Wireless local area networks (WLANs) are widely used to provide local wireless connectivity and, in particular, wireless access to the Internet. Interworking between. WLANs and public land mobile networks (PLMNs), has also been developed. In 3GPP (Third Generation Partnership Project) interworking features have been specified between 3GPP system and WLANs, these including Access, Authentication and Authorization (AAA) services for the 3GPP-WLAN Interworking System based on 3GPP subscription. Access may be provided to a locally connected IP network, such as the Internet, if allowed by the 3GPP subscription. Further, WLAN user terminals or devices (UE; User Equipment) may be provided with IP bearer capability for an operator's network and packet-switched (PS) services, if allowed by the 3GPP subscription.
An AAA server in the 3GPP network may perform authentication of a 3GPP subscriber accessing the WLAN. 3GPP specification TS 33.234, v. 7.1.0 (2006-06) “Wireless Local Area Network (WLAN) interworking security” describes procedures for arranging WLAN access authorization based on authentication by an AAA server of a 3GPP system.
IETF RFC 4186: “Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)”, H. Haverinen, J. Salowey, January 2006, specifies an authentication protocol for authenticating and session key distribution using a Global System for Mobile Communications (GSM) Subscriber Identity Module (SIM). IETF RFC 4187 “Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)”, J. Arkko, H. Havernen, January 2006, specifies an EAP mechanism for authentication and session key distribution that uses the Authentication and Key Agreement (AKA) mechanism used in 3rd generation mobile networks called Universal Mobile Telecommunications System (UMTS) and CDMA2000. Both of these EAP based mechanisms may be used in a 3GPP WLAN interworking system to authenticate a terminal (supporting such a mechanism) accessing a WLAN.
A legacy IEEE 802.11 authentication mechanism (shared key authentication) working on medium access control MAC layer is not considered very useful. IEEE (802.11i Task Group TGi) has developed enhancements to WLAN security and selected IEEE 802.1X as an authentication framework. The 802.1X is a standard for port-based access control in which EAP messages are used for end-to-end authentication between a WLAN terminal and an Authentication Server (AS), such as a Radius server.
One problem with the current solutions is that many local access networks do not support sophisticated access control mechanisms, such as the IEEE 802.1X.