Selective Authentication

Similar documents
Dedicated Core Networks on MME

Dedicated Core Networks on MME

LTE Foreign PLMN GUTI Management Database Configuration Mode Commands

CE Mode-B Device Support

Operator Policy Selection Based on IMEI-TAC

NB-IoT RAT and Attach Without PDN Connectivity Support

Cause Code #66. Feature Description

S13 Additional IMEI Check

HSS-based P-CSCF Restoration

Power Saving Mode (PSM) in UEs

LTE Policy Configuration Mode Commands

SGSN-MME Combo Optimization

SGSN-MME Combo Optimization

5G NSA for MME. Feature Summary and Revision History

Load Balance MME in Pool

State-Location Information Retrieval Flag

Access Restriction based on Regional Zone Code

edrx Support on the MME

Enhanced Congestion Control and Overload Control

Non-IP Data Over SCEF

5G NSA for SGSN. Feature Summary and Revision History

MTC Congestion Control

Closed Subscriber Groups

Small Data over NAS, S11-U and SGi Interfaces

HLCOM Support. Feature Summary and Revision History

MME Changes in Release 20

Direct Tunnel for 4G (LTE) Networks

Version LTE Emulators v10.2 Release Notes - Page 1 of 16 - Release Date: Aug 28, Resolved Issues

Location Services. Location Services - Feature Description

Paging Priority IE Support

show mme show mme-service all This chapter includes the show mme command output tables.

Network Requested Secondary PDP Context Activation

show mme show mme-service all This chapter includes the show mme command output tables.

Long Term Evolution - Evolved Packet Core S1 Interface Conformance Test Plan

show sgsn-service sgsn-mode show sgsn-service all This chapter describes the output of the show sgsn-service command.

Single Radio Voice Call Continuity

Location Services. Location Services - Feature Description

POWER-ON AND POWER-OFF PROCEDURES

The SGSN service that is running in this session. The number of SGSN system in current network.

This chapter describes the support of Non-IP PDN on P-GW and S-GW.

S4 interface Support For Non-EPC Devices

Release Change Reference, StarOS Release 21.8/Ultra Services Platform Release 6.2

GTP-based S2b Interface Support on the P-GW and SAEGW

This section describes MME support for Cell Traffic Trace.

S11U Interface Support on S-GW for CIoT Devices

SRVCC Ensuring voice service continuity in VoLTE/IMS

- Page 1 of 10 -

LTE TAI Management Database Configuration Mode Commands

S-GW Event Reporting

Requirement Plan Plan Name: LTE_Data_Retry Plan Id: LTEDATARETRY Version Number: 31 Release Date: June 2018

UE Context Retention

3GPP TS V ( )

Yong Hak, Jung / Onnet Technologies Tel :

LTE EPC Emulators v10.0 Release Notes - Page 1 of 15 -

ETSI TS V ( )

IxLoad LTE Evolved Packet Core Network Testing: enodeb simulation on the S1-MME and S1-U interfaces

LTE TAI Management Object Configuration Mode Commands

Ultra IoT C-SGN Guide, StarOS Release 21.5

Name of the VPN context in which specified GPRS service is running.

Temporary Document Page 2 - switches off, the allocated resources and PCC rules information of PDN GWs used by the UE in non- network will not be dele

IP Network Enabler. Feature Description. Relationships to Other Features

CSFB and SMS over SGs Interface

3GPP TR V ( )

SGW Functional Tester Release Notes - Page 1 of 13 -

ETSI TS V8.3.0 ( ) Technical Specification

Auto Identity. Auto Identity. Finding Feature Information. Information About Auto Identity. Auto Identity Overview. Auto Identity, page 1

Operator Policy. What Operator Policy Can Do. A Look at Operator Policy on an SGSN

Congestion Control. Overview. This chapter describes the Congestion Control feature. It covers the following topics:

Single Radio Voice Call Continuity

PCC-Service-Profile Configuration Mode Commands

Virtual Evolved Packet Core (VEPC) Placement in the Metro Core- Backhual-Aggregation Ring BY ABHISHEK GUPTA FRIDAY GROUP MEETING OCTOBER 20, 2017

ETSI TS V9.2.0 ( ) Technical Specification

MME SGs Service Configuration Mode Commands

3GPP TS V9.4.0 ( )

Operator Policy Configuration Mode

LTE RAN Operation (ARI0001) Course Outline

3GPP TS V7.1.1 ( )

MME Changes in Release 21.2

5G NSA(Non-Standalone Architecture)

APN-Backoff Timer Support

5G voice network evolution aspects. Voice over NR in a 5G System and migration from Evolved Packet System Fallback. Paper 3

HSS and PCRF Based P-CSCF Restoration Support

ACS Trigger Condition Configuration Mode Commands

P-GW Service Configuration Mode Commands

NG40 IMS Emulator. Key features: IMS Registration VoLTE Basic SRVCC (one-way HO of single active speech session from 4G PS to 3G CS)

DAY 2. HSPA Systems Architecture and Protocols

FA Service Configuration Mode Commands

3GPP TS V ( )

MSF Architecture for 3GPP Evolved Packet System (EPS) Access MSF-LTE-ARCH-EPS-002.FINAL

Enhanced MBR and APR-AMBR Enforcement Support

MME SGW PGW. 17-Feb-14 21:15 (Page 1) This sequence diagram was generated with EventStudio Sytem Designer -

Bearer Control Profile Configuration Mode Commands

3GPP TS V8.1.0 ( )

5G Non Standalone for SAEGW

Communication and Distributed Systems Seminar on : LTE Security. By Anukriti Shrimal May 09, 2016

NetHawk EAST EPC for Evolved Packet-Core Testing

Performance validation for the mobile core

Domains. Overview. CPS Wi-Fi Configuration Guide, Release

Delivery of Voice and Text Messages over LTE 13 年 5 月 27 日星期 一

SLs Service Configuration Mode Commands

Transcription:

This chapter describes configuration of of the UE on the MME is based on time and frequency of access attempts. Feature Description, page 1 How It Works, page 2 Configuring, page 3 Monitoring and Troubleshooting in MME, page 6 Feature Description The MME performs UE authentication on receiving NAS requests. Authentication procedures can be defined for Attach procedures, Service requests and Tracking Area Update (TAU) procedures. These authentication procedures increase signaling towards the RAN and HSS. is adopted to reduce signaling traffic towards the RAN and HSS. is achieved by implementing frequency and periodicity based authentication of UE. In a frequency-based selective authentication scenario the UE is authenticated based on configured frequency of access attempts. The configured frequency specifies the access-attempts per-ue and not across UEs. For example if the configured frequency is "n", the UE is authenticated for every nth NAS request received. The decision to authenticate is based on every nth request and not based on 'n' requests since last authentication. Where the nth request is equal to a multiple of n. (for example if n = 2, it will be 2,4,6,8 and so on) In a periodicity-based selective authentication scenario the UE is authenticated based on configured periodicity. For example if the configured periodicity is "t", the UE is authenticated at every "t" minutes. The frequency-based authentication is independent of the configured periodicity. However, periodicity-based authentication attempts are relative to the last UE authentication time. The last UE authentication attempt time is updated whenever an UE authentication is attempted irrespective of the authentication trigger. 1

How It Works How It Works Flows The following diagram illustrates the messages exchanged during network-initiated authentication: Figure 1: Network-initiated Authentication 1 The MME sends an AUTHENTICATION REQUEST message to the UE. The time duration for the T3460 timer starts. This timer starts when the network initiates the authentication procedure by sending an AUTHENTICATION REQUEST message to the UE and stops upon receipt of the AUTHENTICATION RESPONSE message. 2 The UE responds with an AUTHENTICATION RESPONSE message to the MME, the T3460 timer stops once the MME receives the AUTHENTICATION RESPONSE message. 3 If the authentication procedure fails, the MME sends an AUTHENTICATION REJECT message to the UE. 2

Limitations If the authentication procedure is successful the MME performs the security mode control procedure to utilize the new EPS security context. The following diagram depicts the security mode control procedure: Figure 2: Security mode control procedure 1 The MME sends a SECURITY MODE COMMAND message to the UE. The time duration for the T3460 timer starts. This timer starts when the network initiates the security mode control procedure by sending a SECURITY MODE COMMAND message to the UE and stops upon receipt of the SECURITY MODE COMPLETE message. 2 The UE responds with a SECURITY MODE COMPLETE message to the MME, the T3460 timer stops once the MME receives the SECURITY MODE COMPLETE message. 3 If the security mode control procedure fails, the MME sends a SECURITY MODE REJECT message to the UE. Limitations The MME does not maintain periodicity and frequency across session recovery. The frequency and periodicity configured to trigger authentication/guti reallocation requires the new session setup message (NAS Attach/TAU) to be processed by the Session Manager instance which has the corresponding MME DB for the subscriber. If the MME DB is not available the frequency and periodicity triggers will not work. For example, if the mobile identifier in the NAS Attach/TAU message is a foreign GUTI and additional GUTI is not present, the MME does not trigger authentication/guti reallocation for the subscriber based on frequency/periodicity. Configuring The following sections describe various procedures to configure selective authentication procedures on the MME. Selective authentication is not set up by default for any of the following procedures. 3

Configuring during Attach Procedures Configuring during Attach Procedures config call-control-profile profile_name [ remove ] authenticate attach [ inter-rat ] { frequency frequency periodicity duration } no authenticate attach end Notes: The frequency keyword specifies the frequency that authentication is performed for the Attach Procedures; how many Attach Requests occur before the next authentication. The frequency value is an integer from 1 through 16. If the frequency is set for 12, then the service skips authentication for the first 11 events and authenticates on the twelfth event. The periodicity keyword specifies authentication periodicity; the number of minutes between the times the MME authenticates the UE. The periodicity value is an integer from 1 through 10800. For example, if the configured periodicity is "20" minutes, the UE is authenticated at every "20" minutes. The remove command prefix instructs the MME to delete the defined authentication procedures for Attach Requests from the call control profile configuration file. The no command prefix instructs the MME to disable authentication for the attach procedures. Configuring during TAU Procedures The following command is used to configure the frequency and periodicity for selective UE authentication during TAU Procedures: config call-control-profile profile_name [ remove ] authenticate tau [ { inter-rat intra-rat normal periodic } ] [ { frequency frequency periodicity duration } ] no authenticate tau end Notes: The keyword inter-rat specifies authentication to be applied for Inter-RAT TAU. The keyword intra-rat specifies authentication to be applied for Intra-RAT TAU. The keyword normal specifies authentication to be applied for normal (TA/LA update) TAU. The keyword periodic specifies authentication to be applied for periodic TAU. The frequency keyword specifies how often authentication is performed for tracking area update (TAU) procedures; specifically, how many TAUs occur before the next authentication. The frequency value is an integer from 1 through 16; for example, if the frequency is set for 12, then the service skips authentication for the first 11 events and authenticates on the twelfth event. The periodicity keyword specifies the period of time, in minutes, between the times the MME authenticates the UE. The periodicity value is an integer from 1 through 10800. For example, if the configured periodicity is "20" minutes, the UE is authenticated every "20" minutes. The remove command prefix instructs the MME to delete the defined authentication procedures for TAUs from the call control profile configuration file. 4

Configuring during All Events The no command prefix disables the authentication procedures specified in the call control profile configuration. Configuring during All Events The following command is used to configure the frequency and periodicity for selective UE authentication for all events (Attach or TAU): config call-control-profile profile_name [ remove ] authenticate all-events [ { frequency frequency periodicity duration } ] no authenticate all-events end Notes: The frequency keyword sets how often authentication is performed for any event. The frequency value is an integer from 1 through 16 and if set for 5, then authentication is not done till the 5th event. The periodicity keyword instructs the MME how many minutes to wait between each UE authentications. The periodicity value is an integer from 1 through 10800. The remove command prefix instructs the MME to delete the defined authentication procedures for all events from the call control profile configuration file. The no command prefix instructs the MME to disable authentication for all events. Configuring during Service Requests The following command is used to configure the frequency and periodicity for selective UE authentication for all Service Requests: config call-control-profile profile_name [ remove ] authenticate service-request [ service-type { data page-response signaling } ] [ frequency frequency periodicity duration } ] no authenticate service-request end Notes: The keyword service-type specifies the service-type classification. The keyword data specifies service-type for data service requests. The keyword page-response service-type for service requests in response to paging. The keyword signaling specifies service-type for service requests due to other signaling. The frequency keyword sets how often (frequency) UE authentication occurs. The frequency value must be an integer from 1 through 16; and if the frequency is set for 12, then the service skips authentication for the first 11 events and authenticates on the twelfth event. The periodicity keyword defines the amount of time (in minutes) between UE authentications. The periodicity value must be an integer from 1 through 10800 minutes; for example, if the configured periodicity is "20" minutes, the UE is authenticated every "20" minutes. 5

Monitoring and Troubleshooting in MME The remove command prefix instructs the MME to delete the Service Request authentication procedures specified in the call control profile configuration. The no command prefix instructs the MME to disable the Service Request authentication procedures. Monitoring and Troubleshooting in MME Show Command(s) and/or Outputs This section provides information regarding show commands and/or their outputs in support of the Selective Authentication feature in MME. show call-control-profile full all The following fields show output to illustrate the configured parameters: Authentication All-Events ANY (UMTS/GPRS/EUTRAN) Frequency Authentication All-Events ANY (UMTS/GPRS/EUTRAN) Frequency Value Authentication All-Events ANY (UMTS/GPRS/EUTRAN) Periodicity Authentication All-Events ANY (UMTS/GPRS/EUTRAN) Periodicity Value Authentication Attach ANY Frequency Authentication Attach ANY (UMTS/GPRS/EUTRAN) Frequency Value Authentication Attach ANY Periodicity Authentication Attach ANY Periodicity Value Authentication Attach Inter-rat ANY (UMTS/GPRS/EUTRAN) Frequency Authentication Attach Inter-rat ANY (UMTS/GPRS/EUTRAN) Frequency Value Authentication Attach Inter-rat ANY Periodicity Authentication Attach Inter-rat ANY Periodicity Value Authentication Service Req Frequency Authentication Service Req Frequency Value Authentication Service Req Periodicity Authentication Service Req Periodicity Value Authentication Service Req Data Frequency Authentication Service Req Data Frequency Value Authentication Service Req Data Periodicity Authentication Service Req Data Periodicity Value 6

Show Command(s) and/or Outputs Authentication Service Req Signaling Frequency Authentication Service Req Signaling Frequency Value Authentication Service Req Signaling Periodicity Authentication Service Req Signaling Periodicity Value Authentication Service Req Page Response Frequency Authentication Service Req Page Response Frequency Value Authentication Service Req Page Response Periodicity Authentication Service Req Page Response Periodicity Value Authentication TAU Frequency Authentication TAU Frequency Value Authentication TAU Periodicity Authentication TAU Periodicity Value Authentication Inter-RAT TAU Frequency Authentication TAU Frequency Value Authentication TAU Inter-rat Periodicity Authentication TAU Inter-rat Periodicity Value Authentication Intra-RAT TAU Frequency Authentication Intra-RAT TAU Frequency Value Authentication TAU Intra-rat Periodicity Authentication TAU Intra-rat Periodicity Value Authentication Normal TAU Frequency Authentication Normal TAU Frequency Value Authentication TAU Normal Periodicity Authentication TAU Normal Periodicity Value Authentication Periodic TAU Frequency Authentication Periodic TAU Frequency Value Authentication TAU Periodic Periodicity Authentication TAU Periodic Periodicity Value 7

Show Command(s) and/or Outputs 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback