Beruflich Dokumente
Kultur Dokumente
Recently as part of my new carrier wifi project work when I started reading about
802.11 wlan technology, I have encountered many features, but one which
surprised and forced me to write an article on it is HOTSPOT 2.0.
Of course one reason to write is not getting a complete article from google :-).
Even though 80% of the world data traffic going via wifi and widely used but research
and new feature addition is quite slow compared to 3gpp based tech.
Let's start a discussion on this popular topic called HOTSPOT 2.0 in Wifi. It is one of
the feature which has made possible for Wifi to converge with one of most popular
2G/3G/4G technologies which typically used by Wireless Operators in the world.
When it will connect to one SSID , it will with same SSID till we disconnect it manually
or it will disconnect when we go out of range. No automatic Network Selection or
Roaming facilities between visited network HOTSPOT or in-between 2 neighbor HS
enabled APs or any devices. Like a mobile network connection wherever you go your
device will latch on home or roam network automatically without manually doing
anything, yes automatic network selection should be enabled. One more limitation
is authentication.
This two primary reason forced wifi researcher to think and find a way similar like
mobile network selection and roaming agreement. When device switched on, it will
connect to any network in the world without any manual intervention. So HOTSPOT
2.0 is moving in that direction to get similar taste and feel of mobile network
connection features like network selection, roaming, service differentiation based
on operator policy, pre-paid billing mediation and security (Eg: EPS-AKA) and hope
many more feature yet to come in future releases.
HOTSPOT 2.0:
It is a blessings in disguise for Wifi to survive in 21st century and to finally converge
with mobile network technology. To make it possible many popular carrier wifi
solution with HOTSPOT 2.0 provided by many well know vendors like cisco, aruba,
ruckus, aerohive, cambium networks and recently Nokia also jumped into this race
to provide low cost solution to mobile operators and enterprise customers. So due
to vast no of feature in HOTSPOT 2.0 , Wifi alliance a specification and certification
body divided HS 2.0 into 2 releases.
Here I would like to clear one more doubt about passpoint also, it is nothing but a
certification given to all the HOTSPOT 2.0 enabled devices by wifi alliance based on
some certain condition laid by it, similar to AP certification by Wifi alliance and
mobile certifications like GCF/PTCRB etc to avoid any Interoperability issue between
different network and OEM vendors. HOTSPOT 2.0 is a feature specification guide
and 802.11u is for radio Physical and Mac layer specification by IEEE.
courtesy Nokia.com
Network Selection/Discovery:
This is one of the vital feature to inter-work with mobile technologies and to provide
enhanced network selection and roaming service for HS 2.0 enabled client/UEs.
Like in LTE networks UEs get the network resources via RACH procedure and
network supported information via system information blocks or during RRC
procedures. But Wifi is quite straight forward, here clients/STAs get network
information(or HS capabilities) by doing passive scanning know as Beacon or it can
send probe request, AP will respond to STA with probe response with HS capabilities.
HS 2.0 capabilities:
Before discussing Network selection/discovery we will see here, what new IEs
supported in message frames to enable HS 2.0 Capabilities in AP and STAs, which is
included in Beacon and Probe Response as per the Wifi Alliance technical
specifications for HS 2.0.
Prior to 802.11u, there was no option to request network to get the network
capabilities. All the network discovery and selection based on basic info in beacon
and probe response. When interworking with external network clause introduced in
802.11u. ANQP started using GAS frame to query network to get the additional
supported capabilities from network which are not advertised by beacon or probe
response.
The Hotspot (HS) 2.0 ANQP elements provide additional functionality to 802.11u
ANQP elements supporting HS 2.0 features. These elements are formatted as
defined by the ANQP vendor-specific list element,
The Info ID field is a 2-octet field whose value is the value for the ANQP vendor-
specific list i.e 56797.
The Length field is a 2-octet field whose value is set to 6 plus the length of the
Payload field.
The OI is a 3-octet field. The OI field is set to the value used by the WFA. Each OI
identifies a roaming consortium (group of SSPs with inter-SSP roaming agreement)
or a single SSP.
The Type field is a 1-octet field allocated from the WFA TIA number space to indicate
a HS 2.0 ANQP element type (value 0x11)
The Subtype field is a 1-octet field whose value identifies the HS 2.0 ANQP element.
Values for the Subtype field are defined in below table.
The Reserved field is a 1-octet field to ensure that the header of the ANQP element
is word aligned.
HS Query List:
The HS Query list provides a list of identifiers of HS 2.0 ANQP elements for which the
requesting mobile device is querying in a HS ANQP Query. The HS Query list element
is included in a GAS Query Request. The HS Query List must be used in a GAS Query
Request to request HS2.0 Wi-Fi
ANQP elements. Both the ANQP Query List and the HS2.0 Query List can be included
in single GAS Query Request.
HS Capability list
The HS Capability list provides a list of information/capabilities that has been
configured on an AP. Support for this HS ANQP element is mandatory, but its use is
optional.
The following ANQP elements supported. The following ANQP elements supported.
o Venue Name information o Network Authentication Type information
o Network Authentication Type information o Roaming Consortium list
o Roaming Consortium list o NAI Realm list
o IP Address Type Availability Information o 3GPP Cellular Network information (only
o NAI Realm list required for mobile devices having SIM
o 3GPP Cellular Network information credentials)
o Domain Name list o Domain Name list
o HS Query list o HS Query list
o HS Capability list o HS Capability list
o Operator Friendly Name o Operator Friendly Name
o WAN Metrics o WAN Metrics
o Connection Capability o Connection Capability
o NAI Home Realm Query o Venue Name information
o Operating Class Indication o IP Address Type Availability Information
o NAI Home Realm Query
o Operating Class Indication
Log Snippet:
Authentication:
Hotspot Rel-2 supports only WAP-2 enterprise grade security with a mutual
authentication technique which is based on 802.1X and which requires a radius
server to accomplish the authentication. In 802.1x mutual authentication, following
EAP(Extensible Authentication Protocol framework) methodizes are supported as
per the below table.
Question:
How a client select out of all the SSIDs like BYOD, NOSI, GUEST ?
It is based on 802.1x association and depends on user credentials radius server sends
Access Accept packet as part of authentication. This is called User Based Policy
Assignment.
Eg: Common use cases would be to push guest users to a Guest VLAN and
employees to an Employee VLAN-BOYD.
Strong Encryption:
The Advanced Encryption Standard (AES) encryption is used over the wireless
interface between a mobile device and the Passpoint APS. AES is one of the most
advanced standards-based encryption algorithms available in the industry. The AES
encryption keys (the Pairwise Transient Key [PTK] and the Group Temporal Key
[GTK]) are derived from the unique Pairwise Master Keys (PMKs) generated as part
of the IEEE 802.1X authentication process. We will discuss in detail about encryption
key generation in a separate article.
The strong encryption used between a mobile device and the Passpoint AP makes it
extremely difficult for an attacker to compute the keys needed to eavesdrop on the
traffic exchanged between the devices. The integrity protection afforded by the AES
encryption mechanism makes it computationally impractical for an attacker to
perform a man-in-the-middle attack.
Passpoint APs and mobile devices that are certified for WPA2 with Protected
Management Frames (PMF) mitigate eavesdropping and DoS vulnerabilities. PMF
does not protect pre-association ANQP frames.