Wi-Fi Offload Whitepaper

Version 1.0 19 April 2010

Security Classification NON-CONFIDENTIAL GSMA Material

Copyright Notice
Copyright 2010 GSM Association

Antitrust Notice
The information contained herein is in full compliance with the GSM Associations antitrust compliance policy.

GSM Association Wi-Fi Offload Report TABLE OF CONTENTS 1 2 3

NON-CONFIDENTIAL

DOCUMENT PURPOSE ....................................................................................................... 4 EXECUTIVE SUMMARY ....................................................................................................... 4 INTRODUCTION ................................................................................................................... 4 3.1 3.2 3.3 OVERVIEW ....................................................................................................................... 4 SCOPE ............................................................................................................................. 5 DEFINITION OF TERMS ...................................................................................................... 5

4 5

WHAT IS WI-FI OFFLOADING? ........................................................................................... 6 EXAMPLE USE CASES ........................................................................................................ 7 5.1 5.2 5.3 USE CASE USING DEVICE ACCESSING VIDEO MOBILE TV AND/OR YOU TUBE .................... 7 USE CASE USING LAPTOPS DOING BROWSING AND/OR YOU TUBE ...................................... 8 USE CASE USING MULTIPLE SSIDS ................................................................................... 9

EXISTING SOLUTIONS ...................................................................................................... 10 6.1 STANDARD BODIES ......................................................................................................... 10 6.1.1 IEEE ...................................................................................................................... 10 6.1.2 6.1.3 IETF ....................................................................................................................... 10 3GPP ..................................................................................................................... 10

6.2 INDUSTRY BODIES .......................................................................................................... 11 6.2.1 Wi-Fi Alliance ........................................................................................................ 11 6.2.2 6.3 7 Wireless Broadband Alliance (WBA) ..................................................................... 11 EXISTING VENDOR SOLUTIONS ....................................................................................... 11

TERMINAL & NETWORK REQUIREMENTS ..................................................................... 12 7.1 OVERVIEW ..................................................................................................................... 12 7.1.1 Automatic provisioning .......................................................................................... 12 7.1.2 Manual provisioning .............................................................................................. 12 7.2 TERMINALS .................................................................................................................... 12 7.2.1 Smartphones ......................................................................................................... 12 7.2.2 7.3 7.4 Netbooks and Dongles .......................................................................................... 13 NETWORK REQUIREMENTS: ............................................................................................ 14 NETWORK SELECTION: ................................................................................................... 14

8 9

QUALITY OF SERVICE ...................................................................................................... 15 SECURITY AND FRAUD .................................................................................................... 15 9.1 WI-FI NETWORK ACCESS SECURITY ................................................................................. 15 9.1.1 802.11i................................................................................................................... 15 9.1.2 9.2 Web Portals & EAP 802.1X ................................................................................... 16 SERVICES ACCESS SECURITY .......................................................................................... 16

10 RECOMMENDATIONS ....................................................................................................... 18 10.1 AUTOMATIC CLIENTS ...................................................................................................... 18 2

GSM Association Wi-Fi Offload Report 10.2 10.3 10.4 10.5 10.6 10.7

NON-CONFIDENTIAL

AUTHENTICATION WITH 802.1X AND EAP-SIM AND EAP-AKA ......................................... 18 SECURITY ...................................................................................................................... 19 QUALITY OF SERVICE ..................................................................................................... 19 ROAMING AND HANDOFF................................................................................................. 19 POWER OPTIMISATION .................................................................................................... 19 FOCUS ON STANDARDS DEVELOPMENT ORGANISATIONS ................................................. 19

ANNEX - TODAYS WI-FI WORLD SOLUTIONS ...................................................................... 20 A1 IEEE ............................................................................................................................. 20 A1.1 802.11-2007 (Was previously known as 802.11a/b/d/e/g/h/i/j) .............................. 20 A1.2 A1.3 A1.4 A1.5 A1.6 A1.7 A1.8 802.11n ................................................................................................................. 20 802.11u ................................................................................................................. 20 802.11r .................................................................................................................. 20 802.21 ................................................................................................................... 20 802.11e ................................................................................................................. 20 802.11i................................................................................................................... 20 802.1X ................................................................................................................... 20

A2 IETF .............................................................................................................................. 21 A2.1 RADIUS ................................................................................................................. 21 A2.2 A2.3 A2.4 EAP ....................................................................................................................... 21 Network Selection RFC 5113 ............................................................................. 21 Mobility management protocols ............................................................................. 21

A3 3GPP ............................................................................................................................ 22 A3.1 TS 23.402 I-WLAN: Architecture Enhancements for non-3GPP Access to 3GPP networks .............................................................................................................................. 23 A3.2 A3.3 TS 23.302 Access to the 3GPP EPC via non-3GPP access networks ................. 24 TS 33.234 and 33.402 3GPP and WLAN Interworking Security ........................... 24

A3.4 TR 22.912 3GPP Study on Network Selection Requirements for non-3GPP Access 25 A3.5 A3.6 A3.7 Service Continuity ................................................................................................. 25 IP Flow Mobility, Local IP Access and Selected Internet IP Traffic Offload........... 27 GAN Generic Access Network (formerly known as UMA) .................................. 28

DOCUMENT MANAGEMENT .................................................................................................... 29

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

1 DOCUMENT PURPOSE
This document is in support of GSM Associations Wi-Fi Offload initiative and is intended to facilitate development of an ecosystem for the availability of Wi-Fi Offload. This is to deliver services to customers whether they are in or out of 3GPP network coverage and also to help reduce the load on the 3GPP network.

2 EXECUTIVE SUMMARY
This document explains the current state of Wi-Fi networks and the work being carried out in the relevant standards organisations and also other industry bodies who are working towards a variety of solutions and technologies needed to support Wi-Fi Offload. There are sample use cases covering how operators envisage possibly using Wi-Fi Offload in the future. The document also covers the terminal and network requirements and the important issues of security and quality of service needed to make Wi-Fi Offload available to 3GPP network operators. It also makes the following recommendations that the GSMA consider important to the development and deployment of Wi-Fi Offload that can be used by 3GPP network operators. These recommendations cover: Automatic connection management client Authentication with 802.1X and EAP-SIM and EAP-AKA Roaming and Handoff Security Quality of Service Power Optimisation And finally the GSMA will liaise as required with the Standards Development Organisations including 3GPP, IEEE, the Wireless Broadband Alliance, and the Wi-Fi Alliance as the main bodies to be considered for any development and standardisation related to 3GPP-Wi-Fi data offloading using protocols defined in the IETF. The GSMA will liaise with these bodies to ensure the development of a suitable Wi-Fi Offload eco-system as required by 3GPP network operators.

3 INTRODUCTION
3.1 Overview

This whitepaper outlines the needs of the mobile community in how it would like to utilise Wi-Fi Offload to help promote and develop the usefulness and availability of its services. The paper gives some simple use cases as examples. The whitepaper gives an overview of the current Wi-Fi world; it then provides a high level outline of the expected network and terminal requirements. It considers some of the security and fraud risks before making some recommendations for the 3GPP and Wi-Fi network operators and associated vendor community to consider.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

3.2

Scope

The primary objective of this document is to provide a guide to Wi-Fi Offload technology for data services by Mobile Network Operators. It covers deployment scenarios where Wi-Fi Offload is applicable. The focus of the document will be on aspects of the user terminal and infrastructure that are affected by support of Wi-Fi Offload. Out of scope of this whitepaper is the seamless handoff of voice communication (including service continuity across non-interconnected networks) and the business methods for subscribing or unsubscribing to a network; The initial intended audience for this document is the 3GPP and Wi-Fi network operators and associated vendor community. The scope of this work includes scenarios for using Wi-Fi Offload, industry perspective and SDO work, usage scenarios and network and terminal requirements.

3.3
3GPP AAA AGW AES

Definition of terms
Third Generation Partnership Project Authentication, Authorization and Accounting Access Gateway Advanced Encryption Standard Access Network Discovery and Selection Function Basic Service Set Counter Mode with Cipher Authentication Code Protocol Circuit Switched Extensible Authentication Protocol Enhanced Distributed Channel Access Evolved Packet Core Evolved Packet Data Gateway Evolved Packet System Fixed Mobile Convergence Generic Access Network General Packet Radio Service Global System for Mobile Institute of Electrical and Electronics Engineers Internet Engineering Task Force IMS Centralised Services IP Multimedia Subsystem Block Chaining Message

ANDSF BSS CCMP CS EAP EDCA EPC ePDG EPS FMC GAN GPRS GSM IEEE IETF ICS IMS

GSM Association Wi-Fi Offload Report

I-WLAN LAN MAC MAPIM MMS PLMN QoS RADIUS RSN SDO SIM SMS SSID UE UICC UMA UMTS USIM WBA Wi-Fi WiMAX WISP WISPr WLAN WPA2 WRIX Interworking Wireless LAN Local Area Network Media Access Control Multi Access PDN connectivity and IP flow Mobility Multi Media Service Public Land Mobile Network Quality of Service Remote Authentication Dial In User Service Robust Security Network Standards Development Organisations Subscriber Identity Module Short Message Service Service Set Identifier User Equipment Universal Integrated Circuit card Unlicensed Mobile Access Universal Mobile Telecommunications System Universal Subscriber Identity Module Wireless Broadband Alliance Wireless network using IEEE 802.11 standards Worldwide Interoperability for Microwave Access Wireless Internet Service Provider Wireless Internet Service Provider roaming Wireless Local Area Network Wi-Fi Protected Access Version 2 Wireless Roaming Intermediary eXchange

NON-CONFIDENTIAL

4 WHAT IS WI-FI OFFLOADING?

It would be advantageous for the mobile operator to be able to offer packet based services to its customers over more networks than just its own 3GPP network. This would potentially mean that in some cases there would be greater overall network capacity available than existing 3GPP networks alone can offer, or service where none currently exists due to the physical constraints of 3GPP networks, such as some in-building areas where external based cell signals cannot penetrate. Thus, any installed Wi-Fi hotspot could potentially be exploited by the 3GPP operator and its customers. Whilst there are other wireless technologies available, this whitepaper is focusing on the use of Wi-Fi as the deployment of public hotspots, and Wi-Fi in homes and enterprises is becoming extremely widespread.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

One of the important aspects in Wi-Fi Offload is that it must not degrade, rather preferably improve or enhance, the service to the end user, or provide service where it would otherwise not be available. Its use should be functionally invisible to the end user. The service delivery should be seamless and ideally require no end user interaction. Wi-Fi should be complementary to the excellent wide coverage area 3GPP networks already deliver today and LTE networks will deliver in the future. Currently, the level of functionality required by each operator may be different. Functionality may range from manual selection of a Wi-Fi access point for connection to the internet, to fully automatic selection and authentication with operator based network services. Our vision is that seamless (once set up) network selection and authentication will be a common goal. However, different operators will have different core network implementations and differing views on session continuity and service transparency. Such functionality may be achieved in a number of ways, some standardized and some proprietary. As 3GPP operators, there is a strong interest in the deployment of IMS-based core networks as well as a level of network and service transparency. This leads to a strong interest in the implementation of ICS and IP-based messaging (which must interwork with traditional SMS/MMS functionality), impacting both network and device elements though these aspects are beyond the normal sphere of Wi-Fi Offloading and will not be addressed in this paper.

5 EXAMPLE USE CASES

5.1 Use case using Device accessing video Mobile TV and/or You Tube

A 3GPP network customer has a Smartphone terminal that also has a Wi-Fi capability. They subscribe to mobile TV services as well as regularly watching music videos on You Tube. They are a regular traveller and are often in range of Wi-Fi hotspots in coffee shops, trains and airport terminals as well as hotels. Scenario: On the bus from the hire car drop-off to the airport terminal the user begins to watch the news from an international news network on the 3GPP network. As the user enters the airport terminal, his phone detects the presence of a Wi-Fi hotspot. The device automatically connects and authenticates the user with the hotspot using the USIM/UICC. Having already checked-in online the user goes straight to security and pockets the phone. As soon as he is in the departure area, his device is back in his hands and he resumes watching the news programme, however this time the service is being provided via the Wi-Fi Hotspot in the departure area. He enters a different terminal, where the Wi-Fi coverage is provided by a different Wi-Fi operator, with which a roaming agreement exists. The device checks that the new provider is allowed, and checks operator policy on use of the roaming network. If there is no charging difference the operation continues on the

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

visited network. If charging is different due to the change, the user is notified and must approve roaming onto this new network. The user arrives at his home airport on his delayed flight and catches a taxi home, his local football team is playing tonight and he will miss the match so he selects the TV application from his devices home screen. The user selects the football match from the options on his screen, his pre-existing TV subscription is activated. The user begins to watch the match via the 3GPP network on his device in the taxi. As the user enters his stone built cottage the coverage from the local 3GPP cell fails but he has a Wi-Fi network in his home. The device automatically connects and authenticates the user with the residential hotspot using the USIM/UICC. The user continues to watch the match on his device, and does not miss the first goal being scored by his team. This may be by session re-establishment and not by an uninterrupted handover, this would depend on the implementation deployed.

5.2

Use Case using Laptops doing browsing and/or You Tube

Similar to 3GPP roaming, it is desired to be able to transparently connect to various Wi-Fi hotspots provided by different owners whilst being charged accordingly. The laptop is Wi-Fi enabled with 3GPP access provided via integrated hardware or a dongle. Scenario: A 3GPP subscriber is working on a confidential document on her laptop computer at a local Starbucks caf through her secured corporate VPN portal. After completing her work, she needs to print out the document for her clients. She heads off to a local Internet Caf and rents a computer workstation. She reaches into her briefcase and looks for her flash drive to transfer the document. Unfortunately, she remembers that she left her flash drive back at the home office. After some quick thinking she reaches for her laptop so that she can email the document to her personal email account and then retrieve it from Cafs PC. She starts the Network Client on her laptop and notices that there is a Wi-Fi hotspot operated by the store. Instead of connecting to a 3GPP network, the client software automatically authenticates to the Wi-Fi network through pre-loaded credentials, or by using the dongles USIM/UICC, and the interoperator roaming agreements. She emails the document to herself, accesses it on the Cafes computer, and prints it out; ready to head to her clients meeting.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

5.3

Use Case using multiple SSIDs

A network service provider would like to use custom configured access points with multiple SSIDs to offer WLAN connectivity to casual users who are not the owners or normally resident at the premises where the access point is installed. This may support a commercial relationship between the 3GPP operator and the WLAN provider. The casual users devices would have to be pre-configured to authenticate to the SSIDs in the access point. Scenario: A customer has a Wi-Fi capable device which has been pre-configured with the SSID(s) allocated by the 3GPP network provider for use in this service. As part of the commercial offering the customer may also be required to advertise the same SSIDs on their home Wi-Fi Router. The customer receives a call from a colleague who needs a file to be sent to them urgently. There is no easily accessible and/or obviously Wi-Fi capable establishment (coffee shop, hotel etc) in the near locale and macro 3GPP network coverage is poor. The customer knows they are a subscriber to this Wi-Fi service and activates the Wi-Fi on their device. Luckily there is a Wi-Fi Router advertising the pre-configured SSID of the service. The device authenticates on the Wi-Fi router and he is able to establish a connection and send the file.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

Figure 1:Network configuration for multiple pre-configured SSIDs

6 EXISTING SOLUTIONS
6.1 Standard Bodies

There are three main standards bodies involved in Wi-Fi and Wi-Fi Offload. They are the IEEE, 3GPP and IETF. 6.1.1 IEEE The IEEE are responsible for the standardisation of Wi-Fi access and the various improvements and additions that have been carried out. The focus of this paper is the 802.11 and 802.1 suite of standards. 6.1.2 IETF The IETF have standardised many of the protocols used in Wi-Fi including RADIUS, security methods and also mobility mechanisms. 6.1.3 3GPP 3GPP have defined systems and protocols for interworking 3GPP networks to non-3GPP networks such as Wi-Fi. This includes solutions such as I-WLAN.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

A summary of the details of the most relevant work of these bodies is included in the annex.

6.2
6.2.1

Industry Bodies
Wi-Fi Alliance

The Wi-Fi Alliance has published Best Current Practices for Wireless Internet Service Provider Roaming 1 . The document does not specify a standard of any kind, but does rely on the operational application of standards-based protocols and methodologies. WISPr was chartered by the Wi-Fi Alliance to describe the recommended operational practices, technical architecture, and AAA framework needed to enable subscriber roaming among Wi-Fi based WISPs. This roaming framework allows Wi-Fi compliant devices to roam into Wi-Fi enabled hotspots for public access and services. The user can be authenticated, using RADIUS, and billed (if appropriate) for service by their Home Entity (such as another service provider or corporation). The WFA also certifies devices using Wi-Fi Protected Setup. WPS enables typical users who possess little understanding of traditional Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security. This is worth considering as a method to enhance the security of home networks and helping add new devices to the home network. In February 2010 a new Operators Members Interest Meeting was created. This is to offer a voice for operators and to structure their requirements and input to the Wi-Fi community. 6.2.2 Wireless Broadband Alliance (WBA) Founded in 2003 by leading telecom operators, the WBA goal is to drive wireless broadband adoption globally by developing common commercial and technical frameworks for interoperability across networks, technologies and devices. Collectively, the WBA members operate around 90,000 Wi-Fi hotspots worldwide with more than 230 million subscribers across Europe & Middle East, Asia Pacific and the Americas. The WBA has implemented commercial Wi-Fi roaming globally using WBA WRIX (Wireless Roaming Intermediary eXchange); The WBA WRIX makes it easier to implement roaming between operators. The WBA collaborates with other industry forums to further enhance WRIX and help harmonize wireless broadband roaming standards. In April 2010, the WBA released WISPr 2.0. WISPr 2.0 is designed for non IEEE 802.1X networks as it requires IP communication with the Access Gateway prior to the authentication of the user. WISPr offers authentication services based on layer 3 networking. WISPr 2.0 is designed as a front end to authentication protocols such as Radius, Diameter and the WBA WRIX specification.

6.3

Existing Vendor Solutions

There are several vendors selling Wi-Fi equipment to build networks. Many of these vendors also offer solutions that allow a degree of 3GPP and Wi-Fi internetworking. However often these solutions are proprietary and require additional network elements as well as unique clients
1

Best Current Practices for Wireless Internet Service Provider Roaming, Version 1.0, February 2003, WiFi Alliance

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

on the devices. These solutions greatly reduce the opportunity for the user to be able to roam freely and access the services they require where and when they want as they do not offer a standardised solution to allow roaming between networks owned by other operators. Such solutions, or part solutions, are being offered by companies like Attila, Cisco and Ruckus.

7 TERMINAL & NETWORK REQUIREMENTS

7.1 Overview

It is important that access points and end user devices support the necessary standard amendments to handle the requirements on data throughput, interference handling, security, authentication and interworking with 3GPP technologies. Apart from that, there exist today innovative technology solutions in the market which can leverage mesh networking principles to solve the backhaul challenge, or smart antenna technologies which can help to deal with interference or to enhance coverage. Today, Wi-Fi Offload is used by some operators to enhance the customer experience with their Smart phones. The current methods include: 7.1.1 Automatic provisioning The mobile device is already provisioned with the SSIDs (and any security keys if required) of the operators preferred Wi-Fi providers. On first access to a Wi-Fi provider preferred hotspot, the user may have to enter identification (e.g. the mobile phone number of the device, or PIN number from a text message sent to phone) to verify that he is entitled to the agreed usage tariff (e.g. free use). After the initial access by the device, all future Wi-Fi hotspot access is automatic. 7.1.2 Manual provisioning Where there is no automatic provisioning, the user has to search for and select a Wi-Fi network and enter any security keys required to get access. The facility often exists to store profiles so that every time the device is in range of an existing Wi-Fi hotspot setup, the connection is automatic.

7.2
7.2.1

Terminals
Smartphones

Smart phones should implement functionality that performs automatic network detection and selection. The device should automatically scan for the appropriate SSID and connect in accordance with operator policy/preference in combination with user defined networks and preferences. The desired functions and features include: Connection management client, this may be part of the operating system or an additional application.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

Downloadable SSID list with operator specified priority and credentials (if not SIM/UICC based). Operator specification of auto authentication parameters, preferred network list, network/SSID blacklist, roaming policies and credentials Ability for the user to define SSID and credentials for additional networks Ability to automatically initiate a VPN for specified networks Respond to Radius request with credentials Enable 802.1X Enable EAP-SIM or EAP-AKA Support of 802.11i/WPA2 Implement power saving features Support of WPS, including push button configuration If service continuity is desired, support of the desired scenario highlighted in the annex section A3.5, should be provided along with the appropriate level of Wi-Fi and 3GPP network interconnection. Specifically, the device should include a SIP based IMS client, and possibly support for ICS. Netbooks and Dongles

7.2.2

Laptops and netbooks may either have built in 3GPP connectivity or may use dongles to provide connectivity. Nearly all laptops and netbooks are now built including Wi-Fi devices as standard equipment. The desired functions and features include: Connection management software Downloadable SSID list with operator specified priority and credentials (if not SIM/UICC based). Operator specification of auto authentication parameters, preferred network list, network/SSID blacklist, roaming policies and credentials Ability for user to define SSID and credentials for additional networks Ability to automatically initiate a VPN for specified networks Automatically scan for SSID and connect in accordance with operator policy/preference in combination with user defined networks and preferences Respond to Radius request with credentials Enable 802.1X Enable EAP-SIM or EAP-AKA, if there is built in 3GPP connectivity or using a 3GPP dongle Support of 802.11i/WPA2 Implement power saving features Support of WPS, including push button configuration If service continuity is desired, support of the desired scenario highlighted in the annex section A3.5, should be provided along with the appropriate level of Wi-Fi and 3GPP

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

network interconnection. Specifically, the device should include a SIP based IMS client, and possibly support for ICS.

7.3

Network Requirements:

The following is a list of the expected requirements for the networks to support Wi-Fi Offload. Support of 802.1X Support of 802.11i/WPA2 EAP-SIM or EAP-AKA enabled Home access points should support WPS, including push button configuration Interconnection with 3GPP network operator via I-WLAN or via Internet Automatic and seamless handoff may become a requirement. Out of scope for this paper. Collection of billing data and ability to properly format and communicate to the mobile operator. If service continuity is desired, support of the desired scenario highlighted in section 11.3.5 (annex) should be provided along with the appropriate level of Wi-Fi and 3GPP network interconnection. If session continuity is required then the network must implement such capability based on 3GPP or proprietary solutions. As standards evolve, support for IP Flow Mobility, Local IP Access and Selected Internet IP Traffic Offload should be considered.

7.4

Network Selection:

Network selection should provide the following capabilities: For the device to select the network based on the capability of the network such as QoS, connectivity, signal strength etc. For the device to detect and switch to the preferred network (when not in an active communication state with the current network). The Home Operator to be able to configure the list of the preferred Wi-Fi access networks that can be used for automatic selection. The user to be able to configure the list of the preferred Wi-Fi access networks that can be used for automatic selection. The user to be able to select manually from the available Wi-Fi accesses available.

Network selection mechanisms have been specified by 3GPP and these include network selection for I-WLAN and ANDSF. For operators which have both WiFi and 3GPP infrastructures, it is possible to use ANDSF. This is a layer 3 protocol specified by 3GPP. It

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

enables mobile devices located in areas of two or more different types of access connectivity to select the most appropriate access network by exchanging information between the mobile device and a server. This is covered in more detail in the Annex A3.1.1. There is a need for further investigation of the ANDSF functions and whether they meet the requirements for network selection Network selection requirements for I-WLAN is specified by 3GPP in specification TS22.234

8 QUALITY OF SERVICE
Multimedia applications such as VoIP, VoD and Internet Radio have different traffic characteristics and quality of service QoS requirements as compared to traditional internet data traffic. For example VoD requires high bandwidth while VoIP is bursty in nature and requires low delay and jitter. As a result, to ensure a high level of user experience, these traffic types need to be treated differently from the traditional internet traffic. Further, the available bandwidth in the Wi-Fi based WLAN is also limited. Thus it is very essential to manage the access to the Wi-Fi based WLAN resources and prioritise the traffic to ensure appropriate QoS to different kinds of traffic. The IEEE 802.11e standard addresses the link level (between a station and an access point) QoS on Wi-Fi thorough enhancement to the MAC (Media Access Control) layer protocol. The standard provides two approaches - Prioritisation of Traffic and Parameterisation of Traffic. In the traffic prioritization approach, the traffic is classified into one of the four categories - Voice, Video, Best Effort and Background. The transmission is done using Enhanced Distributed Channel Access (EDCA) mechanism. As the QoS capabilities of the 802.11e standard provide QoS on a per-link basis, it can extend existing end-to-end QoS frameworks across Wi-Fi access to end terminals. In general, there are two approaches for providing end-to-end QoS - one using differentiated services and the other based on resource reservation.

9 SECURITY AND FRAUD

Two sets of security requirements need to be addressed: Wi-Fi network access security: This concerns authentication of the customer towards the Wi-Fi network, of the network towards the customer device, and the protection of the Wi-Fi access link. Services access security: This concerns authentication of the customer towards operator or third party services when connected via Wi-Fi (or other non-cellular access networks), and the protection of this link.

In order to provide basic offload of Internet access, Wi-Fi network access security is needed to protect against theft of service and other attacks. However, for the offload operator or third party provided services that are normally secured based on 3GPP network techniques (e.g. music portal, application store, etc.), additional service access security is needed.

9.1
9.1.1

Wi-Fi network access security

802.11i

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

802.11i covers Wi-Fi Protected Access (WPA), which was introduced by the Wi-Fi Alliance due to security problems with Wired Equivalent Privacy (WEP). WPA implements a subset of 802.11i. WPA2 is the interoperable implementation of the full 802.11i standard, also called RSN (Robust Security Network). 802.11i uses the Advanced Encryption Standard (AES) block cipher. The 802.11i architecture uses 802.1X for authentication (entailing the use of EAP and an authentication server), RSN for keeping track of associations, and AES-based Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), which replaced the insecure encryption protocols used in WEP and WPA. 9.1.2 Web Portals & EAP 802.1X This covers the use of a login at a web portal using a browser, or equivalently using a WISPrcompliant client for a non-browser-based system or the use of EAP and 802.1X. These two methods are identified in GSMA IR.61 WLAN roaming guidelines which was published in 2004. In IR.61, the EAP solution, and in particular EAP-SIM/EAP-AKA is described as the target solution. However, today the web portal login method remains the most popular way of accessing public Wi-Fi networks. Whilst EAP and 802.1X are often used in enterprise Wi-Fi networks, they do not yet appear to be widely deployed in public Wi-Fi networks. 9.1.2.1 Web Portals The problem with the web portal approach is that the login process and authentication methods vary between Wi-Fi networks which make it difficult to support inbound roaming in a consistent way. Some Wi-Fi networks do support automatic login according to the XML-based WISPr guidelines, but these guidelines were never ratified by any standards body and the WISPr approach is not universally supported. A further disadvantage with the web portal approach is that some method is needed to provision login credentials (typically a username/password combination) on the mobile device. 9.1.2.2 EAP and 802.1X An alternative to the web portal approach is to use EAP and 802.1X. The main advantage of this approach is that the Wi-Fi network does not need to understand the details of the specific authentication method used by the Wi-Fi device and its home network provider. Instead the authentication method used just needs to comply with the EAP defined by the IETF. This allows inbound roaming to be supported in a more flexible and consistent way compared to the captive portal approach. Some EAP methods (including EAP-SIM and EAP-AKA) also support the means to establish a session key which can be used to encrypt the Wi-Fi link. For web portal based solutions the Wi-Fi link is generally not encrypted. There are a wide variety of methods available for use on 802.1X capable networks. The EAPSIM and EAP-AKA methods are particularly appealing for 3GPP operators because they allow re-use of existing SIM based authentication infrastructure. This approach has also been specified as part of the 3GPP I-WLAN standard. However, there are some barriers in terms of Wi-Fi network support of 802.1X and support of EAP-SIM/EAP-AKA on mobile devices.

9.2

Services access security

One approach to service access security is to treat access to operator and 3rd party services over Wi-Fi in a similar way to access to operator and 3rd party services via a PC on the fixed Internet, i.e. username/password based access to a restricted range of services/capabilities. A better approach would be to offer the customer the same experience over Wi-Fi as they obtain via 3GPP access. This would require a more sophisticated solution which leverages SIM card

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

based authentication to provide security for service access. In particular the use of the 3GPP IWLAN packet data gateway is an alternative approach that could also be considered.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

10 RECOMMENDATIONS
The main scope of these recommendations is to address only those questions which are considered essential for successful WiFi offload, but which are not yet answered sufficiently by market consensus or by standardisation by the relevant standardisation bodies.

10.1 Automatic Clients

The availability of an automatic client in iPhones and other Smartphones has resulted in tremendous increases in utilisation of Wi-Fi hotspots in offloading of the 3G data. These clients automatically detect the preferred Wi-Fi networks, seamlessly authenticate the user, and establish the connection to the Wi-Fi access point. It is therefore desirable that more work be done on the optimisation and standardisation of such clients to promote their acceptance and use across all 3G and LTE dual mode devices. Algorithms or methods in mobile devices that allow a consistent approach for operators to steer 3GPP network or Wi-Fi network selection is also of interest. 3GPP has been trying to address this functionality and the network provider should reference the Access Network Discovery and Selection Function. This is an area where GSMA work could potentially develop simplistic rules of thumb methods that can then be updated at a later stage with future 3GPP specifications. The use of WPS enables typical users who often possess little understanding of Wi-Fi configuration and security settings to automatically configure new wireless networks, add new devices and enable security. The use of WPS needs to be considered as part of a solution to enhance the security of home networks and helping add new devices to the home network.

10.2 Authentication with 802.1X and EAP-SIM and EAP-AKA

It is recommended that the standard authentication method used in 3G be extended to Wi-Fi access at hotspots. In this way, the USIM/UICC card information will be communicated to the cellular authentication server (e.g. the HLR) through the Wi-Fi access point and the Wi-Fi RADIUS proxy server. Currently Wi-Fi devices are authenticated with a RADIUS server using credentials such as username/password from DSL subscription, credit card information, free passes, pre-paid cards, monthly memberships, or a coupon code. Devices without a client may also use SMS to receive a RADIUS password from the home network. This password would be manually entered similar to the username/password process. The Wi-Fi network may or may not use 802.1X. Without EAP-SIM/EAP-AKA the dual mode 3G-Wi-Fi devices with a built-in client may use the SIM card information to obtain authorisation from a 3GPP AAA server based on verification of the subscribers account status but without going through the process of checking the response to a random number challenge as is normally done for 3G devices. The advantage of EAP-SIM/AKA method will be that all Wi-Fi access points, including those of the roaming partners and non-3G operators, will be able to automatically authenticate a 3G-WiFi dual mode device at the same level of security as required by the 3G network thereby eliminating the possibility of fraudulent access to the network. EAP-AKA will additionally authenticate the network as well as the device. Note that I-WLAN supports both EAP-SIM and EAP-AKA, whereas EPS supports only EAP-AKA

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

10.3 Security
From a mobile operator and also customer perspective, leveraging the SIM card is very attractive in order to simplify authentication for mobile subscribers. GSMA could play a major role in steering both the Smart phone/laptop ecosystem and the Wi-Fi infrastructure vendors and providers behind one authentication framework based on 802.1X and the USIM/UICC card. However, it must be noted that the operator cannot count on I-WLAN type connectivity to the Wi-Fi network, as it will often be independent and so such solutions must account for this fact. EAP-SIM/EAP-AKA can be used on such networks if coordinated between 3GPP operators and Wi-Fi network operators. To protect the customer from eavesdropping of the wireless traffic between the customers client device and the Wi-Fi access point, it is recommended that the access points support an SSID that has encryption using WPA2 compliant with IEEE 802.11i.

10.4 Quality of Service

Currently many Wi-Fi networks are not managed for QoS and have best effort service levels only. When these networks are being used for a variety of different services it may become a requirement to manage the access to the Wi-Fi based WLAN resources and prioritise the traffic to ensure appropriate QoS to different kinds of traffic.

10.5 Roaming and Handoff

The possibility of roaming and session handoff for service continuity on any available network can increase the potential for offloading to Wi-Fi networks. Support for standardised 3GPP network selection procedures is required for the dual mode device. Roaming and handoff can be based on 3GPP I-WLAN which authenticate devices, decrypt sessions, allocate IP addresses, and protect against denial-of-service attacks.

10.6 Power Optimisation

Constant scanning for detection of a Wi-Fi hotspot places a heavy toll on the battery life of a Smart phone. While methods have been introduced which turn on the Wi-Fi radio only when the device screen is active, or when the device is in the vicinity of a Wi-Fi hotspot from a predetermined list of preferred hotspots, a universal method to be adopted by the industry is desired so that all 3G-Wi-Fi devices would be able to efficiently detect and connect to a Wi-Fi hotspot without unduly spending their battery power on hotspot detection.

10.7 Focus on Standards Development Organisations

The GSMA should focus on the Standards Development Organisations including 3GPP, IEEE, and also the Wireless Broadband Alliance, and the Wi-Fi Alliance as the main bodies to be considered for any development and standardisation related to 3GPP-Wi-Fi Data Offloading using protocols defined in the IETF. The GSMA should ensure that they liaise with these bodies to ensure the development of a suitable Wi-Fi Offload eco-system as required by 3GPP network operators.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

ANNEX - TODAYS WI-FI WORLD SOLUTIONS

A1

IEEE

The IEEE is responsible for the development of the 802.11 protocol suite. This defines all the technical aspects of Wi-Fi. A1.1 802.11-2007 (Was previously known as 802.11a/b/d/e/g/h/i/j) These are the main standards defining all aspects of the layer 1 and 2 operation for Wi-Fi radio access mechanism in the unlicensed bands designated by regulators in the 2.4 and 5 GHz spectrum. A1.2 802.11n This is an amendment to increase the maximum data rate from 54 Mbps to a maximum of up to 600 Mbps with the use of MIMO (multiple input multiple output) antenna and spatial multiplexing technologies where multiple independent data streams are simultaneously transmitted within the same spectral channel. It also includes a wider (40 MHz) channel and provides significant improvements (frame aggregation) to the Media Access Control layer (MAC) which makes the usage of the shared wireless channel more efficient. A1.3 802.11u This amendment to 802.11 provides additional information over the air about a Wi-Fi network allowing the network selection to be made on the basis of network characteristics and service offerings such as the service operator identity, QoS, charging structure, supported services, etc. A1.4 802.11r This amendment to 802.11 provides for fast and secure inter-access point handoff by cashing part of the encryption key to speed up the authentication process, thus allowing service continuity while the wireless device moves between access points. A1.5 802.21 This standard provides for seamless handover between different types of base stations or access points such as between Wi-Fi, Bluetooth, GSM, UMTS, and WiMAX systems. This standard, also called Media Independent Handover (MIH) or vertical handover, is intended to provide faster handover than possible through Mobile IP mechanism for handover across different subnets. 2 A1.6 802.11e This is a QOS amendment to ensure the quality of the link between the client and the Wi-Fi access point. A1.7 802.11i This is a security standard that addresses some of the problems in the original WEP-based encryption system of Wi-Fi. It is a standard to secure and encrypt the wireless link between the client and the Wi-Fi access point. WPA2 is compliant with this standard. A1.8 802.1X

http://www.wireless-nets.com/resources/downloads/802.1X_C2.html.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

This protocol provides for an access point to act as an authenticator by allowing a device, termed a supplicant, to present its credentials to the access point and for the access point to pass these credentials to an authenticating server for verification. Upon approval, the access point will then allow the supplicant access to the network hence acting as a gate keeper barring unauthorized access to the network. 3

A2 A2.1

IETF
RADIUS

RADIUS is a widely used authentication method where a client is authenticated for access to a network by a server through a network access server (NAS) which passes along the clients credential (e.g. username/password or other certificates) to the RADIUS server, and in response to authentication directives from the RADIUS server, will allow the client access to the network. In addition to granting access to the network, a RADIUS server also provides authorization for specific service levels and term of use allowed per user profile. The third function provided by a RADIUS server is accounting which starts and stops based on signals sent by the NAS. A RADIUS server can also act as a proxy client to other authentication servers (including other RADIUS servers) in roaming situations. RADIUS servers support a variety of methods to authenticate including PPP, PAP, CHAP, EAP, and UNIX login. Client software available on many laptops and notebooks provide for automatic network selection and authentication using RADIUS in a WISPr framework. A2.2 EAP The Extensible Authentication Protocol provides an infrastructure for network access clients and authentication servers to host plug-in modules for current and future authentication methods and technologies. With EAP, the specific authentication mechanism is not chosen during the link establishment phase of the Point to Point connection but rather the peers negotiate to perform EAP during the connection authentication phase. When the connection authentication phase is reached, the peers negotiate the use of a specific EAP authentication scheme. The conversation consists of requests and responses for authentication information, between an EAP access client (supplicant), an EAP authenticator (an access point or NAS), and an authentication server that negotiates the use of a specific EAP method with the EAP client, validates its credentials, and authorizes access to the network. The IEEE 802.1X standard defines how EAP is used for authentication by IEEE802.11 wireless devices. The Wi-Fi Alliance and Wi-Fi Protected Access (WPA) have officially adopted five EAP types as its official authentication mechanisms (EAP-TLS, EAP-SIM, EAP-AKA, PEAP, and EAP-TTLS) as described in RFC 4017. A2.3 Network Selection RFC 5113 IETF RFC 5113 has defined the problem statement and it took several years to finish this RFC. IETF did not follow up with any additional work. A2.4 Mobility management protocols There are several protocol specifications in the IETF that are relevant in the context of handover with session continuity and utilization of several accesses. The most relevant, given the current timeframe and context are the Mobile IP family of protocols. Work is going on in the IETF to add multi-homing support with simultaneous usage of several interfaces to the Mobile IP
3

http://www.wireless-nets.com/resources/downloads/802.1X_C2.html.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

specifications. With these functions policies could be implemented to move only the best effort traffic to WLAN and keep voice traffic on 3G/LTE, for example. Another protocol of interest is MOBIKE (IKEv2 Mobility and Multihoming) that provides extensions for supporting movement of IPsec endpoints. With a VPN tunnel running inside, handover with session continuity can be supported, but there are no plans to extend MOBIKE with support for moving only a subset of the traffic from one access to another. A third alternative is the inherent support for terminal mobility in SIP, but this will only be relevant for the applications using SIP. Mobile IP protocols have been the main proposal for mobility management in the IETF since the early 1990s. The work started with the specification of Mobile IPv4 (MIPv4), and later with Mobile IPv6 (MIPv6), Network Mobility (NEMO), Proxy Mobile IP (PMIP), and Dual-Stack Mobile IPv6 (DSMIPv6). The protocols can be categorized in client based and network based, where the client based variants rely on functionality in the terminal to manage the handovers (MIPv4, MIPv6, NEMO), whereas the network based (PMIP) implements the base functions inside the network. As the latter requires that the access network has functions for mobility management, it is not applicable for home WLANs that are not under the control of the operator(s). If the PMIP MAG (Mobile Access Gateway) function is not trusted by or under the control of the operator, there will be security issues, as the MAG potentially can hijack traffic for terminals. Versions of the protocols are proposed as alternatives for mobility management in the IEEE (Mobile WiMAX) and the 3GPP (I-WLAN Mobility and LTE/EPS). Mobile WiMAX currently specifies the usage of PMIPv4/6 and Mobile IPv4/6. The 3GPP has DSMIPv6 and PMIPv6 as alternatives for mobility management, and include Mobile IPv4 as a non-preferred alternative for trusted access. 3GPP also specifies the usage of MOBIKE as part of their solution for handover between non-3GPP accesses. A central component of the client based mobile IP protocols is the Home Agent (HA), which is placed at a fixed location (fixed IP addresses) and tunnels traffic to/from the Mobile Node (terminal). The HA hides the movements (IP address changes) of the Mobile Node from the outside world as well as the higher layer protocols inside the Mobile Node. For the Mobile WiMAX and 3GPP specifications, HA functionality (if used) is placed within the Mobile WiMAX or 3GPP system. It is possible, however, to place the HA anywhere in the network/Internet as long as the Mobile Node and the HA can reach each other. This is outside the scope of 3GPP specifications. For additional security, the 3GPP specifies the usage of an additional IPSec tunnel with DSMIPv6 for untrusted non-3GPP accesses. The evolution of these protocols in the IETF is currently carried out in the MEXT (Mobility EXTensions for IPv6), MIP4 (Mobility for IPv4), NETLMM (Network-based Localized Mobility Management), NETEXT (Network-Based Mobility Extensions) and MIPSHOP (Mobility for IP: Performance, Signalling and Handoff Optimization) working groups. Note that the NETLMM may be closing down soon as new work related to network based mobility has been moved to NETEXT. There is a relatively new group (MULTIMOB - Multicast Mobility) that is to provide guidance on how to support multicast in a mobile environment.

A3

3GPP

Note there is a new 3GPP work item in Release 10 looking at non-3GPP access, as well as work on IP Flow Mobility and seamless WLAN offload (IFOM) TS23.261.The outcome of this specification being developed will impact the way mobility management is handled. Release 10 is due for completion in March 2011.

GSM Association Wi-Fi Offload Report A3.1 networks

NON-CONFIDENTIAL

TS 23.402 I-WLAN: Architecture Enhancements for non-3GPP Access to 3GPP

This document specifies the stage 2 service description for providing IP connectivity using non3GPP accesses to the Evolved 3GPP Packet Switched domain. In addition, for E-UTRAN and non-3GPP accesses, the specification describes the Evolved 3GPP PS Domain where the protocols between its Core Network elements are IETF-based. The latest 3GPP specs for interworking with non-3GPP accesses including for WLANs are in TS 23.402 and are more comprehensive than TS 23.234. TS 23.402 specs provide mobility support between 3GPP networks and non-3GPP accesses (i.e,WLANs) using either network-based or client-based solutions and for both trusted and untrusted non-3GPP access networks. The network discovery and selection has been an issue because of battery consumption and turning on of two radios in TS 23.402 a new IP level entity called ANDSF (Access Network Discovery and Selection Function) has been introduced in Release 8. It is being further enhanced in Release 9. A3.1.1 ANDSF (Access Network Discovery and Selection Function) For operators which have both Wi-Fi and 3GPP infrastructures, some operators plan to realise Wi-Fi offloading by employing ANDSF (Access Network Discovery and Selection Function). ANDSF, a layer 3 protocol suggested by 3GPP, is a technology that enables mobile devices located in area of two or more different type of access connectivity to select the most appropriate access network by exchanging information between the mobile device and a server. Wi-Fi Offloading should aim not only to reduce the 3G networks load effectively but also not to deteriorate the service quality. On the contrary, after implementation, Wi-Fi Offloading should rather improve users experience to offer competitiveness (e.g. CAPEX, service quality) to operators. In order to realize these propositions, operators have to monitor and apprehend many types of context information of network systems and mobile devices. Operators would implement ANDSF in addition to ANDSF Context Information Collection System to decide on and deploy Wi-Fi Offloading policy.

Fig. 2. Example Wi-Fi Offloading Architecture

Fig. 2 Describes the basic Wi-Fi offloading architecture. Each entity is in charge of the following functions:

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

ANDSF Server: Interworking ANDSF Context Information Collection System and ANDSF Client, ANDSF Server collects context information of network side and device side to decide and to deploy Wi-Fi offloading policy. ANDSF Client: Interworking ANDSF Server, ANDSF Client receives or requests Wi-Fi offloading policy and available access network list to perform Wi-Fi offloading. ANDSF Client also reports device side context information to ANDSF Server. ANDSF Context Information Collection System: Collecting context information of AP and RNC, this system conveys network side context information to ANDSF server. Policy Manager: This is a management point to manage and update operators policy in ANDSF Server.

Network side and device side context information can be effectively utilised to decide when or whether the mobile device should move to Wi-Fi. This solution using ANDSF also can include WiMax, and other non-3GPP access, simply by including network context information of the other access networks. The most important factor that should be considered before the commercialisation of this solution is to reduce the delay time which will be occur during the completion of ANDSF negotiation. A3.2 TS 23.302 Access to the 3GPP EPC via non-3GPP access networks

The document specifies the discovery and network selection procedures for access to 3GPP Evolved Packet Core (EPC) via non-3GPP access networks and includes AAA using AAA procedures used for the interworking of the 3GPP EPC and the non-3GPP access networks. It also specifies the Tunnel management procedures used for establishing an end-to-end tunnel from the UE to the ePDG to the point of obtaining IP connectivity and includes the selection of the IP mobility mode. This document is applicable to the UE and the network. A3.3 TS 33.234 and 33.402 3GPP and WLAN Interworking Security

These documents specify the security architecture, trust model and security requirements for the interworking of the 3GPP System and WLAN Access Networks. The security architecture for trusted and untrusted non-3GPP accesses to connect to 3GPP outlines the needed security features to connect such a non-3GPP access to the 3GPP EPS. Non-3GPP access specific security is outside the scope of the document. Access authentication for non-3GPP access in EPS shall be based on EAP-AKA (RFC 4187) or on EAP-AKA' (RFC 5448). The EAP server for EAP-AKA and EAP-AKA' shall be the 3GPP AAA server residing in the EPC. 3GPP WLAN interworking assumes a common authentication mechanisms based on SIM (it uses EAP-SIM or EAP-AKA). While this looks good on paper (single authentication and billing) in reality almost all the public hot spots use user id/password. This is an area where a Wi-Fi network operated by a 3GPP-based cellular network could enable common authentication between the two networks, but the operator cannot count on I-WLAN type connectivity to the Wi-Fi network, it will often be independent.

GSM Association Wi-Fi Offload Report A3.4

NON-CONFIDENTIAL

TR 22.912 3GPP Study on Network Selection Requirements for non-3GPP Access

The document considers the network selection procedures requirements for non-3GPP access types. The network selection principles covered include both automatic and manual selection. Also considered is the operator management of network preferences for non-3GPP access types and how the device accesses networks offered through non-3GPP access. UEs considered in this study are UEs able to connect to a non-3GPP network in addition to its 3GPP capabilities (i.e. dual mode, multi-mode UEs). This work in this TR is applicable to GSM and UMTS and there are no additional considerations of EPS (Evolved Packet System). Roaming and handover conditions between 3GPP and non-3GPP networks are not in the scope of this document. Connection to a 3GPP operators core network by WLAN is out of scope, where this is I-WLAN. Use of the Generic Access Network is out of scope. Considerations of tariffing are out of scope. There are no specifications for how the UE should choose non-3GPP access types, however. A3.5 Service Continuity

In general the definition of Wi-Fi Offload is offloading internet traffic via networks that do not have back end connections to 3GPP networks. Service continuity can happen by providing mobility support at 1- Lower layers 2- Layer 3 3- Application layer Cases 1 and 2 provide mobility transparent to all the applications (IMS or non-IMS). For example, IMS Centralised Services, ICS, is a service layer function that has no direct relation with Wi-Fi, Wi-Fi offload or Wi-Fi mobility. ICS should be access network agnostic. 3GPP defines WLAN-3GPP system interworking as a wireless IP connectivity service where the user obtains access via a Wireless LAN technology. 3GPP states it shall be possible to deploy the WLAN as an integral part of the 3GPP system or the two systems can be separate. In order to provide service continuity, the WLAN has to be an integral part of the 3GPP network. It is an operator decision as to the level of interworking supported. This can be broadly grouped as: 3GPP based access control and charging only. (Scenario 2 of 3GPP TR 22.934) Access to 3GPP PS based services, e.g. IMS. (Scenario 3 of 3GPP TR 22.934) Access to 3GPP PS based services with service continuity. The user may or may not notice a disruption in service, depending upon the level of service continuity supported. This is further defined in 3GPP TS 22.129. (Scenarios 4 and 5 of 3GPP TR 22.934)

The following table from 3GPP TR 22.934 summarizes the six 3GPP - WLAN interworking scenarios described in the report. Each scenario realises an additional step in integrating WLAN in the 3GPP service offering and naturally includes the previous level of integration of the previous scenario.

GSM Association Wi-Fi Offload Report

Scenarios: Scenario 1: Common Billing and Customer Care Scenario 2: 3GPP system based Access Control and Charging X X X Scenario 3: Access to 3GPP system PS based services X X X Scenario 4: Service continuity

NON-CONFIDENTIAL
Scenario 5: Seamless services Scenario 6: Access to 3GPP system CS based Services X X X

Service and operational Capabilities: Common billing Common customer care 3GPP system based Access Control 3GPP system based Access Charging Access to 3GPP system PS based services from WLAN Service Continuity Seamless Service Continuity Access to 3GPP system CS based Services with seamless mobility

X X

X X X

X X X

X X

X X

Currently, most communication service providers offer circuit switched based services and IP based services. Separate service platforms are maintained in the different domains. This results in users receiving an inconsistent service experience because their service environment changes with different devices, access networks, and serving domains. Additionally, redundant service platforms need to be supported. However, by delivering IP-based services from a single consolidated service platform service consistency can be provided across different access networks and devices, service continuity can be provided between access networks (wireless and wireline), and CAPEX and OPEX can be reduced. 3GPP operators have a strong interest in the deployment of IMS-based core networks as well as a level of network and service transparency. This leads to a strong interest in the implementation of IMS Centralised Services, ICS, and IP-based messaging (which must interwork with traditional SMS/MMS functionality), impacting both network and device elements. The following figure gives a high level view of ICS; note that ICS across 3GPP and non-3GPP access requires further study in 3GPP.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

Terminal

Scenario A

PS Domain (VoIP Capable)

IMS

Scenario B

CS Domain

Scenario C

PS Domain (not VoIP Capable)

A3.6

IP Flow Mobility, Local IP Access and Selected Internet IP Traffic Offload

The increased data demand, caused by the increased use of 3rd party applications and Internet browsing is creating interest for new operator tools to lower the cost on providing data access. The increased availability of WLAN radio in many terminals and the increasing availability of WLAN access networks in many geographical locations provide means to achieve this goal. When the subscriber happens to be under WLAN coverage, it is beneficial for the operator to offload some traffic (e.g. best effort) to the WLAN access. At the same time it may be beneficial to still keep some traffic (e.g. VoIP flow) in the cellular access. With this IP flow mobility solution the operator can lower its data access costs while the subscriber just experiences maximised bandwidth without any service disruption or interruption. 3GPP is defining a solution in Release 10 for a seamless WLAN offload via IP flow mobility. Based on this solution, operators can use WLAN as a seamless extension of their 3GPP access and thus increase the overall system capacity while minimising the access cost. The MAPIM Study Item documented in TR 23.861 provides a technical solution for seamless WLAN offload. IP flow mobility based on the solution described in section 7.1.1 in 3GPP TR 23.861 Simultaneous connectivity to the same PDN via different accesses for S2c and H1 reference points. Routing of different IP flows of the same PDN connection via different accesses for S2c and H1 reference points. Movement of IP flow(s) of the same PDN connection at any time from one access to another via S2c and H1 reference points. Also included will be Extensions to the ANDSF framework for Provisioning of inter-system operator's policies for seamless WLAN offload with IP flow mobility based on the solution described in 3GPP TR 23.861

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

Provisioning of operator's policies for usage of WLAN access to connect to the Internet without traversing operator's core network

Additionally, it is possible to provide a limited non-seamless WLAN offload as done in current deployments via a transient IP connection via WLAN (referred also as Direct IP Access in IWLAN). This implies that the UE uses the WLAN IP address and no IP address preservation is provided between WLAN and 3GPP accesses. While most details of this scenario are outside the scope of 3GPP as they are confined into the non-3GPP access, it is useful to define operators policies in 3GPP to guide the behaviour of the UE. The 3GPP Release 10 work on Local IP Access and Selected Internet IP Traffic Offload work in Release 10 may also be applicable to Wi-Fi offload: Local IP access LIPA to residential/corporate local network for Home (e)NodeB Subsystem Selected IP traffic offload SIPTO (e.g. Internet traffic) for Home (e)NodeB Subsystem Selected IP traffic offload (internet traffic, corporate traffic, etc.) for the macro network (3G and LTE only) A3.7 GAN Generic Access Network (formerly known as UMA)

GAN is a telecommunication system that extends mobile voice, data Session Initiation Protocol (SIP) applications over IP access networks. The most common application of GAN is in a dual-mode handset service where subscribers can seamlessly roam and handover between wireless LANs and wide area networks using a GSM/Wi-Fi dual-mode mobile phone. GAN enables the convergence of mobile, fixed and Internet telephony, sometimes called Fixed Mobile Convergence. Under the GAN system, when the handset detects a wireless LAN, it establishes a secure IP connection through a gateway to a server called a GAN Controller (GANC) on the carrier's network. The GANC presents to the mobile core network as a standard cellular base station. The handset communicates with the GANC over the secure connection using existing GSM/UMTS protocols. Thus, when a mobile moves from a GSM to an 802.11 network, it appears to the core network as if it is simply on a different base station.

GSM Association Wi-Fi Offload Report

NON-CONFIDENTIAL

DOCUMENT MANAGEMENT
Document History Version
0.1 0.2 0.3 0.4 0.5 1.0

Date 07/04/10 15/04/10 15/04/10 16/04/10 16/04/10 19/04/10

Brief Description of Change

First draft based on EMC Report 2nd draft based on comments Updates to Sec 1 to 3 Comments from AT&T Updates from Conf Call Final Version

Approval Authority

Editor Company
Nigel Bird/Orange Nigel Bird/Orange Nigel Bird/Orange Nigel Bird/Orange Nigel Bird/Orange Nigel Bird/Orange

Other Information Type

Document Owner Editor / Company

Description
Wi-Fi Offload Nigel Bird Orange

Document Cross References Reference Number

[1]

Document Number
AD02

Title
Confidentiality of GSMA Documents