WHITEPAPER

SECURITY THROUGH EAP-BASED APPROACH

Wi-Fi OFFLOAD: AUTHENTICATION AND

www.greenpacket.com

WHITEPAPER

Abstract
Data trafc demand is growing rapidly as operators are struggling to overcome declining margins and rising capital costs in their mobile broadband strategies. The telecom industry is talking about ofoad as a solution but it can take many forms, leaving many operators unsure of which path to take. The business case for Wi-Fi is evolving, and not just for data ofoad but also voice and messaging, offering an opportunity for the deeper integration of Wi-Fi with the operators service portfolio. One of the many concerns of Wi-Fi deployment points to the end goal of integrating both the existing and Wi-Fi architecture with minimal changes. When mobile devices connect to networks, user and end point authentication play critical roles in preventing misuse, abuse and attack. This paper will provide a deep-dive into the ramications of Wi-Fi authentication and security, with the study of carrier class Wi-Fi challenges faced by operators in terms of scalability and exibility of the solution, service quality, terminal readiness and the desired success in Wi-Fi deployments. It marks a reversal of attitude once held by carriers, which undermined the open design and previously chose to deliver their services through their own tightly controlled networks. By embracing Wi-Fi, they are now seeing their data ofoad strategy to pragmatic use on their networks by diverting trafc to this alternative route. Wi-Fi access also gives the carriers new revenue streams, and draws in consumers who are increasingly searching for local wireless hotspots.

WHITEPAPER

Contents
Overview Converging Multiple Access Technology Challenges to Building a Carrier Class Wi-Fi Experience Security Authentication Roaming Integrating the Mobile Core - Provisioning, Policy Control and Billing Delivering the Right Wi-Fi Experience Greenpacket Wi-Fi Offloading Solutions Smart Data Ofoad Seamless Data Ofoad Dynamic Data Ofoad Wi-Fi Adoption Intensifies Interest in Offloading Conclusion Wi-Fi Your Network to More Bandwith! References 11 13 14 15 08 06 01 03

WHITEPAPER

Overview - 01

Overview
Wi-Fi has undoubtedly established itself as a genuine wireless access technology capable of delivering a cellular experience. The business model for Wi-Fi has changed from merely a home Internet gateway alternative to an essential part of the operators bigger network data strategy. The rise of the smartphones resulted in consumers needing connectivity and in turn driving the need for bigger bandwidth through the Wi-Fi marketplace, as Wi-Fi is recognized as the de-facto technology for the average smartphone user. According to a Gartner report, the smartphone sales are expected to surpass 1 billion units by 2015, when they will account for 50% of the total mobile device market. The smartphone behaviors are markedly different from the previous generation of handsets. It is acknowledged that as devices become more complex, so does the behavior of the trafc mix. The trafc mix now contains greater consumption of high bandwidth experience for videos and content, which 3G as a delivery mechanism falls short. When spectrum runs short, service degrades sharply; calls get dropped and data speeds slow down. Wi-Fi ofoading is an opportunity for operators to reduce 3G trafc load and at the same time, overcoming the growing pressure from OTT players like Skype and Google to avoid revenue erosion. Wi-Fi remains very much publicized on the operators agenda. There is clear desire to integrate the technology more closely with cellular, both in terms of ease of use through network discovery, authentication and log-on, and at the core-network level. Despite these challenges, the adoption of Wi-Fi ofoading will not decelerate as the next generation connectivity in LTE will drive further the end users need for high performance wireless connectivity; Wi-Fi will be more relevant in the 4G era than it was for 3G. Moreover, the growth in cloud-based services will only further drive and unlock the potential of the big data.

WHITEPAPER
Several Tier 1 operators are already embracing the Wi-Fi in large scale deployments in the likes of China Mobile and KDDI in Japan to ofoad peak data trafc from cellular networks and support the delivery of new content and value-added services. The standardization bodies of Wireless Broadband Alliance (WBA) and Wi-Fi-Alliance is encouraging development of Wi-Fi standards that addresses the future of Wi-Fi roaming through Next Generation Hotspot (NGH) and Hotspot 2.0, including ofoad architectures. With standards work improving and gaining greater acceptance through successful trials, the entire value chain of vendors, device manufacturers and developers will stand to benet from a larger marketplace.

Overview - 02

WHITEPAPER

Converging Multiple Access Technology - 03

Converging Multiple Access Technology

With the rise of heterogeneous networks (HetNet) becoming the preferred adoption in next generation network, the desire to increase cellular coverage via Wi-Fi and small cells (including femtocell, picocells, microcells) or any combination of these methods will continue to provide seamless coverage to approach ubiquity. In order to maintain the integrity of service assurance, operators must exercise due diligence in observing the foundation of a secure network and scrutinize all interconnections to it.

Challenges to Building a Carrier Class Wi-Fi Experience

From an operators point of view, carrier grade Wi-Fi requires strong security; strong trust through authentication and billing credentials, quality of service, network discovery and policy control. All of these features are desirable to ensure the end-user experience is not compromised, as cases of identity theft and fraud on sensitive information can bring damage to the operators brand and credibility.

Security
As the number of web-enabled device i.e. likes of smartphones and tablets continue to grow, the focus of security is equally important on the device, network as well as the data traversing both secured and unsecured Wi-Fi networks. The emerging trend of universally accessing data, independent from the device that is carried, calls for stricter control. The credibility of tunneling data through unsecured WLAN is challenging to enforce restrictions onto data streams and content when accessing Wi-Fi hotspot. The use of encryption protocols such as AES in WPA2 and IKEv2 is another way to ensure the data packets are sufciently encrypted over 802.1x networks to give the same level of security that is expected of Wi-Fi as in cellular.

WHITEPAPER

Converging Multiple Access Technology - 04

Roaming between networks is complicated such that the roamed network has no access to the encryption keys used to authenticate the user. The emulation of roaming ability through the use of Extensible Authentication Protocol (EAP), ideally SIM-based is supported in Wi-Fi devices these days. Other issues pertaining to accounting is unclear and how much operators should charge each other for access.

Authentication
In the user authentication and device authentication process, it is important that the integration of SIM-based authentication is compliant to 3GPP and 3GPP2 standards. With the adoption of at-IP architecture and EPC packet core, the primary SIM authentication method suggest seamless Wi-Fi access can be achieved with minimal infrastructure and core network integration. The placement of intelligent agents on the device can help operators combine advanced policy control mechanism to execute Wi-Fi ofoad in managed manner to t the business needs of the operators. EAP-SIM is used extensively in WLAN as a basis for negotiating solid authentication as most smartphones readily supports it. Which variant of the EAP authentication is used for what network is purely dependent on the operators. Implementation of a standards based approach to Wi-Fi network identication, authentication and service provisioning is essential to accelerating and promoting the use of the Wi-Fi among consumers. Making the 3G/4G to Wi-Fi handover seamless to the end-user through EAP-based methods (the more popular and readily supported EAP-SIM and EAP-AKA) will provide a viable data-ofoad solution for operators, while standardizing deployment for Wi-Fi operators and device manufacturers. It will also make integration into mobile operators cellular networks far easier and more cost effective.

WHITEPAPER
Roaming

Converging Multiple Access Technology - 05

Inter Wi-Fi roaming is one aspect that is still in the early stages of standardization towards a harmonized and seamless roaming experience. A large scale deployment of Wi-Fi can complement cellular roaming and bring roaming charges down signicantly to the end-user. The impact of Wi-Fi ofoad is widening, and the way operators integrate Wi-Fi within their networks is changing. Some operators lacking their own Wi-Fi hotspot infrastructure and has plans to do so soon, can establish partnerships with Wi-Fi access aggregators like Boingo and iPass. Those that already have Wi-Fi ofoad in place and sufcient investments can continue to expand the locations where they offer Wi-Fi access and extend the network of partners to provide domestic and international roaming.

WHITEPAPER

Integrating the Mobile Core - 06

Integrating the Mobile Core Provisioning, Policy Control and Billing

Operators are expected to ramp-up Wi-Fi and deployments despite the fact that the majority of operators still see support for heterogeneous networks as a challenge and thus, they need to spend some time testing and guring out. Wi-Fi wont be a rescue for every situation, but they are a critical tool that operators are turning to and will continue to increase in numbers. As a result, support for standards SIM-based authentication is already readily available in smartphones like iPhone, Blackberry and Android to some extent. A unied authentication and alignment as closely as possible to the user experience in terms of connectivity, sign-on, charging and billing and most importantly security and privacy will be the strong focus towards Wi-Fi networks.

Delivering the Right Wi-Fi Experience

The end-user experience demands for a QoE, while the operators demands for a reasonable level of QoS. In the QoE terms, the end-user would expect the collective experience would be seamless, and always on, regardless of the device which it uses to access the network and suffers no deterioration of service. On the other end, operators must diligently ensure the QoS is adhered to within the optimized network performance in terms of service speeds and SLAs promised. Wi-Fi networks are not devoid of shortfalls. However, it can be strategically positioned to address and resolve interworking, security, authentication methods between networks and create additional value wherever the business model ts.

WHITEPAPER
Convergence

Integrating the Mobile Core - 07

Simplify the Wi-Fi ofoading experience by ensuring that they can provide an enriched experience regardless of the network, device and environment. The end goal of marrying Wi-Fi ofoad together with 3G/4G technology can bring new growth and injecting value to the operators business proposition, be it new Wi-Fi access revenues or richer content delivery.

Integration
Automatic and network agnostic approach (3G-Wi-Fi) to synchronize user credentials in the process to integrate multiple elements of subscriber provisioning, device and subscriber authentication that is integrated to the operators core network (authenticated through 3GPP compliant AAA) and coupled to the policy infrastructure; push prole, updates over the air, policy control management to add intelligence on ofoad decisions.

Regulatory Compliance
Operators look for a standardized long term solution that handles data mobility and growth regardless of application and network type. In an environment of rising cyber crime, operators need to enforce vigilance over cellular and WLAN networks; assess the aspects of subscriber data condentiality & integrity, authentication, access control and attacks while implementing integrated Wi-Fi access. The vulnerability of Wi-Fi ofoad is apparent in the case of direct Internet Wi-Fi that is provided over free hotspots (i.e. shopping malls, cafes) as a value-add to the subscriber. In such circumstance, operators need to notify the subscriber before ofoading automatically giving the user a choice. Operator can maintain visibility and control over Wi-Fi through EAP-based authentication.

WHITEPAPER

Greenpacket Wi-Fi Offloading Solutions - 08

Greenpacket Wi-Fi Ofoading Solutions

The Intouch solution suite is a standards-based approach to deal with Wi-Fi ofoading securely. It gives the assurance of secured and managed ofoad mechanism and also the option for a dynamic ofoad mechanism through policy control. These solutions fully support secured EAP-based authentication and advanced Wi-Fi security measures.

Smart Data Ofoad

The Smart Data Ofoad client is designed to run on top of native device connection utility for operators looking for a basic ofoad mechanism without major investment and modication to the existing network infrastructure or rmware replacement. The objective of the smart client is to make Wi-Fi connections more transparent and increase the attachment rate to Wi-Fi by turning on/off Wi-Fi radio. The ability to support access aware and policy preferences of operators centralized proling server allows subscribers to seamlessly move between cellular and Wi-Fi based on device, end-user behavior and environmental information. The smart client does not permanently override the preset network connectivity settings, but only takes precedence by modifying the policy during policy administration. The policy activation can be triggered over several criteria such as device status active, battery levels and signal strength, mobility detection as well as location detection and time. The smart data ofoad provides optimized service levels to customers as well as ensure efcient ways for operators to manage their network options.

WHITEPAPER Seamless Data Ofoad

Greenpacket Wi-Fi Offloading Solutions - 09

Greenpackets Seamless Data Ofoad is a client-based solution that aims to deliver a simplied and cost-effective ofoad method across multiple access networks. It is based on the Data Ofoad Platform. The Seamless Data Ofoad client can transparently ofoad 3G - Wi-Fi and continue to push operator services and manage data trafc effectively. Seamless Data Ofoad, through Inter-working WLAN (iWLAN) takes trafc from the mobile operators radio access over Wi-Fi by tunneling through the PDG at the operators core network. This ts with mobile operators need to monetize services through the personalization of services and the application of policy management; something which cant be said of other Wi-Fi ofoad approaches in the market today.

Figure 1 : Seamless Data Ofoad

WHITEPAPER Dynamic Data Ofoad

Greenpacket Wi-Fi Offloading Solutions - 10

Operators are increasingly looking at using Wi-Fi for ofoad as part of their mobile broadband strategies. However, it risks losing visibility over trafc policies that were congured for the user once it routes through Wi-Fi. What is lacking is a way for the network to communicate to users (applications and/or websites they are using) a real-time or predicted measure of the networks congestion levels. Greenpackets Dynamic Data Ofoad client is compliant to the dened 3GPP Access Network Discovery and Selection Function (ANDSF), to enable dynamic network selection and switching based on various contextual ability such as cell location, device, peak hours and subscription plan. Operators can also opt to customize these policies based on application aware policy, device policy, subscriber policy and time-based policy to trigger data ofoad.

Figure 2 : Dynamic Data Ofoad

WHITEPAPER

Wi-Fi Adoption Intensifies Interest in Offloading - 11

Wi-Fi Adoption Intensies Interest in Ofoading

Wi-Fi deployed in urban or other high trafc locations as an underlay to increase cellular capacity density is a market differentiator. Ironically, Wi-Fi is rated as a source of disruption in the wake of the smartphone surge and driving data usage wild. The emergence of smartphones was borne out of the popularity of Wi-Fi. On the other hand, it is also Wi-Fi that is helping operators address the limited bandwidth issues by leveraging on unlicensed spectrum. There still exist obstacles to be overcome before Wi-Fi deployments are widespread. Many operator view Wi-Fi or the likes of small cell topologies such as femtocells, picocells as a complementary solution to capacity pressure points, rather than a radical new type of network. One observation and consistent theme presented by operators collective feedback points to the challenge of predicting subscribers behavior and managing them effectively, in the process of improving the user experience and shaping services. Operators are also aware and implementing technologies that would allow them to actively manage trafc, from the device through to the core streaming video optimization, policy management and service enablement in the core through advanced, high-speed platform capabilities. With GSMA recently announcing in Feb 2012, a joint collaboration with the Wireless Broadband Alliance aimed at simplifying the process of mobile devices connecting to Wi-Fi networks; the ease of cross network roaming receives a boost. The basis of the initiative is primarily focused on SIM adoption to manage and uniquely identify Wi-Fi networks to mobile devices for the ultimate cross network roaming experience. It is anticipated, commercial deployments may be as early as 12-18 months.

WHITEPAPER

Wi-Fi Adoption Intensifies Interest in Offloading - 12

The benets to consumers would be signicant, as consumers get Wi-Fi service mix with their cellular plan. It gives a high level of condence of attached Wi-Fi connectivity without searching SSID, input username and password at all times. The EAP authentication ensures seamless and secure credential validation and happens automatically. All of that authentication and connectivity is congured onto the device without user intervention. The initiative also opens the door for operators to extend the offering of any SIM-based services into an ofoad environment. Mobile operators are keen to make the SIM the secure element of mobile payment services, for example, and this project would allow transactions to be carried out without the need for cellular access. The evolution of legacy voice away from circuit switched towards at IP in LTE means it could extend voice implementation similar over Wi-Fi as well; allowing operators to offer carrier class voice service as well.

WHITEPAPER

Conclusion - 13

Conclusion
The concept of Wi-Fi is not just based on the premise of ofoad. Other opportunities arise from the building of a well-planned Wi-Fi access to generate new revenue streams. Mobile operators must catch-up or risk losing their mark on subscribers demand. In recent years, the rise of OTT providers like Google, Amazon and Netix has eclipsed market dominance by delivering a new and exciting user experience to engage the consumers. Operators are now aware of the importance of achieving efciency in intelligent solutions to create closer relationships with their customers. There are opportunities to use Wi-Fi as a customer acquisition tool as well as a churn reduction tool. Operators perceptions of Wi-Fi have changed from seeing the technology as a threat that was stealing trafc and revenue to a signicant opportunity for growing data services usage. The full integration of Wi-Fi with mobile networks is critical to an operators success. Not just for authentication and data but for all the services the end users currently receive on cellular networks as well as those they are likely to in the future, including billing, voice, messaging and roaming. A major milestone in the efforts to standardize global data roaming over Wi-Fi was announced by the Wireless Broadband Alliance (WBA) on the successful trial of NGH that included AT&T, BT, China Mobile, NTT DoCoMo and so forth in the week leading up to Mobile World Congress 2012 in Barcelona. The initiative was adopted on SIM-based environment as the secure element to deliver connectivity across networks. One of the key highlights central to operators is the strict requirements on making both device and user authentication to ensure integrity and security of the network is not compromised, when incorporating Wi-Fi as part of the mobile services strategy. Wi-Fi has transitioned from a useful unlicensed wireless option for ofoading excess mobile video trafc to an intelligent, managed network where subscribers can roam securely. According to a report by Strategy Analytics, the marketplace will expect to see increasing number of operators embrace Wi-Fi as part of their LTE network deployment strategy; and to incorporate it fully into their 3G and 4G trafc calculations and become a fully integrated part of small cell networking and HetNet design by 2015.

WHITEPAPER

Wi-Fi Your Network to More Bandwith - 14

Wi-Fi Your Network to More Bandwith!

Simplicity and standards compliant approach is the key to strengthen the security of Wi-Fi ofoading deployment and the fact that most smartphones are readily equipped with automatic log-in capabilities nowadays with Wi-Fi access already congured. Embark on a journey with Greenpacket to discover how to protect your network through better Wi-Fi management. With Greenpacket, limitless Wi-Fi solutions abound!

Free Consultation If you would like a free consultation on how you can leverage Wi-Fi ofoading for an improved network performance and experience, feel free to contact us at marketing.gp@greenpacket.com. Kindly quote the reference code, SWP1211-E when you contact us.

WHITEPAPER

References - 15

References
1. Wi-Fi Hotspots will be Small Cells in Mobile Broadband Networks by 2015 by Sue Rudd and Phil Kendall, Strategy Analytics 2. Analysis Mason The Case for Wi-Fi Ofoad by Terry Norman 3. Wireless Broadband Alliance (WBA) Industry Report 2011, Global Developments in Public Wi-Fi

For more information on Greenpackets products and solutions, please contact us at marketing.gp@greenpacket.com San Francisco

Associate Member

Kuala Lumpur

Singapore

Shanghai

Taiwan

Sydney

Bahrain

Bangkok

Hong Kong

Copyright 2001-2012 Green Packet Berhad. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language, in any form by any means, without the written permission of Green Packet Berhad. Green Packet Berhad reserves the right to modify or discontinue any product or piece of literature at anytime without prior notice.