3PAAA service simulation

1

• 3P-AAA service simulation
• approaches on an NS2 Platform
• F. McEvoy, I. Ganchev, M. ODroma
• Telecommunications Research Centre
• ECE Department
• University of Limerick
• IRELAND

2
Presentation Outline

• What is 3P-AAA?
• 3P-AAA Architecture
• NS2 Model of 3P-AAA
• NS2 versus Real World
• Real World Testbed for simulating 3P-AAA
• Conclusion Future Work

3
What is 3P-AAA?
4
What is 3P-AAA?

• Third Party Authentication,
• Authorisation and Accounting!
• Fundamental to the consumer-base business
  model(CBM) which is integral to the Ubiquitious
  Consumer Wireless World
• (UCWW) evolution.
• Similarities with modern day credit card system
• Central Authentication Authorisation and
  Accounting system for
• Access Network Providers (ANP) and TeleService
  Providers (TSP)

5
What is 3P-AAA?

• 3P-AAA-SP handles all Service Level Agreements
  (SLAs) between ANPs/TSPs
• MU receives one bill from 3P-AAA-SP
• ANP/TSP charges MU indirectly through 3P-AAA-SP

6
3P-AAA Architecture
7
3P-AAA Architecture
Unique placement of AAA Client in MT
8
3P-AAA Architecture 3P-AAA-SP

• Many 3P-AAA SPs may exist
• For scalability and latency reasons a logical,
  hierarchical topology is preferable to a flat one
  with long AAA proxy/relay chains.
• Each ANP/TSP/MU would subscribe to one 3P-AAA-SP
• Each ANP/TPS/MU is assigned permanent IPv6
  address(es) This is their ID

9
3P-AAA Architecture 3P-AAA-SP
10
3P-AAA Architecture 3P-AAA-SP
11
3P-AAA Architecture Protocols

• Supporting Protocols
• Transport Layer ? SCTP
• Network Layer ? IPv6
• 3P-AAA SP Functions
• Authentication ? TLS ( or other certificate
  passing protocol )
• Authorisation ? new 3P-AAA Diameter Application
• Data Confidentiality ? IPSec
• Accounting/Billing/Payment ? Out of scope

12
NS2 Model of 3P-AAA Architecture
13
NS2 Model of 3P-AAA Architecture
14
NS2 Model of 3P-AAA Architecture

• Nam image 3P-AAA architecture.
• Some simplifications made to 3P-AAA architecture
  but eventually full architecture will be
  implemented.
• Architecture built using tcl
• Mobile SCTP (mSCTP) is used instead of wired
  SCTP. This throws one or two errors up in NS2
  that are easily corrected.
• The tcl code is written in such a way that
  expanding the number of nodes is easy.
• NS2 doesnt seem to support a REAL IPv6. (In
  wireless environment NS2 uses a Hierarchical
  Addressing System)

15
NS2 Model of 3P-AAA Architecture Authentication
Trust
Use of X.509 Digital Certificates
Derived Trust
Trust
16
NS2 Model of 3P-AAA Architecture Authentication

• Two Possible approaches to simulating
  authentication in NS2
• Use sleep times to approximate encryptions/
  decryptions and possibly TLS signalling.
• Adjust an existing possibly TLS implementation
  and layer it on top of NS2s SCTP model as an NS2
  application.
• Second approach is preferable as it gives a more
  accurate view of how 3P-AAA authentication will
  work in the real world.

17
NS2 Model of 3P-AAA Architecture Authorisation

• The existing recently developed IETFs Diameter
  protocol, designed specifically as an AAA
  protocol
• All basic AAA functionality is defined in the
  diameter base protocol.
• Various diameter applications exist that extend
  this functionality.
• When a usage scenario is not able to fit into an
  existing diameter application a new application
  needs to be defined. This would be the case for
  3P-AAA signaling protocol.

18
NS2 Model of 3P-AAA Architecture Authorisation

• We have developed a first version of this new
  application to run on 3P-AAA architecture.
• The application runs over the SCTP NS2 model
  (albeit with a few changes made so REAL data
  could be exchanged between nodes).
• 3 key models have been created, diameter_base.cc,
  tpaaa_client.cc and tpaaa_server.cc.
• Final logic has not been added as yet.

19
NS2 Model of 3P-AAA Architecture Data
Confidentiality

• Encryption parameters (most likely for IPSec ESP)
  need to be exchanged between MT and ANP/TSP to
  enable data confidentiality.
• The Passing of such parameters is possible using
  NS2 application layer signaling,
• Since IP is not supported by NS encryption
  processing must be implemented using sleep times.

20
NS2 versus the Real World
21
Disadvantages of using NS2

• Anything developed in NS2 will take at least
  twice the time! (At least in the case of
  developing an NS2 application). You need to
  understand all layers as opposed to just the one
  your working on!!
• Results will always be different to a real world
  application as the implementation of such
  protocols as SCTP are different to real world
  versions.
• A proper network layer does not exist.
• Too many developers! Code uncommented!

22
Advantages of using NS2

• NS2 does help get a better understanding of a
  large project such as developing a 3P-AAA
  architecture and signaling protocol.
• In the case of 3P-AAA the application so far has
  been written in such a way that it will not be
  difficult to port to the real world.
• The 3P-AAA application so far developed over a
  month took only two days to get working over a
  real SCTP implementation on an IPv6 network!!

23
Real World Testbed forSimulating 3P-AAA
24
Real World Testbed forSimulating 3P-AAA
25
Real World Testbed forSimulating 3P-AAA

• NS2 is for initial simulation purposes
• Testbed will provide a more real world scenario
  for 3P-AAA simulation

26
Conclusion Future Work
27
Conclusion Future Work

• A Design for 3P-AAA architecture exists.
• There are clear ideas on the signalling necessary
  to support this architecture.
• NS2 development will continue.
• NS2 work will be ported to Real World Testbed and
  results will be compared with NS2 results.
• Development 3P-AAA Application RFC.

28

• Acknowledgments

29

• Thank you!
• Questions?