Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
AAA: A Survey and a PolicyBased Architecture and Framework 692430003 林谷泉 Outlines Introduction AAA Mechanisms The IRTF AAA Architecture Problem Areas, Weaknesses, and Goals A Generic Policy-Based A x Architecture Conclusion Reference 2017/5/25 AAA 2 Introduction Commercialized services do need: Authentication. Authorization. Charging, based on accounting processes. Furthermore, security-related issued issues about user and device mobility. The network of the near feature will be the multi-service Internet. 2017/5/25 Multiple cooperating domains. AAA 3 An Application Scenario 2017/5/25 AAA 4 AAA Mechanisms Authentication Verification of the identify of a subject. Example: International Mobile Subscriber Identify (IMSI) in the SIM card. IP Address International Mobile Equipment Identity (IMEI) Medium Access Control (MAC) Address 2017/5/25 AAA 5 AAA Mechanisms (cont.) Classification of Authentication Knowledge-based Cryptography-based Biometrics-based Secure-tokens-based 2017/5/25 AAA 6 AAA Mechanisms (cont.) Authorization Access Control Classification: Authentication-based mechanisms Require authentication of the subject. Credential-based mechanisms Use trustworthy information (credentials) being held by subjects of an authorization. 2017/5/25 AAA 7 AAA Mechanisms (cont.) Accounting Two major tasks: Collect data from metering systems. Aggregate and store these data in accounting records. An accounting policy which data has to be metered by a metering system? how often it is metered? How it is aggregated? Tele-communication: Call detail records (CDRs) Data-communication: IP detail records (IPDRs) 2017/5/25 AAA 8 AAA Protocols RADIUS The Remote Authentication Dial In User Service. Designed for transferring authentication, authorization, and configuration data between a network access server (NAS) The RADIUS server itself can act as a client to other RADIUS server. Shortcomings: 2017/5/25 Protocol-Specific, Lower fault tolerance on UDP, Security Support in P2P. AAA 9 AAA Protocols (cont.) Diameter The protocol satisfies requirements of network access using different access technologies. COPS The Common Open Policy Service. It enables the exchange of policy information between a policy decision point (PDP) and policy enforcement points (PEPs). PEPs are clients, and a PDP acts as a server. 2017/5/25 AAA 10 AAA Protocols (cont.) SNMPv3 The Simple network Management Protocol Version 3 It proposes a new management model from v2. Authentication and authorization in application and content services. Application-independent protocols Application-specific protocols 2017/5/25 Secure Socket Layer (SSL) HTTP-Authentication Secure Shell (SSH) AAA 11 The IRTF AAA Architecture Defined by The IRTF research group AAAArch. AAA Components Policy Repositories (PRs) Rule-Based engine (RBE) Service Equipment (SE) 2017/5/25 AAA 12 The IRTF AAA Architecture (cont.) AAA Services Authorization Service Accounting Services 2017/5/25 Achieving a authorization decision to grant or deny a user’s request for services in an authorized session by setting up the SE and logging the session’s state. User authentication may be part of the authorization process, and the authentication information will be carried in the authorization request. Recording relevant accounting information obeying the authorization’s decision and the ongoing resource use of the authorized session. AAA 13 The IRTF AAA Architecture (cont.) To offer AAA services, secured and trusted relationships between different AAA servers are necessary. Authentication between peer AAA servers is part of these services. 2017/5/25 AAA 14 The IRTF AAA Architecture (cont.) AAA Architecture and Protocols (1) Special AAA protocol (2) Particular application Programming interface (API) or the AAA Protocol. (3) Depending on the PR’s implementation. (4) An application-specific protocol 2017/5/25 AAA 15 Problem Areas, Weaknesses, and Goals The work is performed in isolation for shortened tasks and limited scenarios. Connectivity control through an NAS Content delivery control through a billing system. The IRTF’s AAA Architecture tries to resolve these restrictions. 2017/5/25 Building generic servers and ASMs. AAA 16 Problem Areas, Weaknesses, and Goals (cont.) Functions of policy decision and policy enforcement are not separated clearly. Extensibility to functions beyond AAA, like charging an auditing, is complicated. The functionality of the ASM has not been defined completely. The inclusion of QoS-related, handover and paging support services has not been considered. 2017/5/25 AAA 17 A Generic Policy-Based x A Architecture Three basic concepts for the framework Service separation Partitioning of service levels New diversification Policy paradigm 2017/5/25 Extended AAA point of view Reuse of existing work AAA 18 Service Separation 2017/5/25 AAA 19 Partitioning of Service Levels in and Internet Service Model 2017/5/25 AAA 20 x A Generic A Architecture 2017/5/25 AAA 21 Conclusion There is an increasing need for AAA services and services beyond AAA. The generic A x approach takes these aspects into account and clearly distinguishes between support services and user services. The Advantages 2017/5/25 Can offer apart data from metering from one provider to another. Providers can build systems on their own business palns. AAA 22 Reference C. Rensing, Hasan, M. Karsten, B. Stiller, AAA: A Survey and a Policy-Based Architecture and Framework, IEEE Network Nov/Dec 2002, pp. 22-27. 2017/5/25 AAA 23