Checking the F/MC Security

By Eric Griffith

January 18, 2007

IPSec tunnels are a requirement on UMA networks, and Check Point wants to make the security setup a no-brainer for carriers.

Most people consider fixed/mobile convergence (F/MC) between Wi-Fi and cellular a good thing, but of course there's a downside. Leave it to a security company to know that -- and to provide a solution. This week, Check Point Software Technologies announced its VPN-1 MASS (Multi-Access Security Solution). It will let carriers implementing an F/MC solution provide secure connections to the end user.

"With a cellular network today, the agreements are in place, they have security and chains of trust well wired to keep conversations safe, keep data networks safe," says Bill Jensen, product marketing manger for VPN-1 MASS. "Now it's a new paradigm. It's completely different, a wide-open security framework once you've got voice calls going over T-Mobile Hotspots."

He's referring to the fact that T-Mobile is the one carrier in the United States actively testing F/MC, with a network based on Unlicensed Mobile Access (UMA) . That's the architecture that allows dual-mode phones to jump from cellular to WLAN and back again without losing the call. (T-Mobile is not, however, testing VPN-1 MASS, Jensen points out.)

VPN-1 MASS will also support 3G Interworking WLAN (3G IWLAN), which lets users authenticate to a Wi-Fi network using a cell phone SIM card, skipping the manual sign-in process. Both are standards under the 3rd Generation Partnership Project (3GPP). It will also support full IP Multimedia Subsystem (IMS) application access.

Among the features in VPN-1 MASS are support for Session Initiated Protocol (SIP) to handle VoIP on a wireless LAN, and integration with existing carrier billing and authentication systems.

"Nokia came to us to create something like this for UMA networks," says Jensen. "It adds a number of functions. It uses IPSec, which has been a workaround for WLANs for a long time, to encrypt, as IPSec is part of the standard for UMA." A tunnel is required from the handset to the operator's core network, where it is terminated on a UMA Network Controller (UNC). "We do it in a way that's scalable to handle a high subscriber base," he says. VPN-1 MASS will sit on the carrier network, neutral to whatever clients try to sign on, be they Windows Mobile, Symbian, Palm, whatever, giving the carrier the option to use a range of different handset vendors.

Eventually, Jensen sees VPN-1 MASS moving into the enterprise, where a corporation will use UMA to control its communications for employees. For now, however, it's only for carriers.

VPN-1 MASS is already in trials in Europe, where UMA is growing faster than in the States. The use of IPSec makes it conform to the UMA standard, and, hopefully, makes the use of the VPN tunnel invisible to the end user. That part, says Jensen, presents the challenge. "These are things we're working on with the handset vendors... eventually, where we see it going is a move away from the cell to the WLAN IP model," he says. "That's also where the carriers see it. Not this UMA generation, but the IMS generation."

The cost of VPN-1 MASS for a carrier is $30,250 per 50,000 subscribers, and it's available now.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.