Untrusted Wireless Access Network

Description

An Untrusted Wireless Access Network (UWAN) is a conceptual classification in 3GPP architectures for Evolved Packet System (EPS) and 5G System (5GS), referring to any wireless IP-based access network that is not operated by the mobile network operator or is not considered secure enough to have a direct, trusted connection to the 3GPP core. The most common example is a public or private Wi-Fi network (e.g., IEEE 802.11). The core principle is that the 3GPP network cannot rely on the security mechanisms of the UWAN itself to protect user plane traffic and signaling. Therefore, a special security gateway, the evolved Packet Data Gateway (ePDG), is introduced as a mandatory point of entry.

When a User Equipment (UE) attaches to the network via a UWAN, it must first discover and select a suitable ePDG. The UE then establishes an IPsec tunnel (specifically, an IKEv2-based tunnel) with the ePDG. This tunnel encapsulates all traffic destined for the 3GPP core network, including authentication signaling and user data packets. The ePDG acts as a security gateway, terminating the IPsec tunnel from the untrusted side and presenting a trusted interface towards the core. It interfaces with the 3GPP AAA infrastructure (HSS/AAA Server) to authenticate the UE using EAP-AKA or EAP-AKA' protocols over this secure tunnel. Once authenticated, the ePDG sets up the necessary connectivity to the Packet Data Network Gateway (PGW) in EPS or the User Plane Function (UPF) in 5GS, creating a secure end-to-end logical path for the UE.

The architecture involves several key components: the UE with its support for IKEv2/IPsec and ePDG discovery (via DNS), the UWAN itself which merely provides IP connectivity, the ePDG as the trust boundary, and the core network elements (HSS, PGW/UPF). The ePDG's role is critical—it validates the UE's credentials, enforces policies, and ensures that all traffic from the untrusted access is properly encrypted and integrity-protected before entering the operator's trusted domain. This model allows operators to securely leverage vast, existing Wi-Fi infrastructure for data offloading and service continuity without compromising the security standards of their mobile core network.

Purpose & Motivation

The concept of UWAN was formalized to address the growing need for mobile operators to integrate ubiquitous, but inherently insecure, Wi-Fi networks into their service offerings. Prior to its standardization, Wi-Fi access was often handled as a completely separate, best-effort internet access with no integration with cellular services like IMS or seamless mobility. The problem was twofold: providing secure access that meets 3GPP's stringent authentication and confidentiality requirements, and enabling seamless service continuity between 3GPP and non-3GPP accesses. The creation of the UWAN/ePDG architecture in Release 8 (EPS) provided a standardized solution.

It solved the security problem by establishing a clear trust boundary. Instead of trying to secure the Wi-Fi link itself (which is often impractical on public hotspots), it assumes the worst-case scenario—the access is untrusted—and mandates end-to-end encryption between the UE and the operator's network. This protects against eavesdropping and manipulation on the Wi-Fi link. Furthermore, it enabled tight integration with the core network's subscription and policy framework (PCRF/PCF), allowing operators to apply the same billing, QoS, and access control policies regardless of whether the user is on LTE or Wi-Fi. This was a key motivator for creating a standardized, secure non-3GPP interworking framework, paving the way for features like Wi-Fi Calling and seamless offloading.