8.5 Authentication

3GPP43.318Generic Access Network (GAN)Release 17Stage 2TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The Up interface shall support the ability to authenticate the MS with the GANC (for the purposes of establishing the secure tunnel) using GSM or UMTS credentials. Authentication between MS and GANC shall be performed using EAP-SIM or EAP-AKA within IKEv2.

The MS and GANC-SEGW establish a secure association for protecting signalling traffic and user-plane (voice and data) traffic. The protocol for authentication is IKEv2. Mutual authentication and key generation is provided by EAP-SIM or EAP-AKA.

The basic elements of these procedures are the following:

– The MS connection with the GANC-SEGW is initiated by starting the IKEv2 initial exchanges (IKE_SA_INIT). The EAP-SIM or EAP-AKA procedure is started as a result of these exchanges.

– The EAP-SIM procedure for MS with SIM only or MS with USIM, but not capable of UMTS AKA, is performed between MS and AAA server (that has access to the AuC/HLR/HSS to retrieve subscriber information). The EAP-AKA procedure for MS with USIM and the MS is capable of UMTS AKA, is performed between MS and AAA server. The GANC-SEGW acts as relay for the EAP-SIM/EAP-AKA messages.

– When the EAP-SIM/EAP-AKA procedure has completed successfully, the IKEv2 procedure can be continued to completion and the signalling channel between MS and GANC-SEGW is secured. The MS and GAN can then continue with the discovery or registration procedure.

– Signalling flows for EAP-SIM and EAP-AKA authentication and fast re-authentication are shown in annex A.