WIMAX Authentication, Authorization, and Accounting (AAA)

AAA refers to a framework based on IETF protocols, Remote Authentication Dial-in User Service (RADIUS) or Diameter , which specify the procedures for authentication, authorization, and accounting associated with the user terminal’s subscribed services across different access technologies. As an example, AAA includes mechanisms for secure exchange and distribution of authentication credentials and session keys for data encryption. The AAA protocols provide the following services:  

• Authentication including device, user, or combined device and user authentication; 

• Authorization including delivery of information to configure the session for access, mobility, QoS, and other applications; 

• Accounting including delivery of billing information and other information that can be used to audit session activity by both the H-NSP and V-NSP. 

The AAA framework supports global roaming across operator networks, including support for reuse of credentials and consistent use of authorization and accounting. It further supports roaming between H-NSP and V-NSP. The AAA framework is based on use of RADIUS or Diameter in ASN and CSN. The AAA framework accommodates both Mobile IPv4  and Mobile IPv6  Security Association (SA) management. It further accommodates various network operation scenarios from fixed to full mobility. The AAA framework provides support for deploying MS authorization, user and mutual authentication between MS and the NSP, based on Privacy Key Management (PKMv2). In order to ensure interoperability, the AAA framework supports Extensible Authentication Protocol (EAP)-based authentication mechanisms that include passwords, Subscriber Identity Module, Universal Subscriber Identity Module, Universal Integrated Circuit Card, Removable User Identity Module, and X.509 digital certificates. The AAA framework is capable of providing the V-CSN or ASN with a temporary identifier that represents the user without revealing the user’s identity.

The NAP may deploy an AAA proxy between two NASs in ASN and the AAA in CSN in order to provide security and enhanced manageability. The AAA proxy will also allow the NAP to regulate the AAA attributes received from the visited CSN, and to add additional AAA attributes that may be required by the NASs in the ASN. Note that the CSN hosts the AAA server, whereas the ASN hosts one or more NASs. The PKMv2 protocol is used to perform over-the-air user authentication. The PKMv2 transfers EAP messages over R1 reference point (i.e., the IEEE 802.16-2009 air interface or its evolution) between the MS and the BS in ASN.