Jun Wang (jwang@qualcomm.com)Anand Palanigounder (apg@qualcomm.com)

Peerapol Tinnakornsrisuphap (peerapol@qualcomm.com) George Cherian (gcherian@qualcomm.com)

Chandru Sundarraman (chandru@qualcomm.com)Jack Nasielski (jackn@qualcomm.com)

June 09, 2009QUALCOMM Inc.

Page 1

Femto Access Control

Notice ©2009. All rights reserved.The contributors grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner’s name any Organizational Partner’s standards publication even though it may include all or portions of this contribution; and at the Organizational Partner’s sole discretion to permit others to reproduce in whole or in part such contribution or the resulting Organizational Partner’s standards publication. The contributors are also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution.This document has been prepared by the contributors to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on the contributors. The contributors specifically reserves the right to amend or modify the material contained herein and nothing herein shall be construed as conferring or offering licenses or rights with respect to any intellectual property of the contributors other than provided in the copyright statement above.

FAP Access Control

2

• What is FAP Access Control? • Allow only mobiles that are part of the Access Control List (ACL) for a FAP to

access services through that FAP (aka Closed Subscriber Group or CSG in 3GPP)

• Types of Associations in 3GPP2– Open Association: Any mobile can register with the FAP and access services– Restricted Association: Only mobiles in the access control list for a given FAP

allowed to register and access service. Any other mobile NOT allowed any type of association.

– Signaling Association: Any mobile can register with FAP, but during service access mobile may be redirected to macro, if it’s not in the FAP ACL (i.e., mobile is not authorized to access service through the restricted FAP)

• Problem(s): • Which network entity decides whether a mobile is allowed to access through

FAP?• Which network entity enforce sthe ACL policy and how to enforce the policy?• How does the FAP know its types ?

• This presentation focuses on the network aspects of ACL

Page 2

HRPD/1x Packet Femto Architecture Update

Page 3

Ty

MS

Internet

(P)M

IP

For A12 Device Authentication

For Femto Device

Authentication

FGW

SeGW

FAP

A13

A16

-19

A10A11

AA

A(A

12)

FmAAA

(Axx

)

HRPD/1x

AAA

HA/LMA

PDSN

PCRF

Femto-AAA AN-AAA

HRPDAN

FMS

BS/AN

HRPD/1x Packet Femto Control Access Design

Page 4

FAP is served as the first level of enforcement point (EP)Only the first level of EP is proposed for this release

Femto-AAA stores FAP type and access control listAfter successful FAP authentication and authorization,

the FAP can access femto-AAA through SeGW using AAA protocol to request FAP type and access control list:NAI uses format of FEID@realmFemto-AAA returns FAP type and the associated access control list

Access control list for 1xPS services should use user’s MSID• Each FAP is associated with a list of allowed MSIDs (as part of the FAP

profile in Femto-AAA)Access control list for HRPD PS services can use

• Option 1: User’s NAI (Recommended Option)• Option 2: User’s MSID• Each FAP associated with a list of allowed MSIDs or User’s NAIs (as

part of the FAP profile in Femto-AAA)

How to Prevent FAP from Spoofing other FAP’s FEID

FAP SeGW Femto AAA

4. AAA Request (FEID@realm, Message Authenticator)

3. FAP uses FAP SS to compute Request Authenticator and Message

Authentication SS (MASS) to compute Message authenticator

2. IPsec is established

1. FAP Authentication (SeGW sends FAP SS and FGW’ s Message Authentication SS

received from Femto AAA to the FAP)

6. AAA Response (FEID, FAP Type, FAP ACL, Message Authenticator)

FGW (AAA Proxy)

1. FAP Authorization(Femto-AAA sends FAP SS and FGW’ s Message

Authentication SS to seGW)

5. Femto-AAA checks request Authenticator, if check is passed, the

Femto AAA computes Response authenticator and MASS

Proxy AAA checks message Authenticator)

Proxy AAA checks message Authenticator)

7. FAP obtains FAP information (FAP type, ACL etc)

Page 5

SIP Based 1x CS Femto Architecture Update

Page 6

HLR/AC

MSC

MC

MAP

Mg (SIP)

Fx3

Fx2 (SIP)

AAA

Ma or ISC

(SIP)

MAP

1xMacroCell A2

PDE MPC

Fm

ISUP

ISUP

TDM

TDM

Mm (SIP)

ISUPTDM

IPNetwork

Fx2 (SIP)

1x Macro BSC

A1 PSTN

1x

Femto Access Point

SIPUAMS

MGCF/MGW

IMS

IP MultimediaNetwork

PSAP

Fx1 (RTP)

FemtoSecurityGateway

FMS

Fx1 (RTP)

Fx1 (RTP)

Legend:FCS Femto Convergence ServerFMS Femto Management System

FemtoAAA

FCS

FGW

AAA

SIP Based 1x CS Femto Control Access Design

Page 7

FAP is the first level of Enforcement PointUpon the FAP authentication and authorization successful, the FAP can

access femto-AAA through SeGW using AAA protocol to request FAP type:NAI uses format of FEID@realmFemto-AAA returns FAP type and optionally the associated access

control listFor enterprise FAP, the Femto-AAA may not return ACL if ACL is too

longFCS is the second level of Enforcement Point

The FCS obtains FAP types and Access Control List from femto AAA (recommended one)FCS requests the access control list from femto-AAA using format of

FEID@realm through AAA protocol after SIP registration is successfulFemto-AAA stores FAP type and associated Access Control

ListAccess control list for 1x CS services should use mobile’s CS

service identity (MSID)• Each FAP associated with a list of allowed MSIDs (as part of the 1x FAP

profile in femto-AAA)• MSID can be either IMSI or MIN

Procedure for FAP as an Enforcement Point

Page 8

If the type is the open association:No special procedure for FAPThere is no ACL

If the type is the restricted association:FAP only allows the MS in ACL to access the system1x FAP rejects the RGM/ORM/PRM (or any air interface signaling) if

the MS is not in the ACLHRPD FAP rejects the HRPD session negotiation if the MS is not in

the ACLIf the type is the signaling association:

FAP allows all the MS to send signaling to the system1x FAP accepts the RGM/ORM/PRM (or any air interface signaling):

If the MS is not in the ACL, the FAP may redirect the MS to the Macro BS when the MS is establishing the call

HRPD FAP accepts the HRPD session negotiation with the MS If the MS is not in the ACL, the FAP may redirect the MS to the Macro

BS when the MS is establishing the data call

Procedures for FCS as an Enforcement Point

Page 9

FCS is aware of the associated FAP’s types and ACLIf the associated FAP type is the open association :

No special procedure in FCSIf the associated type is the restricted association :

FCS only allows the MS in ACL to access the systemFCS rejects the MS registration (and other SIP signaling

such as SIP Invite etc) if the MS is not listed in the ACLIf the associated type is the signaling association:

FCS allows all the MS to send SIP signaling to the system

FCS accepts the MS registration/MS Origination:If the MS is not in the ACL, the FCS may redirect the

MS to the Macro BS when the MS is establishing the call

Recommendations

Page 10

Add the Femto Access Control feature in the initial release:Make necessary updates to architecture specified in X.P0059-000Specify the HRPD/1x PS Femto Access Control feature in X.P0059-100Specify the 1x CS Femto Access Control feature in X.P0059-200Specify the FAP procedures in A.S0024

Adopt the following proposals as suggested in this contribution:Femto-AAA is the storage entity for FAP types and ACL based on

operator's configurationFAP receives FAP types and optional ACL from the Femto-AAAFAP is the first level of Enforcement Point for both 1x and HRPDFCS is the second level of Enforcement Point for 1x CS femto

Stage 2 and Stage 3 contributions will flow up

Annex

Page 11

Options for Storage Point and Enforcement Point

Page 12

Options for Storage Point for both CS and PS:Option 1: Femto-AAA/HAAA (recommended option)Option 2: FMS

Options for Enforcement Point (EP)SIP based CS Options:

Option SC1: FAP (Recommended to be 1st level of EP) Option SC2: FCS (Recommended be 2nd level of EP) Option SC3: EP (Separate Enforcement Point) Option SC4: FGW

PS Options: Option P1: FAP (Recommended to be 1st level of EP and be

included in the first Release) Option P2: PDSN (Recommended be 2nd level of EP and will be

added in future release) Option P3: EP (Separate Enforcement Point) Option P4: FGW

Procedures for PDSN as an EP and for AAA as Storage Point (1)If the associated FAP type is the open association:

No special procedure in PDSN and the HAAAIf the associated type is the restricted association:

Option 1: Allows PPP to be established (since the MS still can be authenticated). The HAAA indicates to the PDSN that the MS is not in ACL for the FEID. The PDSN moves A10 to the macro BS and release the A10 to the FAP by indicating the FAP that the MS is not in ACLThe PDSN can indicate to the MS through PPP VSP, and/orThe FAP can redirect the MS to the macro by indicating the

reason. For HRPD, the FAP will tear down the HRPD sessionOption 2: Does not allow the PPP to be established. The HAAA

indicates to the PDSN that the MS is not in ACL for the FEID. The PDSN release the A10 to the FAP by indicating the FAP that the MS is not in ACLThe PDSN sends LCP termination request to the MS and indicate

to the MS through either PPP VSP or LCP termination option, and/or

The FAP can redirect the MS to the macro by indicating the reason. For HRPD, the FAP will tear down the HRPD session

Option 3: Option 2 + return ACL to the PDSN so that the PDSN does not need to go to HAAA for PPP authentication for other MSs which is not in ACL

Page 13

Procedures for PDSN as an EP and for AAA as Storage Point (2)If the associated type is the signaling association:

Option 1: Allows PPP to be established (since the MS still can be authenticated).

The HAAA indicates to the PDSN that the MS is not in ACL for the FEID. When the data is received, the PDSN may send limited data to the FAP

and indicate the FAP that the MS is not in ACL through A11 signaling. The PDSN buffers the rest of the data until the Macro AN setup A10 with

the PDSN. The PDSN then release the A10 to the FAP. The PDSN can notify to the MS through PPP VSP, and/or The FAP can redirect the MS to the macro by indicating the reason.

Option 2: Allows PPP to be established (since the MS still can be authenticated).

The HAAA indicates to the PDSN that the MS is not in ACL for the FEID. The PDSN immediately moves A10 to the macro BS and release the A10

to the FAP by indicating the FAP that the MS is not in ACL The PDSN can indicate to the MS through PPP VSP, and/or The FAP can redirect the MS to the macro by indicating the reason.

Page 14