1 / 23

AAA Survey and Policy Framework

This paper explores the AAA architecture and mechanisms, focusing on authentication, authorization, and accounting processes in the context of network services. It discusses problem areas, weaknesses, and goals, proposing a generic policy-based architecture to address these issues. The document covers various AAA protocols such as RADIUS, Diameter, and SNMPv3, as well as the IRTF AAA architecture components and services. The text highlights the importance of secure and trusted relationships among AAA servers and outlines challenges and future goals for enhancing AAA systems.

Download Presentation

AAA Survey and Policy Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AAA: A Survey and a Policy- Based Architecture and Framework 692430003 林谷泉

  2. Outlines • Introduction • AAA Mechanisms • The IRTF AAA Architecture • Problem Areas, Weaknesses, and Goals • A Generic Policy-Based Architecture • Conclusion • Reference AAA

  3. Introduction • Commercialized services do need: • Authentication. • Authorization. • Charging, based on accounting processes. • Furthermore, security-related issued issues about user and device mobility. • The network of the near feature will be the multi-service Internet. • Multiple cooperating domains. AAA

  4. An Application Scenario AAA

  5. AAA Mechanisms • Authentication • Verification of the identify of a subject. • Example: • International Mobile Subscriber Identify (IMSI) in the SIM card. • IP Address • International Mobile Equipment Identity (IMEI) • Medium Access Control (MAC) Address AAA

  6. AAA Mechanisms (cont.) • Classification of Authentication • Knowledge-based • Cryptography-based • Biometrics-based • Secure-tokens-based AAA

  7. AAA Mechanisms (cont.) • Authorization • Access Control • Classification: • Authentication-based mechanisms • Require authentication of the subject. • Credential-based mechanisms • Use trustworthy information (credentials) being held by subjects of an authorization. AAA

  8. AAA Mechanisms (cont.) • Accounting • Two major tasks: • Collect data from metering systems. • Aggregate and store these data in accounting records. • An accounting policy • which data has to be metered by a metering system? • how often it is metered? • How it is aggregated? • Tele-communication: Call detail records (CDRs) • Data-communication: IP detail records (IPDRs) AAA

  9. AAA Protocols • RADIUS • The Remote Authentication Dial In User Service. • Designed for transferring authentication, authorization, and configuration data between a network access server (NAS) • The RADIUS server itself can act as a client to other RADIUS server. • Shortcomings: • Protocol-Specific, Lower fault tolerance on UDP, Security Support in P2P. AAA

  10. AAA Protocols (cont.) • Diameter • The protocol satisfies requirements of network access using different access technologies. • COPS • The Common Open Policy Service. • It enables the exchange of policy information between a policy decision point (PDP) and policy enforcement points (PEPs). • PEPs are clients, and a PDP acts as a server. AAA

  11. AAA Protocols (cont.) • SNMPv3 • The Simple network Management Protocol Version 3 • It proposes a new management model from v2. • Authentication and authorization in application and content services. • Application-independent protocols • Secure Socket Layer (SSL) • Application-specific protocols • HTTP-Authentication • Secure Shell (SSH) AAA

  12. The IRTF AAA Architecture • Defined by The IRTF research group AAAArch. • AAA Components • Policy Repositories (PRs) • Rule-Based engine (RBE) • Service Equipment (SE) AAA

  13. The IRTF AAA Architecture (cont.) • AAA Services • Authorization Service • Achieving a authorization decision to grant or deny a user’s request for services in an authorized session by setting up the SE and logging the session’s state. • User authentication may be part of the authorization process, and the authentication information will be carried in the authorization request. • Accounting Services • Recording relevant accounting information obeying the authorization’s decision and the ongoing resource use of the authorized session. AAA

  14. The IRTF AAA Architecture (cont.) • To offer AAA services, secured and trusted relationships between different AAA servers are necessary. • Authentication between peer AAA servers is part of these services. AAA

  15. The IRTF AAA Architecture (cont.) • AAA Architecture and Protocols • Special AAA protocol • Particular application • Programming interface • (API) or the AAA • Protocol. • (3) Depending on the PR’s • implementation. • (4) An application-specific • protocol AAA

  16. Problem Areas, Weaknesses, and Goals • The work is performed in isolation for shortened tasks and limited scenarios. • Connectivity control through an NAS • Content delivery control through a billing system. • The IRTF’s AAA Architecture tries to resolve these restrictions. • Building generic servers and ASMs. AAA

  17. Problem Areas, Weaknesses, and Goals (cont.) • Functions of policy decision and policy enforcement are not separated clearly. • Extensibility to functions beyond AAA, like charging an auditing, is complicated. • The functionality of the ASM has not been defined completely. • The inclusion of QoS-related, handover and paging support services has not been considered. AAA

  18. A Generic Policy-Based Architecture • Three basic concepts for the framework • Service separation • Extended AAA point of view • Partitioning of service levels • New diversification • Policy paradigm • Reuse of existing work AAA

  19. Service Separation AAA

  20. Partitioning of Service Levels in and Internet Service Model AAA

  21. A Generic Architecture AAA

  22. Conclusion • There is an increasing need for AAA services and services beyond AAA. • The generic approach takes these aspects into account and clearly distinguishes between support services and user services. • The Advantages • Can offer apart data from metering from one provider to another. • Providers can build systems on their own business palns. AAA

  23. Reference • C. Rensing, Hasan, M. Karsten, B. Stiller, AAA: A Survey and a Policy-Based Architecture and Framework, IEEE Network Nov/Dec 2002, pp. 22-27. AAA

More Related