Proposal about Final Project Paper Title: AAA: A Survey

Download Report

Transcript Proposal about Final Project Paper Title: AAA: A Survey 

AAA: A Survey and a PolicyBased Architecture and
Framework
692430003
林谷泉
Outlines







Introduction
AAA Mechanisms
The IRTF AAA Architecture
Problem Areas, Weaknesses, and Goals
A Generic Policy-Based A x Architecture
Conclusion
Reference
2015/7/17
AAA
2
Introduction

Commercialized services do need:
Authentication.
 Authorization.
 Charging, based on accounting processes.
 Furthermore, security-related issued issues about
user and device mobility.


The network of the near feature will be the
multi-service Internet.

2015/7/17
Multiple cooperating domains.
AAA
3
An Application Scenario
2015/7/17
AAA
4
AAA Mechanisms
 Authentication
 Verification
of the identify of a subject.
 Example:
 International
Mobile Subscriber Identify
(IMSI) in the SIM card.
 IP Address
 International Mobile Equipment Identity
(IMEI)
 Medium Access Control (MAC) Address
2015/7/17
AAA
5
AAA Mechanisms (cont.)
 Classification
of Authentication
 Knowledge-based
 Cryptography-based
 Biometrics-based
 Secure-tokens-based
2015/7/17
AAA
6
AAA Mechanisms (cont.)
 Authorization
 Access
Control
 Classification:
 Authentication-based
mechanisms
 Require authentication of the subject.
 Credential-based mechanisms
 Use trustworthy information (credentials)
being held by subjects of an authorization.
2015/7/17
AAA
7
AAA Mechanisms (cont.)

Accounting
 Two
major tasks:
Collect data from metering systems.
 Aggregate and store these data in accounting records.

 An
accounting policy
which data has to be metered by a metering system?
 how often it is metered?
 How it is aggregated?

 Tele-communication:
Call detail records (CDRs)
 Data-communication: IP detail records (IPDRs)
2015/7/17
AAA
8
AAA Protocols

RADIUS
The Remote Authentication Dial In User Service.
 Designed for transferring authentication,
authorization, and configuration data between a
network access server (NAS)
 The RADIUS server itself can act as a client to
other RADIUS server.
 Shortcomings:


2015/7/17
Protocol-Specific, Lower fault tolerance on UDP, Security
Support in P2P.
AAA
9
AAA Protocols (cont.)

Diameter


The protocol satisfies requirements of network
access using different access technologies.
COPS
The Common Open Policy Service.
 It enables the exchange of policy information
between a policy decision point (PDP) and policy
enforcement points (PEPs).
 PEPs are clients, and a PDP acts as a server.

2015/7/17
AAA
10
AAA Protocols (cont.)

SNMPv3



The Simple network Management Protocol Version 3
It proposes a new management model from v2.
Authentication and authorization in application and
content services.

Application-independent protocols


Application-specific protocols


2015/7/17
Secure Socket Layer (SSL)
HTTP-Authentication
Secure Shell (SSH)
AAA
11
The IRTF AAA Architecture

Defined by The IRTF research group AAAArch.

AAA Components
Policy Repositories (PRs)
 Rule-Based engine (RBE)
 Service Equipment (SE)

2015/7/17
AAA
12
The IRTF AAA Architecture (cont.)

AAA Services

Authorization Service



Accounting Services

2015/7/17
Achieving a authorization decision to grant or deny a user’s request
for services in an authorized session by setting up the SE and logging
the session’s state.
User authentication may be part of the authorization process, and the
authentication information will be carried in the authorization request.
Recording relevant accounting information obeying the
authorization’s decision and the ongoing resource use of the
authorized session.
AAA
13
The IRTF AAA Architecture (cont.)

To offer AAA services, secured and trusted
relationships between different AAA servers are
necessary.

Authentication between peer AAA servers is
part of these services.
2015/7/17
AAA
14
The IRTF AAA Architecture (cont.)

AAA Architecture and Protocols
(1) Special AAA protocol
(2) Particular application
Programming interface
(API) or the AAA
Protocol.
(3) Depending on the PR’s
implementation.
(4) An application-specific
protocol
2015/7/17
AAA
15
Problem Areas, Weaknesses, and Goals

The work is performed in isolation for
shortened tasks and limited scenarios.
Connectivity control through an NAS
 Content delivery control through a billing system.


The IRTF’s AAA Architecture tries to resolve
these restrictions.

2015/7/17
Building generic servers and ASMs.
AAA
16
Problem Areas, Weaknesses, and Goals
(cont.)




Functions of policy decision and policy
enforcement are not separated clearly.
Extensibility to functions beyond AAA, like
charging an auditing, is complicated.
The functionality of the ASM has not been
defined completely.
The inclusion of QoS-related, handover and
paging support services has not been considered.
2015/7/17
AAA
17
A Generic Policy-Based
x
A Architecture

Three basic concepts for the framework

Service separation


Partitioning of service levels


New diversification
Policy paradigm

2015/7/17
Extended AAA point of view
Reuse of existing work
AAA
18
Service Separation
2015/7/17
AAA
19
Partitioning of Service Levels in and
Internet Service Model
2015/7/17
AAA
20
x
A Generic A Architecture
2015/7/17
AAA
21
Conclusion



There is an increasing need for AAA services and
services beyond AAA.
The generic A x approach takes these aspects into
account and clearly distinguishes between support
services and user services.
The Advantages


2015/7/17
Can offer apart data from metering from one provider to
another.
Providers can build systems on their own business palns.
AAA
22
Reference

C. Rensing, Hasan, M. Karsten, B. Stiller, AAA:
A Survey and a Policy-Based Architecture and
Framework, IEEE Network Nov/Dec 2002, pp.
22-27.
2015/7/17
AAA
23