Abstract
AAA (Authentication, Authorization, and Accounting) is an effective component in IP network to control and manage network entities. It has been widely used in IPv4 network and will continuously play an important role in IPv6 network. This paper proposes a new extensible AAA infrastructure which is performed within the CNGI (China Next Generation Internet) project and has the following merits: (1) provide a uniform AAA mechanism; (2) support user roaming in global IPv6 network; (3) introduce for the first time the concepts of both PDN (Personal Domain Name) and DDN (Device Domain Name), to assign and manage the lengthy and complex IPv6 addresses. We discuss and implement the concrete procedures of this infrastructure, and then point out it is a suitable solution for IPv6 network to obtain enhanced level of security.
This work is supported by grants from CNGI, 973, 863 and the National Natural Science Foundation of China (Grant No. #90104002 & #2003CB314805 & #2003AA142080 & #60203044).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Oppliger, R.: Security at the Internet Layer. Computer 31(9), 43–47 (1998)
Convery, S., Miller, D.: IPv6 and IPv4 Threat Comparison and Best Practice Evaluation. Cisco Systems 43 (March 2004)
López, R.M., Pérez, G.M., Gómez-Skarmeta, A.F.: Implementing RADIUS and Diameter AAA Systems in IPv6-Based Scenarios. In: AINA, pp. 851–855 (2005)
Floris, A., Veltri, L.: Access Control in IPv6-based Roaming Scenarios. Communications. In: IEEE International Conference on ICC 2003, May 11-15, vol. 2, pp. 913–917 (2003)
Blunk, L., Vollbrecht, J.: PPP Extension Authentication Protocol. IETF RFC2284 (March 1998)
Rigney, C., Willens, S., Rubens, A., Simpson, W.: Remote Authentication Dial In User Service (RADIUS). IETF RFC 2865 (June 2000)
LAN/MAN Standards Committee of the IEEE Computer Society: Port Based Access Control. IEEE Std 802.1x-2001 (October 2001).
Gast, M.S.: 802.11 Wireless Networks: The Definitive Guide. O’Reilly & Associates, Inc., Sebastopol (2002)
Aboba, B., Simon, D.: PPP EAP TLS Authentication Protocol. IETF RFC2716 (October 1999)
Hill, J.: An Analysis of the RADIUS Authentication Protocol. InfoGard Laboratories
Prasad, A.R., Moelard, H., Kruys, J.: Security Architecture for Wireless LANs: Corporate & Public Environment. In: IEEE 51st VTC 2000-Spring Tokyo, May 15-18, vol. 1, pp. 283–287 (2000)
Rojas, O.R., Othman, J.B., Sfar, S.: A new approach to manage roaming in IPv6. In: Computer Systems and Applications. The 3rd ACS/IEEE International Conference, vol. 56 (2005)
Eertink, H., Peddemors, A., Arends, R., Wierenga, K.: Combining RADIUS with Secure DNS for Dynamic Trust Establishment between Domains. In: Extended abstract accepted to TERENA Networking Conference (TNC 2005) (June 2005)
Wikipedia, http://en.wikipedia.org/wiki/RADIUS
IEEE 802 LAN/MAN Standards Committee, http://www.ieee802.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, H., Duan, H., Liu, W., Wu, J. (2005). An Extensible AAA Infrastructure for IPv6. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_71
Download citation
DOI: https://doi.org/10.1007/11596981_71
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)