1 / 19

Access Control and Authentication for Converged Networks

Access Control and Authentication for Converged Networks. Z. Judy Fu John Strassner Motorola Labs {judy.fu, john.strassner}@motorola.com. Content. Motivation and AAA Requirements Limitations of Existing AAA for Converged Networks Novel AAA Architecture AAA Framework RBAC Models

Télécharger la présentation

Access Control and Authentication for Converged Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu, john.strassner}@motorola.com

  2. Content • Motivation and AAA Requirements • Limitations of Existing AAA for Converged Networks • Novel AAA Architecture • AAA Framework • RBAC Models • Common Authentication Framework • Conclusion and Future Work

  3. Motivation • Heterogeneous Networks are converging to Provide IP Services • Heterogeneous Access Technology • Wireless Local Access: 802.11, 802.16, HyperLAN, Bluetooth • Cellular Access: GSM, GPRS, CDMA, UMTS • Broadband Service to Home: fiber, cable, Ethernet, xDSL, or WiMax • Not only access providers but also application or content providers • Heterogeneous administrative domains • AAA Is Essential and Complex in Inter-working Between Heterogeneous Networks

  4. Requirements of AAA for Converged Networks • Inter-working with various types of providers. • Respect each administrative domain’s policies • Support various applications based on context, user profile and policies • Common framework to facilitate reuse • Minimized design, development and deployment cost

  5. Existing AAA Solutions for Converged Networks • Framework: EAP-RADIUS • Protocols: EAP-TLS, EAP-AKA, EAP-SIM …

  6. Limitations of Existing AAA Solutions for Converged Networks • Do not have flexible authorization element considering heterogeneous domain policies • Do not enable support for future applications based on context, user profile etc. • Do not accommodate heterogeneous system, protocol, method, credential requirements • EAP support in native IP wireless networks like WLAN • WiMax requires certificate based authentication method while UMTS requires shared-secret based authentication method.

  7. A Novel AAA Architecture • Proposing a modeling based AAA architecture • Generic framework that can be mapped to different networks and devices • Each domain’s security policies can be ensured • Heterogeneous policies, credentials and protocols can be accommodated.

  8. The New AAA System • AAA server is no longer a traditional Radius server • AAA interacts with context server, identification server, and policy server • AAA Protocols to use may include Radius, Diameter, mobile IP etc.

  9. Authentication Protocol Mapping • Method 1: EAP-xxx for all • All networks equip with EAP controller • All devices send only EAP authentication requests • All authentication protocols are encapsulated in EAP and RADIUS messages • Always use home network’s authentication method

  10. Authentication Protocol Mapping (Cont.) • Method 2: A common authentication framework • Different authentication request/reply will be mapped to the common framework • Devices do not have to be changed • Example common authentication framework is IKEv2 authentication part MS(mobile station) AAA server ------------------------> ID, scheme (sym or asym), [cert], auth data [key] <--------------------- ID, scheme, [cert], auth data [key]

  11. AAA models • Business view models • Focus on access control models. • System view models • Include specific authentication, authorization mechanisms, mobility management, context, policy, profiles, and identification.

  12. RBAC Access Control Models • Propose enhanced notion of role-based access control (RBAC) for inter-working between providers • Simplified management of individual entities by assigning roles based on business functions

  13. RBAC Control of Resource

  14. Conclusion Future Work • Novel AAA architecture • Support heterogeneous provider inter-working • Support both coalition or spontaneous accesses • Support various application for inter-working • Facilitate reuse • Minimize development and deployment cost • Future Work • Refine Models • Design automatic mapping techniques • Prototype

  15. The End Thank You! Questions???

  16. Backup Slides

  17. Logical Resource

  18. Logical Resource

More Related