Part 2: Options for Authentication by Toby Makepeace, Technical Director, Netutils
This post contains original thoughts posted by Toby Makepeace, Technical Director, Network (Utilities) Systems Ltd. These views are his own.
Leading on from Part 1, Mobile Operators V Fixed Line Operators – who will win Wi-Fi Off-load Race?, we now need to look and consider how operator’s effectively manage subscribers and deliver a seamless Wi-Fi experience. What are the different options for authentication that operator’s should be considering? WISPr , EAP-TTLS, EAP-SIM/AKA?
The answer is all of the above, because it all boils down to the device support.
For example, if we take the case that a user might have 3 devices that support Wi-Fi, but only one of these devices is provided by the mobile operator, do we want to limit authentication to only EAP-SIM based devices whereby a user will be limited to the device provided by the operator over 3G or Wi-Fi? Or do we want to offer a mixture of authentication methods to suit the devices a user may wish to use to connect to the internet?
Given my earlier point in part 1, that mobile users expect to consume and access more & more rich media content faster, from any location, at any time, from multiple devices an operator that only invests in one authentication method will limit either the devices they support or the user experience itself. This will inevitably lead to a user looking for another provider to meet their consumption needs, rather than their current mobile operator.
What we have seen is early adoption of WISPr based authentications in the market but the uptake to date has been slow; the process is cumbersome and non-secure. WISPr relies on the user taking responsibility so this clearly impacts on the all-important user experience. Operators need to consider how to remove the responsibility from the user, and where possible make both the transaction and networks more secure.
The first secure method being considered for adoption by mobile operator’s is EAP-SIM, and this sees the number of subscribers using the service massively increase, however it is restricted by using the subscriber device’s SIM as the authentication parameter, validated by the HLR, and so only supports certain SIM based devices.
This limits those legacy devices that do not support the EAP-SIM protocol, for example a large number of Android devices. Any operator that ignores this will not achieve the required level of off-load they need. So protocols like EAP-TTLS or EAP-TLS come to the table.
Service Providers will quickly see the value of completely seamless Wi-Fi off-load to their end users in terms of increased loyalty with the improved user experience on Wi-Fi & the compelling business case of minimising the impact on the existing 3G network as data traffic increases. This will continue to be of major importance as 4G networks commence to roll out.
Top Considerations for Service Providers in Providing a Seamless Wi-Fi Off-Load Experience to Subscribers
- Secure or Un-secure? Is this important to your subscriber base? Airwaves are open but can be secured.
- Authentication protocols supported, the choice of SIM based or user interaction based.
- Device support/target. Are you considering all Wi-Fi enabled devices or just phones for true off-load?
- Consider how you are going to sell and manage usage, volume based or time based tracking, or just open?
- Are you going to offer subscribers 3GB or Wi-Fi with the 1GB data plan they are on?
- If so how are you going to manage it?
- Are you going to sell subscribers a Wi-Fi data plan that is more attractive than the 3G data plan? Will you invest in educational campaigns to subscribers to use Wi-Fi rather than 3G?
- Are you investigating in build or buy model?
Build a wholesale network?
Buy from a wholesale provider?
Build a private network?
Toby is currently working on a number of Service Provider projects focusing on Identity Management. These range from Mobile Operator Wi-Fi off-load projects, broadband authentication encompassing quota and service management for P2P and video traffic control, and integrated M2M projects over 3G.
Toby has over 15 years progressive experience designing complex RADIUS platforms to meet the demands of the most multi-faceted businesses.
In addition Toby has spent a number of years observing and implementing solutions for the enterprise space in the BYOD and NAC market. ‘It’s a keen area of interest for me as it combines the whole concept of identity management and business needs together. It also provides me with a good knowledge of what the enterprise customer are looking to their carriers services to provide.’