Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAA: A Survey and a Policy- Based Architecture and Framework

Similar presentations


Presentation on theme: "AAA: A Survey and a Policy- Based Architecture and Framework"— Presentation transcript:

1 AAA: A Survey and a Policy- Based Architecture and Framework
林谷泉

2 Outlines Introduction AAA Mechanisms The IRTF AAA Architecture
Problem Areas, Weaknesses, and Goals A Generic Policy-Based Architecture Conclusion Reference 2019/2/28 AAA

3 Introduction Commercialized services do need:
Authentication. Authorization. Charging, based on accounting processes. Furthermore, security-related issued issues about user and device mobility. The network of the near feature will be the multi-service Internet. Multiple cooperating domains. 2019/2/28 AAA

4 An Application Scenario
2019/2/28 AAA

5 AAA Mechanisms Authentication
Verification of the identify of a subject. Example: International Mobile Subscriber Identify (IMSI) in the SIM card. IP Address International Mobile Equipment Identity (IMEI) Medium Access Control (MAC) Address 2019/2/28 AAA

6 AAA Mechanisms (cont.) Classification of Authentication
Knowledge-based Cryptography-based Biometrics-based Secure-tokens-based 2019/2/28 AAA

7 AAA Mechanisms (cont.) Authorization Access Control Classification:
Authentication-based mechanisms Require authentication of the subject. Credential-based mechanisms Use trustworthy information (credentials) being held by subjects of an authorization. 2019/2/28 AAA

8 AAA Mechanisms (cont.) Accounting Two major tasks:
Collect data from metering systems. Aggregate and store these data in accounting records. An accounting policy which data has to be metered by a metering system? how often it is metered? How it is aggregated? Tele-communication: Call detail records (CDRs) Data-communication: IP detail records (IPDRs) 2019/2/28 AAA

9 AAA Protocols RADIUS The Remote Authentication Dial In User Service.
Designed for transferring authentication, authorization, and configuration data between a network access server (NAS) The RADIUS server itself can act as a client to other RADIUS server. Shortcomings: Protocol-Specific, Lower fault tolerance on UDP, Security Support in P2P. 2019/2/28 AAA

10 AAA Protocols (cont.) Diameter COPS
The protocol satisfies requirements of network access using different access technologies. COPS The Common Open Policy Service. It enables the exchange of policy information between a policy decision point (PDP) and policy enforcement points (PEPs). PEPs are clients, and a PDP acts as a server. 2019/2/28 AAA

11 AAA Protocols (cont.) SNMPv3
The Simple network Management Protocol Version 3 It proposes a new management model from v2. Authentication and authorization in application and content services. Application-independent protocols Secure Socket Layer (SSL) Application-specific protocols HTTP-Authentication Secure Shell (SSH) 2019/2/28 AAA

12 The IRTF AAA Architecture
Defined by The IRTF research group AAAArch. AAA Components Policy Repositories (PRs) Rule-Based engine (RBE) Service Equipment (SE) 2019/2/28 AAA

13 The IRTF AAA Architecture (cont.)
AAA Services Authorization Service Achieving a authorization decision to grant or deny a user’s request for services in an authorized session by setting up the SE and logging the session’s state. User authentication may be part of the authorization process, and the authentication information will be carried in the authorization request. Accounting Services Recording relevant accounting information obeying the authorization’s decision and the ongoing resource use of the authorized session. 2019/2/28 AAA

14 The IRTF AAA Architecture (cont.)
To offer AAA services, secured and trusted relationships between different AAA servers are necessary. Authentication between peer AAA servers is part of these services. 2019/2/28 AAA

15 The IRTF AAA Architecture (cont.)
AAA Architecture and Protocols Special AAA protocol Particular application Programming interface (API) or the AAA Protocol. (3) Depending on the PR’s implementation. (4) An application-specific protocol 2019/2/28 AAA

16 Problem Areas, Weaknesses, and Goals
The work is performed in isolation for shortened tasks and limited scenarios. Connectivity control through an NAS Content delivery control through a billing system. The IRTF’s AAA Architecture tries to resolve these restrictions. Building generic servers and ASMs. 2019/2/28 AAA

17 Problem Areas, Weaknesses, and Goals (cont.)
Functions of policy decision and policy enforcement are not separated clearly. Extensibility to functions beyond AAA, like charging an auditing, is complicated. The functionality of the ASM has not been defined completely. The inclusion of QoS-related, handover and paging support services has not been considered. 2019/2/28 AAA

18 A Generic Policy-Based Architecture
Three basic concepts for the framework Service separation Extended AAA point of view Partitioning of service levels New diversification Policy paradigm Reuse of existing work 2019/2/28 AAA

19 Service Separation 2019/2/28 AAA

20 Partitioning of Service Levels in and Internet Service Model
2019/2/28 AAA

21 A Generic Architecture
2019/2/28 AAA

22 Conclusion There is an increasing need for AAA services and services beyond AAA. The generic approach takes these aspects into account and clearly distinguishes between support services and user services. The Advantages Can offer apart data from metering from one provider to another. Providers can build systems on their own business palns. 2019/2/28 AAA

23 Reference C. Rensing, Hasan, M. Karsten, B. Stiller, AAA: A Survey and a Policy-Based Architecture and Framework, IEEE Network Nov/Dec 2002, pp 2019/2/28 AAA


Download ppt "AAA: A Survey and a Policy- Based Architecture and Framework"

Similar presentations


Ads by Google