You are on page 1of 42

GSM Association Official Document IR.

62

Non Confidential

End-to-End Wi-Fi Roaming Test Cases Version 4.0 11 May 2012

This is a Non-binding Permanent Reference Document of the GSMA.
Security Classification – NON CONFIDENTIAL GSMA MATERIAL

Copyright Notice
Copyright © 2011 GSM Association

Antitrust Notice
The information contain herein is in full compliance with the GSM Association’s antitrust compliance policy.

V4.0

Page 1 of 42

GSM Association Official Document IR.62

Non Confidential

Table of Contents
1. Summary .....................................................................................................................................6 2. Introduction ..................................................................................................................................6 2.1. Scope of document ..................................................................................................................6 2.2. Strategy for Testing .................................................................................................................6 3. Username/Password Test Cases (Web-login) ............................................................................6 3.1. Access Tests ...........................................................................................................................7 3.1.1. Valid Roaming Authentication .....................................................................................7 3.1.2. Valid Username, Invalid Password ..............................................................................7 3.1.3. Invalid Username ...........................................................................................................7 3.1.4. Operator Determined Barring .......................................................................................7 3.1.5. Operator Determined Barring While Session Open ...................................................7 3.2. Accounting Tests .....................................................................................................................8 3.2.1. RADIUS Accounting Data Generation (Session Time) ..............................................8 3.2.2. RADIUS Accounting Data Generation (Data Transferred) .........................................8 3.2.3. Verifying RADIUS Accounting Logs ............................................................................8 3.3. Service Failure Tests ...............................................................................................................8 3.3.1. Implicit Logout ...............................................................................................................8 3.3.2. Inactivity Logout ............................................................................................................9 3.4. User Experience Tests ............................................................................................................9 3.4.1. Login Page .....................................................................................................................9 3.4.2. Help Page .......................................................................................................................9 3.4.3. Start Page .......................................................................................................................9 3.4.4. Unsuccessful Login .......................................................................................................9 3.4.5. Successful Login ...........................................................................................................9 3.4.6. Logout Confirmation .....................................................................................................9 3.5. Test Evaluation ..................................................................................................................... 10 4. Extensible Authentication Protocol for GSM Subscriber Identity Module (EAP-SIM) Test Cases10 4.1. Access Tests ........................................................................................................................ 10 4.1.1. Valid Roaming Authentication using IMSI as an identity ....................................... 10 4.1.2. Valid Roaming Authentication using pseudonym as identity................................ 11 4.1.3. Valid Roaming Authentication using fast re-authentication mechanism ............. 11 4.1.4. Periodical re-authentication ...................................................................................... 11 4.1.5. Handover ..................................................................................................................... 11 4.1.6. Operator Determined Barring .................................................................................... 12 4.1.7. Operator Determined Barring While Session Open ................................................ 12 4.1.8. Removing a SIM-Card During User Session ............................................................ 12 4.2. Accounting Tests .................................................................................................................. 12 4.2.1. RADIUS Accounting Data Generation (Session Time) ........................................... 12 4.2.2. RADIUS Accounting Data Generation (Data Transferred) ...................................... 12 4.2.3. Verifying RADIUS Accounting Logs ......................................................................... 13 4.2.4. Handover ..................................................................................................................... 13 4.2.5. Chargeable User Identity (CUI) .................................................................................. 13 4.3. Service Failure Tests ............................................................................................................ 13 4.3.1. Implicit Logout ............................................................................................................ 13 4.3.2. Inactivity Logout ......................................................................................................... 14 4.4. User Experience Tests ......................................................................................................... 14 4.4.1. Help Page .................................................................................................................... 14 4.4.2. Start Page .................................................................................................................... 14 4.4.3. Unsuccessful Login .................................................................................................... 14 4.4.4. Successful Login ........................................................................................................ 14 4.4.5. Logout Confirmation .................................................................................................. 14 4.5. Test Evaluation .................................................................................................................... 15 5. EAP-AKA Test Cases ............................................................................................................... 15 5.1. Access Tests ........................................................................................................................ 15 5.1.1. Valid Roaming Authentication using IMSI as an identity .............................................. 15 5.1.2. Valid Roaming Authentication using pseudonym as identity ........................................ 16 5.1.3. Valid Roaming Authentication using fast re-authentication mechanism ...................... 16 5.1.4. Periodical re-authentication .......................................................................................... 16 V4.0 Page 2 of 42

GSM Association Official Document IR.62

Non Confidential

5.1.5. Handover ...................................................................................................................... 16 5.1.6. Operator Determined Barring ....................................................................................... 16 5.1.7. Operator Determined Barring While Session Open ..................................................... 17 5.1.8. Removing UICC-Card During User Session ................................................................. 17 5.2. Accounting Tests .................................................................................................................. 17 5.2.1. RADIUS Accounting Data Generation (Session Time) ................................................ 17 5.2.2. RADIUS Accounting Data Generation (Data Transferred) ........................................... 17 5.2.3. Verifying RADIUS Accounting Logs ............................................................................. 18 5.2.4. Handover ...................................................................................................................... 18 5.2.5. Chargeable User Identity (CUI) .................................................................................... 18 5.3. Service Failure Tests ............................................................................................................ 18 5.3.1. Implicit Logout ............................................................................................................... 18 5.3.2. Inactivity Logout ............................................................................................................ 19 5.4. User Experience Tests ......................................................................................................... 19 5.4.1. Help Page ..................................................................................................................... 19 5.4.2. Start Page ..................................................................................................................... 19 5.4.3. Unsuccessful Login ....................................................................................................... 19 5.4.4. Successful Login ........................................................................................................... 19 5.4.5. Logout Confirmation ..................................................................................................... 19 5.5. Test Evaluation ..................................................................................................................... 19 6. EAP-TTLS Test Cases ............................................................................................................. 20 6.1. Access Tests ........................................................................................................................ 20 6.1.1. Valid Roaming Authentication ...................................................................................... 20 6.1.2. Valid Username, Invalid Password ............................................................................... 20 6.1.3. Invalid Username .......................................................................................................... 21 6.1.4. Operator Determined Barring ....................................................................................... 21 6.1.5. Operator Determined Barring While Session Open ..................................................... 21 6.2. Accounting Tests .................................................................................................................. 21 6.2.1. RADIUS Accounting Data Generation (Session Time) ................................................ 21 6.2.2. RADIUS Accounting Data Generation (Data Transferred) ........................................... 21 6.2.3. Verifying RADIUS Accounting Logs ............................................................................. 22 6.3. Service Failure Tests ............................................................................................................ 22 6.3.1. Implicit Logout ............................................................................................................... 22 6.3.2. Inactivity Logout ............................................................................................................ 22 6.4. User Experience Tests ......................................................................................................... 22 6.4.1. Help Page ..................................................................................................................... 22 6.4.2. Start Page ..................................................................................................................... 22 6.4.3. Unsuccessful Login ....................................................................................................... 23 6.4.4. Successful Login ........................................................................................................... 23 6.4.5. Logout Confirmation ..................................................................................................... 23 6.5. Test Evaluation ..................................................................................................................... 23 7. EAP-TLS Test Cases................................................................................................................ 23

A.1 Test Results for Username/Password .................................................................................. 25 8.1. Access Tests ........................................................................................................................ 25 8.1.1. Valid Roaming Authentication ...................................................................................... 25 8.1.2. Valid Username, Invalid Password ............................................................................... 25 8.1.3. Invalid Username .......................................................................................................... 25 8.1.4. Operator Determined Barring ....................................................................................... 26 8.1.5. Operator Determined Barring While Session Open ..................................................... 26 8.2. Accounting Tests .................................................................................................................. 26 8.2.1. RADIUS Accounting Data Generation (Session Time) ................................................ 26 8.2.2. RADIUS Accounting Data Generation (Data Transferred) ........................................... 26 8.2.3. Verifying RADIUS Accounting Logs ............................................................................. 27 8.3. Service Failure Tests ............................................................................................................ 27 8.3.1. Implicit Logout ............................................................................................................... 27 8.3.2. Inactivity Logout ............................................................................................................ 27 8.4. User Experience Tests ......................................................................................................... 27 8.4.1. Login Page .................................................................................................................... 27 8.4.2. Start Page ..................................................................................................................... 28 8.4.3. Unsuccessful Login ....................................................................................................... 28 8.4.4. Successful Login ........................................................................................................... 28 V4.0 Page 3 of 42

GSM Association Official Document IR.62 8.4.5.

Non Confidential

Logout Confirmation ..................................................................................................... 28

A.2 Test Results for EAP-SIM ..................................................................................................... 29 9.1. Access Tests ........................................................................................................................ 29 9.1.1. Valid Roaming Authentication using IMSI as identity ................................................... 29 9.1.2. Valid Roaming Authentication using pseudonym as identity ........................................ 29 9.1.3. Valid Roaming Authentication using fast re-authentication mechanism ...................... 29 9.1.4. Periodical re-authentication .......................................................................................... 30 9.1.5. Handover ...................................................................................................................... 30 9.1.6. Operator Determined Barring ....................................................................................... 30 9.1.7. Operator Determined Barring While Session Open ..................................................... 30 9.1.8. Removing SIM-Card During User Session ................................................................... 30 9.2. Accounting Tests .................................................................................................................. 31 9.2.1. RADIUS Accounting Data Generation (Session Time) ................................................ 31 9.2.2. RADIUS Accounting Data Generation (Data Transferred) ........................................... 31 9.2.3. Verifying RADIUS Accounting Logs ............................................................................. 31 9.2.4. Handover ...................................................................................................................... 31 9.2.5. Chargeable User Identity (CUI) .................................................................................... 32 9.3. Service Failure Tests ............................................................................................................ 32 9.3.1. Implicit Logout ............................................................................................................... 32 9.3.2. Inactivity Logout ............................................................................................................ 32 9.4. User Experience Tests ......................................................................................................... 33 9.4.1. Help Page ..................................................................................................................... 33 9.4.2. Start Page ..................................................................................................................... 33 9.4.3. Unsuccessful Login ....................................................................................................... 33 9.4.4. Successful Login ........................................................................................................... 33 9.4.5. Logout Confirmation ..................................................................................................... 33 A.3 Test Results for EAP-AKA .................................................................................................... 34 10.1. Access Tests .................................................................................................................... 34 10.1.1. Valid Roaming Authentication using IMSI as identity ................................................... 34 10.1.2. Valid Roaming Authentication using pseudonym as identity ........................................ 34 10.1.3. Valid Roaming Authentication using fast re-authentication mechanism ...................... 34 10.1.4. Periodical re-authentication .......................................................................................... 34 10.1.5. Handover ...................................................................................................................... 35 10.1.6. Operator Determined Barring ....................................................................................... 35 10.1.7. Operator Determined Barring While Session Open ..................................................... 35 10.1.8. Removing SIM-Card During User Session ................................................................... 35 10.2. Accounting Tests .............................................................................................................. 36 10.2.1. RADIUS Accounting Data Generation (Session Time) ................................................ 36 10.2.2. RADIUS Accounting Data Generation (Data Transferred) ........................................... 36 10.2.3. Verifying RADIUS Accounting Logs ............................................................................. 36 10.2.4. Handover ...................................................................................................................... 36 10.2.5. Chargeable User Identity (CUI) .................................................................................... 37 10.3. Service Failure Tests ........................................................................................................ 37 10.3.1. Implicit Logout ............................................................................................................... 37 10.3.2. Inactivity Logout ............................................................................................................ 37 10.4. User Experience Tests ..................................................................................................... 37 10.4.1. Help Page ..................................................................................................................... 37 10.4.2. Start Page ..................................................................................................................... 38 10.4.3. Unsuccessful Login ....................................................................................................... 38 10.4.4. Successful Login ........................................................................................................... 38 10.4.5. Logout Confirmation ..................................................................................................... 38 A.4 Test Results for EAP-TTLS .................................................................................................. 39 11.1. Access Tests .................................................................................................................... 39 11.1.1. Valid Roaming Authentication ...................................................................................... 39 11.1.2. Valid Username, Invalid Password ............................................................................... 39 11.1.3. Invalid Username .......................................................................................................... 39 11.1.4. Operator Determined Barring ....................................................................................... 40 11.1.5. Operator Determined Barring While Session Open ..................................................... 40 11.2. Accounting Tests .............................................................................................................. 40 11.2.1. RADIUS Accounting Data Generation (Session Time) ................................................ 40 11.2.2. RADIUS Accounting Data Generation (Data Transferred) ........................................... 40 V4.0 Page 4 of 42

............ Help Page .....4.............3......4..0 Page 5 of 42 ....................................2...... 42 V4....................4..................... User Experience Tests ............................................................. 42 11......... 41 11.............................3.....................2............62 Non Confidential 11............................ Service Failure Tests ....................................................................................4.... Successful Login ............4. 42 11.................................. 42 11.............. 41 11..................... 41 11.............................................................. 41 11......................................................... Inactivity Logout ......................................GSM Association Official Document IR........................................ 41 11........4............. Implicit Logout ........................................................... Logout Confirmation .................3... 41 11........................ Verifying RADIUS Accounting Logs .......5..............................................................3.................................. Unsuccessful Login .......................................................................1............2...................................... Start Page ..............1....3...................................................4............

61 Wi-Fi Roaming Guidelines. the amount of simultaneous joint activity between Home SP (a) and Visited SP (b) should be minimized. To complete End-to-end Wi-Fi Roaming tests for bilateral roaming. Whilst it is expected that Wi-Fi roaming will be a bilateral activity between two Wi-Fi Service providers (SP). please note that this document is written in a unidirectional context. Scope of document This document specifies a set of test cases for a Wi-Fi roaming service to confirm that it complies with PRD IR. Note: Billing cycles will not be part of these tests.0 Page 6 of 42 . Summary The following document outlines test cases for Remote Authentication Dial In User Service (RADIUS)-based username-password. There is no reference to a Mobile Terminal MT(b) visiting Home Wi-Fi Service Provider network SP(a). (AAA). The Wi-Fi roaming environment shall be as described in PRD IR. EAP-Tunnelled Transport Layer Security (EAP-TTLS) and EAP-Transport Layer Security (EAP-TLS) authenticated Wi-Fi roaming. Realm functionality in each proxy. RADIUS shall be the protocol to be used for passing Authentication.61 Wi-Fi Roaming Guidelines. Strategy for Testing To complete the test cases efficiently.1. the production of valid RADIUS accounting data that is used in the billing cycle is tested in a similar method as the generation of Call Data Records (CDRs) described in IR. Introduction 2. Hence Roaming is taking place by a Mobile Terminal MT(a) to Visited Wi-Fi Service Provider network SP(b) only. EAP for UMTS Authentication and Key Agreement (EAP-AKA).35 End – to – End Functional Capability Test Specification for Inter-PLMN GPRS Roaming. The roaming environment is defined in PRD IR.61. routing to correct server. it is necessary to perform the tests in this document twice: the second time the real identities of SP (a) and SP (b) are swapped.  Accounting tests: Validating that RADIUS accounting logs match.2. However. Username/Password Test Cases (Web-login) The test cases are divided into four groups:  Access tests: Login procedure and authentication. 2. Authorization and Accounting data. testing program forms three separate components:  Home SP (a) issues Test User Accounts and programmes Authentication Servers accordingly  Visited SP (b) performs tests  Visited SP (b) and Home SP (a) exchange data and discuss results 3.  Service Failure tests  User Experience tests Pre-requisites for Username/Password Testing V4.GSM Association Official Document IR.62 Non Confidential 1. 2. Extensible Authentication Protocol (EAP) for GSM Subscriber Identity Module (EAP-SIM). To this effect.

61) compliant Wi-Fi roaming test environment implemented. Home SP (a) user should be granted access and get full network capabilities. RADIUS Shared Secret via secure means).1. Operator Determined Barring Background: The Home SP (a) decides which object-relational mapping system.1.3.1. User should be denied access. ODB ´s should stop the customer from using Wi-Fi (for example. via IR. Result: 3. Result: 3.4. Three (3) accounts to each roaming partner.1. IP addresses of proxies.5. 3. etc. The Visited SP (b) has to collect RADIUS messages going to Home SP (a) network server for to be able to validate RADIUS accounting data. 3. Operator Determined Barring While Session Open Background: This feature requires a RADIUS Change of Authorisation message implementation according to RFC 5176 on the Core Network side and on the Access Network.  One barred user account provided to Visited SP (b) for the tests.62 Non Confidential  A GSMA Wi-Fi Roaming Guidelines (PRD IR. V4. Action: Enter a valid but barred Home SP (a) Username and a valid Password using the Visited SP (b) network.0 Page 7 of 42 . Action: Access Tests Valid Roaming Authentication Enter a valid Home SP (a) username and a valid password using the Visited SP (b) network. 3. A File Transfer Protocol (FTP) location established from where the test file of a known size may be downloaded in data transfer testing. Action: Result: Invalid Username Enter an invalid username and password using the Visited SP (b) network. Barring of Roaming.GSM Association Official Document IR. Result: 3.1. Invalid Password Enter a valid Home SP (a) username and an invalid password using the Visited SP (b) network. Action: Valid Username.  Relevant system logs identified. Home SP (a) user should be denied access. Barring of GPRS.21. Barring of outgoing calls.  List of active/valid test accounts made available by the Home SP (a) to Visited SP (b) for testing purposes. or other/way of barring).1.1.  RADIUS configuration information shared (Realms.2. User access should be denied by the home SP (a).

Service Failure Tests 3. Accounting Tests 3. RADIUS Accounting Data Generation (Data Transferred) Action: Login with a valid Home SP (a) username in Visited SP (b) network.3.2. Implicit Logout Action: Login with a valid Home SP (a) username in Visited SP (b) network. Result: Comments: V4.0 Page 8 of 42 . Result: 3. RADIUS accounting log should reflect the set time.2. the transferred file should be big enough that interim message(s) are generated during this test. Access should be denied to the user without a new login and the accounting session should be closed. Result: Comments: 3. If Interim RADIUS accounting messages are used.62 Non Confidential Action: Perform a successful authentication. re-insert card or switch on the Mobile Terminal (a). Consequently.3.GSM Association Official Document IR. upload a test file of known size. logout after set time. the set time should be longer than the interim interval and interim message(s) should be generated during this test. Wait for set time.2. Also verify that proxy-state attributes are logged and that the values are correct. Verifying RADIUS Accounting Logs Action: Exchange RADIUS session logs of the accounting tests between Home SP (a) and Visited SP (b) Both accounting logs should have the same values in correct fields for the accounting tests. RADIUS accounting log Bytes-In and Bytes-Out fields should reflect the transferred file size and some network overhead.1.1. If Interim RADIUS accounting messages are used. and logout. disconnect the Wi-Fi card or switch off the Mobile Terminal (a). The wait time depends on the access controller configuration. Result: 3.3.2. RADIUS Accounting Data Generation (Session Time) Action: Login with a valid Home SP (a) username in Visited SP (b) network.2. download a test file of known size. The Home SP (a) removes Wi-Fi capability from the user at issue by sending a Radius Change of Authorisation message. The session is closed and cannot be re-established. the next authentication should fail. Result: Comments: 3.

Yes/No. 3. Result: 3.4. Page 9 of 42 . 3. Logout Confirmation Action: V4.0 Logout confirmation is displayed after explicit and inactivity logouts. An automatic logout should occur after a pre-determined length of time. Start Page Action: Visited SP (b)’s start page and/or session status window are displayed after a successful login. User Experience Tests While conducting Access and Accounting tests. Successful Login Action: Result: Logout method is clearly displayed after a successful login.4.4.3. some user experience related issues should also be checked. The idle-timeout time depends on the used system.2.62 Non Confidential 3.6.GSM Association Official Document IR. Yes/No. Normal accounting data should be generated after an automatic logout.4. Help Page Action: Visited SP (b)’s help page is available on the login page and is displayed before login. Yes/No. Unsuccessful Login Action: Result: An error message is displayed after an unsuccessful login. Login Page Action: Visited SP (b)’s login page is displayed after association with Visited SP Network. Yes/No.4.5.1. Result: 3. Yes/No. Inactivity Logout Action: Login with a valid Home SP (a) username in Visited SP (b) network and leave the Mobile Terminal (a) idle.4. Result: 3.3. Result: Comments: 3.4.2. 3.4.

Test Evaluation  Accounting logs to be prepared to check that they match between all participants. etc. This is due to a new security key delivery.0 Page 10 of 42 . Extensible Authentication Protocol for GSM Subscriber Identity Module (EAP-SIM) Test Cases The test cases are divided into four groups:  Access tests – Login procedure and authentication. SIM can be either SIM card.21.5. RADIUS Shared Secret via secure means).  Pseudonym and realm together are according to the 3GPP TS 23. Note: Next test cases refer to re-authentication.  RADIUS configuration information shared (Realms. The Visited SP (b) has to collect RADIUS messages going to Home SP (a) network server for to be able to validate RADIUS accounting data.  Analyse failures. meaning that during the user session the client is authenticated and the security keys are exchanged.61) compliant Wi-Fi roaming test environment implemented.  List of active/valid test Subscriber Identity Modules (SIMs) made available by the Home SP (a) to Visited SP (b) for testing purposes. IP addresses of proxies.1.1.1. via IR.  Service Failure tests  User Experience tests Pre-requisites for EAP-SIM Testing  A GSMA Wi-Fi Roaming Guidelines (PRD IR.  An FTP location established from where a test file of a known size may be downloaded in data transfer testing. Re-authentication can be Full authentication (EAP-SIM server fetches the triplets from Home Location Register (HLR)) or Fast re-authentication (no HLR query). Realm functionality in each proxy.  Accounting tests – Validating that RADIUS accounting logs match. Three (3) SIMs to each roaming partner. Access Tests 4.62 Non Confidential Result: Yes/No. routing to correct server.  Relevant system logs identified. Valid Roaming Authentication using IMSI as an identity V4.GSM Association Official Document IR.  Produce Test Report: – Completed Test cases – Experiences – Problems – Solutions – Proposals 4. 3.003 specification  It is suggested that Visited SP (b) sets re-authentication period maximum to 30 minutes. 4.  One barred SIM (SIM-card with no Wi-Fi service) provided to Visited SP (b) for the tests. or Universal Integrated Circuit Card (UICC) with SIM application.

Enter a valid Home SP (a) SIM-card to the terminal and enter the correct PIN-code using the Visited SP (b) network. A Home SP (a) user should be granted access and access full network capabilities. After a configured time period the client must authenticate itself to Home SP (a) network either by using fast re-authentication or full authentication mechanism. Periodical re-authentication Background: Home SP (a) network can require periodically re-authentications. While authenticated.2. Action: Configure client to use pseudonym as an identity. Result: 4. The usage of pseudonyms must be enabled in the Home SP (a) network. A Home SP user should be granted access and access full network capabilities. Handover Background: When moving from Access Point (AP) coverage to another AP coverage.1. Result: 4.1.1. The usage of fast re-authentication must be enabled in the Home SP (a) network.5. the client should make automatically a new authentication or fast re-authentication depending on the client features Action: Result: V4. Home SP (a) user should be granted access and access full network capabilities. Result: 4. at least one successful authentication with IMSI must be performed. Page 11 of 42 . Valid Roaming Authentication using fast re-authentication mechanism Background: Fast Re-authentication mechanism allows the authentication to be completed without querying Home SP (a) HLR.GSM Association Official Document IR. A Home SP user should be granted access and get full network capabilities.1.1. change your position so that a handover occurs. Wait for an agreed time period and examine if re-authentication occurs. Result: 4.1.3.1 or 2.2.62 Non Confidential Action: Configure client to use International Mobile Subscriber Identity (IMSI) as an identity. Valid Roaming Authentication using pseudonym as identity Background: In order to use pseudonym identity. Action: Perform successful authentication with mechanisms described either in 2. Handover succeeds.1. push re-authenticate or similar button in your client to make fast re-authentication.4. Enter a valid Home SP (a) SIM-card to the terminal and enter the correct PIN-code using the Visited SP (b) network. check the authentication type.1 or 2.2. Action: Perform successful authentication with mechanism described either in 2.1.0 Session is active.

User access should be denied by the Home SP (a). the next authentication attempt will fail.GSM Association Official Document IR.6.62 Non Confidential 4.2. Consequently the next re-authentication (full authentication) should fail.8. Action: Perform a successful authentication. RADIUS Accounting Data Generation (Session Time) Action: Login with a valid Home SP (a) SIM card in Visited SP (b) network and logout after a set time (with the help of Session timeout attribute). V4.2. Operator Determined Barring Background: The Home SP (a) decides how to stop the customer from using Wi-Fi.2. upload a test file of known size.1. Result: 4.1.1. Result: 4.7. If Interim RADIUS accounting messages are used. The session is closed and cannot be re-established. Accounting Tests 4. Operator Determined Barring While Session Open Background: This feature requires RADIUS Change of Authorisation message implementation according to RFC 5176 on Core Network side and on a Access Network. Result: Comments: 4. Result: 4. download a test file of known size. Action: Enter a valid Home SP (a) SIM-card to the terminal and enter the correct PINcode using the Visited SP (b) network. the set time should be longer than the interim interval and interim message(s) should be generated during this test. If the user account gets barred between two sequential authentications. Also re-authentication mechanism could be used to implement barring mechanism.1. and logout. RADIUS Accounting Data Generation (Data Transferred) Action: Login with a valid Home SP (a) SIM card in Visited SP (b) network. Removing a SIM-Card During User Session Background: Removing the SIM-card during the session should terminate the session. Action: Remove the Universal Serial Bus (USB) or Personal Computer Memory Card International Association (PCMCIA) smart card reader during the session. A Home SP (a) removes Wi-Fi capability from the user at issue by sending Radius Change of Authorisation message.0 Page 12 of 42 .2. The session is terminated in the time period of two (2) seconds. RADIUS accounting log should reflect the set time.

If Interim RADIUS accounting messages are used. Chargeable User Identity (CUI) Background: The usage of the pseudonym creates the accounting problem for the Visited SP (b). Current accounting session may remain after the handover.3.. Page 13 of 42 Result: V4.GSM Association Official Document IR.1.62 Non Confidential Result: RADIUS accounting log Bytes-In and Bytes-Out fields should reflect the transferred file size and some network overhead.4. the transferred file should be big enough that interim message(s) are generated during this test. Also verify that proxy-state attributes are logged and that the values are correct. Implicit Logout Action: Login with a valid Home SP (a) SIM card in Visited SP (b) network. Both accounting logs should have the same values in correct fields for the accounting tests. MSISDN.2. Access should be denied to the user without a new login and the accounting session should be closed. check the Accounting session.61 to see which packet may include CUI). Result: 4. NAI. Action: Home SP (a) sends CUI to the visited SP (b) in the predefined format (IMSI.2. change your position so that a handover occurs. Comments: 4.. Verifying RADIUS Accounting Logs Action: Exchange RADIUS session logs of the accounting tests between Home SP (a) and Visited SP (b).3. 4. Alternatively a new accounting session is created after successful handover and the old accounting session gets terminated. The visited SP (b) must send back the CUI received in the authentication accept message back to the Home SP (a) in the format the Home SP (a) sent it.0 . Handover succeeds.5.2. Handover Background: In case the user is moving from one AP’s coverage to another AP’s coverage the ongoing accounting session may be altered. CUI is solving this problem. disconnect the WLAN card or switch off the Mobile Terminal (a). Result: 4. Wait for set time.3. re-insert card or switch on the Mobile Terminal (a). as it does not recognise the real user and which identity that would be usable with the existing inter-operator billing systems. Visited SP (b) is able to use CUI for the accounting purposes.) in an Access-Accept message Visited SP (b) sends the CUI back in the same format it was received (refer to the IR. Service Failure Tests 4. Action: Result: Session is active.

Start Page Action: Visited SP (b)’s start page appears after browser opening and/or session status might be visible in the EAP-SIM client.4. 4. Yes/No. Successful Login Action: Result: The successful login is clearly displayed by the client after successful login.3.2. Unsuccessful Login Action: Result: An error message is displayed after an unsuccessful login in the client.4. Logout Confirmation Action: Result: Logout confirmation is displayed after explicit and inactivity logouts. Result: 4. Normal accounting data should be generated after an automatic logout. Result: Comments: 4.62 Non Confidential Comments: The wait time depends on the access controller configuration.1.4. Yes/No.4. Result: 4. Inactivity Logout Action: Login with a valid Home SP (a) SIM in Visited SP (b) network and leave the Mobile Terminal (a) idle. Yes/No.2. V4. An automatic logout should happen after a pre-determined time period. and may not include the visited SP (b) network features.4. 4. some user experience related issues should also be checked. Yes/No.5. 4. Yes/No. User Experience Tests While conducting Access and Accounting tests.4. 4. These issues are mainly pointing to the 1X-client features.0 Page 14 of 42 .3. The idle-timeout time depends on the used system. Help Page Action: Visited SP (b)’s help page (or link) is available on the start page of the visited SP (b).4.GSM Association Official Document IR.

 Service Failure tests  User Experience tests Pre-requisites for EAP-AKA Testing  A GSMA Wi-Fi Roaming Guidelines (PRD IR. Access Tests 5.  Accounting tests . The test cases are divided into four groups:  Access tests .1. Three (3) UICCs to each roaming partner. RADIUS Shared Secret via secure means).  One barred UICC (UICC-card with no Wi-Fi service) provided to Visited SP (b) for the tests.  An FTP location established from where test file of a known size may be downloaded in data transfer testing. The only difference when testing is that it requires a 3G SIM card in this document is referred as UICC. Note: Next test cases refer to re-authentication. Valid Roaming Authentication using IMSI as an identity V4.1. Meaning that during the user session the client is authenticated and the security keys are exchanged. via IR.  Pseudonym and realm together are according to the 3GPP TS 23.  RADIUS configuration information shared (Realms.1.21.003 specification  It is suggested that Visited SP (b) sets re-authentication period at a max. IP addresses of proxies. This is because of a new security key delivery.5.Validating that RADIUS accounting logs match.GSM Association Official Document IR. Realm functionality in each proxy. The Visited SP (b) has to collect RADIUS messages going to Home SP (a) network server for to be able to validate RADIUS accounting data.  Relevant system logs identified.61) compliant Wi-Fi roaming test environment implemented. Test Evaluation  Accounting logs to be prepared to check that they match between all participants  Analyse failures  Produce Test Report: – Completed Test cases – Experiences – Problems – Solutions – Proposals The client used for the tests to be mentioned (name. instead of the 2G SIM card that only supports EAP-SIM. routing to correct server. version etc.0 Page 15 of 42 . EAP-AKA Test Cases Extensible Authentication Protocol for UMTS Authentication and Key Agreement (EAP-AKA) test cases are the same as for the EAP-SIM. Re-authentication can be Full authentication (EAP-AKA server fetches the quintets from HLR) or Fast re-authentication (no HLR query). 5.) 5.62 Non Confidential 4. etc.  List of active/valid test UICCs made available by the Home SP (a) to Visited SP (b) for testing purposes.Login procedure and authentication. 30 minutes.

Operator Determined Barring V4. Enter a valid Home SP (a) UICC-card to the terminal and enter the correct PIN-code using the Visited SP (b) network. Home SP (a) user should be granted access and access full network capabilities. Home SP (a) user should be granted access and get full network capabilities. 5.1.1. Result: Home SP (a) user should be granted access and get full network capabilities. Valid Roaming Authentication using pseudonym as identity Background: In order to use pseudonym identity.1.GSM Association Official Document IR. the client should make automatically a new authentication or fast re-authentication depending on the client features Action: Result: Session is active. at least one successful authentication with IMSI must be performed.3. The usage of pseudonyms must be enabled in the Home SP (a) network.0 Page 16 of 42 .5. Periodical re-authentication Background: Home SP (a) network can require periodically re-authentications. Valid Roaming Authentication using fast re-authentication mechanism Background: Fast Re-authentication mechanism allows the authentication to be completed without querying Home SP (a) HLR.1 or 4. Handover Background: When moving from AP coverage to another AP coverage. Result: 5.6. Result: 5. Enter a valid Home SP (a) UICC-card to the terminal and enter the correct PIN-code using the Visited SP (b) network.1. the client must authenticate itself to Home SP (a) network either by using fast re-authentication or full authentication mechanism.1.1. Result: 5. Action: Perform successful authentication with the mechanisms described either in 4.1 or 4. The usage of fast re-authentication must be enabled in the Home SP (a) network.2.4.62 Non Confidential Action: Configure client to use IMSI as an identity.2. change your position so that a handover occurs. Handover succeeds. After a configured time period. Action: Perform successful authentication with mechanism described either in 4.2.1.1. Wait for an agreed time period and examine if re-authentication occurs. check the authentication type 5. While authenticated.1. Home SP (a) user should be granted access and get full network capabilities. Action: Configure client to use pseudonym as an identity. push re-authenticate or similar button in your client to make fast re-authentication.

7. If Interim RADIUS accounting messages are used. the set time should be longer than the interim interval and interim message(s) should be generated during this test. If Interim RADIUS accounting messages are used. The Home SP (a) removes Wi-Fi capability from the user at issue by sending a RADIUS Change of Authorisation message. Action: Perform a successful authentication. the next re-authentication (full authentication) should fail. Action: Enter a valid Home SP (a) UICC-card to the terminal and enter the correct PINcode using the Visited SP (b) network. Result: Comments: 5. Result: 5. Consequently. User access should be denied by the Home SP (a).2. download a test file of a known size.1. RADIUS accounting log should reflect the set time. RADIUS Accounting Data Generation (Data Transferred) Action: Login with a valid Home SP (a) UICC card in Visited SP (b) network. 5. If the user account gets barred between two sequential authentications. Accounting Tests 5.GSM Association Official Document IR. upload a test file of a known size. the transferred file should Page 17 of 42 Result: Comments: V4. Operator Determined Barring While Session Open Background: This feature requires RADIUS Change of Authorisation message implementation according to RFC 5176 on Core Network side as well on Access Network. and logout. logout after a set time (with the help of Session timeout attribute).1.2.62 Non Confidential Background: The Home SP (a) decides how to stop the customer from using Wi-Fi.2. Also Re-authentication mechanism could be used to implement barring mechanism.1.2. Result: 5. The session is closed and cannot be re-established.8. the next authentication attempt will fail. RADIUS Accounting Data Generation (Session Time) Action: Login with a valid Home SP (a) UICC card in Visited SP (b) network.0 . Removing UICC-Card During User Session Background: Removing UICC-card during the session should terminate the session. RADIUS accounting log Bytes-In and Bytes-Out fields should reflect the transferred file size and some network overhead. Action: Result: Remove USB or PCMCIA smart card reader during the session The session is terminated in a two (2) second time period.

Alternatively a new accounting session is created after a successful handover and the old accounting session becomes terminated.5. Visited SP (b) is able to use CUI for the accounting purposes. Visited SP (b) sends the CUI back in the same format it was received (refer to the IR. 5.2. disconnect the WLAN card or switch off the Mobile Terminal (a). Handover Background: In case the user is moving from one AP’s coverage to another AP’s coverage the on-going accounting session may be altered.2. The Visited SP (b) must send back the CUI received in the authentication accept message back to the Home SP (a) in the format the Home SP (a) sent it. change your position so that a handover occurs. re-insert card or switch on the Mobile Terminal (a). MSISDN.GSM Association Official Document IR. check the Accounting session.3. CUI is solving this problem. Current accounting sessions may remain after the handover. Result: 5. Handover succeeds. Page 18 of 42 Result: Comments: V4. The wait time depends on the access controller configuration..3.1. Access should be denied to the user without a new login and the accounting session should be closed. because it does not recognise the real user and which identity would be usable with the existing inter-operator billing systems. Chargeable User Identity (CUI) Background: The usage of the pseudonym creates the accounting problem for the visited SP (b). Action: Result: Session is active.62 Non Confidential be big enough that interim message(s) are generated during this test.61 to see which packet may include CUI). Also verify that proxy-state attributes are logged and that the values are correct.4.3.2. Action: Implicit Logout Login with a valid Home SP (a) UICC card in Visited SP (b) network.. 5.) in an Access-Accept message. NAI. Action: Home SP (a) sends CUI to the Visited SP (b) in the predefined format (IMSI. Wait for set time. Verifying RADIUS Accounting Logs Action: Exchange RADIUS session logs of the accounting tests between Home SP (a) and Visited SP (b) Both accounting logs should have the same values in correct fields for the accounting tests. Service Failure Tests 5.0 . Result: 5.

4. Yes/No. 5. 5.5.4.1.0 .3.4. Action: Inactivity Logout Login with a valid Home SP (a) UICC in Visited SP (b) network and leave the Mobile Terminal (a) idle. Yes/No.4. The idle-timeout time depends on the used system. Test Evaluation  Accounting logs to be prepared to check that they match between all participants. These issues are mainly pointing to the 1X-client features. Yes/No. Successful Login Action: Result: The successful login is clearly displayed by the client after successful login. Action: Start Page Visited SP (b)’s start page appears after browser opening and/or session status might be seen in the EAP-AKA client. not so much to the Visited SP (b) network features. Normal accounting data should be generated after an automatic logout. Result: 5. Yes/No. An automatic logout should happen after a pre-determined time. 5.4. Logout Confirmation Action: Result: Logout confirmation is displayed after explicit and inactivity logouts.2. Action: Help Page Visited SP (b)’s help page (or link) is available on the start page of the Visited SP (b). Page 19 of 42 V4. User Experience Tests While conducting Access and Accounting tests. Result: Comments: 5.5.3.62 Non Confidential 5. Yes/No. 5. Action: Result: Unsuccessful Login An error message is displayed after an unsuccessful login in the client.4.2. Result: 5.GSM Association Official Document IR.4. some user experience related issues should also be checked.

GSM Association Official Document IR. 6. The Visited SP (b) has to collect RADIUS messages going to Home SP (a) network server for to be able to validate RADIUS accounting data. Realm functionality in each proxy  Accounting tests .  List of active/valid test accounts made available by the Home SP (a) to Visited SP (b) for testing purposes.1.21. Three (3) accounts to each roaming partner.Login procedure and authentication.  One barred user account provided to Visited SP (b) for the tests.  RADIUS configuration information shared (Realms. Invalid Password Action: Enter a valid Home SP (a) username and an invalid password to EAPTTLS client using the Visited SP (b) network. IP addresses of proxies.) 6. routing to correct server. EAP-TTLS Test Cases The Extensible Authentication Protocol . Valid Username. Result: V4.  Relevant system logs identified.0 Page 20 of 42 .1.1.  Service Failure tests  User Experience tests Pre-requisites for Username/Password Testing  A GSMA Wi-Fi Roaming Guidelines (PRD IR. Home SP (a) user should be denied access. Home SP (a) user should be granted access and get full network capabilities.Validating that RADIUS accounting logs match.1. An FTP location established from where a test file of a known size may be downloaded in data transfer testing. Access Tests 6. Result: 6. etc via IR.Tunnelled Transport Layer Security test cases are divided into four groups:  Access tests . version etc.2.62 Non Confidential    Analyse failures Produce Test Report: – Completed Test cases – Experiences – Problems – Solutions – Proposals The client used for the tests to be mentioned (name.61) compliant Wi-Fi roaming test environment implemented. RADIUS Shared Secret via secure means). Valid Roaming Authentication Action: Enter a valid Home SP (a) username and a valid password to EAP-TTLS client using the Visited SP (b) network.

3. Result: 6.62 Non Confidential 6. the transferred file should Page 21 of 42 Result: Comments: V4.2. the set time should be longer than the interim interval and interim message(s) should be generated during this test. Operator Determined Barring Background: The Home SP (a) decides which ODB ´s should stop the customer from using Wi-Fi (for example Barring of GPRS. Result: Comments: 6.1.0 . User access should be denied by the home SP (a). If Interim RADIUS accounting messages are used. The Home SP (a) removes Wi-Fi capability from a user at issue by sending Radius Change of Authorisation message. download a test file of a known size. or other kind / way of barring). Invalid Username Action: Enter an invalid username and password to EAP-TTLS client using the Visited SP (b) network. Subsequently. RADIUS Accounting Data Generation (Data Transferred) Action: Login with a valid Home SP (a) username in Visited SP (b) network. RADIUS accounting log Bytes-In and Bytes-Out fields should reflect the transferred file size and some network overhead. Barring of outgoing calls. logout after a set time period of time. upload a test file of known size. the next authentication should fail.2. and logout.5. Operator Determined Barring While Session Open Background: This feature requires RADIUS Change of Authorisation message implementation according to RFC 5176 on Core Network side as well as on the Access Network. User should be denied access. RADIUS accounting log should reflect the set time.1. Action: Enter a valid but barred Home SP (a) Username and a valid Password using the Visited SP (b) network. RADIUS Accounting Data Generation (Session Time) Action: Login with a valid Home SP (a) username in Visited SP (b) network.2. Action: Perform a successful authentication. Accounting Tests 6. If Interim RADIUS accounting messages are used.1.1.2. The session is closed and can not be re-established. Barring of Roaming.4. Result: 6. Result: 6.GSM Association Official Document IR.

Yes/No. The wait time depends on the access controller configuration.3. Access should be denied to the user without a new login and the accounting session should be closed.2. Result: 6. Normal accounting data should be generated after an automatic logout. and does not include the visited SP (b) network features.2. disconnect the WLAN card or switch off the Mobile Terminal (a).3.2. Result: 6. An automatic logout should happen after a pre-determined time.3. 6.GSM Association Official Document IR. Inactivity Logout Action: Login with a valid Home SP (a) username and password in Visited SP (b) network and leave the Mobile Terminal (a) idle. These issues are mainly pointing to the 1X-client features.4. Verifying RADIUS Accounting Logs Action: Exchange RADIUS session logs of the accounting tests between Home SP (a) and Visited SP (b) Both accounting logs should have the same values in the correct fields for the accounting tests. Page 22 of 42 Result: V4. Result: Comments: 6. Yes/No. User Experience Tests While conducting Access and Accounting tests. Action: Service Failure Tests Login with a valid Home SP (a) username in Visited SP (b) network. 6. 6.3.62 Non Confidential be big enough that the interim message(s) are generated during this test. Wait for set time.4.1.4. Help Page Action: Visited SP (b)’s help page (or link) is available on the start page of the visited SP (b). some user experience related issues should also be checked. Start Page Action: Visited SP (b)’s start page appears after the browser opening and/or session status might be seen in the EAP-TTLS client.0 .1. Implicit Logout Result: Comments: 6. Also verify that the proxy-state attributes are logged and that the values are correct. re-insert the card or switch on the Mobile Terminal (a). The idle-timeout time depends on the used system.

4. 6.5. Yes/No.4.0 Page 23 of 42 . Yes/No.5. Since the test cases are the same as with EAP-TTLS. EAP-TLS Test Cases EAP-TLS test cases are the same as for the EAP-TTLS. version etc. 6.62 Non Confidential 6. 6. V4. Yes/No.GSM Association Official Document IR.3. The only difference is that EAP-TLS requires a unique certificate to the test terminal.4. Unsuccessful Login Action: Result: An error message is displayed after an unsuccessful login in the client. Successful Login Action: Result: The successful login is clearly displayed by the client after successful login.4. those are not described here. Logout Confirmation Action: Result: Logout confirmation is displayed after explicit and inactivity logouts. Exchange of the certificates must be agreed between Home SP (a) and Visited SP (b) case by case. Test Evaluation  Accounting logs to be prepared to check that they match between all participants  Analyse failures  Produce Test Report: – Completed Test cases – Experiences – Problems – Solutions – Proposals  The client used for the tests to be mentioned (name.) 7.

0.0 January 17 .0 Date June 6 . 2002 June 7 . 92_028.62 Non Confidential Document Management Document History Version 0. 2002 August 22 . If you find any errors or omissions. You may notify us at prd@gsm.GSM Association Official Document IR. presented to Packet WP in Madrid (November 2002) Version after Packet WP ad-hoc in Düsseldorf Version after Packet WP Yokohama meeting (IREG Doc 026/03 Rev 1) Approved by EMC DAG documents 092_025.0 3. 92_027. please contact us with your comments.3 1.org Your comments or suggestions & questions are always welcome. 2002 September 19 . 2003 May 11 .0. 2012 th rd th th DAG 92 Jalkanen Tero/Keisala Ilkka/TeliaSon era Other Information Type Document Owner Editor / Company Description IREG Marko Onikki / TeliaSonera Feedback It is our intention to provide a quality product for your use. presented to IREG plenary in Singapore Version based on discussions and agreements in WLAN TF /(IREG) Singapore meeting (“version E”) Version approved by WLAN TF in Portland (“version F”).1. V4. 2002 September 27 .2. incorporated Approval Authority Editor / Company 3.0 3. 2003 February 11 .0 2. 92_026.0.1 3. 2003 April 23 .2 0. 2002 th th nd th th th Brief Description of Change First draft created in WLAN TF (“version A”) Version after WLAN TF Stockholm meeting (“version B”) Version after WLAN TF conference th call (4 of July) (“version C”) Version after WLAN TF conference call (“version D”).0 Page 24 of 42 . 4. 2002 July 4 .1 0.

Invalid Username Username Used in Test Date Start Time End Time Test Result (Pass/Fail) 1 Maximum 22 letters. however. User should be granted access and have full network capabilities.2. Valid Username.0 .1. 8. Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Enter valid roaming username and password Username should be in the proper format.1. Access Tests Valid Roaming Authentication Username Used in Test 8. Page 25 of 42 V4.GSM Association Official Document IR.3.62 Non Confidential APPENDIX A Wi-Fi SP Name: 1 Wi-Fi SP Country (Abbreviated according to ISO 3166): Testing Personnel’s Name: Test Execution Date: A. Invalid Password Username Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Enter valid roaming username and invalid password Access denied.1 Test Results for Username/Password 8. This field is only used for administrative purposes.1. No network access. 8.1. it must always be filled in order to identify the operator.1.

2. Home SP Testing Personnel should check that RADIUS logs correspond to values mentioned in this testing document. RADIUS Accounting Data Generation (Data Transferred) Username Used in Test Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) 2 Test Verification Result field is used for verifying test result against Home SP RADIUS messages.2.GSM Association Official Document IR. RADIUS Accounting Data Generation (Session Time) Username Used in Test Date Start Time End Time Test Result (Pass/Fail) Test Verification Result 2 Description Status/Comments/Expectations Login.4.2. The session should be cancelled automatically a pair of seconds later (quasi-online). Operator Determined Barring Username Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Enter a valid roaming username and password of an account that has been barred by Home SP (a) Access denied. When the session is open.2.5. 8.0 .1. Status/Comments/Expectations 8. Logoff after a set time Accounting logs should reflect the connection time.1. 8.1. Accounting Tests 8. 8.62 Description Status/Comments/Expectations Non Confidential Enter invalid roaming username and password Username should be in the proper format. User should be denied access and have no network capabilities. No network access. Page 26 of 42 V4. Operator Determined Barring While Session Open Username Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Enter a valid roaming username and password. the SP (a) should assign a barring to this subscriber using functionality according to RFC 5176.

3. verify that proxy-state attributes are logged and that values are correct. Status/Comments/Expectations 8. Implicit Logout Username Used in Test Start Time End Time Test Result (Pass/Fail) Test Verification Result2 Description Disconnect Wi-Fi card or turn off computer while connected. Absence time-out.3. Service Failure Tests 8.4. Verifying RADIUS Accounting Logs Username Used in Test Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) Test Verification Result2 Description Verify that both accounting logs have the same results for all of the accounting tests. 8.2. Session logs to be exchanged along with a copy of the test plan used (for username/time resolution per test). User Experience Tests 8. Login Page Username Used in Test Test Result (Yes/No) V4. Wait a set time.4. 8. Status/Comments/Expectations 8.GSM Association Official Document IR.1.0 Page 27 of 42 .3. Re-insert card or turn on computer.2.3. Inactivity Logout Username Used in Test Start Time End Time Test Result (Pass/Fail) Test Verification Result Description Status/Comments/Expectations The Wi-Fi connection is left idle. an automatic logoff should happen after a pre-determined time.62 Test Verification Result 2 Description Status/Comments/Expectations Non Confidential Login. download test file. Specially. upload test file and Logoff Bytes-In and Bytes-Out in Accounting Logs should be values which are approximately the size of the test file + some network overhead.1. Accounting should show a closed session and the user should have no network access.

4. 8.4.GSM Association Official Document IR. 8. Logout Confirmation Username Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Logout confirmation is displayed after explicit and inactivity logouts. Start Page Username Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Local Start-page and session window are displayed after successful login 8. Unsuccessful Login Username Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Error message shown after unsuccessful login. Help Page Username Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Help-page displayed by clicking on link at Login page.0 Page 28 of 42 . V4. Successful Login Username Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Logout method is clearly displayed after successful login.4.3.4.5.4.62 Description Status/Comments/Expectations Non Confidential User’s welcome page is displayed after association to network. 8.2.

User should be granted access and have full network capabilities. 9.1. 9.GSM Association Official Document IR.1. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Enter valid PIN code to the client. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Press fast re-authentication button or similar in the client. User should be granted access and have full network capabilities. Valid Roaming Authentication using pseudonym as identity SIM (IMSI.2.1.0 . This field is only used for administrative purposes.1. it must always be completed to identify the operator. Valid Roaming Authentication using fast re-authentication mechanism SIM (IMSI. Access Tests 9. 3 Maximum 22 letters. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Configure client to use pseudonym as an identity. Valid Roaming Authentication using IMSI as identity SIM (IMSI. User should be granted access and have full network capabilities.62 Non Confidential Wi-Fi SP Name: 3 Wi-Fi SP Country (Abbreviated according to ISO 3166): Testing Personnel’s Name: Test Execution Date: A.2 Test Results for EAP-SIM 9. Page 29 of 42 V4. Enter valid PIN code.3. however.1.

MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Move between 2 APs so that a handover occurs.0 Page 30 of 42 . 9. periodical re-authentication should happen.8. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Operator is barring the session while session is open. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Remove SIM-card during user session. The user access should be denied by SP (a). 9. check authentication type. User should be granted access and have full network capabilities. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations While session opens.1.1. This is up to SP (a) implementation.62 Non Confidential 9.1. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Operator Determined Barring The user access should be denied by Home SP (a).7. Handover succeeds.1.GSM Association Official Document IR. V4. Handover SIM (IMSI. Periodical re-authentication SIM (IMSI.6.4. 9. 9. Operator Determined Barring SIM (IMSI. Operator Determined Barring While Session Open SIM (IMSI. Removing SIM-Card During User Session SIM (IMSI.1.5.

Status/Comments/Expectations 9. Accounting logs should reflect the connection time.4. RADIUS Accounting Data Generation (Data Transferred) SIM (IMSI. Handover SIM (IMSI. 9. MSISDN) Used in Test Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) Test Verification Result Description Status/Comments/Expectations Login.2. Bytes-In and Bytes-Out in Accounting Logs should be values which are approximately the size of the test file + some network overhead. Home SP Testing Personnel should check that RADIUS logs correspond to values mentioned in this testing document. MSISDN) Used in Test Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) Test Verification Result Description Verify that both accounting logs have the same results for all of the accounting tests.2. Session logs to be exchanged along with a copy of the test plan used (for IMSI/MSISDN/time resolution per test).1.2. Page 31 of 42 V4.3. Verifying RADIUS Accounting Logs SIM (IMSI.2. 9. RADIUS Accounting Data Generation (Session Time) SIM (IMSI. Accounting Tests 9.GSM Association Official Document IR. Specially.2.2.62 Status/Comments/Expectations Non Confidential The session is terminated in time period of two (2) seconds.0 . verify that proxy-state attributes are logged and that values are correct. Logoff after a set time. upload test file and Logoff. 9. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Test Verification Result 4 Description Status/Comments/Expectations Login. download test file. MSISDN) Used in Test 4 Test Verification Result field is used for verifying test result against Home SP RADIUS messages.

or there may be two separate accounting sessions. MSISDN) Used in Test Start Time End Time Test Result (Pass/Fail) Test Verification Result Description Status/Comments/Expectations The Wi-Fi connection is left idle.62 Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) Test Verification Result Description Status/Comments/Expectations Non Confidential Move so that handover occurs during an open session. Wait a set time. Re-insert card or turn on computer.2.1. Inactivity Logout SIM (IMSI.3.GSM Association Official Document IR.3. MSISDN) Used in Test Start Time End Time Test Result (Pass/Fail) Test Verification Result Description Disconnect Wi-Wi card or turn off computer while connected.5. The user session continues. Status/Comments/Expectations 9. Chargeable User Identity (CUI) SIM (IMSI. MSISDN) Used in Test Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) Test Verification Result Description Status/Comments/Expectations Login with a valid SIM card Home SP (a) sends CUI to the Visited SP (b).3. Accounting should show a closed session and user should have no network access. Implicit Logout SIM (IMSI. Check that Visited SP (b) sends CUI back to the Home SP (a) in the same format it was received. an automatic logoff should happen after a pre-determined time.0 Page 32 of 42 . Service Failure Tests 9. 9. V4. Absence time-out.2. 9.

This might be related to the client features. MSISDN) Used in Test Test Result (Yes/No) Description Status/Comments/Expectations User’s welcome page is displayed after successful login and opening the browser. MSISDN) Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Logout confirmation is displayed after explicit and inactivity logouts by the client. Page 33 of 42 V4. Logout Confirmation SIM (IMSI. 9. MSISDN) Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Error message shown after unsuccessful login. Successful Login SIM (IMSI. however. 9.4. An error message is displayed after an unsuccessful login in the client. Start Page SIM (IMSI.0 .4.62 Non Confidential 9. This might be related to the client features.4. Help Page SIM (IMSI. This functionality is up to Visited SP (b) implementation. Unsuccessful Login SIM (IMSI. This field is only used for administrative purposes.3. Wi-Fi SP Name: 5 5 Maximum 22 letters.4.GSM Association Official Document IR.5. 9.4. This functionality is up to Visited SP (b) implementation.2. MSISDN) Used in Test Test Result (Yes/No) Description Status/Comments/Expectations The successful login is clearly displayed by the client after successful login. it must always be filled in in order to identify the operator. MSISDN) Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Help-page displayed by clicking on link at Login page. This might be related to the client features.1. User Experience Tests 9.4. 9.4.

2. User should be granted access and have full network capabilities. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Press fast re-authentication button or similar in the client.3 Test Results for EAP-AKA 10. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) V4.1.1. User should be granted access and have full network capabilities. Valid Roaming Authentication using IMSI as identity UICC (IMSI.0 Page 34 of 42 . Valid Roaming Authentication using fast re-authentication mechanism UICC (IMSI. Periodical re-authentication UICC (IMSI. User should be granted access and have full network capabilities.GSM Association Official Document IR. Valid Roaming Authentication using pseudonym as identity UICC (IMSI.62 Non Confidential Wi-Fi SP Country (Abbreviated according to ISO 3166): Testing Personnel’s Name: Test Execution Date: A.1. 10.3.4. 10. 10.1.1. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Configure client to use pseudonym as an identity. Enter valid PIN code.1. Access Tests 10. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Enter valid PIN code to the client.

check authentication type. This is up to SP (a) implementation. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Move between two (2) APs so that handover occurs. periodical re-authentication should happen.0 Page 35 of 42 . 10.6. Handover succeeds.1.1. The user access should be denied by Home SP (a). Operator Determined Barring UICC (IMSI. User should be granted access and have full network capabilities. V4. Handover UICC (IMSI. 10.8. 10. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Operator Determined Barring The user access should be denied by Home SP (a). MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Operator is barring the session while session is open.1.62 Description Status/Comments/Expectations Non Confidential While session opens.7. The session is terminated in time period of two (2) seconds. Operator Determined Barring While Session Open UICC (IMSI.GSM Association Official Document IR. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Remove SIM-card during user session. 10. Removing SIM-Card During User Session UICC (IMSI.1.5.

Session logs to be exchanged along with a copy of the test plan used (for IMSI/ MSISDN/time resolution per test). 10. 10. Accounting Tests 10. MSISDN) Used in Test Date Start Time End Time Volume (Amount of transferred data) 6 Test Verification Result field is used for verifying test result against Home SP RADIUS messages. Specially. MSISDN) Used in Test Date Start Time End Time Test Result (Pass/Fail) Test Verification Result 6 Description Status/Comments/Expectations Login.2. verify that proxy-state attributes are logged and that values are correct. RADIUS Accounting Data Generation (Session Time) UICC (IMSI.0 . upload test file and Logoff. download test file.2. Bytes-In and Bytes-Out in Accounting Logs should be values which are approximately the size of the test file + some network overhead. Home SP Testing Personnel should check that RADIUS logs correspond to values mentioned in this testing document. Status/Comments/Expectations 10.62 Non Confidential 10. MSISDN) Used in Test Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) Test Verification Result Description Status/Comments/Expectations Login.4. Handover UICC (IMSI.3. MSISDN) Used in Test Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) Test Verification Result Description Verify that both accounting logs have the same results for all of the accounting tests. Logoff after a set time Accounting logs should reflect the connection time.1.GSM Association Official Document IR.2.2. Page 36 of 42 V4.2. RADIUS Accounting Data Generation (Data Transferred) UICC (IMSI. Verifying RADIUS Accounting Logs UICC (IMSI.2.

2. The user session continues. User Experience Tests 10.4. Check that Visited SP (b) sends CUI back to the Home SP (a) in the same format it was received.4.3. Inactivity Logout UICC (IMSI. Re-insert card or turn on computer.5. MSISDN) Used in Test Test Result (Yes/No) Description User’s welcome page is displayed after successful login and opening the browser.62 Test Result (Pass/Fail) Test Verification Result Description Status/Comments/Expectations Non Confidential Move so that handover occurs during an open session. or there may be two separate accounting sessions. 10.1. Status/Comments/Expectations 10. Service Failure Tests 10.1. MSISDN) Used in Test Start Time End Time Test Result (Pass/Fail) Test Verification Result Description Disconnect Wireless LAN card or turn off computer while connected. V4. Help Page UICC (IMSI. Chargeable User Identity (CUI) UICC (IMSI. Absence time-out.3. MSISDN) Used in Test Start Time End Time Test Result (Pass/Fail) Test Verification Result Description Status/Comments/Expectations The Wi-Fi connection is left idle. Implicit Logout UICC (IMSI.2. 10.3.0 Page 37 of 42 . an automatic logoff should happen after a pre-determined time. MSISDN) Used in Test Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) Test Verification Result Description Status/Comments/Expectations Login with a valid SIM card. Wait a set time. 10. Home SP (a) sends CUI to the Visited SP (b). Accounting should show a closed session and user should have no network access.GSM Association Official Document IR.

4. 10. Successful Login UICC (IMSI.4.GSM Association Official Document IR. An error message is displayed after an unsuccessful login in the client. Logout Confirmation UICC (IMSI. This might be related to the client features.5.4.3. 10. This might be related to the client features.62 Status/Comments/Expectations Non Confidential This functionality is up to Visited SP (b) implementation. V4.4. This might be related to the client features. MSISDN) Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Logout confirmation is displayed after explicit and inactivity logouts by the client. Start Page UICC (IMSI. This functionality is up to Visited SP (b) implementation. MSISDN) Used in Test Test Result (Yes/No) Description Status/Comments/Expectations The successful login is clearly displayed by the client after successful login.2.0 Page 38 of 42 .4. Unsuccessful Login UICC (IMSI. 10. MSISDN) Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Help-page displayed by clicking on link at Login page. 10. MSISDN) Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Error message shown after unsuccessful login.

Username should be in the proper format. Username should be in the proper format. Page 39 of 42 V4.1.1. 11.4 Test Results for EAP-TTLS 11. User should be denied access and have no network capabilities.1.2. Invalid Password Username/Password Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Enter valid roaming username and invalid password. Valid Roaming Authentication Username/Password Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Enter valid roaming username and password.GSM Association Official Document IR.3. however. Valid Username. it must always be completed to identify the operator. This field is only used for administrative purposes. Access Tests 11. 7 Maximum 22 letters.1. No network access.62 Non Confidential Wi-Fi SP Name: 7 Wi-Fi SP Country (Abbreviated according to ISO 3166): Testing Personnel’s Name: Test Execution Date: A.1.0 . Invalid Username Username/Password Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Enter invalid roaming username and password. 11. Access denied. User should be granted access and have full network capabilities.

upload test file and Logoff.2.0 .2. 8 9. When the session is open.1. Page 40 of 42 V4.62 Non Confidential 11. 11. Accounting logs should reflect the connection time.2. RADIUS Accounting Data Generation (Data Transferred) Username/Password Used in Test Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) Test Verification Result9 Description Login.1. download test file.1. Test Verification Result field is used for verifying test result against Home SP RADIUS messages. 11 Test Verification Result field is used for verifying test result against Home SP RADIUS messages. No network access. Operator Determined Barring Username/Password Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Status/Comments/Expectations Enter a valid roaming username and password of an account that has been barred by Home SP (a).5. Operator Determined Barring While Session Open Username/Password Used in Test Date Start Time End Time Test Result (Pass/Fail) Description Enter a valid roaming username and password. Logoff after a set time.4. Status/Comments/Expectations 11. the SP (a) should assign a barring to this subscriber using functionality according to RFC 5176. Accounting Tests 11.2. Access denied. Home SP Testing Personnel should check that RADIUS logs correspond to values mentioned in this testing document. Home SP Testing Personnel should check that RADIUS logs correspond to values mentioned in this testing document. RADIUS Accounting Data Generation (Session Time) Username/Password Used in Test Date Start Time End Time Test Result (Pass/Fail) Test Verification Result 8 Description Status/Comments/Expectations Login.GSM Association Official Document IR. The session should be cancelled automatically a pair of seconds later (quasi-online). 11.

Session logs to be exchanged along with a copy of the test plan used (for username/time resolution per test).0 Page 41 of 42 . Status/Comments/Expectations 11. 11.3. Absence time-out. Help Page Username/Password Used in Test V4. an automatic logoff should happen after a pre-determined time. 11. Service Failure Tests 11.GSM Association Official Document IR.3.3.2. Accounting should show a closed session and user should have no network access. Implicit Logout Username/Password Used in Test Start Time End Time Test Result (Pass/Fail) Test Verification Result12 Description Disconnect Wireless LAN card or turn off computer while connected. Verifying RADIUS Accounting Logs Username/Password Used in Test Date Start Time End Time Volume (Amount of transferred data) Test Result (Pass/Fail) Test Verification Result10 Description Verify that both accounting logs have the same results for all of the accounting tests. Wait a set time.1.2.4.1. Re-insert card or turn on computer.3. Status/Comments/Expectations 11. Inactivity Logout Username/Password Used in Test Start Time End Time Test Result (Pass/Fail) Test Verification Result13 Description Status/Comments/Expectations The Wi-Fi connection is left idle.4. Specially.62 Status/Comments/Expectations Non Confidential Bytes-In and Bytes-Out in Accounting Logs should be values which are approximately the size of the test file + some network overhead. User Experience Tests 11. verify that proxy-state attributes are logged and that values are correct.

Logout Confirmation Username/Password Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Logout confirmation is displayed after explicit and inactivity logouts.4. 11.4.4.4. Unsuccessful Login Username/Password Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Error message shown after unsuccessful login. This functionality is up to Visited SP (b) implementation.0 Page 42 of 42 . 11.3. Successful Login Username/Password Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Logout method is clearly displayed after successful login.2. 11. 11. This functionality is up to Visited SP (b) implementation.4. Start Page Username/Password Used in Test Test Result (Yes/No) Description Status/Comments/Expectations Local Start-page and session window are displayed after successful login.5. This functionality is up to client feature.GSM Association Official Document IR. V4. This functionality is up to client feature.62 Test Result (Yes/No) Description Status/Comments/Expectations Non Confidential Help-page displayed by clicking on link at Start page. This functionality is up to client feature.