NSIS Authentication Authorization and Accounting Issues drafttschofenignsisaaaissues00 txt

  • Slides: 13
Download presentation
NSIS Authentication, Authorization and Accounting Issues (draft-tschofenig-nsis-aaa-issues-00. txt) l l l Authors: Hannes Tschofenig

NSIS Authentication, Authorization and Accounting Issues (draft-tschofenig-nsis-aaa-issues-00. txt) l l l Authors: Hannes Tschofenig Henning Schulzrinne Maarten Buechli Sven Van den Bosch

Draft Scope This draft is: l l A first attempt to describe AAA issues

Draft Scope This draft is: l l A first attempt to describe AAA issues relevant for NSIS. It points to the importance of authorization/charging for Qo. S signaling. The draft is not: l l l A summary of mathematical pricing models A new protocol proposal A motivation for a certain architecture Hannes. Tschofenig@siemens. com

Introduction l At the last IETF Steve Bellovin talked about security issues in NSIS.

Introduction l At the last IETF Steve Bellovin talked about security issues in NSIS. l He pointed to the importance of authorization for an NSIS protocol. l An interesting aspect of authorization for Qo. S signaling is: Authorization = ability to charge someone 1 1 There are other authorization issues (e. g. session ownership). Hannes. Tschofenig@siemens. com

Introduction (cont. ) l Authorization has an implication on the security architecture. l We

Introduction (cont. ) l Authorization has an implication on the security architecture. l We looked at two possible models: — New Jersey Turnpike Model — New Jersey Parkway Model Hannes. Tschofenig@siemens. com

New Jersey Turnpike Model Network A Network B Data Sender Node A • •

New Jersey Turnpike Model Network A Network B Data Sender Node A • • Network C Data Receiver Node B Peering relationship is used to provide charging between neighboring networks Similar to edge pricing proposed by Schenker et. al. Hannes. Tschofenig@siemens. com

NJ Turnpike Model Issues l Establishment of the financial settlement between end host (data

NJ Turnpike Model Issues l Establishment of the financial settlement between end host (data sender favorable) and access network based on network access procedure (not per-session based) l Simple (if data sender is charged for the reservation) l More difficult: receiver-initiated signaling and charging for data receiver l Unfortunately it is possible to fully avoid reverse charging (e. g. #800 numbers). Hannes. Tschofenig@siemens. com

New Jersey Parkway Model Network A Network B Network C Direct AAA relationship to

New Jersey Parkway Model Network A Network B Network C Direct AAA relationship to intermediate networks Node A • • Data Sender Data Receiver Node B Financial settlement has to be provided on a per-session basis More complex: financial settlement to intermediate networks required (authentication alone is insufficient) Hannes. Tschofenig@siemens. com

NJ Parkway Model Issues l Trusted third party might be required such as a

NJ Parkway Model Issues l Trusted third party might be required such as a clearing house since intermediate networks have no direct relationship to end host • Financial settlement has to be provided on a per-session basis scalability and deployment problem • More flexible signaling protocol functionality required: • A route change might require interaction with end host. • Signaling protocol might support the possibility for intermediate networks to interact with the end host • Aggregation in the core network might be difficult to use if persession information is required for charging. Hannes. Tschofenig@siemens. com

Who is charged for what? l Basic question: Charging for data sender or data

Who is charged for what? l Basic question: Charging for data sender or data receiver l Sender- vs. receiver oriented signaling adds some issues but is not the source of the problem. l What is the problem? Per-session based establishment of financial settlement Example: Sender-initiated reservation with charging for data receiver (see next slide) Hannes. Tschofenig@siemens. com

Sender-initiated reservation with charging for data receiver Network A Network B RESV Network C

Sender-initiated reservation with charging for data receiver Network A Network B RESV Network C RESV “Authorization Information” Data Sender Node A • • Data Receiver Node B Node A indicates that some other entity is paying for the reservation. Why should Network A authorize the reservation request? Hannes. Tschofenig@siemens. com

Not enough problems already? Price Distribution Price for a Qo. S reservation: Price cannot

Not enough problems already? Price Distribution Price for a Qo. S reservation: Price cannot be deferred from the destination IP address alone (unlike telephone numbers) Price distribution required (can be in-band, out-of-band or a combination of both) Price depends on the route (number of traversed networks) Price is directional (due to cost and route asymmetry) An end user wants to know the price before issuing a reservation request. Hannes. Tschofenig@siemens. com

Price distribution Building Blocks l A resource negotiation and pricing protocol (RNAP) l An

Price distribution Building Blocks l A resource negotiation and pricing protocol (RNAP) l An embedded charging approach for RSVP l Border Pricing Protocol (BPP) l Billing Information Protocol (BIP) l Tariff Distribution Protocol (TDP) l Internet Open Trading Protocol (IOTP) l Open Settlement Protocol (OSP) Not surprising: Many of these protocols require the same properties as a Qo. S signaling protocol. Hannes. Tschofenig@siemens. com

Conclusion l Peer-to-peer security is fine for a simple charging model (NJ Turnpike). Authorization

Conclusion l Peer-to-peer security is fine for a simple charging model (NJ Turnpike). Authorization issues needs additional security protection. l Charging is not only an end-to-end (application) issue. The network needs some information. l Some authorization/charging objects have to be included into a NSIS protocol. l An NSIS protocol needs to be flexible. (e. g. support for several roundtrips). Hannes. Tschofenig@siemens. com

NSIS Transport Layer draftietfnsisntlp00 txt Slides http nsisNSIS Transport Layer draftietfnsisntlp00 txt Slides http nsis
txt txt txt txt 123456789 years NNS 518txt txt txt txt 123456789 years NNS 518
University of Coimbra Portugal NSIS Implementations http nsisUniversity of Coimbra Portugal NSIS Implementations http nsis
NSIS Framework Issues draftietfnsisfw01 txt still Robert HancockNSIS Framework Issues draftietfnsisfw01 txt still Robert Hancock
draftaliccamprcobjectivefunctionmetricbound02 txt draftaliccamprsvpteincluderoute02 txt draftaliccampxrolspsubobject02 txt CCAMP IETFdraftaliccamprcobjectivefunctionmetricbound02 txt draftaliccamprsvpteincluderoute02 txt…
Authentication Authorization Accounting and Auditing Open Issues forAuthentication Authorization Accounting and Auditing Open Issues for
Design Options of NSIS Diagnostics NSLP draftfunsisdiagnosticsnslp00 txtDesign Options of NSIS Diagnostics NSLP draftfunsisdiagnosticsnslp00 txt
Mobility Support in NSIS draftfunsismobility00 txt 57 thMobility Support in NSIS draftfunsismobility00 txt 57 th
NSIS Operation Over IP Tunnels draftshennsistunnel00 txt CharlesNSIS Operation Over IP Tunnels draftshennsistunnel00 txt Charles
Security Threats for NSIS draftietfnsisthreats01 txt l lSecurity Threats for NSIS draftietfnsisthreats01 txt l l
Authentication and Authorization Authentication is the process ofAuthentication and Authorization Authentication is the process of
Computer Security Passwords Authentication vs Authorization Authentication nComputer Security Passwords Authentication vs Authorization Authentication n