Wi-Fi Offload Authentication & Security through EAP based approach - White Paper download
Upcoming SlideShare
Loading in...5
×
 

Wi-Fi Offload Authentication & Security through EAP based approach - White Paper download

on

  • 4,389 views

This paper will provide a deep dive into the ramifications of Wi-Fi authentication and security, with the study of carrier class Wi-Fi

This paper will provide a deep dive into the ramifications of Wi-Fi authentication and security, with the study of carrier class Wi-Fi

Statistics

Views

Total Views
4,389
Views on SlideShare
1,805
Embed Views
2,584

Actions

Likes
0
Downloads
84
Comments
0

7 Embeds 2,584

http://www.attackprevention.com 2535
http://thisninja 29
http://infodish 10
http://translate.googleusercontent.com 5
http://a030bba359890263 3
http://webcache.googleusercontent.com 1
http://www.docseek.net 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

 Wi-Fi Offload Authentication & Security through EAP based approach - White Paper download Wi-Fi Offload Authentication & Security through EAP based approach - White Paper download Document Transcript

  • WHITEPAPERWi-Fi OFFLOAD: AUTHENTICATION ANDSECURITY THROUGH EAP-BASED APPROACH www.greenpacket.com
  • WHITEPAPERAbstractData traffic demand is growing rapidly as operators are struggling toovercome declining margins and rising capital costs in their mobilebroadband strategies. The telecom industry is talking about offload as asolution but it can take many forms, leaving many operators unsure ofwhich path to take. The business case for Wi-Fi is evolving, and not just fordata offload but also voice and messaging, offering an opportunity for thedeeper integration of Wi-Fi with the operator’s service portfolio.One of the many concerns of Wi-Fi deployment points to the end goal ofintegrating both the existing and Wi-Fi architecture with minimal changes.When mobile devices connect to networks, user and end pointauthentication play critical roles in preventing misuse, abuse and attack.This paper will provide a deep-dive into the ramifications of Wi-Fiauthentication and security, with the study of carrier class Wi-Fi challengesfaced by operators in terms of scalability and flexibility of the solution, servicequality, terminal readiness and the desired success in Wi-Fi deployments.It marks a reversal of attitude once held by carriers, which undermined theopen design and previously chose to deliver their services through their owntightly controlled networks. By embracing Wi-Fi, they are now seeing theirdata offload strategy to pragmatic use on their networks by diverting trafficto this alternative route. Wi-Fi access also gives the carriers new revenuestreams, and draws in consumers who are increasingly searching for localwireless hotspots.
  • WHITEPAPERContentsOverview 01Converging Multiple Access Technology 03Challenges to Building a Carrier Class Wi-Fi Experience• Security• Authentication• RoamingIntegrating the Mobile Core - Provisioning, Policy Control 06and BillingDelivering the Right Wi-Fi ExperienceGreenpacket Wi-Fi Offloading Solutions 08Smart Data OffloadSeamless Data OffloadDynamic Data OffloadWi-Fi Adoption Intensifies Interest in Offloading 11Conclusion 13Wi-Fi Your Network to More Bandwith! 14References 15
  • WHITEPAPER Overview - 01OverviewWi-Fi has undoubtedly established itself as a genuine wireless accesstechnology capable of delivering a cellular experience. The business modelfor Wi-Fi has changed from merely a home Internet gateway alternative to anessential part of the operator’s bigger network data strategy. The rise of thesmartphones resulted in consumers needing connectivity and in turn drivingthe need for bigger bandwidth through the Wi-Fi marketplace, as Wi-Fi isrecognized as the de-facto technology for the average smartphone user.According to a Gartner report, the smartphone sales are expected tosurpass 1 billion units by 2015, when they will account for 50% of the totalmobile device market. The smartphone behaviors are markedly differentfrom the previous generation of handsets. It is acknowledged that asdevices become more complex, so does the behavior of the traffic mix.The traffic mix now contains greater consumption of high bandwidthexperience for videos and content, which 3G as a delivery mechanism fallsshort. When spectrum runs short, service degrades sharply; calls getdropped and data speeds slow down. Wi-Fi offloading is an opportunity foroperators to reduce 3G traffic load and at the same time, overcoming thegrowing pressure from OTT players like Skype and Google to avoidrevenue erosion.Wi-Fi remains very much publicized on the operator’s agenda. There isclear desire to integrate the technology more closely with cellular, both interms of ease of use through network discovery, authentication and log-on,and at the core-network level. Despite these challenges, the adoption ofWi-Fi offloading will not decelerate as the next generation connectivity inLTE will drive further the end user’s need for high performance wirelessconnectivity; Wi-Fi will be more relevant in the 4G era than it was for 3G.Moreover, the growth in cloud-based services will only further drive andunlock the potential of the “big data”.
  • WHITEPAPER Overview - 02Several Tier 1 operators are already embracing the Wi-Fi in large scaledeployments in the likes of China Mobile and KDDI in Japan to offload peakdata traffic from cellular networks and support the delivery of new contentand value-added services. The standardization bodies of WirelessBroadband Alliance (WBA) and Wi-Fi-Alliance is encouraging developmentof Wi-Fi standards that addresses the future of Wi-Fi roaming through NextGeneration Hotspot (NGH) and Hotspot 2.0, including offload architectures.With standards work improving and gaining greater acceptance throughsuccessful trials, the entire value chain of vendors, device manufacturersand developers will stand to benefit from a larger marketplace.
  • WHITEPAPER Converging Multiple Access Technology - 03Converging MultipleAccess TechnologyWith the rise of heterogeneous networks (HetNet) becoming the preferredadoption in next generation network, the desire to increase cellular coveragevia Wi-Fi and small cells (including femtocell, picocells, microcells) or anycombination of these methods will continue to provide seamless coverageto approach ubiquity. In order to maintain the integrity of service assurance,operators must exercise due diligence in observing the foundation of asecure network and scrutinize all interconnections to it.Challenges to Building aCarrier Class Wi-Fi ExperienceFrom an operator’s point of view, carrier grade Wi-Fi requires strongsecurity; strong trust through authentication and billing credentials, qualityof service, network discovery and policy control. All of these features aredesirable to ensure the end-user experience is not compromised, as casesof identity theft and fraud on sensitive information can bring damage to theoperators brand and credibility.SecurityAs the number of web-enabled device i.e. likes of smartphones and tabletscontinue to grow, the focus of security is equally important on the device,network as well as the data traversing both secured and unsecured Wi-Finetworks. The emerging trend of universally accessing data, independentfrom the device that is carried, calls for stricter control. The credibility oftunneling data through unsecured WLAN is challenging to enforcerestrictions onto data streams and content when accessing Wi-Fi hotspot.The use of encryption protocols such as AES in WPA2 and IKEv2 isanother way to ensure the data packets are sufficiently encrypted over802.1x networks to give the same level of security that is expected of Wi-Fias in cellular.
  • WHITEPAPER Converging Multiple Access Technology - 04Roaming between networks is complicated such that the roamed networkhas no access to the encryption keys used to authenticate the user. Theemulation of roaming ability through the use of Extensible AuthenticationProtocol (EAP), ideally SIM-based is supported in Wi-Fi devices these days.Other issues pertaining to accounting is unclear and how much operatorsshould charge each other for access.AuthenticationIn the user authentication and device authentication process, it is importantthat the integration of SIM-based authentication is compliant to 3GPP and3GPP2 standards. With the adoption of flat-IP architecture and EPC packetcore, the primary SIM authentication method suggest seamless Wi-Fi accesscan be achieved with minimal infrastructure and core network integration.The placement of intelligent agents on the device can help operatorscombine advanced policy control mechanism to execute Wi-Fi offload inmanaged manner to fit the business needs of the operators. EAP-SIM is usedextensively in WLAN as a basis for negotiating solid authentication as mostsmartphones readily supports it. Which variant of the EAP authentication isused for what network is purely dependent on the operators.Implementation of a standards based approach to Wi-Fi network identification,authentication and service provisioning is essential to accelerating andpromoting the use of the Wi-Fi among consumers. Making the 3G/4G to Wi-Fihandover seamless to the end-user through EAP-based methods (the morepopular and readily supported EAP-SIM and EAP-AKA) will provide a viabledata-offload solution for operators, while standardizing deployment for Wi-Fioperators and device manufacturers. It will also make integration into mobileoperators’ cellular networks far easier and more cost effective.
  • WHITEPAPER Converging Multiple Access Technology - 05RoamingInter Wi-Fi roaming is one aspect that is still in the early stages ofstandardization towards a harmonized and seamless roaming experience.A large scale deployment of Wi-Fi can complement cellular roaming andbring roaming charges down significantly to the end-user. The impact ofWi-Fi offload is widening, and the way operators integrate Wi-Fi within theirnetworks is changing. Some operators lacking their own Wi-Fi hotspotinfrastructure and has plans to do so soon, can establish partnerships withWi-Fi access aggregators like Boingo and iPass. Those that already haveWi-Fi offload in place and sufficient investments can continue to expand thelocations where they offer Wi-Fi access and extend the network of partnersto provide domestic and international roaming.
  • WHITEPAPER Integrating the Mobile Core - 06Integrating the Mobile Core -Provisioning, Policy Controland BillingOperators are expected to ramp-up Wi-Fi and deployments despite the factthat the majority of operators still see support for heterogeneous networksas a challenge – and thus, they need to spend some time testing andfiguring out. Wi-Fi won’t be a rescue for every situation, but they are acritical tool that operators are turning to and will continue to increase innumbers. As a result, support for standards SIM-based authentication isalready readily available in smartphones like iPhone, Blackberry andAndroid to some extent. A unified authentication and alignment as closelyas possible to the user experience in terms of connectivity, sign-on,charging and billing and most importantly security and privacy will be thestrong focus towards Wi-Fi networks.Delivering the Right Wi-Fi ExperienceThe end-user experience demands for a QoE, while the operators demandsfor a reasonable level of QoS. In the QoE terms, the end-user would expectthe collective experience would be seamless, and always on, regardless ofthe device which it uses to access the network and suffers no deteriorationof service. On the other end, operators must diligently ensure the QoS isadhered to within the optimized network performance in terms of servicespeeds and SLAs promised. Wi-Fi networks are not devoid of shortfalls.However, it can be strategically positioned to address and resolveinterworking, security, authentication methods between networks andcreate additional value wherever the business model fits.
  • WHITEPAPER Integrating the Mobile Core - 07ConvergenceSimplify the Wi-Fi offloading experience by ensuring that they can providean enriched experience regardless of the network, device and environment.The end goal of marrying Wi-Fi offload together with 3G/4G technology canbring new growth and injecting value to the operators’ businessproposition, be it new Wi-Fi access revenues or richer content delivery.IntegrationAutomatic and network agnostic approach (3G-Wi-Fi) to synchronize usercredentials in the process to integrate multiple elements of subscriberprovisioning, device and subscriber authentication that is integrated to theoperator’s core network (authenticated through 3GPP compliant AAA) andcoupled to the policy infrastructure; push profile, updates over the air, policycontrol management to add intelligence on offload decisions.Regulatory ComplianceOperators look for a standardized long term solution that handles datamobility and growth regardless of application and network type. In anenvironment of rising cyber crime, operators need to enforce vigilance overcellular and WLAN networks; assess the aspects of subscriber dataconfidentiality & integrity, authentication, access control and attacks whileimplementing integrated Wi-Fi access. The vulnerability of Wi-Fi offload isapparent in the case of direct Internet Wi-Fi that is provided over freehotspots (i.e. shopping malls, cafes) as a value-add to the subscriber. Insuch circumstance, operators need to notify the subscriber beforeoffloading automatically giving the user a choice. Operator can maintainvisibility and control over Wi-Fi through EAP-based authentication.
  • WHITEPAPER Greenpacket Wi-Fi Offloading Solutions - 08Greenpacket Wi-FiOffloading SolutionsThe Intouch solution suite is a standards-based approach to deal with Wi-Fioffloading securely. It gives the assurance of secured and managed offloadmechanism and also the option for a dynamic offload mechanism throughpolicy control. These solutions fully support secured EAP-basedauthentication and advanced Wi-Fi security measures.Smart Data OffloadThe Smart Data Offload client is designed to run on top of native deviceconnection utility for operators looking for a basic offload mechanismwithout major investment and modification to the existing networkinfrastructure or firmware replacement. The objective of the smart client isto make Wi-Fi connections more transparent and increase the attachmentrate to Wi-Fi by turning on/off Wi-Fi radio. The ability to support access –aware and policy preferences of operators’ centralized profiling serverallows subscribers to seamlessly move between cellular and Wi-Fi basedon device, end-user behavior and environmental information. The smartclient does not permanently override the preset network connectivitysettings, but only takes precedence by modifying the policy during policyadministration. The policy activation can be triggered over several criteriasuch as device status active, battery levels and signal strength, mobilitydetection as well as location detection and time. The smart data offloadprovides optimized service levels to customers as well as ensure efficientways for operators to manage their network options.
  • WHITEPAPER Greenpacket Wi-Fi Offloading Solutions - 09Seamless Data OffloadGreenpacket’s Seamless Data Offload is a client-based solution that aimsto deliver a simplified and cost-effective offload method across multipleaccess networks. It is based on the Data Offload Platform. The SeamlessData Offload client can transparently offload 3G - Wi-Fi and continue topush operator services and manage data traffic effectively. Seamless DataOffload, through Inter-working WLAN (iWLAN) takes traffic from the mobileoperator’s radio access over Wi-Fi by tunneling through the PDG at theoperator’s core network. This fits with mobile operators’ need to monetizeservices through the personalization of services and the application ofpolicy management; something which can’t be said of other Wi-Fi offloadapproaches in the market today.Figure 1 : Seamless Data Offload
  • WHITEPAPER Greenpacket Wi-Fi Offloading Solutions - 10Dynamic Data OffloadOperators are increasingly looking at using Wi-Fi for offload as part of theirmobile broadband strategies. However, it risks losing visibility over trafficpolicies that were configured for the user once it routes through Wi-Fi.What is lacking is a way for the network to communicate to users(applications and/or websites they are using) a real-time or predictedmeasure of the network’s congestion levels. Greenpacket’s Dynamic DataOffload client is compliant to the defined 3GPP Access Network Discoveryand Selection Function (ANDSF), to enable dynamic network selection andswitching based on various contextual ability such as cell location, device,peak hours and subscription plan. Operators can also opt to customizethese policies based on application aware policy, device policy, subscriberpolicy and time-based policy to trigger data offload.Figure 2 : Dynamic Data Offload
  • WHITEPAPER Wi-Fi Adoption Intensifies Interest in Offloading - 11Wi-Fi Adoption IntensifiesInterest in OffloadingWi-Fi deployed in urban or other high traffic locations as an underlay toincrease cellular capacity density is a market differentiator. Ironically, Wi-Fi israted as a source of disruption in the wake of the smartphone surge anddriving data usage wild. The emergence of smartphones was borne out ofthe popularity of Wi-Fi. On the other hand, it is also Wi-Fi that is helpingoperators address the limited bandwidth issues by leveraging on unlicensedspectrum. There still exist obstacles to be overcome before Wi-Fideployments are widespread. Many operator view Wi-Fi or the likes of smallcell topologies such as femtocells, picocells as a complementary solution tocapacity pressure points, rather than a radical new type of network.One observation and consistent theme presented by operators’ collectivefeedback points to the challenge of predicting subscribers’ behavior andmanaging them effectively, in the process of improving the user experienceand shaping services. Operators are also aware and implementingtechnologies that would allow them to actively manage traffic, from thedevice through to the core – streaming video optimization, policymanagement and service enablement in the core through advanced,high-speed platform capabilities.With GSMA recently announcing in Feb 2012, a joint collaboration with theWireless Broadband Alliance aimed at simplifying the process of mobiledevices connecting to Wi-Fi networks; the ease of cross network roamingreceives a boost. The basis of the initiative is primarily focused on SIMadoption to manage and uniquely identify Wi-Fi networks to mobile devicesfor the ultimate cross network roaming experience. It is anticipated,commercial deployments may be as early as 12-18 months.
  • WHITEPAPER Wi-Fi Adoption Intensifies Interest in Offloading - 12The benefits to consumers would be significant, as consumers get Wi-Fiservice mix with their cellular plan. It gives a high level of confidence ofattached Wi-Fi connectivity without searching SSID, input username andpassword at all times. The EAP authentication ensures seamless and securecredential validation and happens automatically. All of that authenticationand connectivity is configured onto the device without user intervention.The initiative also opens the door for operators to extend the offering of anySIM-based services into an offload environment. Mobile operators are keento make the SIM the secure element of mobile payment services, forexample, and this project would allow transactions to be carried out withoutthe need for cellular access. The evolution of legacy voice away from circuitswitched towards flat IP in LTE means it could extend voice implementationsimilar over Wi-Fi as well; allowing operators to offer carrier class voiceservice as well.
  • WHITEPAPER Conclusion - 13ConclusionThe concept of Wi-Fi is not just based on the premise of offload. Otheropportunities arise from the building of a well-planned Wi-Fi access togenerate new revenue streams. Mobile operators must catch-up or risklosing their mark on subscribers demand. In recent years, the rise of OTTproviders like Google, Amazon and Netflix has eclipsed market dominanceby delivering a new and exciting user experience to engage the consumers.Operators are now aware of the importance of achieving efficiency inintelligent solutions to create closer relationships with their customers.There are opportunities to use Wi-Fi as a customer acquisition tool as wellas a churn reduction tool. Operators’ perceptions of Wi-Fi have changedfrom seeing the technology as a threat that was stealing traffic and revenueto a significant opportunity for growing data services usage. The fullintegration of Wi-Fi with mobile networks is critical to an operator’s success.Not just for authentication and data but for all the services the end userscurrently receive on cellular networks as well as those they are likely to in thefuture, including billing, voice, messaging and roaming.A major milestone in the efforts to standardize global data roaming overWi-Fi was announced by the Wireless Broadband Alliance (WBA) on thesuccessful trial of NGH that included AT&T, BT, China Mobile, NTT DoCoMoand so forth in the week leading up to Mobile World Congress 2012 inBarcelona. The initiative was adopted on SIM-based environment as thesecure element to deliver connectivity across networks. One of the keyhighlights central to operators is the strict requirements on making bothdevice and user authentication to ensure integrity and security of thenetwork is not compromised, when incorporating Wi-Fi as part of themobile services strategy.Wi-Fi has transitioned from a useful unlicensed wireless option for offloadingexcess mobile video traffic to an intelligent, managed network wheresubscribers can roam securely. According to a report by Strategy Analytics,the marketplace will expect to see increasing number of operators embraceWi-Fi as part of their LTE network deployment strategy; and to incorporateit fully into their 3G and 4G traffic calculations and become a fully integratedpart of small cell networking and HetNet design by 2015.
  • WHITEPAPER Wi-Fi Your Network to More Bandwith - 14Wi-Fi Your Network toMore Bandwith!Simplicity and standards compliant approach is the key to strengthen thesecurity of Wi-Fi offloading deployment and the fact that most smartphonesare readily equipped with automatic log-in capabilities nowadays with Wi-Fiaccess already configured. Embark on a journey with Greenpacket todiscover how to protect your network through better Wi-Fi management.With Greenpacket, limitless Wi-Fi solutions abound!Free ConsultationIf you would like a free consultation on how you can leverage Wi-Fioffloading for an improved network performance and experience, feel freeto contact us at marketing.gp@greenpacket.com. Kindly quote thereference code, SWP1211-E when you contact us.
  • WHITEPAPER References - 15References1. Wi-Fi Hotspots will be Small Cells in Mobile Broadband Networks by 2015 by Sue Rudd and Phil Kendall, Strategy Analytics2. Analysis Mason “The Case for Wi-Fi Offload” by Terry Norman3. Wireless Broadband Alliance (WBA) Industry Report 2011, Global Developments in Public Wi-Fi
  • For more information on Greenpacket’s products and solutions, Associateplease contact us at marketing.gp@greenpacket.com MemberSan Francisco · Kuala Lumpur · Singapore · Shanghai · Taiwan · Sydney · Bahrain · Bangkok · Hong Kong ©Copyright 2001-2012 Green Packet Berhad. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language, in anyform by any means, without the written permission of Green Packet Berhad. Green Packet Berhad reserves the right to modify or discontinue any product or piece of literature at anytime without prior notice.