Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
HNB Gateway in UMTS Network
Features and Functionality - Base Software ▀
Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄
OL-22991-01
Authentication and Key Agreement (AKA)
HNB-GW provides Authentication and Key Agreement mechanism for user authentication procedure over the HNB
Access Network. The Authentication and Key Agreement (AKA) mechanism performs authentication and session key
distribution in networks. AKA is a challenge- response based mechanism that uses symmetric cryptography.
Access Network. The Authentication and Key Agreement (AKA) mechanism performs authentication and session key
distribution in networks. AKA is a challenge- response based mechanism that uses symmetric cryptography.
The AKA is the procedure that take between the user and network to authenticate themselves towards each other and to
provide other security features such as integrity and confidentiality protection.
provide other security features such as integrity and confidentiality protection.
In a logical order this follows the following procedure:
1. Authentication: Performs authentication by, identifying the user to the network; and identifying the network to
the user.
2. Key agreement: Performs key agreement by, generating the cipher key; and generating the integrity key.
3. Protection: When the AKA procedure is performed it protects, the integrity of messages; confidentiality of
3. Protection: When the AKA procedure is performed it protects, the integrity of messages; confidentiality of
signalling data; and confidentiality of user data
3GPP AAA Server Support
This interface between the SeGW and AAA Server provides a secure connection carrying authentication, authorization,
and related information. in accordance with the following standards:
and related information. in accordance with the following standards:
3GPP TS 33.320 V9.1.0 (2010-03): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; Security of Home Node B (HNB) / Home evolved Node B (HeNB) (Release 9)
This reference point is located between 3GPP AAA Server/Proxy and HNB-GW. The functionality of this reference
point is to enable following requirements on SeGW:
point is to enable following requirements on SeGW:
The SeGW shall be authenticated by the HNB using a SeGW certificate.
The SeGW shall authenticate the HNB based on HNB certificate.
The SeGW authenticates the hosting party of the HNB in cooperation with the AAA server using EAP-AKA.
The SeGW shall allow the HNB access to the core network only after successful completion of all required
authentications.
Any unauthenticated traffic from the HNB shall be filtered out at the SeGW
System Management Features
This section describes following features: