Abstract
The main objective of the IETF Differentiated Services (DiffServ) model is to allow the support on the Internet of different levels of service to different sessions and information flows, aggregated in a few number of traffic classes. The flow classification is supported by some of the IP packet header fields. This approach shows some security limitations that are inherent to the DiffServ model. Being the edge routers (ER) the responsible for the admission and marking of packets, according to the class of service, they are the most vulnerable element to attacks. A security hole in ERs could be propagated to the entire domain, compromising the QoS of all the domain flows. To overcome these limitations, this paper proposes an architecture for Authentication, Authorization, Admission control and Accounting (AAAA) of QoS client applications with dynamic identification of sessions and flows. The proposal functionalities are described and analyzed in some detail, focusing the main modules and message exchange among modules. The paper ends with the discussion of the main advantages of the proposal over existing solutions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blake, S., et al.: An Architecture for Differentiated Services, RFC 2475. IETF (December 1998)
Nichols, K., et al.: Definition of the Differentiated Services Fields (DS Fields) in the IPv4 and IPv6 Headers. RFC 2474, IETF (December 1998)
Rabadão, C., Monteiro, E.: Segurança e QoS no Modelo DiffServ (Security and QoS in the DiffServ Model). In: 5th Conference on Computer Networks (CRC 2002), Faro, Portugal, September 26-27, University of Algarve (2002)
Fu, Z., et al.: Security Issues for Differentiated Service Framework. Internet Draft (expired) (October 1999)
Kent, S., Atkinson, R.: IP Encapsulating Security Payload (ESP).RFC 2406 (November 1998)
Atkinson, R.: IP Authentication Header. RFC 1826, IETF (August 1995)
Striegel, A.: Security Issues in a Differentiated Services Internet.In: Proc. of Trusted Internet Workshop - HiPC,Bangalore, India (December 2002)
Postel, J. (ed.): Internet Protocol. RFC 791, IETF (September 1981)
Maughan, D., et al.: The ARQoS Project: Protection of Network Quality of Service Against Denial of Service Attacks, http://arqos.csc.ncsu.edu/ ,State University of North Carolina, University of California and MCNC
Fulp, E., et al.: Preventing Denial of Service Attacks on Quality of Service. In: Proc. of DARPA Information Survivability Conference and Exposition (DISCEXII 2001), IEEE Computer Society, Los Alamitos (2001)
Braden, R., et al.: Resource ReSerVation Protocol (RSVP) - Version 1 Functional Specification. RFC2205, IETF (September 1997)
Herzog, S.: RSVP extensions for policy control. RFC2750, IETF (January 2000)
Hahn, S., et al.: Resource Allocation Protocol. IETF, http://www.ietf.org/html.charters/rap-charter.html
Rosenberg, J., et al.: SIP: Session Initiation Protocol. RFC 3261, IETF (June 2002)
Access Security for IP-based Services, Technical Specification 3GPP TS 33.203, Version 6.1.0, 3rd Generation Partnership Project (December 2003)
Yadav, S., et al.: Identity Representation for RSVP, RFC 3182. IETF (October 2001)
Hamer, L.-N., et al.: Session Authorization Policy Element, RFC3520. IETF (April 2003)
Loughney, J., et al.: Next Steps in Signaling (NSIS). IETF, http://www.ietf.org/html.charters/nsis-charter.html
Hancock, R., et al.: Next Steps in Signaling: Framework, Internet Draft (work in progress). IETF (October 2003)
Van den Bosch, S., Karagiannis, G., McDonald, A.: NSLP for Quality-of-Service Signaling, Internet Draft (work in progress).IETF (February 2004)
Pujolle, G., Chaouchi, H.: QoS, Security, and Mobility Management for Fixed and Wireless Networks under Policy-based Techniques.In: IFIP World Computer Congress (2002)
Mykoniati, E., et al.: Admission Control for Providing QoS in DiffServ IP Networks: The TEQUILA Approach. IEEE Communications Magazine, 38–44 (January 2003)
Ponnappan, A., et al.: A Policy Based QoS Management System for the IntServ/DiffServ Based Internet. In: Proc. of 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002, Monterey-California, June 5-7 (2002)
Sander, V., et al.: End-to-End Provision of Policy Information for Networks QoS. In: Proc. of 10th IEEE International Symposium of High Performance Distributed Computing, San Francisco-California, August 07-09 (2001)
PacketCable Dynamic Quality of Service Specification, CableLabs (December 1999)
Vollbrecht, J., et al.: AAA Authorization Framework. RFC 2904, IETF (August. 2000)
Hamer, L.-N., Gage, B., Shieh, H.: Session Authorization Policy Element. RFC3521, IETF (April 2003)
Durham, D.: The COPS (Common Open Policy Service) Protocol. RFC2748, IETF (January 2000)
Boyle, J., et al.: COPS usage for RSVP. RFC2749, IETF (January 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rabadão, C., Monteiro, E. (2004). Authentication, Authorization, Admission, and Accounting for QoS Applications. In: Freire, M.M., Chemouil, P., Lorenz, P., Gravey, A. (eds) Universal Multiservice Networks. ECUMN 2004. Lecture Notes in Computer Science, vol 3262. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30197-4_44
Download citation
DOI: https://doi.org/10.1007/978-3-540-30197-4_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23551-4
Online ISBN: 978-3-540-30197-4
eBook Packages: Springer Book Archive