1. Field of the Invention
The invention relates to telecommunications. In particular, the invention relates to a novel and improved method and system of utilizing Generic Authentication Architecture for Mobile Internet Protocol key distribution in a packet data network.
2. Description of the Related Art
In recent years mobile packet switched data communication networks have emerged alongside conventional fixed packet switched data communication networks. An example of a packet switched data communication network, or packet data network for short, that allows mobility is known as Wireless Local Area Network (WLAN or Wireless LAN). A Wireless LAN allows a mobile user to connect to a local area network (LAN) through a wireless connection. A standard, IEEE 802.11. specifies the technologies for Wireless LANs.
Mobile telecommunication networks have also started to support transmission of packet switched data or packet data in addition to traditional circuit switched data transmission. An example of a technique allowing packet data transmission for mobile communication networks is General Packet Radio Service (GPRS). GPRS is designed to support e.g. digital mobile telecommunication networks based on the Global System for Mobile Communications (GSM) standard. However, GPRS is not restricted to only GSM networks but supports also for example 3rd Generation Partnership Project (3GPP) based digital mobile telecommunication networks, or 3GPP systems for short.
A current object on the field of telecommunications is to enable interworking between 3GPP systems and Wireless LANs so that e.g. resources and services within a 3GPP system may be accessed by Wireless LAN users and vice versa. As part of this object, service and session continuity needs to be provided, particularly during handover between a Wireless LAN and a 3GPP system. To enable the above service and session continuity, a protocol providing mobility is needed. One such protocol is Mobile Internet Protocol, or Mobile IP for short.
Mobile IP is an extension to Internet Protocol (IP) aimed to provide mobility support for IP. Using Mobile IP allows a terminal device to move from one link to another without changing its IP address (as seen by the layers above IP) and yet be reachable by other terminal devices. Mobile IP is being developed by IETF (Internet Engineering Task Force) and full specifications may be obtained e.g. from http://www.ietf.org.
The following describes briefly terminology related to Mobile IP and relevant to the rest of this document. The term ‘node’ refers to a device that implements IP. A router refers to a node that forwards IP packets not explicitly addressed to itself. A link refers to a communication facility or medium over which nodes can communicate at the Open Systems Interconnection (OSI) link layer. An interface refers to a node's attachment to a link. A subnet prefix refers to a bit string consisting of a number of initial bits of an IP address. A packet refers to an IP packet comprising one or more headers and payload. A header comprises one or more fields. A unit of data used to deliver information related to the protocols used is referred to as a message. Depending on its length a Mobile IP message may be transmitted in one IP packet or it may be divided in parts and the parts may be transmitted in separate IP packets. Furthermore, optional information may be carried in messages by using Extensions.
A Home Address refers to an IP address assigned to a Mobile Node and used as the permanent or semi-permanent address of the Mobile Node. A Home Subnet Prefix refers to the IP subnet prefix corresponding to a Mobile Node's Home Address. A Home Link refers to the link on which a Mobile Node's Home Subnet Prefix is defined. Any link other than a Mobile Node's Home Link is referred to as a Foreign Link. Any IP subnet prefix other than a Mobile Node's Home Subnet Prefix is referred to as a Foreign Subnet Prefix. A Mobile Node refers to a node that can change its point of attachment from one link to another, while still being reachable via its Home Address. Movement refers to a change in a Mobile Node's point of attachment to an IP network such that it is no longer connected to the same link as it was previously. If a Mobile Node is not currently attached to its Home Link, the Mobile Node is said to be ‘away from home’.
A Correspondent Node refers to a peer node with which a Mobile Node is communicating. The Correspondent Node may itself be either mobile or stationary. A Care-of Address refers to an IP address associated with a Mobile Node while visiting a Foreign Link. The subnet prefix of this IP address is thus a Foreign Subnet Prefix. A Mobile Node may have multiple Care-Of Addresses at any given time but only one may be registered at the Home Agent. A Home Agent refers to a router on a Mobile Node's Home Link with which the Mobile Node has registered its current Care-Of Address.
Instead of its Home Address, a Mobile Node may use a Mobile Node Network Access Identifier Extension to identify itself, e.g. in case the Mobile Node is not configured with a Home Address. The Mobile Node Network Access Identifier Extension is an Extension containing a Network Access Identifier (NAI) of the Mobile Node. The Network Access Identifier is a commonly known identifier format, and it is described in more detail in ‘Request for Comments’-document RFC2486 by The Internet Engineering Task Force (IETF).
Registration refers to a process in which a Mobile Node, being away from home, registers its Care-of Address with its Home Agent. Mobile IP Registration provides a flexible mechanism for a Mobile Node to communicate its current reachability information to its Home Agent. In addition to utilizing registration to inform its Home Agent of its current care-of address, a Mobile Node may utilize it to request forwarding services while away from home, to renew a registration due to expire, and to deregister when it returns home. Registration messages exchange information between a Mobile Node and its Home Agent. Registration creates or modifies a Mobility Binding at the Home Agent, associating the Mobile Node's Home Address with its Care-of Address for the specified Lifetime.
The Registration messages comprise a Registration Request-message and a Registration Reply-message. A Mobile Node registers with its Home Agent using the Registration Request-message so that its Home Agent can create or modify a Mobility Binding for that Mobile Node. In response to the Registration Request-message, the Home Agent returns a Registration Reply-message to the Mobile Node. The Registration Reply-message contains the necessary codes to inform the Mobile Node about the status of its Registration Request, along with the lifetime of the Registration granted by the Home Agent.
The term ‘Mobility Security Association’ refers to a collection of security contexts, between a pair of nodes, which may be applied to Mobile IP protocol messages exchanged between them. Each security context indicates an authentication algorithm and mode, a secret (such as a shared key, or an appropriate public/private key pair), and a style of replay protection in use. The term ‘Security Parameter Index’ (SPI) refers to an index which identifies a security context between a pair of nodes among the contexts available in the Mobility Security Association. Thus each Mobile Node and Home Agent needs to support a Mobility Security Association, indexed by their SPI and IP address. In the case of the Mobile Node, the IP address is typically its Home Address. Registration messages between a Mobile Node and its Home Agent are authenticated, typically with an authorization-enabling Extension.
As is obvious from the above description, Mobile IP requires the following subscriber-specific parameters to be provisioned to a Mobile Node: a Mobile Node Network Access Identifier (or a Home Address), a symmetric key which is shared by the Mobile Node and its Home Agent, and a Security Parameter Index identifying a security association of the Mobile Node. In other words, Mobile IP requires a key distribution mechanism.
Therefore, in order to utilize Mobile IP for providing mobility in order to enable the above service and session continuity between 3GPP systems and Wireless LANs, a key distribution mechanism for Mobile IP is needed.
Recently a general authentication and key distribution solution called Generic Authentication Architecture (GAA) has been developed for 3GPP systems. The Generic Authentication Architecture (GAA) includes Generic Bootstrapping Architecture (GBA). By using the GBA part of the Generic Authentication Architecture a shared symmetric key, identified with a Bootstrapping Transaction Identifier (B-TID), can be agreed on between a mobile terminal device and the network based on Universal Subscriber Identity Module (USIM) authentication.
The GBA part of the Generic Authentication Architecture is described in more detail in 3GPP Technical Specification 33.220. However, the following describes briefly terminology related to Generic Authentication Architecture and relevant to the rest of this document.
The term ‘Network Application Function’ refers to an application hosted in a network element. A Bootstrapping Server Function (BSF) is hosted in a network element, typically under the control of a network operator. A Bootstrapping Server Function and a terminal device participate in a Bootstrapping Procedure in which a shared secret is established between the network and the terminal device. Subsequently, the shared secret can be used between Network Application Functions and terminal devices, for example, for authentication purposes. Generic Bootstrapping Architecture may be used between Network Application Functions and terminal devices for authentication purposes, and for securing a communication path between a terminal device and a Network Application Function. The Bootstrapping Transaction Identifier is used to bind a subscriber identity to a corresponding key.
The Bootstrapping Procedure is performed between a Bootstrapping Server Function and a terminal device. In an embodiment of the Bootstrapping Procedure, the terminal device first sends a request comprising a user identity to the Bootstrapping Server Function. In response, the Bootstrapping Server Function retrieves user security settings and an Authentication Vector including a Random challenge (RAND), an Authentication Token (AUTN), an Expected Response (XRES), a Cipher Key (CK), and an Integrity Key (IK) from the network.
Then the Bootstrapping Server Function forwards the Random challenge and Authentication Token to the terminal device. The terminal device checks the Authentication Token to verify that the challenge is from an authorized network. The terminal device also calculates the Cipher Key, the Integrity Key and a Response (RES). As a result, both the terminal device and the Bootstrapping Server Function end up with session keys: the Cipher Key and the Integrity Key. Next, the terminal device sends another request, containing a Digest Authentication and Key Agreement (AKA) response to the Bootstrapping Server Function. The Bootstrapping Server Function authenticates the terminal device by verifying the Digest AKA response.
Next, the Bootstrapping Server Function generates a shared key (Ks) by concatenating the Cipher Key and the Integrity Key. The Bootstrapping Transaction Identifier is also generated, e.g. in Network Access Identifier format by taking a base64 encoded Random challenge value from above and the server name of the Bootstrapping Server Function, i.e. base64encode(RAND)@BSF_servers_domain_name. The Bootstrapping Server Function sends a message, including the Bootstrapping Transaction Identifier and the lifetime of the shared key Ks, to the terminal device to indicate the success of the authentication. The terminal device generates the key Ks by concatenating the Cipher Key and the Integrity Key.
Subsequently, both the terminal device and the Bootstrapping Server Function will use the shared key Ks to derive a Network Application Function-specific key (Ks_NAF) to be used between a Network Application Function and the terminal device, for example, for authentication purposes. The Network Application Function-specific key Ks_NAF may be derived e.g. as Ks_NAF=KDF(Ks, “gba-me”, RAND, IMPI, NAF_Id), in which KDF is a key derivation function, and the key derivation parameters comprise the user's private identity (IMPI), an identification of the Network Application Function (NAF_Id) and a Random challenge (RAND). The NAF_Id comprises a Domain Name Server name of the Network Application Function. The string “gba-me” specifies the purpose for which the KDF is used.
However, even though the above described Generic Authentication Architecture does provide a generic key distribution solution, it cannot be used with Mobile IP as such. This is because, as described above, Mobile IP requires a Mobile Node Network Access Identifier (or a Home Address), a symmetric key shared by a Mobile Node and its Home Agent, and a Security Parameter Index identifying a security association of the Mobile Node to be provisioned to the Mobile Node. Yet, as also described above, at present Generic Authentication Architecture can only be used to provision a key and a Bootstrapping Transaction Identifier.
There are some prior art solutions for providing key distribution for Mobile IP, such as utilization of 3GPP RADIUS protocol, and various device management-related solutions. Yet, use of Generic Authentication Architecture would have significant advantages over prior art solutions. For example, use of Generic Authentication Architecture would allow Universal Subscriber Identity Module (USIM) authentication and Subscriber Identity Module (SIM) authentication for Mobile IP. Furthermore, use of Generic Authentication Architecture would require no changes in the Mobile IP protocol specifications, and little, if any, changes in implementations.
Therefore, the object of the present invention is to alleviate the problems described above and to introduce a mechanism that allows utilizing Generic Authentication Architecture for Mobile Internet Protocol key distribution in a packet data network.