SWa (application id: –)

The SWa interface is a crucial component within the Diameter protocol, facilitating communication between an untrusted non-3GPP IP access network and the 3GPP AAA Server or Proxy. Its primary function is to manage the authentication and authorization processes for User Equipment (UE) attempting to connect to the Evolved Packet System (EPS) via these untrusted networks. This interface is essential in ensuring that only authorized devices can access the EPS, thereby maintaining the security and integrity of the network.

The SWa interface is specifically designed for scenarios involving untrusted non-3GPP IP access networks, where the security of the connection cannot be guaranteed. It operates using the Diameter protocol to exchange necessary authentication and authorization information between the untrusted access network and the 3GPP AAA Server or Proxy.

Key Features of the SWa Interface:

• Untrusted Network Context: The SWa interface is tailored for use in untrusted non-3GPP IP networks, where additional security measures are required to verify and authorize the UE before granting access to the EPS.
• Shared Diameter Application: The SWa interface uses the same Diameter application as the STa interface. During the initial authentication exchange, the 3GPP AAA Server determines the trust relationship between the Home Public Land Mobile Network (HPLMN) and the untrusted non-3GPP access network. This trust relationship influences the subsequent authentication and authorization process.
• Functionality: The SWa interface is used for authenticating and authorizing the UE and can also be used to transport charging-related information. The authentication procedure on the SWa interface involves Diameter EAP Request/Answer (DER/DEA) commands, which are common between the SWa and STa interfaces. The key difference is that SWa is applied in scenarios involving untrusted networks.

SWa interface workflow:

1. Authentication Request Initiation: When a UE attempts to access the EPS through an untrusted non-3GPP IP access network, the network sends an authentication request to the 3GPP AAA Server via the SWa interface.
2. Trust Relationship Assessment: The 3GPP AAA Server evaluates the trust relationship between the HPLMN and the untrusted non-3GPP access network. This assessment determines how the authentication process will proceed.
3. Authentication and Authorization Process: Based on the trust relationship, the 3GPP AAA Server either proceeds with the authentication and authorization of the UE or denies access. This step involves the exchange of Diameter messages (DER/DEA) containing the necessary authentication credentials.
4. Session Establishment: If the UE is successfully authenticated and authorized, a secure session is established between the UE and the EPS, allowing the UE to access network services.
5. Accounting and Session Management: Throughout the session, the SWa interface may also manage accounting information to track the UE's resource usage. This ensures compliance with the network's policies and can be used for billing and service management purposes.
6. Session Termination: Upon session completion or disconnection, the session is terminated, and relevant information is communicated back to the 3GPP AAA Server.

For complete technical specification of SWa interface in Diameter protocol please refer to: [3GPP TS 29.273]