Cisco Cisco Packet Data Gateway (PDG)
For this support the HNB-GW uses HNB's LAC, received during registration procedure in
HNB_REGISTER_REQUEST message, to distribute RANAP-Initial UE message to an MSC. It maps the
LAC with MSC point code and a set of LACs configured for each MSC, connected to the HNB-GW.
HNB_REGISTER_REQUEST message, to distribute RANAP-Initial UE message to an MSC. It maps the
LAC with MSC point code and a set of LACs configured for each MSC, connected to the HNB-GW.
In the HNBGW, to select an MSC based on the LAC the following algorithm is used:
• If both Iu-Flex and LACs are configured for a MSC, then Iu-Flex is used to select a MSC.
• If only Iu-Flex is configured then Iu-Flex is used for selecting MSC.
• If only LACs are configured then MSC is selected using LAC from HNB.
• If both Iu-Flex and LACs are not configured in the HNBGW, it selects default MSC.
Network Access Control Functions through SeGW
These functions enable secure user and device level authentication between the authenticator component of
the HNB-GW and a 3GPP HSS/AuC and RADIUS-based AAA interface support.
the HNB-GW and a 3GPP HSS/AuC and RADIUS-based AAA interface support.
This section describes following features:
• Authentication and Key Agreement (AKA)
• 3GPP AAA Server Support
• X.509 Certificate-based Authentication Support
Authentication and Key Agreement (AKA)
HNB-GW provides Authentication and Key Agreement mechanism for user authentication procedure over
the HNB Access Network. The Authentication and Key Agreement (AKA) mechanism performs authentication
and session key distribution in networks. AKA is a challenge- response based mechanism that uses symmetric
cryptography.
the HNB Access Network. The Authentication and Key Agreement (AKA) mechanism performs authentication
and session key distribution in networks. AKA is a challenge- response based mechanism that uses symmetric
cryptography.
The AKA is the procedure that take between the user and network to authenticate themselves towards each
other and to provide other security features such as integrity and confidentiality protection.
other and to provide other security features such as integrity and confidentiality protection.
In a logical order this follows the following procedure:
1
Authentication: Performs authentication by, identifying the user to the network; and identifying the
network to the user.
network to the user.
2
Key agreement: Performs key agreement by, generating the cipher key; and generating the integrity key.
3
Protection: When the AKA procedure is performed it protects, the integrity of messages; confidentiality
of signalling data; and confidentiality of user data
of signalling data; and confidentiality of user data
3GPP AAA Server Support
This interface between the SeGW and AAA Server provides a secure connection carrying authentication,
authorization, and related information. in accordance with the following standards:
authorization, and related information. in accordance with the following standards:
• 3GPP TS 33.320 V9.1.0 (2010-03): 3rd Generation Partnership Project; Technical Specification Group
Services and System Aspects; Security of Home Node B (HNB) / Home evolved Node B (HeNB)
(Release 9)
(Release 9)
HNB-GW Administration Guide, StarOS Release 19
21
HNB Gateway in Wireless Network
Network Access Control Functions through SeGW