Negotiation and Authentication of QoS Flows
Authors
Abstract
The main objective of the IETF Differentiated Services (DiffServ) model is to allow for the support of differentlevels of service to different flows of information aggregated in Classes of Service (CoS), on a TCP/IP
infrastructure. This differentiated treatment will motivate some users to get better Quality de Service (QoS) for
their flows however without assuming the associated costs. This leads to the theft of resources that, in extreme
situations, will have as consequence the denial of quality of service (DQoS) contracted by users for its flows.
In the DiffServ model the authentication of flows is carried out on a per packet basis, at the entrance of each
domain. The flow classification is supported by some of the IP packet header fields. This approach shows some
security limitations that are inherent to the DiffServ model. To overcome these limitations, this work proposes a
system for QoS negotiation and authentication, aimed to authenticate clients and to authorize flows, in a dynamic
way, at the entrance of the DiffServ domains.
In this paper two scenarios for authentication of clients and authorization of flows with QoS are presented and
discussed. The security aspects taken into account include the authentication of clients and the authorization of
flows accessing the communication resources. The issues related to the confidentiality and the integrity of the
information is relegated for other modules of the communication systems. To support the authentication and
authorization of flows two protocols are proposed to operate in the intra and inter-domain environments.