1 / 14

Accounting, Auditing and Session IDs

Accounting, Auditing and Session IDs Nevil Brownlee The University of Auckland / CAIDA Adelaide, March 2000. Accounting and Auditing. Auditing means “making and distributing records of network activity so that events, usage, etc. can be summarised for the users responsible for them”

vrandall
Download Presentation

Accounting, Auditing and Session IDs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Accounting, Auditing and Session IDs Nevil BrownleeThe University of Auckland / CAIDAAdelaide, March 2000

  2. Accounting and Auditing • Auditing means “making and distributing records of network activity so that events, usage, etc. can be summarised for the users responsible for them” • Accounting means “generating audit records” • An Accounting ID is a globally unique identifier used by an Audit server to correlate audit records by session and sub-session • Audit servers could allow controlled access to different parts of the audit database, e.g. users could see their usage records Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  3. Accounting IDs • Several good ways to construct globally unique identifiers are already known, e.g. SMTP, DIAMETER, UUID URI, etc. • A simple scheme for AAA could bennn.ttt@server.foo.comwhereserver.foo.com = server’s domain namettt = time of day (UTC seconds)nnn = sequence number (set to a random value on server boot-up) Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  4. Using Accounting IDs • Could have AAA server generate Accounting ID on authentication, and have all servers use it.This creates a bottleneck • Better to have each server generate and use its own sub-session ID • Each server will send audit records to one or more Audit Servers using their IDs • The servers will also need to send the Audit servers information about the IDs, allowing it to keep track of the sub-session tree Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  5. AR AH AS S0 User starts session HomeAAA Server RemoteAAA Server SecondaryAudit (AAA)Server UserAgent S0 generates Accounting ID K0, sends K0 with Authentication Request via AR to AH AH returns Authentication Response to S0, with list of Audit Servers (AH, As) Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  6. AR AH AS S0 S0 Initiates Auditing HomeAAA Server RemoteAAA Server SecondaryAudit (AAA)Server UserAgent S0 sends Start Session request to its designated Audit Servers (AH, As) Start Session record includes the session Accounting ID, K0 Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  7. AR AH AS S0 S0 Session Progresses HomeAAA Server RemoteAAA Server SecondaryAudit (AAA)Server UserAgent S0 sends Audit Record(s) to its designated Audit Servers (AH, As) Every audit record record includes the session Accounting ID, K0 Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  8. AR AH AS S0 S1 S0 starts Sub-session S1 HomeAAA Server RemoteAAA Server SecondaryAudit (AAA)Server UserAgent Sub-sessionServer 1 Sub-session examples:Bandwidth Broker, VoIP Gateway S0 sends S1 a Start Sub-session request, which includes K0 and (AH, As) Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  9. AR AH AS S0 S1 S1 Initiates Auditing HomeAAA Server RemoteAAA Server SecondaryAudit (AAA)Server UserAgent Sub-sessionServer 1 S1 generates sub-session Accounting ID K1, sends Start Sub-session request to (AH, As), which includes K0, K1 and (AH, As) Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  10. AR AH AS S0 S1 S1 Sub-session Progresses HomeAAA Server RemoteAAA Server SecondaryAudit (AAA)Server UserAgent Sub-sessionServer 1 S1 sends Audit Record(s) with Accounting ID K1 to (AH, As) Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  11. AR AH AS S0 S1 S2 S1 starts Sub-session S2 HomeAAA Server RemoteAAA Server SecondaryAudit (AAA)Server UserAgent Sub-sessionServer 1 Sub-sessionServer 2 S1 sends S2 a Start Sub-session request, which includes K1 and (AH, As) Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  12. AR AH AS S0 S1 S2 S2 Initiates Auditing HomeAAA Server RemoteAAA Server SecondaryAudit (AAA)Server UserAgent Sub-sessionServer 1 Sub-sessionServer 2 S2 generates sub-session Accounting ID K2, sends Start Sub-session request to (AH, As), which includes K1, K2 and (AH, As) Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  13. AR AH AS S0 S1 S2 S2 Sub-session Progresses HomeAAA Server RemoteAAA Server SecondaryAudit (AAA)Server UserAgent Sub-sessionServer 1 Sub-sessionServer 2 S1 sends Audit Record(s) with Accounting ID K1 to (AH, As) Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

  14. Summary • There are several good ways to make a globally unique Accounting ID • Accounting IDs can be generated by each server contributing to a session • Each server must send Accounting IDs for itself and its parent to the Audit Server(s) as part of initiating sub-session audit activities • Audit servers collect pairs of parent-child Accounting IDs and use them to reconstruct the session tree Adelaide IETF, March 2000 Nevil Brownlee, U of A / CAIDA

More Related