Table of Contents
Advertisement
HNB Gateway in Wireless Network
3GPP AAA Server Support
X.509 Certificate-based Authentication Support
Authentication and Key Agreement (AKA)
HNB-GW provides Authentication and Key Agreement mechanism for user authentication procedure over the HNB
Access Network. The Authentication and Key Agreement (AKA) mechanism performs authentication and session key
distribution in networks. AKA is a challenge- response based mechanism that uses symmetric cryptography.
The AKA is the procedure that take between the user and network to authenticate themselves towards each other and to
provide other security features such as integrity and confidentiality protection.
In a logical order this follows the following procedure:
1. Authentication: Performs authentication by, identifying the user to the network; and identifying the network to
the user.
2. Key agreement: Performs key agreement by, generating the cipher key; and generating the integrity key.
3. Protection: When the AKA procedure is performed it protects, the integrity of messages; confidentiality of
signalling data; and confidentiality of user data
3GPP AAA Server Support
This interface between the SeGW and AAA Server provides a secure connection carrying authentication, authorization,
and related information. in accordance with the following standards:
3GPP TS 33.320 V9.1.0 (2010-03): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; Security of Home Node B (HNB) / Home evolved Node B (HeNB) (Release 9)
This reference point is located between 3GPP AAA Server/Proxy and HNB-GW. The functionality of this reference
point is to enable following requirements on SeGW:
The SeGW shall be authenticated by the HNB using a SeGW certificate.
The SeGW shall authenticate the HNB based on HNB certificate.
The SeGW authenticates the hosting party of the HNB in cooperation with the AAA server using EAP-AKA.
The SeGW shall allow the HNB access to the core network only after successful completion of all required
authentications.
Any unauthenticated traffic from the HNB shall be filtered out at the SeGW
X.509 Certificate-based Authentication Support
HNB-GW supports X.509 Certificate-based authentication to HNB/UE for a public key infrastructure (PKI) for single
sign-on (SSO) and Privilege Management Infrastructure (PMI). X.509 specifies the standard formats for public key
certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.
Open Access Mode Support
Differentiated Services Code Point (DSCP) marking over IuH interface support in 3G UMTS HNB Access Network is
provided on HNB-GW for traffic quality management in accordance with following standards:
3GPP TS 25.414 V9.0.0 (2009-12): 3rd Generation Partnership Project; Technical Specification Group Radio
Access Network; UTRAN Iu interface data transport and transport signalling (Release 9)
OL-25069-03
Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄
Features and Functionality - Base Software ▀
29
Advertisement
Table of Contents
