Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAA: A Survey and a Policy- Based Architecture and Framework

Published byMagnus Richard Modified over 6 years ago

Similar presentations

Presentation on theme: "AAA: A Survey and a Policy- Based Architecture and Framework"— Presentation transcript:

1 AAA: A Survey and a Policy- Based Architecture and Framework
林谷泉

2 Outlines Introduction AAA Mechanisms The IRTF AAA Architecture
Problem Areas, Weaknesses, and Goals A Generic Policy-Based Architecture Conclusion Reference 2019/2/28 AAA

3 Introduction Commercialized services do need:
Authentication. Authorization. Charging, based on accounting processes. Furthermore, security-related issued issues about user and device mobility. The network of the near feature will be the multi-service Internet. Multiple cooperating domains. 2019/2/28 AAA

4 An Application Scenario
2019/2/28 AAA

5 AAA Mechanisms Authentication
Verification of the identify of a subject. Example: International Mobile Subscriber Identify (IMSI) in the SIM card. IP Address International Mobile Equipment Identity (IMEI) Medium Access Control (MAC) Address 2019/2/28 AAA

6 AAA Mechanisms (cont.) Classification of Authentication
Knowledge-based Cryptography-based Biometrics-based Secure-tokens-based 2019/2/28 AAA

7 AAA Mechanisms (cont.) Authorization Access Control Classification:
Authentication-based mechanisms Require authentication of the subject. Credential-based mechanisms Use trustworthy information (credentials) being held by subjects of an authorization. 2019/2/28 AAA

8 AAA Mechanisms (cont.) Accounting Two major tasks:
Collect data from metering systems. Aggregate and store these data in accounting records. An accounting policy which data has to be metered by a metering system? how often it is metered? How it is aggregated? Tele-communication: Call detail records (CDRs) Data-communication: IP detail records (IPDRs) 2019/2/28 AAA

9 AAA Protocols RADIUS The Remote Authentication Dial In User Service.
Designed for transferring authentication, authorization, and configuration data between a network access server (NAS) The RADIUS server itself can act as a client to other RADIUS server. Shortcomings: Protocol-Specific, Lower fault tolerance on UDP, Security Support in P2P. 2019/2/28 AAA

10 AAA Protocols (cont.) Diameter COPS
The protocol satisfies requirements of network access using different access technologies. COPS The Common Open Policy Service. It enables the exchange of policy information between a policy decision point (PDP) and policy enforcement points (PEPs). PEPs are clients, and a PDP acts as a server. 2019/2/28 AAA

11 AAA Protocols (cont.) SNMPv3
The Simple network Management Protocol Version 3 It proposes a new management model from v2. Authentication and authorization in application and content services. Application-independent protocols Secure Socket Layer (SSL) Application-specific protocols HTTP-Authentication Secure Shell (SSH) 2019/2/28 AAA

12 The IRTF AAA Architecture
Defined by The IRTF research group AAAArch. AAA Components Policy Repositories (PRs) Rule-Based engine (RBE) Service Equipment (SE) 2019/2/28 AAA

13 The IRTF AAA Architecture (cont.)
AAA Services Authorization Service Achieving a authorization decision to grant or deny a user’s request for services in an authorized session by setting up the SE and logging the session’s state. User authentication may be part of the authorization process, and the authentication information will be carried in the authorization request. Accounting Services Recording relevant accounting information obeying the authorization’s decision and the ongoing resource use of the authorized session. 2019/2/28 AAA

14 The IRTF AAA Architecture (cont.)
To offer AAA services, secured and trusted relationships between different AAA servers are necessary. Authentication between peer AAA servers is part of these services. 2019/2/28 AAA

15 The IRTF AAA Architecture (cont.)
AAA Architecture and Protocols Special AAA protocol Particular application Programming interface (API) or the AAA Protocol. (3) Depending on the PR’s implementation. (4) An application-specific protocol 2019/2/28 AAA

16 Problem Areas, Weaknesses, and Goals
The work is performed in isolation for shortened tasks and limited scenarios. Connectivity control through an NAS Content delivery control through a billing system. The IRTF’s AAA Architecture tries to resolve these restrictions. Building generic servers and ASMs. 2019/2/28 AAA

17 Problem Areas, Weaknesses, and Goals (cont.)
Functions of policy decision and policy enforcement are not separated clearly. Extensibility to functions beyond AAA, like charging an auditing, is complicated. The functionality of the ASM has not been defined completely. The inclusion of QoS-related, handover and paging support services has not been considered. 2019/2/28 AAA

18 A Generic Policy-Based Architecture
Three basic concepts for the framework Service separation Extended AAA point of view Partitioning of service levels New diversification Policy paradigm Reuse of existing work 2019/2/28 AAA

19 Service Separation 2019/2/28 AAA

20 Partitioning of Service Levels in and Internet Service Model
2019/2/28 AAA

21 A Generic Architecture
2019/2/28 AAA

22 Conclusion There is an increasing need for AAA services and services beyond AAA. The generic approach takes these aspects into account and clearly distinguishes between support services and user services. The Advantages Can offer apart data from metering from one provider to another. Providers can build systems on their own business palns. 2019/2/28 AAA

23 Reference C. Rensing, Hasan, M. Karsten, B. Stiller, AAA: A Survey and a Policy-Based Architecture and Framework, IEEE Network Nov/Dec 2002, pp 2019/2/28 AAA

Download ppt "AAA: A Survey and a Policy- Based Architecture and Framework"

Similar presentations

Authentication Authorization Accounting and Auditing

Authentication Authorization Accounting and Auditing
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Access Control Methodologies

Access Control Methodologies
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
DSL Access Architectures and Protocols. xDSL Architecture.

DSL Access Architectures and Protocols. xDSL Architecture.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV 16-22 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.

Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.

AAA-ARCH IRTF-RG Authentication Authorisation and Accounting ARCHitecture Research Group chairs: C. de Laat J. Vollbrecht Content of this talk has contributions.
Electronic Payment Billing for Internet Telephony and Services Edoardo Berera University of Nice Sophia Antipolis Telelinea 26 September 2001 Seminar on.

Electronic Payment Billing for Internet Telephony and Services Edoardo Berera University of Nice Sophia Antipolis Telelinea 26 September 2001 Seminar on.
IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht www.phys.uu.nl/~wwwfi/aaaarch RFC 2903,

IRTF - AAAARCH - RG Authentication Authorisation Accounting ARCHitecture RG chairs: C. de Laat and J. Vollbrecht RFC 2903,
2000/11/30Chin-Kai Wu, CS, NTHU1 A MIB For Video Server System Management David Robinson Don Hooper (Video Interactive Information Services Group, VIISG)

2000/11/30Chin-Kai Wu, CS, NTHU1 A MIB For Video Server System Management David Robinson Don Hooper (Video Interactive Information Services Group, VIISG)
Omniran-13-0032-04-0000 1 IEEE 802 Scope of OmniRAN Date: 2013-05-16 Authors: NameAffiliationPhone Max RiegelNSN+49 173 293

Omniran IEEE 802 Scope of OmniRAN Date: Authors: NameAffiliationPhone Max RiegelNSN
McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.

McGraw-Hill The McGraw-Hill Companies, Inc., 2000 SNMP Simple Network Management Protocol.
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:

Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id: 40112.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Similar presentations

Ads by Google