Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,"— Presentation transcript:

1 Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu, john.strassner}@motorola.com

2 Ubiquitous Access Control Workshop 2 7/17/06 Content Motivation and AAA Requirements Limitations of Existing AAA for Converged Networks Novel AAA Architecture –AAA Framework –RBAC Models –Common Authentication Framework Conclusion and Future Work

3 Ubiquitous Access Control Workshop 3 7/17/06 Motivation Heterogeneous Networks are converging to Provide IP Services –Heterogeneous Access Technology Wireless Local Access: 802.11, 802.16, HyperLAN, Bluetooth Cellular Access: GSM, GPRS, CDMA, UMTS Broadband Service to Home: fiber, cable, Ethernet, xDSL, or WiMax –Not only access providers but also application or content providers –Heterogeneous administrative domains AAA Is Essential and Complex in Inter-working Between Heterogeneous Networks

4 Ubiquitous Access Control Workshop 4 7/17/06 Requirements of AAA for Converged Networks Inter-working with various types of providers. Respect each administrative domain’s policies Support various applications based on context, user profile and policies Common framework to facilitate reuse Minimized design, development and deployment cost

5 Ubiquitous Access Control Workshop 5 7/17/06 Existing AAA Solutions for Converged Networks Framework: EAP-RADIUS Protocols: EAP-TLS, EAP-AKA, EAP-SIM …

6 Ubiquitous Access Control Workshop 6 7/17/06 Limitations of Existing AAA Solutions for Converged Networks Do not have flexible authorization element considering heterogeneous domain policies Do not enable support for future applications based on context, user profile etc. Do not accommodate heterogeneous system, protocol, method, credential requirements –EAP support in native IP wireless networks like WLAN –WiMax requires certificate based authentication method while UMTS requires shared-secret based authentication method.

7 Ubiquitous Access Control Workshop 7 7/17/06 A Novel AAA Architecture Proposing a modeling based AAA architecture –Generic framework that can be mapped to different networks and devices –Each domain’s security policies can be ensured –Heterogeneous policies, credentials and protocols can be accommodated.

8 Ubiquitous Access Control Workshop 8 7/17/06 The New AAA System AAA server is no longer a traditional Radius server AAA interacts with context server, identification server, and policy server AAA Protocols to use may include Radius, Diameter, mobile IP etc.

9 Ubiquitous Access Control Workshop 9 7/17/06 Authentication Protocol Mapping Authentication Protocol Mapping Method 1: EAP-xxx for all –All networks equip with EAP controller –All devices send only EAP authentication requests –All authentication protocols are encapsulated in EAP and RADIUS messages –Always use home network’s authentication method

10 Ubiquitous Access Control Workshop 10 7/17/06 Authentication Protocol Mapping (Cont.) Method 2: A common authentication framework –Different authentication request/reply will be mapped to the common framework –Devices do not have to be changed –Example common authentication framework is IKEv2 authentication part MS(mobile station) AAA server ------------------------> ID, scheme (sym or asym), [cert], auth data [key] <--------------------- ID, scheme, [cert], auth data [key]

11 Ubiquitous Access Control Workshop 11 7/17/06 AAA models Business view models –Focus on access control models. System view models –Include specific authentication, authorization mechanisms, mobility management, context, policy, profiles, and identification.

12 Ubiquitous Access Control Workshop 12 7/17/06 RBAC Access Control Models Propose enhanced notion of role-based access control (RBAC) for inter-working between providers Simplified management of individual entities by assigning roles based on business functions

13 Ubiquitous Access Control Workshop 13 7/17/06 RBAC Control of Resource

14 Ubiquitous Access Control Workshop 14 7/17/06 Conclusion Future Work Novel AAA architecture –Support heterogeneous provider inter-working –Support both coalition or spontaneous accesses –Support various application for inter-working –Facilitate reuse –Minimize development and deployment cost Future Work –Refine Models –Design automatic mapping techniques –Prototype

15 Ubiquitous Access Control Workshop 15 7/17/06 The End Thank You! Questions???

16 Ubiquitous Access Control Workshop 16 7/17/06 Backup Slides

17 Ubiquitous Access Control Workshop 17 7/17/06 Logical Resource

18 Ubiquitous Access Control Workshop 18 7/17/06 Logical Resource

19 Ubiquitous Access Control Workshop 19 7/17/06

Download ppt "Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,"

Similar presentations

Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Always Best Connected Architecture and Design Rajesh Mishra Ericsson Berkeley Wireless Center.

Always Best Connected Architecture and Design Rajesh Mishra Ericsson Berkeley Wireless Center.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
PROF. MAULIK PATEL CED, GPERI Mobile Computing Gujarat Power Engineering and Research Institute 1 Prepared By: Prof. Maulik Patel.

PROF. MAULIK PATEL CED, GPERI Mobile Computing Gujarat Power Engineering and Research Institute 1 Prepared By: Prof. Maulik Patel.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
Introduction to Unlicensed Mobile Access. Contents Basic Concept Operation Overview Major Advantages.

Introduction to Unlicensed Mobile Access. Contents Basic Concept Operation Overview Major Advantages.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
Requirements for Internet Access in Public Places Anand Balachandran University of California, San Diego

Requirements for Internet Access in Public Places Anand Balachandran University of California, San Diego
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
Network Initiated Handovers T. Melia, J. Korhonen, R. Aguiar, S. Sreemanthula, V. Gupta Based on draft-melia-mipshop-niho-ps-00.

Network Initiated Handovers T. Melia, J. Korhonen, R. Aguiar, S. Sreemanthula, V. Gupta Based on draft-melia-mipshop-niho-ps-00.
Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.

Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.

1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.
Peer WLAN Consortium: A P2P Case Study Mobile Multimedia Laboratory Department of Informatics Athens University of Economics & Business Athens MMAPPS Meeting,

Peer WLAN Consortium: A P2P Case Study Mobile Multimedia Laboratory Department of Informatics Athens University of Economics & Business Athens MMAPPS Meeting,
Secure Authentication System for Public WLAN Roaming Ana Sanz Merino Yasuhiko Matsunaga Manish Shah Takashi Suzuki Randy Katz.

Secure Authentication System for Public WLAN Roaming Ana Sanz Merino Yasuhiko Matsunaga Manish Shah Takashi Suzuki Randy Katz.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Similar presentations

Ads by Google