1 / 9

Applicability of a User Registration Protocol

Applicability of a User Registration Protocol. Yoshihiro Ohba (Toshiba America Research, Inc.) Henry Haverinen (Nokia). Access control issue (1) Managed access control. L2 access control basically provides "all-or-nothing" access control Simple and useful for some cases (DSL, Cable)

cala
Download Presentation

Applicability of a User Registration Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Applicability of a User Registration Protocol Yoshihiro Ohba (Toshiba America Research, Inc.) Henry Haverinen (Nokia)

  2. Access control issue (1)Managed access control • L2 access control basically provides "all-or-nothing" access control • Simple and useful for some cases (DSL, Cable) • Flexible access control would also be useful in certain cases (network access in public area), e.g., • Allow any user to get access to a web site within the edge subnet to get local area guide information • Deny unauthorized user to access beyond the edge subnet

  3. Access control issue (2)Multi-homing • A host may associate with multiple Access Routers (ARs) • If all ARs belong to the same AAA domain, performing AAA per AR may not be a good idea • If each AR belongs to a different AAA domain, AAA per AR would be necessary • These ARs may speak IPv4 only, IPv6 only, or both. • A host may have multiple interfaces • If all interfaces belong to the same AAA domain, performing AAA per interface may not be a good idea AR1 AR2 H AR1 H

  4. AAA application protocol issue • AAA application protocols: MIP, SIP, ... • Each protocol design started without AAA (base spec.) • Later on, AAA interaction is considered • Fortunately, no modification is needed for the base spec. in terms of the last two 'A's (good for modularity) • Need consideration to deal with the first 'A' • How to establish an SA with "out of the blue" client? • MIPv4 has AAA extention to carry registration keys • It would be very nice if a protocol can be "AAA-ready" without any modification to its base spec. • Coupling user registration with key distribution

  5. BURP (Basic User Registration Protocol) • Is a client-server type protocol that • Performs user registration to the visiting AAA domain • Works with Diameter/RADIUS, leveraging AAA infrastructure in the network based on the information gathered in the registration phase • Is a light-weight, application layer protocol that is applicable • To various devices (e.g., PDA, cellular, laptop) without modifying kernel or device drivers • To flexibile access control • To multi-homing environment • Is is also used for key distribution for AAA application protocols

  6. Thank you!

  7. Example of BURP applicability to SIP Step 1: The user performs user registration by using BURP Step 2: If step 1 is successful, authorization information is pulled from AAA infrastracture. • The information includes application specific one such as: a SIP registration key • Also, access control parameters will be set to access routers Step 3: The user run SIP. • Thanks to the previous steps, authentication for SIP registration can be done w/o contacting to AAA. (The example can be applied to other protocol "X" by replacing "SIP" with "X".)

  8. AAA infrastracture in the core network 1 2 2 BURP Server SIP Server/Proxy 2 1 3 User Terminal

  9. Possible architecture AAA Protocol Entity AAA Protocol Entity (Diameter/RADIUS) AAA info. (incl. Registration keys) Basic Part of Each Application Protocol (independent of AAA) SIP Server BURP Server (Registration Agent) AR/AP Mobile IP Mobility Agent ... Network BURP messages User Terminal BURP Client SIP Client L2 Auth. Client Mobile IP Mobile Node ... AAA info. (incl. registratin keys)

More Related