Remote Authentication Dial In User Service

Description

The Remote Authentication Dial In User Service (RADIUS) is a client-server protocol defined originally by the IETF (RFC 2865, 2866) for carrying Authentication, Authorization, and Accounting (AAA) information. Within the 3GPP architecture, RADIUS is not a native 3GPP protocol but is specified for interoperability, primarily to interface with trusted or untrusted non-3GPP IP access networks, such as Wireless Local Area Networks (WLAN), fixed broadband, or WiMAX, when they integrate with the 3GPP core network.

In 3GPP systems, a RADIUS client typically resides in the network access gateway (e.g., a WLAN Access Gateway, evolved Packet Data Gateway (ePDG) for untrusted access, or a Trusted WLAN Access Gateway (TWAG)). The RADIUS server is part of the 3GPP AAA infrastructure, which includes the AAA Server and often interacts with the Home Subscriber Server (HSS) for credential verification. The protocol operates over UDP, using a shared secret between client and server for message security. The process begins when a user device attempts to attach via non-3GPP access. The access gateway collects user credentials (like a Network Access Identifier - NAI) and sends a RADIUS Access-Request message to the 3GPP AAA Server.

The 3GPP AAA Server authenticates the user by querying the HSS using Diameter-based interfaces (like SWx), but the result is conveyed back to the access network using RADIUS. Upon successful authentication, the AAA server responds with a RADIUS Access-Accept message, which includes authorization parameters. These parameters are critical and can include the user's subscribed QoS profile, permitted access point names (APNs), and, importantly, tunneling information. For example, in the case of trusted WLAN access to the EPC, the Access-Accept may authorize the establishment of a GTP tunnel between the TWAG and the PGW and provide the PGW's IP address. RADIUS Accounting messages (Accounting-Request/Response) are used to report session start, interim updates, and stop events for billing and monitoring purposes.

RADIUS's role in 3GPP is thus one of a bridging protocol, enabling legacy or non-3GPP access networks that widely support RADIUS to integrate with the 3GPP AAA framework. It allows operators to leverage existing WLAN infrastructure for cellular data offload or convergence. The protocol carries 3GPP-specific attributes in Vendor-Specific Attributes (VSAs) to convey the necessary cellular-centric information (e.g., 3GPP-Charging-Characteristics, 3GPP-APN) between the non-3GPP gateway and the 3GPP core.

Purpose & Motivation

RADIUS was adopted into 3GPP standards to solve the problem of integrating heterogeneous access technologies, specifically non-3GPP IP access networks like WLAN, into the unified 3GPP service framework. As cellular operators began offering WLAN hotspots, they needed a way to extend their subscriber authentication, policy enforcement, and charging systems to these new access points. RADIUS was the de facto standard AAA protocol in the IP networking world, making it the natural choice for this interworking.

Its inclusion addressed the limitation of having separate, siloed authentication systems for cellular and WLAN. Without a protocol like RADIUS, operators would have to manage completely separate user databases and billing systems for WLAN access, preventing a seamless user experience. By specifying how RADIUS interacts with the 3GPP HSS/AAA infrastructure, 3GPP enabled 'SIM-based' authentication for WLAN, allowing users to connect using their cellular subscription credentials, a key step towards fixed-mobile convergence.

The motivation was driven by commercial needs for data offloading and service continuity. RADIUS provided a proven, scalable, and widely implemented protocol to bridge the gap between the packet-switched IP world of WLAN and the telephony-inspired Diameter-based core of 3GPP networks. It allowed operators to reuse existing WLAN infrastructure investments while maintaining centralized control over subscriber management and policy, which was essential for creating integrated billing and service plans.