Proposal about Final Project Paper Title: AAA: A Survey
Download
Report
Transcript Proposal about Final Project Paper Title: AAA: A Survey
AAA: A Survey and a PolicyBased Architecture and
Framework
692430003
林谷泉
Outlines
Introduction
AAA Mechanisms
The IRTF AAA Architecture
Problem Areas, Weaknesses, and Goals
A Generic Policy-Based A x Architecture
Conclusion
Reference
2015/7/17
AAA
2
Introduction
Commercialized services do need:
Authentication.
Authorization.
Charging, based on accounting processes.
Furthermore, security-related issued issues about
user and device mobility.
The network of the near feature will be the
multi-service Internet.
2015/7/17
Multiple cooperating domains.
AAA
3
An Application Scenario
2015/7/17
AAA
4
AAA Mechanisms
Authentication
Verification
of the identify of a subject.
Example:
International
Mobile Subscriber Identify
(IMSI) in the SIM card.
IP Address
International Mobile Equipment Identity
(IMEI)
Medium Access Control (MAC) Address
2015/7/17
AAA
5
AAA Mechanisms (cont.)
Classification
of Authentication
Knowledge-based
Cryptography-based
Biometrics-based
Secure-tokens-based
2015/7/17
AAA
6
AAA Mechanisms (cont.)
Authorization
Access
Control
Classification:
Authentication-based
mechanisms
Require authentication of the subject.
Credential-based mechanisms
Use trustworthy information (credentials)
being held by subjects of an authorization.
2015/7/17
AAA
7
AAA Mechanisms (cont.)
Accounting
Two
major tasks:
Collect data from metering systems.
Aggregate and store these data in accounting records.
An
accounting policy
which data has to be metered by a metering system?
how often it is metered?
How it is aggregated?
Tele-communication:
Call detail records (CDRs)
Data-communication: IP detail records (IPDRs)
2015/7/17
AAA
8
AAA Protocols
RADIUS
The Remote Authentication Dial In User Service.
Designed for transferring authentication,
authorization, and configuration data between a
network access server (NAS)
The RADIUS server itself can act as a client to
other RADIUS server.
Shortcomings:
2015/7/17
Protocol-Specific, Lower fault tolerance on UDP, Security
Support in P2P.
AAA
9
AAA Protocols (cont.)
Diameter
The protocol satisfies requirements of network
access using different access technologies.
COPS
The Common Open Policy Service.
It enables the exchange of policy information
between a policy decision point (PDP) and policy
enforcement points (PEPs).
PEPs are clients, and a PDP acts as a server.
2015/7/17
AAA
10
AAA Protocols (cont.)
SNMPv3
The Simple network Management Protocol Version 3
It proposes a new management model from v2.
Authentication and authorization in application and
content services.
Application-independent protocols
Application-specific protocols
2015/7/17
Secure Socket Layer (SSL)
HTTP-Authentication
Secure Shell (SSH)
AAA
11
The IRTF AAA Architecture
Defined by The IRTF research group AAAArch.
AAA Components
Policy Repositories (PRs)
Rule-Based engine (RBE)
Service Equipment (SE)
2015/7/17
AAA
12
The IRTF AAA Architecture (cont.)
AAA Services
Authorization Service
Accounting Services
2015/7/17
Achieving a authorization decision to grant or deny a user’s request
for services in an authorized session by setting up the SE and logging
the session’s state.
User authentication may be part of the authorization process, and the
authentication information will be carried in the authorization request.
Recording relevant accounting information obeying the
authorization’s decision and the ongoing resource use of the
authorized session.
AAA
13
The IRTF AAA Architecture (cont.)
To offer AAA services, secured and trusted
relationships between different AAA servers are
necessary.
Authentication between peer AAA servers is
part of these services.
2015/7/17
AAA
14
The IRTF AAA Architecture (cont.)
AAA Architecture and Protocols
(1) Special AAA protocol
(2) Particular application
Programming interface
(API) or the AAA
Protocol.
(3) Depending on the PR’s
implementation.
(4) An application-specific
protocol
2015/7/17
AAA
15
Problem Areas, Weaknesses, and Goals
The work is performed in isolation for
shortened tasks and limited scenarios.
Connectivity control through an NAS
Content delivery control through a billing system.
The IRTF’s AAA Architecture tries to resolve
these restrictions.
2015/7/17
Building generic servers and ASMs.
AAA
16
Problem Areas, Weaknesses, and Goals
(cont.)
Functions of policy decision and policy
enforcement are not separated clearly.
Extensibility to functions beyond AAA, like
charging an auditing, is complicated.
The functionality of the ASM has not been
defined completely.
The inclusion of QoS-related, handover and
paging support services has not been considered.
2015/7/17
AAA
17
A Generic Policy-Based
x
A Architecture
Three basic concepts for the framework
Service separation
Partitioning of service levels
New diversification
Policy paradigm
2015/7/17
Extended AAA point of view
Reuse of existing work
AAA
18
Service Separation
2015/7/17
AAA
19
Partitioning of Service Levels in and
Internet Service Model
2015/7/17
AAA
20
x
A Generic A Architecture
2015/7/17
AAA
21
Conclusion
There is an increasing need for AAA services and
services beyond AAA.
The generic A x approach takes these aspects into
account and clearly distinguishes between support
services and user services.
The Advantages
2015/7/17
Can offer apart data from metering from one provider to
another.
Providers can build systems on their own business palns.
AAA
22
Reference
C. Rensing, Hasan, M. Karsten, B. Stiller, AAA:
A Survey and a Policy-Based Architecture and
Framework, IEEE Network Nov/Dec 2002, pp.
22-27.
2015/7/17
AAA
23