An increasing number of Global System for Mobile Communications (GSM) operators are recognizing the need for high-speed wireless data services. Such operators have decided to roll out wireless LAN (WLAN) technologies within their service and access portfolios as a complement to existing 2.5G and future third-generation cellular (3G) access and services.
Because proper user authentication has been and will continue to be a key success factor for access to its services, Cisco Systems has embarked on an effort to enable authentication of WLAN subscribers using the existing and well-proven GSM-based user authentication and existing GSM provisioning facilities.
The authentication process is very important to any user transaction. Whereas WLAN early market entry systems have based their authentication process upon username and password, initially using credential entry via a Secure Hypertext Transfer Protocol (HTTPS) Web page, these will evolve toward Extensible Authentication Protocol (EAP [RFC 2284])or 802.1X-based solutions. EAP or 802.1X adoption will facilitate the migration to authentication schemes that support higher-entropy shared secrets and encryption key exchange, for example, comparable to those techniques currently used within the GSM networks.
Recognizing the need to bridge the native WLAN authentication and authorization mechanisms with the existing proven GSM-based authentication and provisioning model, Cisco Systems has introduced the Cisco IP Transfer Point (ITP) Mobile Application Part (MAP) Gateway function. The Cisco ITP MAP Gateway function enables existing GSM service providers to fully integrate 802.11 technology into their existing GSM network using subscriber-identity-mobile (SIM) cards. In this capacity, the Cisco ITP MAP Gateway is part of the Cisco Public WLAN solution architecture.
In addition to the Cisco ITP MAP Gateway functionality for WLAN SIM authentication and authorization, additional MAP-based features such as "SMS routing" are available. Details regarding this product, the ITP Multi-layer Router (MLR), are covered in a separate whitepaper.
The Cisco MAP Gateway merges both WLAN EAP or 802.1X and GSM SIM authentication mechanisms transparently, so that the mobile node performs SIM authentication to the GSM Authentication Center (AUC) through a standard EAP Remote Access Dial-In User Service (RADIUS)-based authentication. The benefit is that the GSM operator, when implementing WLAN hot spots into the network, can keep the same subscriber provisioning, authentication, and service authorization that are already in place for GSM services.
Given that the WLAN client is equipped with a SIM card and the appropriate SIM card reader, the Cisco ITP MAP Gateway establishes a bridge between the RADIUS-based authentication used in WLAN networks and the SIM-based authentication used in GSM networks, in a fully transparent manner as shown in Figure 1:
- From the standpoint of the GSM Home Location Register (HLR), the Cisco ITP behaves just like another node in the Signaling System 7 (SS7) network (typically corresponding to a home public land mobile network [HPLMN]-based Visitor Location Register [VLR], as explained later in this document).
- From the RADIUS server standpoint, the Cisco ITP behaves like another RADIUS server.
The Cisco ITP MAP Gateway merges the WLAN and the GSM authentication together.
As shown in Figure 2, without a MAP gateway solution, the service provider with both WLAN and GSM networks deployed has to keep the two authentication signaling processes totally separated, leading to separate provisioning expenses, and providing a non-homogeneous quality of service throughout the two authentication services. GSM users still authenticate to the MAP SS7-based HLR and AUC, whereas WLAN users (who are likely to be the same as the GSM users, but roaming into a different coverage area) authenticate through a combined mechanism, likely to be 802.1X or EAP and RADIUS based.
WLAN and GSM authentication signaling processes are natively separated.
The introduction of a MAP gateway function in the cellular network (refer to Figure 3) enables the service provider to integrate the WLAN and GSM technologies into the same security mechanism. Benefits are numerous:
- A homogeneous and more secure authenticationThe Cisco ITP MAP Gateway function enables a WLAN authentication based on the SIM card, where the subscriber identity and high entropy secret is stored in a tamper-resistant memory. SIM-based authentication is more robust to hacking than the typical username-and-password authentication used in traditional WLAN networks. SIM authentication has a very low risk of fraud and cloning because it is the most used mechanism for authentication currently in place in cellular networks.
- The reuse of the existing provisioning system already available in the GSM networkBy using a MAP gateway, the operator can take advantage of its existing GSM HLR AUC for service provisioning and authorizing access, and thus reuse the existing process already in place for access to GSM-based services. Without a SIM-based authentication process enabled by the Cisco MAP Gateway, the right of access to WLAN service would necessitate a new and independent process, forcing the operator to implement, provision, and maintain a dedicated databasein addition to the existing HLR and AUC.
The Cisco ITP MAP Gateway enables the operator to merge both WLAN and GSM access security together.
In order to fully understand the function provided by the Cisco ITP MAP Gateway, it is useful to have a clear understanding of the distinct security mechanisms used respectively for WLAN and GSM authentications. Hereafter are described in more details the current authentication features respectively in place in WLAN- and GSM-based networks, and how the MAP gateway allows both features to merge into a common optimal feature set for both WLAN and GSM networks.
IEEE 802.1x is a standard for port-based network access control. It ensures that only authenticated users are allowed access to the network through the WLAN access point. The IEEE 802.1X standard was initially designed to enable authenticated access to IEEE 802 media, including Ethernet, Token Ring, and 802.11 WLANs. The 802.1X standard provides an authentication framework for WLANs, allowing a user to be authenticated by a central authority, for example, a HPLMN. The specific algorithm that is used to determine whether or not a user is authenticated is left open, and multiple options are possible.
Notably, 802.1X supports the EAP, a general protocol for authentication that supports multiple authentication mechanisms. EAP works on Ethernet, Token Ring, or WLANs. In a WLAN with 802.1X, a user (known as the supplicant) requests access to an access point (known as the authenticator).
The authentication server is likely to use the RADIUS protocol between the server and the authentication peer on the access point. In this case, EAP messages are encapsulated using the RADIUS protocol to allow communication between the EAP supplicant and the back-end authentication server.
2. The RADIUS authentication server that performs the actual authentication of the clientThe authentication server validates the identity of the client and notifies the access point whether or not the client is authorized to access WLAN services. Because the access point acts as the proxy, the authentication service is transparent to the client.
3. The access point that controls the physical access to the network based on the authentication status of the clientIt acts as an intermediary (proxy) between the client and the authentication server, requesting identity information from the client, verifying that information with the authentication server, and relaying a response to the client. The access point includes the RADIUS client, which is responsible for encapsulating and decapsulating the EAP frames and interacting with the authentication server.
Combined 802.1x and RADIUS Authentication with EAP.
For WLAN access, a variety of different authentication applications have already been developed and are currently available in the industry. Generally, experts relate the level of security to the nature and the place of storage of the long-term secret key used for authentication between the client and the server. Three kinds of methods are available today:
- The long-term secret key can be an alphanumeric password exchanged between the client and the user. This method is the lowest entropy, meaning it is the most easily attacked, for example, via a dictionary attack.
- The long-term secret key can be a more complex structure, stored in the hard drive of the user's device, whether this device is a PC or a personal digital assistant (PDA), for example. Whatever mechanism is used for actual authentication (EAP or non-EAP), the long-term key is still easily retrievable, because the operating system of the device itself is not tamper proof and allows ways to access information on the hard disk.
- The most secure and robust mechanism consists of keeping the long-term secret key in a closed environment such as a Smartcard. Most banking and commercial organizations are pushing today for the implementation of such mechanisms into their users devices, because this method is tamper resistant and provides application level security. The Smartcard provides a safe place to store valuable information such as private keys, passwords, or personal information such as health maintenance data. It is also a secure place to perform secure processes such as performing a public key or private key encryption.
GSM networks use a Smartcard-based method for user authentication and data encryption. The SIM card is a Smartcard inserted in the user's handset, defining uniquely the user through an identity number named the international mobile subscriber identity (IMSI).
GSM SIM Authentication Architecture.
The GSM authentication is based on a challenge-response mechanism. The authentication algorithm that runs on the SIM is given a 128-bit random number (RAND) as a challenge. The SIM then runs an operator-specific confidential algorithm, A3, which takes the RAND and a secret key Ki stored on the SIM as input (Ki is allocated with IMSI at subscription time), and produces a 32-bit response secret response (SRES). Another algorithm, A8, is used to compute a 64-bit long key Kc with Ki and RAND. The Kc key is originally intended to be used as an encryption key over the air interface.
As described earlier in this document, the Cisco ITP MAP Gateway establishes a bridge between the RADIUS server and the HLR and AUC, such that the user establishes a SIM-like authentication to the GSM HLR and AUC:
High-Level Data Flow for EAP SIM Authentication Through Cisco ITP.
EAP and SIM are different from GSM, in the sense that several RAND challenges are used for generating several 64-bit Kc keys, which are combined to constitute a longer session key required for the specific 802.11 cipher suite.
EAP and SIM also enhance the basic GSM authentication mechanism with network authentication. When GSM authentication was defined, the rogue base transceiver station (BTS) was perceived not to be a security threat. Hence, EAP SIM defines a client challenge of the network, whereby the RAND challenge is accompanied with a message authentication code in order to provide mutual authentication.
In the first step, the client responds to the EAP or SIM or Start request by transmitting a 16-byte (128-bit) random number generated by the supplicant called Nonce. The RADIUS server uses that random number, together with user's IMSI, Ki, and two or three GSM random numbers RAND[n], to calculate the 20-byte Media Access Control (MAC) of the SIM or EAP challenge packet, MAC_RAND, returned to the client in the second step. The challenge packet also includes the two or three random numbers RAND[n] used for generating the session keys. The client first authenticates the challenge (and, therefore, the network) by calculating a MAC_RAND of its own and comparing it to the one sent by the network. If there is a match, the client knows that it is communicating with an authentication server that has connectivity to the user's AUC, implicitly indicating that there is an established trust relationship between the user's HPLMN and the WLAN access point operator.
Then, the client uses RAND[n] and the GSM A3 and A8 algorithms to calculate the matching SRES[i] and Kc[n], respectively. IMSI, Ki, and SRES[n] are used to calculate a new MAC, MAC_SRES, which is returned as the response. The network uses MAC_SRES to authenticate the client; note that SRES[n] is never directly returned over the air, and consequently an eavesdropper is unable to use RAND or SRES pairs to attack the secret key, Ki.
Overall, the Cisco ITP MAP Gateway enables the network to provide the same level of protection as in the GSM and Universal Telecommunications System (UMTS) cellular networks. The data encryption keys Kc[n], that are used in the calculations for MAC_RAND or MAC_SRES, are never sent over the air. Kc[n], as well as IMSI, Nonce and the version information, are used by the network and the client to independently calculate the cipher key, Kc, which will be used for encrypting data on the air link. SRES is not carried over the air either. There is no known way to obtain complete GSM triplets by mounting an attack against EAP or SIM.
Figure 7 provides a closer look to the interfaces between the Cisco ITP MAP Gateway, a RADIUS server, and a traditional time-division multiplexing (TDM)-based SS7 HLR. The Cisco MAP Gateway has successfully interoperated in mobile operator networks with the industry-leading HLR and Signaling Transfer Point (STP) suppliers. Interoperability with the RADIUS Cisco Access Registrar has also been successfully achieved.
Cisco ITP MAP Gateway Interfacing a Cisco RADIUS Server and a Traditional SS7 HLR.
In addition, the Cisco MAP Gateway can also interoperate with nontraditional SS7 end nodes, such as Internet Engineering Task Force (IETF) Sigtran M3UA- and Sigtran SCCP User Adaption (SUA)-based HLRs. Sigtran is an IETF-based standard for SS7-over-IP (SS7oIP) applications, such as those designed for UMTS networks.
- Traditional SS7 protocol links over ITU or ANSI message transfer part 1, part 2, and part 3.
- High-speed ATM-based links over ATM Adaption Layer 5 (AAL5), Service Specific Connection Oriented Protocol (SCCOP), and Service Specific Coordination Function (SSCF) Node-to-Network Interface (NNI) protocols
- IETF Sigtran M2PA Peer-to-Peer Protocol for MTP3 over IP
- IETF Sigtran Client Server M3UA for SCCP over IP and SUA for MAP over IP protocols, for IP native SS7 HLR applications
Cisco ITP MAP Gateway Protocol Stack.
The Cisco solution complies with SIM EAP, which specifies an EAP mechanism for authentication and session key distribution using the GSM SIM. SIM EAP is on its way to becoming a full standard in IETF.
When an authentication request is sent to the RADIUS server, the RADIUS server forwards the authentication request to the Cisco ITP. The Cisco ITP sends a MAP Send-Authentication_Info request to the AUC to retrieve authentication triplets, and then returns those triplets embedded with the authentication response to the RADIUS server. The RADIUS server then performs a standard authentication response to the client.
Allowed services are usually in the subscriber profile in the HLR. However, most HLRs do not have dedicated fields for WLAN service yet, because it was not part of the European Telecommunication Standards Institute (ETSI) recommendations. Standard bodies are currently working on implementing this feature, but meanwhile, WLAN can use some services fields that are little used. The two types of fields supported by the Cisco ITP are the bearer service (BS) and the teleservice (TS). Any BS or TS existing service in the HLR subscriber profile can be used, and is configurable (though operators are generally going with BS 31).
Data Flow Overview for Authentication and Authorization Process.
Table 1 Cisco IP Transfer Point Features
The actual topology is ultimately the choice of the network designer, and it depends highly on the network specifics. However, hereafter are discussed some examples of Cisco ITP-based topologies that enhance redundancy and cost savings by centralizing or decentralizing the Cisco ITP function:
- A decentralized topology means that the Cisco ITP MAP Gateway node resides next to the RADIUS server (collocated in the same data center) in each region. In that case, there are as many MAP gateway nodes as there are local RADIUS servers. All MAP gateways have an SS7 connection with the central HLR or AUC.
- In a centralized architecture, however, the MAP gateway node is unique and typically collocated with the HLR or AUC. It establishes several RADIUS connections with the local RADIUS servers. The long-distance links are IP based, a setup that can, depending on the topology, can take advantage of the existing IP network in place and save some transmission costs. Note that IP Security (IPSec) can be used on the IP links between the Cisco ITP and RADIUS server to protect the sensitive signaling traffic.
- Finally, another type of topology consists of taking advantage of the Sigtran IP-based M2PA backhaul capability of the Cisco ITP, by having both remote MAP gateways in each local data center and a centralized MAP gateway collocated with the HLR cluster. The central MAP gateway communicates with remote MAP gateways via an IETF standardized SS7oIP peer-to-peer protocol named Sigtran M2PA.
The Cisco ITP MAP Gateway products are built on the proven Cisco 7500 or Cisco 7200VXR Series Router hardware platforms. Both Cisco 7500 and 7200VXR Series routers are widely deployed in industry segments that require high reliability and availabilitytelecommunications, health care, banking, brokerage, aviation, and military installations. The Cisco Customer Advocacy organization monitors mean time between failure (MTBF) and mean time to repair (MTTR) for Cisco 7500 series hardware and software. From customer results, single Cisco IP Transfer Point availability can achieve "six nines" or 99.9999 percent availability with a calculated downtime of approximately one second per year.
The fully redundant Cisco ITP platform allows switchover mechanisms in case of link, port adapter, or central processor failure, so that the time of unavailability of service remains minimal. If traffic is interrupted during the time of the switchover, packets are lost, triggering resending by the RADIUS server. Upon reestablishment of the link, the packets from the HLR and the RADIUS server are processed again by the MAP gateway.
Finally, the architecture itself can also be redundant and involve several ITPs for load sharing and backup purposes. In particular, the Cisco Access Registrar allows the definition of multiple ITP MAP gateways. Therefore, in case of the failure of a MAP gateway, the traffic can be redirected to the backup ITP. The Cisco RADIUS Server can also be configured to round robin across the ITPs.
The Cisco ITP network management solution combines the Cisco Signaling Gateway Manager (SGM) with existing Cisco and third-party IP network management products. Cisco SGM, along with CiscoWorks, CiscoView, and ecosystem partner products such as Agilent acceSS7 and HP OpenView, can provide end-to-end management suites for the Cisco ITP SS7 networkenabling network administrators to discover, manage, and troubleshoot Cisco ITP networks. In conjunction with leading management vendors of off-the-shelf SS7 network management applications for end-to-end call trace, packet analysis, and long-term trending and analysis, this management solution enables quick integration with existing SS7 network management applications.
Cisco SGM is a software application that enables network administrators to manage the SS7oIP layer of Cisco ITP networks. Cisco SGM is a client /server architecture which supports Windows, Solaris, and Web-based clients Figure 10 illustrates the Cisco SGM topological display of a SS7oIP network.
Cisco SGM Topology Display
By implementing the Cisco ITP MAP Gateway function into their network, mobile service providers will be able to achieve a smooth integration of WLAN technology into their existing GSM architectures, ensuring a high and homogeneous level of security and service access authorization. Various centralized or decentralized options allow a flexible implementation of the Cisco ITP MAP Gateway, whereas the support of a variety of ITU, ANSI, and IETF SS7overIP standards enable the Cisco ITP to interface the GSM operator's HLR in various ways.
Offered on both the Cisco 7200VXR Series and Cisco 7500 Series platforms, the Cisco ITP MAP Gateway offers much flexibility in choosing the link density, performance, and redundancy characteristics required for a given deployment. Deployed on the Cisco 7500 Series, the high processing capacity of the Cisco ITP MAP Gateway enables the network and the traffic to scale on the same platform. The Cisco ITP MAP Gateway opens the door today to new technology deployments for cellular operators.