®
© 2005 Intel Corporation
International Roaming Access Protocols (IRAP) Framework
International Roaming International Roaming Access Protocols (IRAP) Access Protocols (IRAP) FrameworkFramework
An overview for the Broadband Working Group An overview for the Broadband Working Group of the Communications Futures Program, MITof the Communications Futures Program, MITby by Intel CorporationIntel CorporationDan DahleDan Dahle25 January 200525 January 2005
� 2 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
AgendaAgendaAgenda!! Roaming Vision Roaming Vision !! IP Services IP Services !! IRAP IRAP
� 3 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Personal Profiles & Preferences
Roaming VisionRoaming Vision
Context Context
EnterpriseLAN / WLAN
Networks2.5G / 3.0GNetworks
Public WLANHotspots
Residential WLAN
Voice Services
Location Info
Internet
Commerce SMS & MMS
CRMFleet MgmtE-MailVideo Svcs VPN
� 4 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
� 5 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
AgendaAgendaAgenda!! Roaming Vision Roaming Vision !! IP Services IP Services !! IRAP IRAP
� 6 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Enables New Service OpportunitiesEnables New Service OpportunitiesEnables New Service Opportunities!! Bring Internet growth to wireless servicesBring Internet growth to wireless services
Universal IP Connectivity
Fiel
d A
utom
atio
n
CR
M
IMS
emai
l
New
Ser
vice
s
Web
Acc
ess
Voic
e
� 7 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
AuthorizationAccounting
AuthenticationUniversal IP Connectivity
All IP Svcs Require IP ConnectionAll IP All IP SvcsSvcs Require IP ConnectionRequire IP Connection
Step 1
Step 2 �Enhanced service� authorization & provisioning
3GPP R7
UMA or SIP voice
NGN svcs: Voice, IMS (3GPP, TISPAN, ITU, etc.)
Client Svc ProviderAccess network
IPSEC, VPN, etc.
Steps 3, 4, 5, �
Association Roaming Agmt
Services Support Discovery
� 8 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
No IP Connection """" No IP SvcsNo IP Connection No IP Connection """""""" No IP No IP SvcsSvcs
Step 2 �Enhanced service� authorization & provisioning
3GPP R7
UMA or SIP voice
NGN svcs: Voice, IMS (3GPP, TISPAN, ITU, etc.)
IPSEC, VPN, etc.
Steps 3, 4, 5, �
Client Svc ProviderAccess networkAssociation Roaming Agmt
AuthorizationAccounting
AuthenticationUniversal IP ConnectivityStep 1
Services Support Discovery
� 9 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
AgendaAgendaAgenda!! Roaming Vision Roaming Vision !! IP Services IP Services !! IRAP IRAP
� 10 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Need for standard interfacesNeed for standard interfacesNeed for standard interfacesClients Access
Network Home operators Billing/Clearing
1
2
2
2
3
3
3
2 Authentication & Authorization3 Accounting Data
1 Network Access
� 11 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
WLAN Standards and ForumsWLAN Standards and ForumsWLAN Standards and Forums
ITU 3GPP2
Protocols TestingForums
Standards Interop
IETF:common AAA protocols
GSMA:consistent usage and deployment models
3GPP:Promoting use of IETF, IEEE standards
IPDR:settlement format for billing exchange
IEEE:Wireless, Security, QoSfoundation
DomainSolutions
Wi-Fi Alliance:Overall Wi-Fi focus, client � AP interaction
IRAPIRAP
� 12 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
PMKv2
802.16e
Roaming Architecture & ProtocolsRoaming Architecture & ProtocolsRoaming Architecture & ProtocolsAccess Network (hot spot)
802.1X
802.11
PEAP / TTLS
EAP
RADIUS
Access Controller
Wireless Station
RADIUS AAA Server / gateway
EAP Methods (e.g. EAP-SIM, EAP-MSCHAPv2, �)
802.3 / IP
Mutual Authentication & over- the-air
Encryption
WPA
*
Provisioning and Authentication over
PEAP or TTLS
Home Network
� 13 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
IRAP Roaming InterfacesIRAP Roaming InterfacesIRAP Roaming Interfaces
� Develop industry-standard Interface Profiles1. Wireless Station to Access Network � Roaming user login2. Access Network to Home Service Provider authentication system
� Roaming user authentication 3. Access Network to billing system
� Session accounting for One Bill Roaming4. Access Network to Home Service Provider operations subsystem
� services support discovery & customer support services
AuthenticationAuthorization
Accounting1 3
2
4 Network Ops
Hot Spot
IRAP = International Roaming Access Protocols
Roaminguser
Access Network Home Service Provider
� 14 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
IRAP Supports Service ProvidersIRAP Supports Service ProvidersIRAP Supports Service Providers!! Better customer identification and support than Better customer identification and support than
anonymous scratch cardsanonymous scratch cards!! Better support for roaming customers at Better support for roaming customers at
independent roaming partner hotspots independent roaming partner hotspots !! Various billing models supported Various billing models supported
-- subscription, onesubscription, one--time, prepaid, timetime, prepaid, time--based, etc.based, etc.
!! One stop spec for all types of deploymentOne stop spec for all types of deployment-- harmonized for WISP, 3GPP/GSMA and 3GPP2/CDGharmonized for WISP, 3GPP/GSMA and 3GPP2/CDG
!! Lower cost and time for roaming interconnectsLower cost and time for roaming interconnects!! Lower maintenance costs for supporting multiple Lower maintenance costs for supporting multiple
roaming partners roaming partners
� 15 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
IRAP Supports Customers IRAP Supports Customers IRAP Supports Customers !! Safer loginSafer login
! over the air encryption ! connected network verification
!! Simpler loginSimpler login! Roaming login same as in home network
!! Seamless experience Seamless experience ! enabled with automated login using security
� 16 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
IRAP Program OutlineIRAP Program OutlineIRAP Program Outline
!! Use existing standardsUse existing standards! Industry feedback: �We have enough WLAN standards. Don�t define more,
make the ones we have work.�
!! End to end solutionEnd to end solution! Unique aspect is the end to end approach � crosses multiple standards
bodies and unifies the otherwise fragmented landscape.
InterworkingStudy
Architecture Validation
IDA / Inteloperatortestbeds
DetailedInterfaces
IRAP Interfaces
Testprogram
Test specs,Test ecosystem
PWLANArch Deployment
Summits,Trials, Pilots,
Interop
Done In Process
ETSI TISPAN work
� 17 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
IRAP StatusIRAP StatusIRAP Status!! Interface specs @ 1.0 (Interface specs @ 1.0 (intfcintfc 11--3 stable, 4 @ 60%)3 stable, 4 @ 60%)!! Test specs @ 1.0 for Test specs @ 1.0 for intfcintfc 11--33!! 17 Jan 17 Jan �� ETSI TISPAN#5 ETSI TISPAN#5 !! 7 Feb 7 Feb �� ETSI hosted IRAP test pilotETSI hosted IRAP test pilot!! 14 Feb 14 Feb �� IRAP at 3GSM in the Intel Connect CafIRAP at 3GSM in the Intel Connect Caféé
� 18 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
SummarySummarySummary!! Industry needs global WLAN interoperability specs & Industry needs global WLAN interoperability specs &
testing methodologiestesting methodologies!! IRAP program goals:IRAP program goals:
! Well-defined architectural blueprint for PWLANs, allows for migrationto safer, simpler authentication
! A standards-based set of interfaces to facilitate global roaming and interoperability
! A complete validation package
!! Enables future seamless IP service modelsEnables future seamless IP service models!! Start with 802.1X/WPA todayStart with 802.1X/WPA today
� 19 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
For more informationFor more informationFor more information!! Documentation and Information on Intel roaming programsDocumentation and Information on Intel roaming programs
!http://www.intel.com/technology/roaming! Direct link to Wireless LAN End to End Guidelines
http://www.intel.com/labs/roaming/download/WLAN_E2E_Guide.pdf
! For more information on Intel R&D http://www.intel.com/technology
!! Direct link to IRAP documentation and information Direct link to IRAP documentation and information !http://www.irap.nl
!! GSMA IR61 (GSMA IR61 (��InterOperatorInterOperator HandbookHandbook��))!http://www.gsmworld.com/documents/index.shtml
!! WiWi--Fi Alliance Fi Alliance ��WPA Deployment Guide for Public AccessWPA Deployment Guide for Public Access��!http://www.wi-fi.org/OpenSection/MediaResources.asp?TID=5
� 20 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
BackupBackupBackup
� 21 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Mutual authentication using multiple
wireless devices
Home
EnterpriseWISP C
Operator A Operator BConsistent sign-on for different
wireless networks
Consolidated bill for wireless usage
Multi-credential support within & across
roaming alliances
Security consistent with Enterprise WLAN
policies
Achieving "Seamless Roaming"Achieving "Seamless Roaming"Achieving "Seamless Roaming"
� 22 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Serve Your Customers Anywhere Serve Your Customers Anywhere Serve Your Customers Anywhere
Internet
Local Hotspot /
Access Network
Home Service Provider
Operator owned
Access Network Network Access Authorization
Access Network Association
� 23 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
The issue at handThe issue at handThe issue at hand!! Fragmentation in the PWLAN ecosystemFragmentation in the PWLAN ecosystem
! Rapid deployment of PWLAN hotspots and equipment! Variety of deployment strategies could result in
fragmented and incompatible implementations! Many choices exist within the standards
! Increases the cost and complexity of supporting global PWLAN roaming between operators
Need to enable safer, simpler, Need to enable safer, simpler, standardsstandards--based methods of network accessbased methods of network access
� 24 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Universal IP Connectivity GoalsUniversal IP Connectivity GoalsUniversal IP Connectivity Goals!! Define common interoperable interfaces or Define common interoperable interfaces or
profiles between network entitiesprofiles between network entities!! Reduce fragmentation by early alignment with Reduce fragmentation by early alignment with
existing and emerging standardsexisting and emerging standards!! Facilitate operator / vendor adoption of the Facilitate operator / vendor adoption of the
interfacesinterfaces!! Better security and roaming enables more Better security and roaming enables more
advanced services advanced services !! Scope: AAA Scope: AAA interworkinginterworking for Universal IP for Universal IP
ConnectivityConnectivity
� 25 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Architectural TenetsArchitectural TenetsArchitectural Tenets!! UsabilityUsability
! Common login process! Simplified client provisioning ! Seamless roaming experience
!! Security Security ! Mutual authentication to protect user & network
! Multiple client credential types, e.g. password, SIM, certificates! Secure tunnels for back-end authentication! Support VPN for remote enterprise access
!! Scalability / ExtensibilityScalability / Extensibility! Accommodate various wireless topologies! Ability to share infrastructure safely! Support advanced services efficiently! Common accounting data
� 26 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Trust Model for WLANTrust Model for WLANTrust Model for WLAN
Mobile Client
Foreign WLAN
Home WLAN
� Foreign WLAN and Home WLAN trust each other to pay Mobile Client charges
� Foreign WLAN and Home WLAN trust each other to bill only for legitimate activity
?
√
� Mobile Client doesn�t trust Foreign WLAN to provide safe service
� Foreign WLAN doesn�t trust Mobile Client to pay its bill
� Mobile Client trusts Home WLAN to provide safe service
� Home WLAN trusts the Mobile Client to pay its bill
√
� 27 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Trust Model: Cellular ≠ Wi-FiTrust Model: Cellular Trust Model: Cellular ≠≠ WiWi--FiFi
A rouge AP is transportable anywhereA rouge AP is transportable anywhereCellular base stations and towers occupy fixed Cellular base stations and towers occupy fixed locationslocations
The number of access point operators is legionThe number of access point operators is legionThere are only a small number of Cellular There are only a small number of Cellular operators worldoperators world--widewide
The IPR on computer hard drives is more The IPR on computer hard drives is more valuable than the WLAN communication itselfvaluable than the WLAN communication itself
Except for special cases, the only thing worth Except for special cases, the only thing worth stealing in a cellular network is service, and there stealing in a cellular network is service, and there are easier ways to accomplish this than are easier ways to accomplish this than cryptanalysiscryptanalysis
Session keys can be transported to (rogue) APs Session keys can be transported to (rogue) APs that are not auditablethat are not auditable
Session keys can only be used within the cellular Session keys can only be used within the cellular network itself, where their use can be auditednetwork itself, where their use can be audited
WiWi--Fi equipment is owned by a mix of carriers, Fi equipment is owned by a mix of carriers, hot spot providers, enterprises, and individuals in hot spot providers, enterprises, and individuals in sites with varying security levelssites with varying security levels
The cellular operator owns all the equipment, in The cellular operator owns all the equipment, in physically secure sitesphysically secure sites
You can deploy and operate a WiYou can deploy and operate a Wi--Fi access point Fi access point for < $100for < $100
Erecting and operating a cellular tower costs Erecting and operating a cellular tower costs significant $$$ssignificant $$$s
Anyone can legally deploy a WiAnyone can legally deploy a Wi--Fi access point Fi access point (unlicensed band)(unlicensed band)
You will be prosecuted if you operate an You will be prosecuted if you operate an unlicensed transmitter in a cellular bandunlicensed transmitter in a cellular band
� 28 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
802.1X Overview802.1X Overview802.1X Overview
� 29 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Need for WLAN SecurityNeed for WLAN SecurityNeed for WLAN Security!! Expect enterprise users to drive most of the early Expect enterprise users to drive most of the early
revenues for public WLAN usagerevenues for public WLAN usage! Improved security solutions will impact deployment
decision for 90% of executives**!! User concernsUser concerns
! Authentication! Can user credentials be stolen?
! Data privacy! Can wireless traffic be decrypted?! Can data be intercepted?
! Network �goodness�! Are users connected to valid networks?
** Source: Jupiter Research, executive surveys, 2003
� 30 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Public Access and VPNsPublic Access and Public Access and VPNsVPNs!! Ability to secure traffic with a VPN connection is Ability to secure traffic with a VPN connection is
��necessary but not sufficientnecessary but not sufficient��! VPNs do not secure the authentication process! Users may not want to connect back to the corporate
network! Users may still connect to the internet if the VPN server
happens to be unreachable
� 31 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Interoperable InterfacesInteroperable InterfacesInteroperable Interfaces!! Interface definition: Interface definition: specification of a set of protocols and specification of a set of protocols and
associated behavior through which two components of a associated behavior through which two components of a network system interactnetwork system interact
!! WellWell--designed interfaces foster both interoperation and designed interfaces foster both interoperation and innovationinnovation! Interfaces should be designed with end-to-end system operation in
mind! Innovation occurs within components and subsystems
!! Interface requirementsInterface requirements! Standards-based! Concrete and testable for conformance verification! Coexistence with legacy solutions, provide migration path
� 32 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Intel/IDA ProgramIntel/IDA ProgramIntel/IDA Program!! Intel and Singapore Intel and Singapore InfocomInfocom Development Authority Development Authority
hosting trials test bed hosting trials test bed !! Operators include Operators include
China MobileChina Mobile, , MobileOneMobileOne, , SingTelSingTel, , StarHubStarHub and and PCCWPCCW
!! Validation test bed Validation test bed vendors include vendors include CISCOCISCO, , Dan NetDan Net, , iPASSiPASS, , MicrosoftMicrosoft, , Funk SoftwareFunk Software, , TransatTransat, , GemtekGemtek SystemsSystems, , HuaweiHuawei TechnologiesTechnologies, , RadiatorRadiator and and ANTLabsANTLabs. .
Intel Quickens Race To Expand Range Of Wireless World
... the chip maker said five Asian telecommunications companies were joining its collaboration ... China Mobile Ltd. in China; MobileOne Ltd., Singapore Telecommunications Ltd.and StarHub Pte. Ltd. in Singapore; and PCCW Ltd. in Hong Kong.
The Asian Wall Street Journal,16 September 2003
* Other names and brands may be claimed as the property of others.
� 33 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
Intel Contributions: Roaming SpecificationsIntel Contributions: Intel Contributions: Roaming SpecificationsRoaming Specifications
!! Industry standards workIndustry standards work! IEEE � .11e chair, .11i editor, 802.21 editor, �! IETF � AAA, EAP! 3GPP � SA2, SA3, CN4 ! 3GPP2 � WLAN Interworking! ETSI � TISPAN
!! Industry Forum workIndustry Forum work! GSMA � WLAN Task Group, e-Commerce, �! WiFi Alliance � board member, Ease of Use chair,
Public Access editor, etc.
� 34 �
© 2005 Intel Corporation
* Third party brands/names are property of their respective owners
DeploymentDeploymentDeployment!! Completed Trials in SingaporeCompleted Trials in Singapore!! Industry influenceIndustry influence
! Wi-Fi Alliance, 3GPP, 3GPP2, IETF RADEXT and GEOPriv WGs, GSMA IREG, ETSI TISPAN
!! IRAP SupportersIRAP Supporters
SingTelRoamPointMicrosoft
iCELL NetworkHuaWeiCisco
T-SystemsThe CloudTelus Mobility
TeliaSoneraTelia HomeRunSwissCom Ltd
MACH DanNetiPassIntel
CETECOMBoingo WirelessAntLabs