Wi-Fi Offload Authentication & Security through EAP based approach - White Paper download
WHITEPAPERWi-Fi OFFLOAD: AUTHENTICATION ANDSECURITY THROUGH EAP-BASED APPROACH www.greenpacket.com
WHITEPAPERAbstractData trafﬁc demand is growing rapidly as operators are struggling toovercome declining margins and rising capital costs in their mobilebroadband strategies. The telecom industry is talking about ofﬂoad as asolution but it can take many forms, leaving many operators unsure ofwhich path to take. The business case for Wi-Fi is evolving, and not just fordata ofﬂoad but also voice and messaging, offering an opportunity for thedeeper integration of Wi-Fi with the operator’s service portfolio.One of the many concerns of Wi-Fi deployment points to the end goal ofintegrating both the existing and Wi-Fi architecture with minimal changes.When mobile devices connect to networks, user and end pointauthentication play critical roles in preventing misuse, abuse and attack.This paper will provide a deep-dive into the ramiﬁcations of Wi-Fiauthentication and security, with the study of carrier class Wi-Fi challengesfaced by operators in terms of scalability and ﬂexibility of the solution, servicequality, terminal readiness and the desired success in Wi-Fi deployments.It marks a reversal of attitude once held by carriers, which undermined theopen design and previously chose to deliver their services through their owntightly controlled networks. By embracing Wi-Fi, they are now seeing theirdata ofﬂoad strategy to pragmatic use on their networks by diverting trafﬁcto this alternative route. Wi-Fi access also gives the carriers new revenuestreams, and draws in consumers who are increasingly searching for localwireless hotspots.
WHITEPAPERContentsOverview 01Converging Multiple Access Technology 03Challenges to Building a Carrier Class Wi-Fi Experience• Security• Authentication• RoamingIntegrating the Mobile Core - Provisioning, Policy Control 06and BillingDelivering the Right Wi-Fi ExperienceGreenpacket Wi-Fi Offloading Solutions 08Smart Data OfﬂoadSeamless Data OfﬂoadDynamic Data OfﬂoadWi-Fi Adoption Intensifies Interest in Offloading 11Conclusion 13Wi-Fi Your Network to More Bandwith! 14References 15
WHITEPAPER Overview - 01OverviewWi-Fi has undoubtedly established itself as a genuine wireless accesstechnology capable of delivering a cellular experience. The business modelfor Wi-Fi has changed from merely a home Internet gateway alternative to anessential part of the operator’s bigger network data strategy. The rise of thesmartphones resulted in consumers needing connectivity and in turn drivingthe need for bigger bandwidth through the Wi-Fi marketplace, as Wi-Fi isrecognized as the de-facto technology for the average smartphone user.According to a Gartner report, the smartphone sales are expected tosurpass 1 billion units by 2015, when they will account for 50% of the totalmobile device market. The smartphone behaviors are markedly differentfrom the previous generation of handsets. It is acknowledged that asdevices become more complex, so does the behavior of the trafﬁc mix.The trafﬁc mix now contains greater consumption of high bandwidthexperience for videos and content, which 3G as a delivery mechanism fallsshort. When spectrum runs short, service degrades sharply; calls getdropped and data speeds slow down. Wi-Fi ofﬂoading is an opportunity foroperators to reduce 3G trafﬁc load and at the same time, overcoming thegrowing pressure from OTT players like Skype and Google to avoidrevenue erosion.Wi-Fi remains very much publicized on the operator’s agenda. There isclear desire to integrate the technology more closely with cellular, both interms of ease of use through network discovery, authentication and log-on,and at the core-network level. Despite these challenges, the adoption ofWi-Fi ofﬂoading will not decelerate as the next generation connectivity inLTE will drive further the end user’s need for high performance wirelessconnectivity; Wi-Fi will be more relevant in the 4G era than it was for 3G.Moreover, the growth in cloud-based services will only further drive andunlock the potential of the “big data”.
WHITEPAPER Overview - 02Several Tier 1 operators are already embracing the Wi-Fi in large scaledeployments in the likes of China Mobile and KDDI in Japan to ofﬂoad peakdata trafﬁc from cellular networks and support the delivery of new contentand value-added services. The standardization bodies of WirelessBroadband Alliance (WBA) and Wi-Fi-Alliance is encouraging developmentof Wi-Fi standards that addresses the future of Wi-Fi roaming through NextGeneration Hotspot (NGH) and Hotspot 2.0, including ofﬂoad architectures.With standards work improving and gaining greater acceptance throughsuccessful trials, the entire value chain of vendors, device manufacturersand developers will stand to beneﬁt from a larger marketplace.
WHITEPAPER Converging Multiple Access Technology - 03Converging MultipleAccess TechnologyWith the rise of heterogeneous networks (HetNet) becoming the preferredadoption in next generation network, the desire to increase cellular coveragevia Wi-Fi and small cells (including femtocell, picocells, microcells) or anycombination of these methods will continue to provide seamless coverageto approach ubiquity. In order to maintain the integrity of service assurance,operators must exercise due diligence in observing the foundation of asecure network and scrutinize all interconnections to it.Challenges to Building aCarrier Class Wi-Fi ExperienceFrom an operator’s point of view, carrier grade Wi-Fi requires strongsecurity; strong trust through authentication and billing credentials, qualityof service, network discovery and policy control. All of these features aredesirable to ensure the end-user experience is not compromised, as casesof identity theft and fraud on sensitive information can bring damage to theoperators brand and credibility.SecurityAs the number of web-enabled device i.e. likes of smartphones and tabletscontinue to grow, the focus of security is equally important on the device,network as well as the data traversing both secured and unsecured Wi-Finetworks. The emerging trend of universally accessing data, independentfrom the device that is carried, calls for stricter control. The credibility oftunneling data through unsecured WLAN is challenging to enforcerestrictions onto data streams and content when accessing Wi-Fi hotspot.The use of encryption protocols such as AES in WPA2 and IKEv2 isanother way to ensure the data packets are sufﬁciently encrypted over802.1x networks to give the same level of security that is expected of Wi-Fias in cellular.
WHITEPAPER Converging Multiple Access Technology - 04Roaming between networks is complicated such that the roamed networkhas no access to the encryption keys used to authenticate the user. Theemulation of roaming ability through the use of Extensible AuthenticationProtocol (EAP), ideally SIM-based is supported in Wi-Fi devices these days.Other issues pertaining to accounting is unclear and how much operatorsshould charge each other for access.AuthenticationIn the user authentication and device authentication process, it is importantthat the integration of SIM-based authentication is compliant to 3GPP and3GPP2 standards. With the adoption of ﬂat-IP architecture and EPC packetcore, the primary SIM authentication method suggest seamless Wi-Fi accesscan be achieved with minimal infrastructure and core network integration.The placement of intelligent agents on the device can help operatorscombine advanced policy control mechanism to execute Wi-Fi ofﬂoad inmanaged manner to ﬁt the business needs of the operators. EAP-SIM is usedextensively in WLAN as a basis for negotiating solid authentication as mostsmartphones readily supports it. Which variant of the EAP authentication isused for what network is purely dependent on the operators.Implementation of a standards based approach to Wi-Fi network identiﬁcation,authentication and service provisioning is essential to accelerating andpromoting the use of the Wi-Fi among consumers. Making the 3G/4G to Wi-Fihandover seamless to the end-user through EAP-based methods (the morepopular and readily supported EAP-SIM and EAP-AKA) will provide a viabledata-ofﬂoad solution for operators, while standardizing deployment for Wi-Fioperators and device manufacturers. It will also make integration into mobileoperators’ cellular networks far easier and more cost effective.
WHITEPAPER Converging Multiple Access Technology - 05RoamingInter Wi-Fi roaming is one aspect that is still in the early stages ofstandardization towards a harmonized and seamless roaming experience.A large scale deployment of Wi-Fi can complement cellular roaming andbring roaming charges down signiﬁcantly to the end-user. The impact ofWi-Fi ofﬂoad is widening, and the way operators integrate Wi-Fi within theirnetworks is changing. Some operators lacking their own Wi-Fi hotspotinfrastructure and has plans to do so soon, can establish partnerships withWi-Fi access aggregators like Boingo and iPass. Those that already haveWi-Fi ofﬂoad in place and sufﬁcient investments can continue to expand thelocations where they offer Wi-Fi access and extend the network of partnersto provide domestic and international roaming.
WHITEPAPER Integrating the Mobile Core - 06Integrating the Mobile Core -Provisioning, Policy Controland BillingOperators are expected to ramp-up Wi-Fi and deployments despite the factthat the majority of operators still see support for heterogeneous networksas a challenge – and thus, they need to spend some time testing andﬁguring out. Wi-Fi won’t be a rescue for every situation, but they are acritical tool that operators are turning to and will continue to increase innumbers. As a result, support for standards SIM-based authentication isalready readily available in smartphones like iPhone, Blackberry andAndroid to some extent. A uniﬁed authentication and alignment as closelyas possible to the user experience in terms of connectivity, sign-on,charging and billing and most importantly security and privacy will be thestrong focus towards Wi-Fi networks.Delivering the Right Wi-Fi ExperienceThe end-user experience demands for a QoE, while the operators demandsfor a reasonable level of QoS. In the QoE terms, the end-user would expectthe collective experience would be seamless, and always on, regardless ofthe device which it uses to access the network and suffers no deteriorationof service. On the other end, operators must diligently ensure the QoS isadhered to within the optimized network performance in terms of servicespeeds and SLAs promised. Wi-Fi networks are not devoid of shortfalls.However, it can be strategically positioned to address and resolveinterworking, security, authentication methods between networks andcreate additional value wherever the business model ﬁts.
WHITEPAPER Integrating the Mobile Core - 07ConvergenceSimplify the Wi-Fi ofﬂoading experience by ensuring that they can providean enriched experience regardless of the network, device and environment.The end goal of marrying Wi-Fi ofﬂoad together with 3G/4G technology canbring new growth and injecting value to the operators’ businessproposition, be it new Wi-Fi access revenues or richer content delivery.IntegrationAutomatic and network agnostic approach (3G-Wi-Fi) to synchronize usercredentials in the process to integrate multiple elements of subscriberprovisioning, device and subscriber authentication that is integrated to theoperator’s core network (authenticated through 3GPP compliant AAA) andcoupled to the policy infrastructure; push proﬁle, updates over the air, policycontrol management to add intelligence on ofﬂoad decisions.Regulatory ComplianceOperators look for a standardized long term solution that handles datamobility and growth regardless of application and network type. In anenvironment of rising cyber crime, operators need to enforce vigilance overcellular and WLAN networks; assess the aspects of subscriber dataconﬁdentiality & integrity, authentication, access control and attacks whileimplementing integrated Wi-Fi access. The vulnerability of Wi-Fi ofﬂoad isapparent in the case of direct Internet Wi-Fi that is provided over freehotspots (i.e. shopping malls, cafes) as a value-add to the subscriber. Insuch circumstance, operators need to notify the subscriber beforeofﬂoading automatically giving the user a choice. Operator can maintainvisibility and control over Wi-Fi through EAP-based authentication.
WHITEPAPER Greenpacket Wi-Fi Offloading Solutions - 08Greenpacket Wi-FiOfﬂoading SolutionsThe Intouch solution suite is a standards-based approach to deal with Wi-Fiofﬂoading securely. It gives the assurance of secured and managed ofﬂoadmechanism and also the option for a dynamic ofﬂoad mechanism throughpolicy control. These solutions fully support secured EAP-basedauthentication and advanced Wi-Fi security measures.Smart Data OfﬂoadThe Smart Data Ofﬂoad client is designed to run on top of native deviceconnection utility for operators looking for a basic ofﬂoad mechanismwithout major investment and modiﬁcation to the existing networkinfrastructure or ﬁrmware replacement. The objective of the smart client isto make Wi-Fi connections more transparent and increase the attachmentrate to Wi-Fi by turning on/off Wi-Fi radio. The ability to support access –aware and policy preferences of operators’ centralized proﬁling serverallows subscribers to seamlessly move between cellular and Wi-Fi basedon device, end-user behavior and environmental information. The smartclient does not permanently override the preset network connectivitysettings, but only takes precedence by modifying the policy during policyadministration. The policy activation can be triggered over several criteriasuch as device status active, battery levels and signal strength, mobilitydetection as well as location detection and time. The smart data ofﬂoadprovides optimized service levels to customers as well as ensure efﬁcientways for operators to manage their network options.
WHITEPAPER Greenpacket Wi-Fi Offloading Solutions - 09Seamless Data OfﬂoadGreenpacket’s Seamless Data Ofﬂoad is a client-based solution that aimsto deliver a simpliﬁed and cost-effective ofﬂoad method across multipleaccess networks. It is based on the Data Ofﬂoad Platform. The SeamlessData Ofﬂoad client can transparently ofﬂoad 3G - Wi-Fi and continue topush operator services and manage data trafﬁc effectively. Seamless DataOfﬂoad, through Inter-working WLAN (iWLAN) takes trafﬁc from the mobileoperator’s radio access over Wi-Fi by tunneling through the PDG at theoperator’s core network. This ﬁts with mobile operators’ need to monetizeservices through the personalization of services and the application ofpolicy management; something which can’t be said of other Wi-Fi ofﬂoadapproaches in the market today.Figure 1 : Seamless Data Ofﬂoad
WHITEPAPER Greenpacket Wi-Fi Offloading Solutions - 10Dynamic Data OfﬂoadOperators are increasingly looking at using Wi-Fi for ofﬂoad as part of theirmobile broadband strategies. However, it risks losing visibility over trafﬁcpolicies that were conﬁgured for the user once it routes through Wi-Fi.What is lacking is a way for the network to communicate to users(applications and/or websites they are using) a real-time or predictedmeasure of the network’s congestion levels. Greenpacket’s Dynamic DataOfﬂoad client is compliant to the deﬁned 3GPP Access Network Discoveryand Selection Function (ANDSF), to enable dynamic network selection andswitching based on various contextual ability such as cell location, device,peak hours and subscription plan. Operators can also opt to customizethese policies based on application aware policy, device policy, subscriberpolicy and time-based policy to trigger data ofﬂoad.Figure 2 : Dynamic Data Ofﬂoad
WHITEPAPER Wi-Fi Adoption Intensifies Interest in Offloading - 11Wi-Fi Adoption IntensiﬁesInterest in OfﬂoadingWi-Fi deployed in urban or other high trafﬁc locations as an underlay toincrease cellular capacity density is a market differentiator. Ironically, Wi-Fi israted as a source of disruption in the wake of the smartphone surge anddriving data usage wild. The emergence of smartphones was borne out ofthe popularity of Wi-Fi. On the other hand, it is also Wi-Fi that is helpingoperators address the limited bandwidth issues by leveraging on unlicensedspectrum. There still exist obstacles to be overcome before Wi-Fideployments are widespread. Many operator view Wi-Fi or the likes of smallcell topologies such as femtocells, picocells as a complementary solution tocapacity pressure points, rather than a radical new type of network.One observation and consistent theme presented by operators’ collectivefeedback points to the challenge of predicting subscribers’ behavior andmanaging them effectively, in the process of improving the user experienceand shaping services. Operators are also aware and implementingtechnologies that would allow them to actively manage trafﬁc, from thedevice through to the core – streaming video optimization, policymanagement and service enablement in the core through advanced,high-speed platform capabilities.With GSMA recently announcing in Feb 2012, a joint collaboration with theWireless Broadband Alliance aimed at simplifying the process of mobiledevices connecting to Wi-Fi networks; the ease of cross network roamingreceives a boost. The basis of the initiative is primarily focused on SIMadoption to manage and uniquely identify Wi-Fi networks to mobile devicesfor the ultimate cross network roaming experience. It is anticipated,commercial deployments may be as early as 12-18 months.
WHITEPAPER Wi-Fi Adoption Intensifies Interest in Offloading - 12The beneﬁts to consumers would be signiﬁcant, as consumers get Wi-Fiservice mix with their cellular plan. It gives a high level of conﬁdence ofattached Wi-Fi connectivity without searching SSID, input username andpassword at all times. The EAP authentication ensures seamless and securecredential validation and happens automatically. All of that authenticationand connectivity is conﬁgured onto the device without user intervention.The initiative also opens the door for operators to extend the offering of anySIM-based services into an ofﬂoad environment. Mobile operators are keento make the SIM the secure element of mobile payment services, forexample, and this project would allow transactions to be carried out withoutthe need for cellular access. The evolution of legacy voice away from circuitswitched towards ﬂat IP in LTE means it could extend voice implementationsimilar over Wi-Fi as well; allowing operators to offer carrier class voiceservice as well.
WHITEPAPER Conclusion - 13ConclusionThe concept of Wi-Fi is not just based on the premise of ofﬂoad. Otheropportunities arise from the building of a well-planned Wi-Fi access togenerate new revenue streams. Mobile operators must catch-up or risklosing their mark on subscribers demand. In recent years, the rise of OTTproviders like Google, Amazon and Netﬂix has eclipsed market dominanceby delivering a new and exciting user experience to engage the consumers.Operators are now aware of the importance of achieving efﬁciency inintelligent solutions to create closer relationships with their customers.There are opportunities to use Wi-Fi as a customer acquisition tool as wellas a churn reduction tool. Operators’ perceptions of Wi-Fi have changedfrom seeing the technology as a threat that was stealing trafﬁc and revenueto a signiﬁcant opportunity for growing data services usage. The fullintegration of Wi-Fi with mobile networks is critical to an operator’s success.Not just for authentication and data but for all the services the end userscurrently receive on cellular networks as well as those they are likely to in thefuture, including billing, voice, messaging and roaming.A major milestone in the efforts to standardize global data roaming overWi-Fi was announced by the Wireless Broadband Alliance (WBA) on thesuccessful trial of NGH that included AT&T, BT, China Mobile, NTT DoCoMoand so forth in the week leading up to Mobile World Congress 2012 inBarcelona. The initiative was adopted on SIM-based environment as thesecure element to deliver connectivity across networks. One of the keyhighlights central to operators is the strict requirements on making bothdevice and user authentication to ensure integrity and security of thenetwork is not compromised, when incorporating Wi-Fi as part of themobile services strategy.Wi-Fi has transitioned from a useful unlicensed wireless option for ofﬂoadingexcess mobile video trafﬁc to an intelligent, managed network wheresubscribers can roam securely. According to a report by Strategy Analytics,the marketplace will expect to see increasing number of operators embraceWi-Fi as part of their LTE network deployment strategy; and to incorporateit fully into their 3G and 4G trafﬁc calculations and become a fully integratedpart of small cell networking and HetNet design by 2015.
WHITEPAPER Wi-Fi Your Network to More Bandwith - 14Wi-Fi Your Network toMore Bandwith!Simplicity and standards compliant approach is the key to strengthen thesecurity of Wi-Fi ofﬂoading deployment and the fact that most smartphonesare readily equipped with automatic log-in capabilities nowadays with Wi-Fiaccess already conﬁgured. Embark on a journey with Greenpacket todiscover how to protect your network through better Wi-Fi management.With Greenpacket, limitless Wi-Fi solutions abound!Free ConsultationIf you would like a free consultation on how you can leverage Wi-Fiofﬂoading for an improved network performance and experience, feel freeto contact us at email@example.com. Kindly quote thereference code, SWP1211-E when you contact us.
WHITEPAPER References - 15References1. Wi-Fi Hotspots will be Small Cells in Mobile Broadband Networks by 2015 by Sue Rudd and Phil Kendall, Strategy Analytics2. Analysis Mason “The Case for Wi-Fi Ofﬂoad” by Terry Norman3. Wireless Broadband Alliance (WBA) Industry Report 2011, Global Developments in Public Wi-Fi