5.1.1. EAP-AKA method

The authentication and key agreement (AKA) mechanism allows mutual authentication and then the distribution of keys for data confidentiality and signaling data confidentiality and integrity, during the attachment of the mobile to the 4G mobile network.

Authentication is based on AUTN (Authentication Network) and RES (Result) seals generated by the home subscriber server (HSS) and the mobile from a RAND sequence and the secret key Ki.

The RAND sequence is generated by the HSS entity and then transmitted to the mobile. The secret key Ki is stored in the universal subscriber identity module (USIM) of the universal integrated circuit card (UICC) of the mobile and in the HSS entity during the creation of the subscription.

The integrity key (IK) and the cipher key (CK) are generated by the HSS entity and the mobile from a derivation of the Ki key using the RAND sequence. The pairwise master key (PMK) is derived from the keys CK and IK.

The EAP-AKA method is applied in the case of an untrusted Wi-Fi access when establishing the SWu tunnel.

In the case of a trusted Wi-Fi access, the EAP-AKA’ method replaces the EAP-AKA method. The modification concerns the derivation of the keys CK and IK, which takes into account the identity of the access network and the derivation algorithm.

The three components involved in the authentication procedure are integrated into the following entities:

• – the supplicant is represented by the mobile which wishes to access the 4G mobile network;
• – the authenticator is represented by the trusted Wi-Fi access that controls the access of the supplicant to the 4G mobile network;
• – the authentication server is represented by the AAA (Authentication, Authorization and Accounting) server, which authenticates the supplicant and authorizes access to the 4G mobile network.

The AKA’ mechanism is implemented from extensible authentication protocol (EAP)-AKA’ messages transported between the mobile and the trusted Wi-Fi access in EAPOL (EAP Over LAN) messages (Figure 5.1).

EAP-AKA’ messages are carried between the trusted Wi-Fi access and the AAA server in DIAMETER messages:

• – DER (Diameter-EAP-Request) message is transmitted by the trusted Wi-Fi access;
• – DEA (Diameter-EAP-Answer) is transmitted by the AAA server.

5.1.2. Mutual authentication procedure

The procedure of mutual authentication, in the case of a trusted Wi-Fi access, is part of the procedure of attachment of the mobile.

At the end of the association phase with the trusted Wi-Fi access, the mobile transmits the EAPOL-Start message, which triggers the mutual authentication procedure based on the EAP-AKA’ method (Figure 5.2).

1) Trusted Wi-Fi access sends the EAP Request message containing the EAP-Method Identity message.

2) The mobile transmits the EAP Response/EAP-Method Identity message containing, at the first authentication, the network access identifier (NAI) constructed from the international mobile subscriber identity (IMSI) of the mobile.

3) Wi-Fi access completes the EAP Response/EAP-Method Identity message, including the access network parameters (type, identity) and transfers it to the AAA server in a message DIAMETER DER.

4) The AAA server asks the HSS entity for the authentication vector of the mobile in the message DIAMETER AIR (Authentication-Information-Request).

The HSS entity generates a RAND sequence and creates the RES, AUTN, CK’ and IK’ parameters from the Ki key and the RAND sequence.

5) The HSS entity transmits the authentication vectors to the AAA server in the message DIAMETER AIA (Authentication-Information-Answer).

6) The AAA server derives two keys CK’ and IK’ to generate the master key PMK and generates a pseudonym and possibly an identifier for the rapid renewal of the authentication.

The pseudonym or the identifier is a temporary identity constructed from encryption of the private identity IMSI, using the advanced encryption standard (AES) algorithm. The same secret key is used by all AAA servers.

The AAA server transmits to the trusted Wi-Fi access the EAP Request/EAP-Method AKA’ Challenge message containing the identity of the access network, the RAND sequence, the AUTN seal, the pseudonym and possibly the identifier for the renewal of the authentication.

This message is transmitted in a message DIAMETER DEA and contains a message authentication code (MAC) for the integrity check.

7) Trusted Wi-Fi access transfers the EAP Response/EAP-Method AKA’ Challenge message to the mobile.

8) The mobile locally calculates, from its Ki key and the received RAND number, the PMK, its seal RES and the expected AUTN seal network. The mobile compares the received AUTN to the calculated value. If both values are the same, the network is authenticated. The mobile also controls the integrity of the received message.

The mobile transmits the EAP Response/EAP-Method AKA’ Challenge message containing the RES seal and the MAC seal for the integrity check of the message to the trusted Wi-Fi access.

9) The trusted Wi-Fi access transfers the EAP Response/EAP-Method AKA’ Challenge message to the AAA server in a message DIAMETER DER.

10) The AAA server checks the integrity of the received message and compares the RES seal received from the mobile to that received from the HSS entity. If the two values are identical, the mobile is authenticated.

The AAA server transmits the message DIAMETER DEA containing the EAP Success message and the PMK to the trusted Wi-Fi access.

11) The trusted Wi-Fi access stores the PMK and transfers the EAP Success message to the mobile.

5.1.3. Procedure for rapid renewal of authentication

The rapid renewal of authentication makes it possible to avoid repeating the procedure from the authentication vector (RAND, AUTN, RES, CK’, IK’).

The implementation of the procedure for rapid renewal of authentication is indicated by the AAA server, during the initial authentication procedure, when it supplies the corresponding identifier.

The identity of the access network must not change during the procedure for rapid renewal of authentication. If this happens, the normal authentication procedure must be carried out.

The procedure for rapid renewal of the authentication is described in Figure 5.3.

Steps 1 to 3 are identical to those described for initial authentication in Figure 5.2. The private identity used by the mobile is the identifier for rapid renewal of authentication.

4) The AAA server transmits to the trusted Wi-Fi access the EAP Request/EAP-Method AKA’ Reauthentication message containing a random number (nonce) for the generation of a new PMK and a new identifier for the next authentication.

This message is transmitted in a message DIAMETER DER and contains a MAC seal for the integrity check.

5) The trusted Wi-Fi access transfers the EAP Response/EAP-Method AKA’ Reauthentication message to the mobile.

6) The mobile checks the integrity of the received message and acknowledges it in the EAP Response/EAP-Method AKA’ Reauthentication message containing a MAC seal.

7) The trusted Wi-Fi access transfers the EAP Response/EAP-Method AKA’ Reauthentication message to the AAA server in a message DIAMETER DER.

Steps 8 and 9 are identical to those described for initial authentication in Figure 5.2.

5.1.4. Application to the MIPv4 FA mechanism

The MIPv4 FA (Mobile IP version 4 Foreign Agent) mechanism is an alternative for building the S2a tunnel containing the mobile stream.

The MIPv4 FA mechanism defines the following three components:

• – the mobile node (MN) component integrated into the mobile;
• – the home agent (HA) component integrated into the PDN Gateway (PGW);
• – the foreign agent (FA) component integrated into an entity (e.g. a router) of the Wi-Fi access network, which is not necessarily the trusted Wi-Fi access.

During the mutual authentication procedure, the AAA server and the mobile also generate the extended master session key (EMSK) from the CK’ and IK’.

Two keys MN-HA and MN-FA are generated from the EMSK to protect the MIPv4 messages exchanged between, on the one hand, the component MN and, on the other hand, the components HA and FA.

1. 1) The AAA server and the mobile derive the EMSK to generate the MIP-RK (Mobile IP Root Key).
2. 2) The AAA server and the mobile derive the MIP-RK to generate the FA-RK. The AAA server transfers the FA-RK to the trusted Wi-Fi access.
3. 3) The AAA server and the mobile derive the MIP-RK to generate the MN-HA key. The AAA server transfers the MN-HA key to the PGW entity.
4. 4) The mobile and the trusted Wi-Fi access derive the FA-RK to generate the MN-FA key. The trusted Wi-Fi access transfers the MN-FA key to the FA component.

5.2.1. IPSec mechanism

The SWu tunnel establishment uses the IPSec (Internet Protocol Security) mechanism, which offers security services (authentication, integrity and confidentiality) in an identical way in IPv4 and IPv6. Their implementation is optional in IPv4 but mandatory in IPv6. Their use is optional.

Security services are offered through the use of AH (Authentication Header) or ESP (Encapsulating Security Payload) extensions of the IPv4 or IPv6 header.

The authentication header (AH) is designed to ensure the integrity and authentication of IP packets without data encryption (no confidentiality).

The encapsulating security payload (ESP) ensures the integrity, authentication and confidentiality of IP packets.

To secure a two-directional communication between two end points, a security association (SA) pair is required. The IKE (Internet Key Exchange) protocol dynamically ensures the creation of the security association.

A security association contains the following parameters:

• – the authentication algorithm and the key in order to generate the AH extension;
• – the encryption algorithm and the key in order to generate the ESP extension;

• – the authentication algorithm and the key in order to generate the ESP extension, if this service is used;
• – the lifetime of the security association;
• – the encapsulation mode (tunnel or transport).

5.2.2. SWu tunnel establishment procedure

The procedure for establishing the SWu tunnel takes place between the mobile acting as the initiator and the evolved packet data gateway (ePDG) as the responder (Figure 5.4).

1) and 2) The two IKE_SA_INIT messages are used to negotiate the IKEv2 security association algorithms, and to exchange D–H public values and random numbers (nonce).

3) The mobile transmits the first message Request of the IKE_AUTH phase containing SWu tunnel configuration proposals in the SA block, its identity in the IDi block and access point name (APN) information in the IDr block.

The mobile does not transmit the AUTH block in order to warn the ePDG entity that it wishes to use the IKEv2 message to transport the EAP-AKA method.

The identity of the mobile conforms to the network access identifier (NAI) format containing the international mobile subscriber identity (IMSI) during the first authentication, or, during the following authentications, a pseudonym or an identifier for the rapid renewal of authentication.

The mobile transmits the CP block (CFG_REQUEST) in the IKE_AUTH Request message to obtain its IPv4 and/or IPv6 address, and possibly the IP address of the PGW entity, in the case where the mobility is managed by the mobile.

4) The ePDG entity transmits to the AAA server the message DIAMETER AAR (Authentication-Authorization-Request) containing the identity of the mobile and the information relating to the APN.

NAI analysis allows the AAA server to distinguish between either authentication for the trusted Wi-Fi access based on the EAP-AKA’ mechanism or authentication for the untrusted Wi-Fi access based on the AKA mechanism.

5) The AAA server requests the home subscriber server (HSS) for mobile authentication vector in the message DIAMETER AIR (Authentication-Information-Request).

The HSS entity generates the RAND sequence and creates the seals (RES, AUTN) and the keys (CK and IK) from the Ki key and the RAND sequence.

6) The HSS entity passes the authentication vectors to the AAA server in the message DIAMETER AIA (Authentication-Information-Answer).

The AAA server derives the CK and IK to generate the master session key (MSK).

7) The AAA server initiates the authentication procedure with the message EAP Request/EAP-Method AKA Challenge containing the AUTN and RAND parameters. This message is transmitted in the message DIAMETER AAA (Authentication-Authorization-Answer).

8) The ePDG entity transfers the message EAP Request/EAP-Method AKA Challenge in the message IKE_AUTH Response containing its identity, certificate and signature.

The mobile verifies the signature of the message IKE_AUTH Response with the public key of the ePDG entity retrieved from its certificate.

The mobile generates the RES, AUTN, CK and IK parameters from the Ki key and the received RAND sequence and compares the received AUTN seal to the locally calculated one. If both seals are identical, the AAA server is authenticated.

The mobile derives both CK and IK to generate the master key (MSK).

9) The mobile transmits the message EAP Response/EAP-Method AKA Challenge containing the RES seal in the message IKE_AUTH Request.

10) The ePDG entity transfers the message EAP Response/EAP-Method AKA Challenge in the message DIAMETER AAR to the AAA server which compares the received RES seals respectively from the mobile and the HSS entity. If the two seals are identical, then the mobile is authenticated.

11) The AAA server transmits the message DIAMETER SAR (Server-Assignment-Request) to the HSS entity to register itself.

12) The HSS entity responds to the AAA server with the message DIAMETER SAA (Server-Assignment-Answer) containing the subscriber’s profile. The AAA server verifies that Wi-Fi access is allowed.

13) The AAA server transmits to the ePDG entity the message DIAMETER AAA containing the EAP Success message, the MSK and the subscriber’s profile.

14) The ePDG entity stores the MSK and forwards the EAP Success message into the message IKE_AUTH Response.

15) The mobile generates the message IKE_AUTH Request containing in the AUTH block a seal calculated from its MSK. This seal allows the authentication of the first message IKE_SA_INIT.

16) The ePDG entity checks the seal and starts the S2b tunnel setup procedure described in section 5.3.

The ePDG entity responds with the message IKE_AUTH Response containing in the AUTH block a seal calculated from its MSK, which enables authentication of the second message IKE_SA_INIT.

The message IKE_AUTH Response is also used to transfer to the mobile its configuration in the CP block (CFG_REPLY) and the final configuration of the SWu tunnel in the SA block.

The mobile configuration was received from the PGW when establishing the S2b tunnel described in section 5.3.

5.2.3. Procedure for rapid renewal of authentication

The procedure for rapid renewal of authentication is described in Figure 5.5.

Steps 1 to 4 are identical to those described for the establishment of the SWu tunnel in Figure 5.4.

The identifier for rapid renewal of authentication is transmitted in the IDi block of the first message IKE_AUTH Request.

5) The AAA server initiates the procedure for rapid renewal of authentication with the message EAP Request/EAP-Method AKA Reauthentication.

6) The ePDG entity transmits the message IKE_AUTH Response containing its identity, its certificate and the signature of the IKE_SA_INIT message in the AUTH block.

The message AKA Reauthentication EAP Request/EAP-Method is included to start the EAP procedure on IKEv2.

7) The mobile verifies the signature and responds with the message IKE_AUTH Request and the message EAP Response/EAP-Method Reauthentication containing the mobile seal.

8) The ePDG entity transfers the message EAP Response/EAP-Method Reauthentication to the AAA server.

Steps 9 to 12 are identical to steps 13 to 16 described for the establishment of the SWu tunnel in Figure 5.4.

The new MSK is generated by the AAA server and passed to the ePDG entity and the mobile. This new key is used to authenticate the first two IKE_SA_INIT messages.

5.3.1. PMIPv6 mechanism

The PMIPv6 (Proxy Mobile Internet Protocol version 6) mechanism allows a mobile host to keep its original IPv6 address, to maintain its current session or to be reachable when moving, mobility being provided by the network.

The mobile node (MN) is a host that changes network while retaining the home address (HoA) provided by its home network (Figure 5.6).

The mobile access gateway (MAG) is integrated into gateway router of the mobile node and provides mobility management for the mobile node connected to its local network (Figure 5.6).

The local mobility anchor (LMA) is built into the router that acts as the home agent (HA) of the mobile node and represents the anchor point for the mobile node (Figure 5.6).

In the case of auto-configuration, the LMA function provides the mobile node with an IPv6 home network prefix (HNP) from which the mobile node builds its HoA.

If not, the MAG function hosts a DHCPv6 server that assigns the HoA to the mobile, built from the IPv6 HNP.

The LMA function registers in the BCE (Binding Cache Entry) table the identity MN-ID of the mobile and the proxy care of address (CoA) of the MAG of the mobile node.

The tunnel built between the MAG and LMA functions is characterized by the proxy-CoA on the MAG side and the LMA address (LMAA) on the LMA side.

The local mobility domain (LMD) is a set consisting of an LMA function and several MAG functions attached to the LMA function (Figure 5.6).

5.3.1.1. Trusted Wi-Fi access

The LMA and MAG functions are hosted respectively by the PGW entity and the trusted Wi-Fi access.

The GRE (Generic Routing Encapsulation) protocol constructs the S2a tunnel from a key provided by the trusted Wi-Fi access for the downstream traffic and a key provided by the PGW for the traffic in the upstream direction.

The procedure for establishing the S2a tunnel is described in Figure 5.7 and corresponds to the auto-configuration of the IPv6 address by the mobile.

The procedure for S2a tunnel establishment starts when the mobile authentication, described in section 5.1, is successful.

1) The mobile passes on the ICMPv6 message Router Solicitation to retrieve its IPv6 address configuration.

This message may contain the access point name (APN) that allows Wi-Fi access to determine the IP address of the PGW.

Otherwise, Wi-Fi access uses the default access point name that is passed by the AAA server during mobile authentication.

2) The Wi-Fi access transmits to the PCRF entity the message DIAMETER CCR (Credit-Control-Request) containing the subscriber’s profile received from the AAA server during the authentication, to obtain the authorization for the opening of the default bearer.

The PCRF compares with the rules defined for the network and stored in the SPR (Subscription Profile Repository) database.

3) The PCRF responds to Wi-Fi access with the message DIAMETER CCA (Credit-Control-Answer) containing the rules to apply to the default bearer.

4) Wi-Fi access transmits to the PGW entity the PBU extension containing the following parameters: MN-NAI, Lifetime, Access Technology Type, APN, GRE key for downlink traffic, Charging Characteristics and Additional Parameters.

5) The PGW entity sends the PCRF entity the message DIAMETER CCR to obtain the default bearer characteristics.

6) The PCRF entity responds to the PGW entity with the message DIAMETER CCA containing the rules to apply to the default bearer (filter parameters, charging mode).

7) The PGW entity sends the AAA server the message DIAMETER AAR (Authentication-Authorization-Request) to communicate its identity and the access point name for the connection.

8) The AAA server sends the HSS entity the message DIAMETER SAR (Server-Assignment-Request) to transfer the information received from the PGW entity.

9) The HSS entity responds to the AAA server with the message DIAMETER SAA (Server-Assignment-Answer) that contains the subscriber’s profile:

• – the access point names (APN);
• – QoS (Quality of Service) characteristics for each default bearer to be established.

10) The AAA server responds to the PGW entity with the message DIAMETER AAA (Authentication-Authorization-Answer) containing the information received from the HSS entity.

The PGW will use the subscriber’s profile received from the AAA server if these parameters were not provided by the PCRF.

11) The PGW entity responds to the Wi-Fi access point with the PBA extension containing the following parameters: MN-NAI, Lifetime, UE Address Info, GRE key for uplink traffic, Charging ID and Additional Parameters.

12) Wi-Fi access responds to the mobile with the ICMPv6 message Router Advertisement containing the mobile configuration parameters (IPv6 prefix, IP address of the DNS server).

5.3.1.2. Untrusted Wi-Fi access

The LMA and MAG functions are hosted by the PGW and ePDG entities respectively.

The GRE protocol constructs the S2b tunnel from a key provided by the ePDG entity for downstream traffic and a key provided by the PGW entity for upstream traffic.

The procedure for establishing the S2b tunnel starts during the SWu tunnel establishment procedure described in section 5.2 (Figure 5.8).

1) The ePDG entity transmits to the PGW entity the PBU extension containing the following fields: MN-NAI, Lifetime, APN, Access Technology Type, GRE key for downlink traffic, UE Address Info, Charging Characteristics and Additional Parameters.

2) The PGW entity sends the PCRF entity the message DIAMETER CCR to obtain the mobile traffic profile.

3) The PCRF entity responds to the PGW entity with the message DIAMETER CCA containing the rules to be applied to the default bearer (APN-AMBR rate parameters and QoS).

4) The PGW entity sends the AAA server the message DIAMETER AAR to communicate its identity and the access point name for the connection.

5) The AAA server transmits to the HSS entity the message DIAMETER SAR to transfer the information received from the PGW entity.

6) The HSS entity responds to the AAA server with the message DIAMETER SAA to transfer the information received from the PGW entity.

7) The AAA server responds to the PGW entity with the message DIAMETER AAA containing the information received from the HSS entity. The subscriber’s profile is taken into account if the PCRF did not provide the information in step 3.

8) The PGW entity responds to the ePDG entity with the PBA extension containing the following fields: MN-NAI, UE Address Info, GRE Key for uplink traffic and Charging ID.

The ePDG entity completes the SWu tunnel establishment procedure described in section 5.2.

5.3.2. GTPv2 mechanism

The GTPv2 (GPRS Tunneling Protocol version 2) mechanism comprises the GTPv2-C (Control) signaling that manages the S2a or S2b tunnel and the GTP-U (User) protocol for building the S2a or S2b tunnel.

The GTPv2-C protocol allows the establishment or closure of the mobile context and the bearers of the mobile streams.

The tunnel is identified by the Tunnel Endpoint Identifier (TEID) carried by the GTP-U protocol, tunnel end IP addresses and UDP port numbers. The entity receiving the traffic data determines the value of the TEID parameter that the sending entity is to use.

5.3.2.1. Trusted Wi-Fi access

The GTP-U protocol constructs the S2a tunnel from a TEID provided by the trusted Wi-Fi access for the downstream traffic and a TEID provided by the PGW entity for the upstream traffic.

The S2a Tunneling procedure, shown in Figure 5.9, starts during the mutual authentication procedure between the mobile and AAA server detailed in section 5.1.

1) The Wi-Fi access transmits to the PGW entity the GTPv2C message CREATE SESSION REQUEST containing the following fields: IMSI, APN, RAT type, PDN Type, PDN Address, Bearer Identity EPS, Default EPS QoS Bearer, AP Address, AP TEID, APN-AMBR, Charging Characteristics and Additional Parameters.

2) The PGW entity sends the PCRF entity the message DIAMETER CCR to obtain the default bearer characteristics. The PCRF entity can change the value of the APN-AMBR.

3) The PCRF entity responds to the PGW entity with the message DIAMETER CCA containing the rules to be applied to the default bearer (QoS parameters, filter parameters, charging mode).

4) The PGW entity sends the AAA server the message DIAMETER AAR to communicate its identity and the access point name for the connection.

5) The AAA server transmits to the HSS entity the message DIAMETER SAR to transfer the information received from the PGW entity.

6) The HSS entity responds to the AAA server with the message DIAMETER SAA.

7) The AAA server responds to the PGW entity with the message DIAMETER AAA.

8) The PGW entity responds to the trusted Wi-Fi access with the GTPv2C message CREATE SESSION RESPONSE, containing the following fields: PGW Address, PGW TEID, PDN Type, PDN Address, EPS Bearer Identity, EPS Bearer QoS, APN-AMBR and Additional Parameters.

The trusted Wi-Fi access completes the authentication procedure (EAP Success message) by providing the elements of its configuration contained in the Additional Parameters field.

5.3.3. MIPv4 FA mechanism

The mobile node is a host that changes network while retaining the HoA of its home network. When attached to a foreign network, it acquires an additional CoA (Figure 5.10).

The home agent (HA) is the entity of the originating network to which the mobile node must register when it attaches to a foreign network. The role of the home agent is to intercept the received packets and send them back in a tunnel to the mobile node. The HAA is that of the home agent interface on the home network of the mobile node (Figure 5.10).

The foreign agent (FA) is the entity of the network visited by the mobile node. It ends the tunnel and delivers the packets to the mobile node. The foreign agent address (FAA) is the gateway address of the mobile node in the visited network (Figure 5.10).

The correspondent node (CN) is the host that exchanges packets with the mobile node. Its address is denoted CNA (Correspondent Node Address) (Figure 5.10).

The home agent (HA) and foreign agent (FA) functions are hosted respectively by the PGW entity and the trusted Wi-Fi access.

The trusted Wi-Fi access transfers the Registration Reply message to the mobile that retrieves its HoA address.

The procedure for setting up the S2a tunnel, described in Figure 5.11, starts after the mutual authentication procedure for the mobile and the AAA server detailed in section 5.1.

1) The mobile transmits the ICMPv4 message Agent Solicitation.

2) Wi-Fi access responds to the mobile with the ICMPv4 message Foreign Agent Advertisement, containing the CoA of the foreign agent.

3) The mobile transmits the Registration Request message containing the following fields: MN-NAI, Lifetime and APN.

4) Wi-Fi access sends the PCRF entity the message DIAMETER CCR containing the subscriber’s profile received from the AAA server during authentication, to obtain authorization to open the default bearer.

The PCRF may modify the received parameters if the rules defined for the network and stored in the SPR database are different.

5) The PCRF responds to Wi-Fi access with the message DIAMETER CCA containing the rules to apply to the default bearer.

6) Trusted Wi-Fi access transfers the Registration Request message to the PGW entity.

7) The PGW entity sends the message DIAMETER AAR to the AAA server to retrieve the subscriber’s profile.

8) The AAA server transmits the message DIAMETER SAR to the HSS entity to retrieve the profile of the mobile.

9) The HSS entity responds to the AAA server with the message DIAMETER SAA containing the subscriber’s profile.

10) The AAA server transmits to the PGW entity the message DIAMETER AAA containing the profile of the mobile.

11) The PGW entity sends the PCRF entity the message DIAMETER CCR to obtain the default bearer characteristics. The PCRF can change the value of the aggregate maximum bearer rate (APN-AMBR).

12) The PCRF entity responds to the PGW entity with the message DIAMETER CCA containing the rules to be applied to the default bearer (QoS parameters, filter parameters, charging mode).

13) The PGW entity sends the AAA server the message DIAMETER AAR to communicate its identity and the access point name for the connection.

14) The AAA server transmits to the HSS entity the message DIAMETER SAR to transfer the information received from the PGW.

15) The HSS entity responds to the AAA server with the message DIAMETER SAA.

16) The AAA server responds to the PGW entity with the message DIAMETER AAA.

17) The PGW entity responds to the trusted Wi-Fi access with the Registration Reply message containing the following fields: MN-NAI, Home Address (HoA), Home Agent Address (HAA) and Lifetime.

18) The trusted Wi-Fi access transfers the Registration Reply message to the mobile that retrieves its HoA.

5.4.1. Trusted Wi-Fi access

The establishment of the S2c tunnel constitutes one of the different phases of the mobile attachment described in Figure 5.12.

Phase (A) corresponds to the mutual authentication procedure described in section 5.1. At the end of phase (A), the trusted Wi-Fi access has retrieved the service profile of the mobile stored in the HSS entity.

Phase (B) corresponds to the configuration of the mobile via the trusted Wi-Fi. At the end of phase (B), the mobile recovers its CoA. The trusted Wi-Fi access can also initiate a session with the PCRF to retrieve the profile of the mobile stored in the SPR database.

Phase (C) is the establishment of an IPSec association between the mobile and the PGW entity to protect the DSMIPv6 control messages. The principles for establishing a security association are described in section 5.2. At the end of phase (C), the PGW entity assigns the mobile its HoA and retrieves the service profile of the mobile stored in the HSS entity.

During phase (D), the mobile communicates to the PGW entity the HoA and CoA in the Binding Update message of the Mobility extension of the IPv6 header. In this phase, the PGW entity can also initiate a session with the PCRF entity to retrieve the profile of the mobile stored in the SPR entity. The PGW terminates phase (D) by issuing the Binding Acknowledgment message of the Mobility extension of the IPv6 header. At the end of phase (D), the IP tunnel S2c is established between the mobile and the PGW entity.

5.4.2. Untrusted Wi-Fi access

The establishment of the S2c tunnel constitutes one of the different phases of the mobile attachment described in Figure 5.13.

Phase (A) corresponds to the authentication procedure described in section 5.1. At the end of phase (A), the untrusted Wi-Fi access has retrieved the service profile of the mobile stored in the HSS entity. The untrusted Wi-Fi access provides the mobile with a Local IP Address to start Phase (B) of the procedure.

Phase (B) corresponds to the procedure for establishing the SWu tunnel described in section 5.2. At the end of phase (B), an IPSec tunnel is established between the mobile and the ePDG entity; the ePDG entity has retrieved the service profile of the mobile stored in the HSS entity and assigned the mobile with its CoA.

Phase (C) is the establishment of an IPSec association between the mobile and the PGW entity to protect the DSMIPv6 control messages. At the end of phase (C), the PGW entity allocates the mobile to its HoA and retrieved the mobile service profile stored in the HSS entity.

During phase (D), the mobile communicates to the PGW entity the HoA and CoA in the Binding Update message of the Mobility extension of the IPv6 header. In this phase, the PGW entity can also initiate a session with the PCRF entity to retrieve the profile of the mobile stored in the SPR entity. The PGW entity terminates phase (D) by issuing the Binding Acknowledgment message of the Mobility extension of the IPv6 header. At the end of phase (D), the IP tunnel S2c is established between the mobile and the PGW entity.