In a typical cellular network, also referred to as a wireless communication system, User Equipment's (UEs), communicate via a Radio Access Network (RAN) to one or more Core Networks (CNs).
A user equipment is a device which may access services offered by an operator's core network and services outside the operator's network to which the operator's radio access network and core network provide access. The user equipment's may be for example communication devices such as mobile telephones, cellular telephones, smart phones, tablet computers or laptops with wireless capability. The user equipment's may be portable, pocket-storable, hand-held, computer-comprised, or vehicle-mounted mobile devices, enabled to communicate voice and/or data, via the radio access network, with another entity, such as another mobile station or a server. The user equipment will be referred to as UE in some of the figures.
User equipment's are enabled to communicate wirelessly in the cellular network. The communication may be performed e.g. between two user equipment's, between a user equipment and a regular telephone and/or between the user equipment and a server via the radio access network and possibly one or more core networks, comprised within the cellular network.
The radio access network covers a geographical area which is divided into cell areas, with each cell area being served by a base station. The base station is also called Radio Base Station (RBS), evolved NodeB (eNB), NodeB, B node or base station in some radio access networks. A user equipment may be present in the cell and served by the base station. A cell is a geographical area where radio coverage is provided by the radio base station at a base station site. Each cell is identified by an identity within the local radio area, which is broadcast in the cell. The base stations communicate over the air interface operating on radio frequencies with the user equipment's within range of the base stations. The cell may have different size and coverage and some types of cells are femtocells, picocells, metrocells and microcells—broadly increasing in size from femtocells (the smallest) to microcells (the largest). A femtocell is a small cellular base station, typically designed for use in a home or small business which provides improved cellular coverage, capacity and applications. Using third Generation Partnership Project (3GPP) terminology, a Home eNodeB (HeNB) is a Long Term Evolution (LTE) femtocell and a Home Node B (HNB) is a Third Generation (3G) femto cell. In the following, even though the term HeNB is used, the description is equally applicable to a HNB.
The 3GPP and the BroadBand Forum (BBF) are the standardization organizations for mobile and fixed networks respectively. There is an ongoing joint work item on Fixed Mobile Convergence (FMC) between these two organizations. FMC is a change in telecommunications that finally will remove the differences between fixed and mobile networks, creating seamless services using a combination of fixed broadband and local access wireless technologies to meet the customer's needs. The goal of FMC is to optimize transmission of all data, voice and video communications to and among end users, no matter what their locations or devices, i.e. a single device may connect through and be switched between wired and wireless networks. Femtocells are one alternative way to deliver the benefits of FMC.
With the femto case, the HeNB may be located behind a Network Address Translator (NAT). In this case, in order to provide Quality of Service (QoS) on the femto traffic, the NAT public Internet Protocol version 4 (IPv4) address and source User Datagram Protocol (UDP) port number shall be provided to the PCRF. NAT can be described as a process of modifying IP address information in IPv4 headers while in transit across a traffic routing device. NAT allows an IP network to maintain public IP addresses separately from private IP addresses. The PCRF is the node in a network which is responsible for the policy rules in the network.
An IP address may be public or private. A public IP address is a globally unique number that identifies a device on the Internet. A private IP address is typically assigned to devices on a Local Area Network (LAN) and is not used outside the LAN. A private IP address is typically used with a router. When using NAT, it is possible to have private IP addresses on the local network and to use a single public IP address to be used by the devices on the local network when they access the internet. The UDP is a protocol which enables applications to send messages, i.e. datagrams, to other hosts on an IP network without the need to setup a special transmission channels first. The UDP comprises a source port number, a destination port number, a length and a checksum. The source UDP port number identifies the sender's port and should be assumed to be the port to reply to if needed. The destination port number identifies the receiver's port.
FIG. 1 below shows a typical example of a network 100 where a HeNB 101 is behind a NAT while connected to 3GPP EPC 103, where EPC is short for Evolved Packet Core. In FIG. 1, a user equipment 104 is served by the HeNB 101. The HeNB 101 is connected to a Mobility Management Entity/Serving General packet radio service Support Node (MME/SGSN) 105 which is a control node that works simultaneously with the radio access network and the core network with different interfaces. The interface between the MME 105 and the HeNB 101 is called S1-MME and is responsible for UE management with various different types of control messages. The MME 105 is connected to the PCRF 107. The PCRF 107 is connected to a Broadband Policy and Charging Function (BPCF) 110. The BPCF 110 is connected to a Broadband Remote Access Server (BRAS) 113 which routes traffic to and from broadband remote access devices. The HeNB 101 is connected to a Security GateWay (SeGW) 115 which provides a secure communication link between the HeNB 101 and the core network. The SeGW 115 is connected to the Packet Data Network GateWay (PGW) 117. The Home Subscriber Server (HSS) 120, connected to the MME 105, is a repository for subscriber profiles, device profiles, and state information. Even though FIG. 1 illustrates a HeNB, which is the LTE femto cell, the skilled person will understand that the architecture may also be applied for a 3G network, where the HeNB is replaced with a HNB.
In an alternative A, seen in FIG. 2a, the SeGW 115 may send the H(e)NB address information, i.e. H(e)NB public IP address and port number, to the H(e)NB 101. Then the H(e)NB 101 may forward the information using S1 Application Protocol (S1AP) signaling to the MME/SGSN 105. S1AP is a protocol which provides signaling service between the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and the EPC. The MME/SGSN 105 then forwards the H(e)NB address information to the PCRF 107 via either the GPRS Tunneling Protocol (GTP) interface or the PCRF interface. GPRS is short for General packet radio service. A security issue has been identified regarding this alternative A. Passing the H(e)NB IP address info over the S1AP may trigger a security problem relating to that the home base station may send incorrect information.
In an alternative B, seen in FIG. 2b, the SeGW 115 may send the H(e)NB public IP address and the UDP port number to the 3GPP Authentication, Authorization and Accounting (AAA) server at an H(e)NB verification procedure. An AAA server enables control over which users are allowed access to which services, and the amount of resources they have used. Then the H(e)NB or the MME/SGSN 105 may receive the address info from the AAA server at an H(e)NB verification procedure. At least two problems have been identified with alternative B. One is that when the H(e)NB GW is used, the MME/SGSN 105 is not involved in the H(e)NB verification procedure. As the interface between the H(e)NB GW and the MME/SGSN 105 is S1AP, there is no way for the H(e)NB GW to send the H(e)NB local address info to the MME/SGSN 105 without impacts on the S1AP protocol. The second problem is that NAT remapping may be triggered at any time after the S1 session is setup. After NAT remapping, the H(e)NB 101 may be assigned with a new local IP address and/or a new UDP port number. The SeGW 115 will be informed of this change by an Internet Key Exchange version 2 (IKEv2) procedure. IKEv2 is used to set up a security association in the IPsec protocol suite. However, the MME 105 does not know that the HeNB IP address has been updated.