AP Determines the UNC to be connected Initiate the connection with UNC with IKE UNC connects with the local AAA

9 UMA Security - EAP Authentication (Contd..) Local AAA linked to the Home AAA EAP procedure is performed between MS and AAA UNC is a relay for EAP messages

10 EAP-AKA

11 EAP-AKA steps MS finds an AP MS finds the UNC-SGW and initiates the IKEv2 authentication procedure MS sends to NAI to UNC-SGW which contains IMSI UNC-SGW communicates with local AAA Local server determines the Home AAA by using the NAI. Routing path may include several AAA proxies Leading digits in NAI indicates the authentication procedure is EAP - AKA

12 EAP-AKA steps ( contd..) AAA requests the user profile and UMTS authentication vectors from HSS UMTS authentication vector consists with RAND, authentication part (AUTH), expected result, IK and CK AAA send the EAP Request/AKA Challenge to UNC-SGW with RAND, AUTH, MAC ( message authentication key ) and re-authentication identity. UNG-SGW forwards the EAP Request/AKA Challenge to MA

13 EAP-AKA steps ( contd..) MS runs the UMTS algorithm and verifies the AUTH. It computes the RES, IK, CK and calculates MAC using the generated IK and CK MS sends EAP Response/AKA Challenge with RES and MAC AAA verifies the received MAC and compares RES with XRES AAA sends IK and CK to UNC-SGW for the communication with MS UNC-SGW informs the successful authentication to MS

14 EAP-AKA Fast Re-Authentication Used to reduce the network load due to the authentication AAA server authenticates the user based on the keys derived by the last full authentication Re-authentication ID is generated by the AAA in the full authentication process

15 EAP-AKA Fast Re-Authentication (Contd..)

16 EAP-AKA Fast Re-Authentication Steps MS initiates the IKEv2 authentication procedure Re-Authentication identity is sent to the UNC-SGW UNC-SGW sends EAP Response/Identity to AAA with re-authentication Id AAA initiates a counter and sends EAP Request/AKA-Reauthentication message with counter value, MAC and re-authentication id for the next fast authentication. MS verifies the counter value and the MAC and send the EAP Response/AKA-Reauthentication with the same counter value and calculated MAC. AAA server verifies the counter value and MAC EAP success message is sent to MS

17 Encryption CK is generated during the authentication process Negotiated cryptographic algorithms are used.

18 Future Work Calls handing off between the cellular network and the wireless LAN with fast authentication process SSO from one UNC to another Introduce UNC to the Mobile Shopping Mall. UNC can be a web service. Introduce XML security to the communication between MS and UNC Authentication of the UNC to the network Some security holes in Fast authentication

Download ppt "Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London."

Similar presentations

Authentication.

Authentication.
Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
21-08-0xxx-00-0sec IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-08-0xxx-00-0sec-3gpp-security-non802handover Title: A Study on Security Solutions in.

xxx-00-0sec IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx-00-0sec-3gpp-security-non802handover Title: A Study on Security Solutions in.
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
Introduction to Unlicensed Mobile Access. Contents Basic Concept Operation Overview Major Advantages.

Introduction to Unlicensed Mobile Access. Contents Basic Concept Operation Overview Major Advantages.
UMA (Unlicensed Mobile Access) El Ayoubi Ahmed Hjiaj Karim.

UMA (Unlicensed Mobile Access) El Ayoubi Ahmed Hjiaj Karim.
Su Youn Lee, Su Mi Lee and Dong Hoon Lee 2007.1.24 Current Trends in Theory and Practice of Computer Science Baekseok College of Cultural Studies GSIS.

Su Youn Lee, Su Mi Lee and Dong Hoon Lee Current Trends in Theory and Practice of Computer Science Baekseok College of Cultural Studies GSIS.
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation 22.4.2008 ESPOO, Finland.

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation ESPOO, Finland.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM(UMTS). EVOLUATION OF MOBILE COMMUNICATION 1 st Generation : Analog Cellular 2 nd Generation : Multiple Digital.

UNIVERSAL MOBILE TELECOMMUNICATION SYSTEM(UMTS). EVOLUATION OF MOBILE COMMUNICATION 1 st Generation : Analog Cellular 2 nd Generation : Multiple Digital.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
One-Pass GPRS and IMS Authentication Procedure for UMTS

One-Pass GPRS and IMS Authentication Procedure for UMTS
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.

Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.

SMUCSE 5349/7349 GSM Security. SMUCSE 5349/7349 GSM Security Provisions Anonymity Authentication Signaling protection User data protection.

Similar presentations

Ads by Google