Presentation is loading. Please wait.

Presentation is loading. Please wait.

AIMS’99 Workshop Heidelberg, 11-12 May 1999 P805: Internet Roaming Giuseppe Sisto - Telecom Italia / CSELT Project participants:

Published byHilary Fleming Modified over 9 years ago

Similar presentations

Presentation on theme: "AIMS’99 Workshop Heidelberg, 11-12 May 1999 P805: Internet Roaming Giuseppe Sisto - Telecom Italia / CSELT Project participants:"— Presentation transcript:

1 AIMS’99 Workshop Heidelberg, 11-12 May 1999 P805: Internet Roaming Giuseppe Sisto - Telecom Italia / CSELT giuseppe.sisto@cselt.it Project participants: Deutsche Telecom Finnet Group France Telecom MATAV Telecom Italia

2 AIMS’99 Workshop Heidelberg, 11-12 May 1999 Scope Objectives Technical approach P805 results P914 expected results AGENDA

3 AIMS’99 Workshop Heidelberg, 11-12 May 1999 The Scope (from P717) Multiple ISPs in each country Problem similar to GSM roaming Same model for roaming solution Based on bilateral agreements between parties No central clearing point Distributed solution: Scaleable and robust

4 AIMS’99 Workshop Heidelberg, 11-12 May 1999 Roaming Service Reference Model Home ISP’s Roaming User Traditional, Centralized Solution: 3rd Party Clearing Point Traditional, Centralized Solution: 3rd Party Clearing Point P805 Solution: Direct A-A Interface The Internet Remote ISP Home ISP Authentication Server for Remote ISP NAS: Network Access Service Authentication Server for Home ISP

5 AIMS’99 Workshop Heidelberg, 11-12 May 1999 Terminal-network interface: –should work for PSTN and ISDN –should work for most common devices and configurations Network-network interface (A-A protocol) –should allow transport of all necessary parameters –should be secure (encryption, mutual validation) –should run over IP Compatible with existing third party solutions The Requirements

6 AIMS’99 Workshop Heidelberg, 11-12 May 1999 The Possible Solutions The solutions examined HTTP based RADIUS Based DIAMETER RADIUS/LDAP Integration

7 AIMS’99 Workshop Heidelberg, 11-12 May 1999 HTTP-based Solution SIR: Secure Internet Roaming specification (i-Pass consortium) good security level (use of encryption and digital certificates) based on a “centralized” model (MSS= Message Switching Server): out of our scope Home ISP (H-ISP) NAS RSAP Remote ISP (R-ISP) H-ISP’s Roaming User MSS VNAS Authorizing entity Encrypted communication with HTTP on SSL PPP with CHAP

8 AIMS’99 Workshop Heidelberg, 11-12 May 1999 RADIUS-based Solution No end-to-end security in case of untrusted intermediate proxies Protocol not extensible: need for a new protocol Home ISP (H-ISP) NAS Remote ISP (R-ISP) AAA-Server (RADIUS) H-ISP’s Roaming User AAA-Server (RADIUS) Intermediate ISP (I-ISP) AAA-Server (RADIUS) PPP with CHAP

9 AIMS’99 Workshop Heidelberg, 11-12 May 1999 RADIUS Protocol DIAMETER Protocol Home ISP (H-ISP) NAS H-ISP’s Roaming User DIAMETER (proxy) Server PPP with CHAP DIAMETER (proxy) Server Remote ISP (R-ISP) DIAMETER Framework for any service which requires AAA/Policy support flexible/ extensible Wide range of security solutions (including X.509 certificates) Roaming scenario not yet available in ‘98 Only one “experimental” implementation from Merit Not yet officially recognized by IETF

10 AIMS’99 Workshop Heidelberg, 11-12 May 1999 A Directory Enabled Solution Directory Enabled Networks: a single common directory to support all applications, services and infrastructure Directory Service Directory Service E-mail Network Operating System Network Operating System Other Applications Other Applications LDAP v. 3 (Lightweight Directory Access Protocol): IETF standard for Internet Directories (RFC2251) Client/Server Model, Distributed Service, Security Framework (Access Control / TLS / SASL)

11 AIMS’99 Workshop Heidelberg, 11-12 May 1999 LDAP-based roaming model H-ISP Roaming User RADIUS Server LDAP Client R-ISP LDAP Server 2. Referral to H-ISP LDAP server 1. LDAP Inquiry AAA Server NAS UserID@H-ISP Password Remote ISP (R-ISP) H-ISP LDAP Server 3. Inquiry to H-ISP LDAP Server Home ISP (H-ISP) RADIUS

12 AIMS’99 Workshop Heidelberg, 11-12 May 1999 Directory information modeling (referral entry) Uid=ISPnAuthorisedUser ISP1 O = ISP1 (i.e. o=TIN.IT) Uid=ISP1User 1 Uid=ISP1User 2 Uid=ISP1User N O=ISP2 (referral entry) O=ISP n “... ….... O=ISP1AdminUsers Pointers to other ISPs’ LDAP servers

13 AIMS’99 Workshop Heidelberg, 11-12 May 1999 The Pilot

14 AIMS’99 Workshop Heidelberg, 11-12 May 1999 Implementation description Merit AAA Server (basic version) Netscape Directory Server Project Development of RADIUS/LDAP gateway Set up of a Certification Authority to issue X.509 certificates for the use of SSL (sn=SIRTE CA,o=CSELT, c=IT)

15 AIMS’99 Workshop Heidelberg, 11-12 May 1999 The Trials Functionality tests ­whole chain from roaming end-user to home ISP’s directory server Performance tests ­local access vs. remote access of a user ­secure connections vs. non secure connections between LDAP servers ­influence of DB size “Near Operational” tests ­All participants simultaneously authenticating themselves both locally and remotely over a period of time

16 AIMS’99 Workshop Heidelberg, 11-12 May 1999 Results from the Trials Functionality tests: the model works! Performance tests ­Local access:  non-secure connections: delay of few tenths of a second  secure connections: delay of ~ 1/3 vs. non secure  no influence of DB size ­Remote access  network delay of few seconds: the delay introduced by use of SSL not relevant. “Near Operational” tests: influenced by network conditions

17 AIMS’99 Workshop Heidelberg, 11-12 May 1999 Recommendations from the Pilot ISPs:  before signing contracts for centralised solutions with third party providers, first identify the participation costs to the consortia;  do not sign “exclusive” contracts for centralised solutions with third party providers; keep the possibility to offer at the same time a de-centralised solution!  keep under observation the research activity, which may provide important innovations the near future,

18 AIMS’99 Workshop Heidelberg, 11-12 May 1999 P914: Study and Trials for Internet Roaming in Europe Two new participants: Portugal Telecom and Telefonica España  Enhancements to the Roaming Solution: management aspects, accounting mechanisms, security, directory phonebook  Client Interface for Roaming users  Support DIAMETER work; development and trial of a DIAMETER- based roaming solution (EURESCOM now member of Merit AAA consortium, members active participants to IETF Roamops and AAA Groups). Scope & Activities

Download ppt "AIMS’99 Workshop Heidelberg, 11-12 May 1999 P805: Internet Roaming Giuseppe Sisto - Telecom Italia / CSELT Project participants:"

Similar presentations

Authentication.

Authentication.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.

URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
Security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
AIMS Workshop Heidelberg, 9-11 March 1998 1/20 A Telecom and IP Project from ETSI Gerald Meyer

AIMS Workshop Heidelberg, 9-11 March /20 A Telecom and IP Project from ETSI Gerald Meyer
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,

History Since created in 1995, RADIUS has been used to provide authentication, authorization and generate accounting information for dial-in users. However,
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Peer WLAN Consortium: A P2P Case Study Mobile Multimedia Laboratory Department of Informatics Athens University of Economics & Business Athens MMAPPS Meeting,

Peer WLAN Consortium: A P2P Case Study Mobile Multimedia Laboratory Department of Informatics Athens University of Economics & Business Athens MMAPPS Meeting,
Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.

Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Remote Networking Architectures

Remote Networking Architectures
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.

Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

Similar presentations

Ads by Google