Wifi Offloading POC with Radiator

 Recently, we have seen a significant increase in demand for our Wifi Offloading solutions and services. Many mobile operators are aiming for increased use of their own existing wifi infrastructure or the use of wifi infrastructure provided by 3rd party partners. This is done in many cases to expand especially indoor coverage in areas where 5G infrastructure has its limitations.

With Radiator, the essential product is Radiator SIM Pack that provides the integration between key components in wifi network and mobile core for WiFi Offloading. In this blog, we are clarifying how this kind of concept can be easily evaluated in different networks - as we are currently engaged heavily in these kinds of projects.

How Wifi Offloading Proof of Concept can be implemented?

For this kind of Wifi Offloading Proof of Concept (POC), a small number of steps are needed.

1. Firstly, you will need access to relevant wifi controllers / access gateways, in order to configure the RADIUS traffic to be configured towards Radiator SIM Pack. With this, seamless SIM authentication (with EAP-SIM/EAP-AKA/EAP-AKA’ for example) can be implemented.

2. As a next step, you will need to install the evaluation version from relevant Radiator packages: Radiator AAA Server Software, Radiator Carrier Module and Radiator SIM Module, along with the UtilXS component. The packages exist for all recent versions of RedHat based systems, Ubuntu and Debian.

3. After the installation, our team will provide you with the necessary configuration in order to configure traffic towards your subscriber data source. For HSS, Diameter SWx interface is the standard. Radiator can also use Diameter S6d, Cx or Wx interfaces. When using HLR, Radiator connects with GSM MAP with SIGTRAN. If the subscriber data is stored in more than one location, Radiator can authenticate SIMs from multiple backends. SIM authentication uses IMSI, and Radiator can optionally fetch user MSISDN (phone number) for billing purposes. 

4. Lastly, you will need to have access to the carrier profiles for the mobile phones or other end user devices so that automatic wifi authentication can be done. The methods for this differ a bit with Android and iOS devices: for Android, there are developer tools available for your own testing. For iOS, you need assistance from Apple. For both cases, we are happy to provide assistance.

As can be seen, successful WiFi Offload POC requires a bit of cooperation internally in the organization of the mobile operator. However, at the same time the needed configuration is typically something that can be done with limited effort - and with the assistance from us. As we have already deployed tens of successful WiFi offloading and VoWiFi installations, most challenges (and how to overcome them) are familiar to us.

What are the next steps?

If you are interested in WiFi offloading, please do not hesitate to contact us. Please fill out our contact form or contact sales@radiatorsoftware.com, and we are happy to help you with the next steps.

Meet Radiator team at IETF121 in Dublin

Image credit: Bob Linsdell, O'Connell Bridge & River Liffey, Dublin

The Radiator team will be attending IETF 121 meeting at the Convention Centre Dublin 2 - 8 November 2024. Staying at the forefront of industry developments is a top priority for Radiator development. As always, we are looking forward to working on RADIUS drafts and standards, and catching up with industry people. 

IETF RADIUS working groups 

You can find the Radiator team at these sessions - click the links for the respective meeting materials and agendas. 

• IETF Hackathon on Saturday 
• RADIUS EXTensions (radextra) 
• EAP Method Update (emu) 
• Transport Layer Security (tls) 
• Security Area Open Meeting (saag) 

For other IETF sessions, please see full meeting agenda here: https://datatracker.ietf.org/meeting/121/agenda 

Meet the team 

You can find Radiator developer Heikki Vatiainen and managing director Karri Huhtanen at the working group sessions and around the venue. If you’re in Dublin, come find us and say hi! Everyone else interested in the Radiator roadmap or meeting recaps, please drop us an email.

Radiator Software and Altice Labs announce partnership

Altice Labs, a technology company that is at the forefront of global innovative solutions in telecommunications, networks, and digital services, alongside Radiator Software, a Finnish company which provides AAA (RADIUS/Diameter Authentication, Authorization and Accounting) software products and services for Service Providers and Enterprises, announced a partnership enabling both organizations to jointly deliver end-to-end solutions to Service Providers and Enterprises.

This partnership will allow Altice Labs and Radiator Software to combine efforts to improve efficiency by eliminating barriers and accelerating delivery, thereby enhancing the value of products and solutions for both organizations. One of the key use cases that Radiator Software and Altice Labs can provide together includes WiFi offload and Voice-over-WiFi solutions, among others.

Jaakko Stenhäll, Director of Business Development at Radiator Software, highlighted that, “with Altice Labs, we are able to complement our Radiator AAA offering with excellent technical knowledge on different customer needs and also world-class support on various markets - bringing great value to our mutual customers”.

Tiago Pereira, Director of Global Business Development at Altice Labs, commented, “we are looking forward to partnering with Radiator Software, bringing our extensive experience, knowledge and technical expertise on network and service management and control. This is an area where Altice Labs has been present for more than 20 years, with its own products and solutions”.

For Cleverson Novo, Managing Director of Open Labs - Altice Labs branch in Brazil, “this area has gained huge importance in the Latin America market, with Service Providers leveraging their Wi-Fi networks as a complement to traditional cellular networks“.

Together, both companies are paving the way to the future, exploring new marketing opportunities and business growth.

Meet Radiator at WGC EMEA & Network X in Paris!

We are delighted to announce that Radiator Software will be attending the two top connectivity events of the season: WGC EMEA and Network X, co-located in Paris on 7 – 10 October 2024. We are looking forward to meeting our current and prospective partners and customers in Paris.

Wireless Global Congress Americas

WGC is hosted by the Wireless Broadband Alliance and gathers together Wi-Fi industry leaders and experts from all around the world. As usual, the event is divided into two parts: WBA Members-Only Sessions on 7 and 8 October at the Hôtel Mercure Paris Porte de Versailles Expo, followed by the WGC EMEA Open Congress on 9 and 10 October in Porte de Versailles conference centre.

https://www.wirelessglobalcongress.com/emea-2024/

Network X

Network X event runs through 8 - 10 October and brings together Broadband World Forum, 5G World and Telco Cloud. For service providers of all kinds, Radiator provides a flexible AAA solution for fixed broadband, wireless, and WiFi offloading including VoWiFi.

For more information about the Network X event, please see the official website: https://networkxevent.com/

Meet with Radiator team

You can find the Radiator team at the WBA Members-Only Sessions and in the WGC Open Congress throughout the event. For insights on Wi-Fi authentication, Wi-Fi roaming and OpenRoaming, we extend an invitation to all WGC EMEA and Network X attendees to meet with the Radiator team and managing director Karri Huhtanen.

To book a meeting or simply ask a question, please leave a message and we will get back to you. See you in Paris!

Chargeable User Identity - Billing and analytics with privacy

As mobile and wireless networks have evolved, the ability for users to move between different networks while maintaining service, known as roaming, has become essential. WiFi roaming, while convenient for users, introduces several complexities for service providers, particularly in managing billing and user identity securely across network boundaries.

The Chargeable User Identity (CUI) parameter was introduced to address these challenges. While the specification RFC 4372 for CUI has existed for quite awhile, the implementations are now popularising as commercial Wi-Fi is becoming more sought after.

Chargeable User Identity uses and benefits

Chargeable user identity is a parameter used mostly by service providers to identify users for accounting in roaming networks, while ensuring their privacy is not compromised with trackable credentials. The CUI allows service providers to charge users based on their usage, even when users roam across different networks. It is primarily intended for billing purposes, but also provides other benefits to both public and commercial networks.

The main benefit of using Chargeable User Identity parameter is that it solves the business problem of anonymity in commercial networks, while not making any compromises in privacy and security. It provides a robust mechanism for calculating usage, which can be used not only for billing but also analytics purposes. For example, with CUI, roaming network providers can track whether their 100 sessions come from 10 users with 10 sessions each or by 2 users with 50 sessions each. This allows for more accurate analytics, but does not allow the networks to identify the users. This is possible in deployments where the CUI is the same across all of the user’s devices.

The use of Chargeable User Identity also allows public institutions to restrict and ban roaming users who violate their terms. Previously, when administrators decided to take action against users who violate their visiting terms, the user can simply log on with another device. With a CUI parameter that is mutual across user’s all devices, this is not possible.

Chargeable User Identity deployment

Chargeable User Identity is transmitted in RADIUS packets using dedicated RADIUS attribute 89: Chargeable-User-Identity. The implementation is specified in RFC 4372.

Upon sending the authentication Access-Request to the home organisation for a roaming user’s authentication, the visiting organisation should add the Chargeable-User-Identity parameter into the request with a null value. This signals the home organisation that a CUI is requested. The home organisation check’s for an existing valid CUI and sends either a new or existing valid CUI included in the Access-Accept.

The Chargeable-User-Identity parameter will remain the same for the duration of the roaming user’s session and is included in the accounting packets and responses.

Want to know more?

Are you looking to deploy Wi-Fi offloading or other Wi-Fi roaming functionality for your customers or members of your organisation? Or are you setting up a commercial Wi-Fi infrastructure to provide roaming services for operators? For both cases, Radiator AAA is the product for you.

Radiator AAA provides functionality for Wi-Fi roaming host organisations, with dozens of completed deployments for the biggest Wi-Fi roaming networks (eduroam, govroam, OpenRoaming). Combined with the Radiator SIM Pack, Radiator provides seamless authentication for Wi-Fi offloading, roaming between mobile networks and Wi-Fi. Both products and use cases include Chargeable User Identity function for Radiator.

For more information about CUI deployments, please contact our sales team at sales@radiatorsoftware.com

Why 5G drives Wi-Fi offloading for operators?

Latest reports from the industry indicate that globally 5G subscriptions are closing in on 20% of all mobile subscriptions. Mobile operators are deploying 5G networks at an increasing rate and 5G is at an early stage of its life cycle. Global data usage increases year by year and mobile operators’ cellular networks are hard-pressed to withstand all the traffic, requiring investment in more infrastructure.

5G provides higher data rates and other benefits compared to the previous generations, but at the cost of lower signal range. Strong 5G signal for proper coverage requires operators investment in small cell networks and even with one customers might struggle with in-door service quality. At the same time, there are commercial and other WiFi network infrastructure already in place for many of the areas where operators struggle with in-door coverage.

In this blog post, we’ll take a look at underlying reasons driving the demand for Wi-Fi offloading, and how Radiator SIM Pack solution provides the seamless authentication to enable it. In short, with the performance and reliability that Wi-Fi 6 and 7 have brought to the table, it is easy to see the economical and environmental benefits Wi-Fi offloading brings to those who adopt it, all while improving end users’ coverage and quality of service indoors without need for massive infrastructure investments.

Solve coverage issues with existing infrastructure

Even before 5G, operators were struggling with in-door coverage of cellular networks. Upgrading to 5G will not improve the coverage, but rather do the exact opposite. 5G utilises higher signal frequency millimetre waves, which are unable to penetrate obstructions and have short range. This is becoming a key concern when designing 5G networks in congested areas. However, building a network of small cells to reach proper coverage in-doors is fast becoming a challenge for operators in urban areas.

Wi-Fi offloading can significantly enhance coverage and quality of service for network operators by leveraging the ubiquitous presence of Wi-Fi networks to alleviate congestion on cellular networks. By directing data traffic from overloaded cellular networks to available Wi-Fi connections, operators can effectively extend coverage into areas with weak cellular signal and manage high-demand scenarios, such as large public venues. Wi-Fi offloading not only optimises the utilisation of network resources but additionally offloading traffic to Wi-Fi can help operators reduce network congestion and associated operational costs, making it a win-win solution for both service providers and their customers.

As an added benefit for the end user, According to Wireless Broadband Association, smartphones and IoT devices using Wi-Fi 6 have an up to 67% lower power consumption compared to their respective cellular networks. This energy efficiency will be further enhanced with Wi-Fi 7. This does not directly affect the operator, but enhances the end users’ service quality.

Wi-Fi has gotten better. Much better.

This point is not specific to 5G, but rather for all operators who have previously considered Wi-Fi offloading and found Wi-Fi to have high latency, unreliable connections and low data rate, not matching the standard operators want for their networks. This may have been the case once, but not anymore.

Wi-Fi 6, 6E and especially Wi-Fi 7 have brought down latency (below 5ms on most estimations), increased data rate tremendously (up to 46 Gbps) and made connections much more reliable. And as discussed previously, Wi-Fi networks are built with coverage in mind, bringing offloading users optimal quality of service even in areas with dozens of devices online.

Another concern our MNO customers have expressed from time to time is that Wi-Fi security is not up to par with mobile networks. Today’s Wi-Fi offloading solutions use EAP-AKA and EAP-AKA’ authentication, which provides vast improvements to older protocols. IMSI Privacy and standards in MAC address randomisation should be in place in a modern Wi-Fi offloading solution, with which end users details remain private and can not be snooped. Security and privacy concerns are a thing of the past for operators who want to adopt Wi-Fi offloading, so long as the operator chooses a solution that provides these features.

5G and Wi-Fi 7: Better together

We’ve seen many industry blogs and articles discuss the differences of 5G and Wi-Fi, often comparing them as rivals and recommending customers choose one or the other based on their needs. This need not be the case. As leading operators have demonstrated, these networks are not at odds, but rather better utilised together.

Wi-Fi offloading can solve operators’ problem of coverage in congested areas, particularly in-doors and in large venues with high volumes of data traffic. These areas often have Wi-Fi infrastructure in place which operators can utilise, lessening the need for investment in small cell networks.

As an improvement to previous mobile network generations, Wi-Fi offloading has been clearly specified as part of 5G architecture in 3GPP standards (3GPP TS 33.501; Annex S). When viewed as part of the architecture with dedicated authentication interface, rather than a case-by-case solution, Wi-Fi offloading is becoming a more integral part of operators’ connectivity stack.

Looking to deploy Wi-Fi offloading in your network?

Are you looking to adopt Wi-Fi offloading to your cellular network? Radiator SIM Pack is the product for you! Radiator SIM Pack provides seamless authentication for mobile users roaming between cellular and wireless networks.

Radiator SIM Pack provides SIM-based authentication (EAP-SIM, EAP-AKA, EAP-AKA’) with IMSI Privacy and a variety of different integration options for Diameter interfaces and for logging. Often combined with the Radiator Policy and Charging Pack for OCS billing integration, these products provide a one stop shop for operators looking to adopt seamless Wi-Fi offloading for their mobile customers.

If you wish to learn more about our Wi-Fi offloading deployments, please do not hesitate to contact sales@radiatorsoftware.com

Radiator 4.29 released!

We are pleased to announce the release of Radiator version 4.29. The latest release includes a major Radius protocol security fix, and the usual usability and interoperability improvements and bug fixes.

New usability improvements

Tested and supported for Ubuntu 24.04

AuthBy LDAP2 improvements

CEF and JSON logging fixes

Updates to address BlastRADIUS protocol vulnerability

Radiator is actively engaged with IETF’s radext working group and we have been working under embargo to implement the fixes based on the work done in the group.

Add a new flag parameter LimitProxyState to Client clauses. This parameter allows dropping those requests from non-proxy clients that contain Proxy-State but do not contain Message-Authenticator. Ensure that ServeRADSEC drops requests with bad Message-Authenticator instead of just logging them. The upcoming Radius transport update by IETF's radext working group will remove the redundant signatures but keep them for the current transport profile. LimitProxyState addresses CVE-2024-3596.

Update RADIUS Message-Authenticator attribute handling. Message-Authenticator is always added as the first attribute in Radius messages. Message-Authenticator is now added automatically to replies to Access-Request messages and to Access-Request messages when they are proxied.

RequireMessageAuthenticator is now available for AuthBy RADIUS and its subclasses. It can be set for all hosts in an AuthBy or host-by-host basis. This parameter requires a valid Message-Authenticator in proxy replies.

A new configuration flag -no_message_authenticator is available in radpwtst to skip Message-Authenticator in Access-Requests.

Please see the security notice for more information on CVE-2024-3596 and our security recommendations.

New attributes ensuring interoperability

Vendor specific attributes updated in the Radiator dictionary for Arista, Dell, ELTEK, Force10, Mojo, and Teldat.

More detailed changes can be found in the revision history. Radiator packages are available to download for current licensees from the downloads page and the Radiator repository.

Would you like to know more?

As always, you can contact Radiator team at info(a)radiatorsoftware.com - we are happy to learn more about your use case and assist you!