Authentication, Authorization, Admission and Accounting for QoS Applications

Authors

Abstract

The main objective of the IETF Differentiated Services (DiffServ) model is to allow the support on the Internet of different levels of service to different sessions and information flows, aggregated in a few number of traffic classes. The flow classification is supported by some of the IP packet header fields. This approach shows some security limitations that are inherent to the DiffServ model. Being the edge routers (ER) the responsible for the admission and marking of packets, according to the class of service, they are the most vulnerable element to attacks. A security hole in ERs could be propagated to the entire domain, compromising the QoS of all the domain flows. To overcome these limitations, this paper proposes an architecture for Authentication, Authorization, Admission control and Ac¬counting (AAAA) of QoS client applications with dynamic identification of sessions and flows. The proposal functionalities are described and analyzed in some detail, focusing the main modu¬les and message exchange among modules. The paper ends with the discussion of the main advantages of the proposal over existing solutions.

Keywords

QoS Authorization, Dynamic Diffserv Admission Control

Subject

QoS Authentication and Authorization

Conference

3rd European Conference on Universal Multiservice Networks (ECUMN'2004), October 2004