Authentication, Authorization, Admission, and Accounting for QoS Applications

  • Carlos Rabadão
  • Edmundo Monteiro
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3262)


The main objective of the IETF Differentiated Services (DiffServ) model is to allow the support on the Internet of different levels of service to different sessions and information flows, aggregated in a few number of traffic classes. The flow classification is supported by some of the IP packet header fields. This approach shows some security limitations that are inherent to the DiffServ model. Being the edge routers (ER) the responsible for the admission and marking of packets, according to the class of service, they are the most vulnerable element to attacks. A security hole in ERs could be propagated to the entire domain, compromising the QoS of all the domain flows. To overcome these limitations, this paper proposes an architecture for Authentication, Authorization, Admission control and Accounting (AAAA) of QoS client applications with dynamic identification of sessions and flows. The proposal functionalities are described and analyzed in some detail, focusing the main modules and message exchange among modules. The paper ends with the discussion of the main advantages of the proposal over existing solutions.


Admission Control Resource Reservation Edge Router Resource Request Reservation Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Blake, S., et al.: An Architecture for Differentiated Services, RFC 2475. IETF (December 1998)Google Scholar
  2. 2.
    Nichols, K., et al.: Definition of the Differentiated Services Fields (DS Fields) in the IPv4 and IPv6 Headers. RFC 2474, IETF (December 1998)Google Scholar
  3. 3.
    Rabadão, C., Monteiro, E.: Segurança e QoS no Modelo DiffServ (Security and QoS in the DiffServ Model). In: 5th Conference on Computer Networks (CRC 2002), Faro, Portugal, September 26-27, University of Algarve (2002)Google Scholar
  4. 4.
    Fu, Z., et al.: Security Issues for Differentiated Service Framework. Internet Draft (expired) (October 1999)Google Scholar
  5. 5.
    Kent, S., Atkinson, R.: IP Encapsulating Security Payload (ESP).RFC 2406 (November 1998)Google Scholar
  6. 6.
    Atkinson, R.: IP Authentication Header. RFC 1826, IETF (August 1995)Google Scholar
  7. 7.
    Striegel, A.: Security Issues in a Differentiated Services Internet.In: Proc. of Trusted Internet Workshop - HiPC,Bangalore, India (December 2002)Google Scholar
  8. 8.
    Postel, J. (ed.): Internet Protocol. RFC 791, IETF (September 1981)Google Scholar
  9. 9.
    Maughan, D., et al.: The ARQoS Project: Protection of Network Quality of Service Against Denial of Service Attacks, ,State University of North Carolina, University of California and MCNC
  10. 10.
    Fulp, E., et al.: Preventing Denial of Service Attacks on Quality of Service. In: Proc. of DARPA Information Survivability Conference and Exposition (DISCEXII 2001), IEEE Computer Society, Los Alamitos (2001)Google Scholar
  11. 11.
    Braden, R., et al.: Resource ReSerVation Protocol (RSVP) - Version 1 Functional Specification. RFC2205, IETF (September 1997)Google Scholar
  12. 12.
    Herzog, S.: RSVP extensions for policy control. RFC2750, IETF (January 2000)Google Scholar
  13. 13.
    Hahn, S., et al.: Resource Allocation Protocol. IETF,
  14. 14.
    Rosenberg, J., et al.: SIP: Session Initiation Protocol. RFC 3261, IETF (June 2002)Google Scholar
  15. 15.
    Access Security for IP-based Services, Technical Specification 3GPP TS 33.203, Version 6.1.0, 3rd Generation Partnership Project (December 2003)Google Scholar
  16. 16.
    Yadav, S., et al.: Identity Representation for RSVP, RFC 3182. IETF (October 2001)Google Scholar
  17. 17.
    Hamer, L.-N., et al.: Session Authorization Policy Element, RFC3520. IETF (April 2003)Google Scholar
  18. 18.
    Loughney, J., et al.: Next Steps in Signaling (NSIS). IETF,
  19. 19.
    Hancock, R., et al.: Next Steps in Signaling: Framework, Internet Draft (work in progress). IETF (October 2003)Google Scholar
  20. 20.
    Van den Bosch, S., Karagiannis, G., McDonald, A.: NSLP for Quality-of-Service Signaling, Internet Draft (work in progress).IETF (February 2004)Google Scholar
  21. 21.
    Pujolle, G., Chaouchi, H.: QoS, Security, and Mobility Management for Fixed and Wireless Networks under Policy-based Techniques.In: IFIP World Computer Congress (2002)Google Scholar
  22. 22.
    Mykoniati, E., et al.: Admission Control for Providing QoS in DiffServ IP Networks: The TEQUILA Approach. IEEE Communications Magazine, 38–44 (January 2003)Google Scholar
  23. 23.
    Ponnappan, A., et al.: A Policy Based QoS Management System for the IntServ/DiffServ Based Internet. In: Proc. of 3rd International Workshop on Policies for Distributed Systems and Networks, POLICY 2002, Monterey-California, June 5-7 (2002)Google Scholar
  24. 24.
    Sander, V., et al.: End-to-End Provision of Policy Information for Networks QoS. In: Proc. of 10th IEEE International Symposium of High Performance Distributed Computing, San Francisco-California, August 07-09 (2001)Google Scholar
  25. 25.
    PacketCable Dynamic Quality of Service Specification, CableLabs (December 1999)Google Scholar
  26. 26.
    Vollbrecht, J., et al.: AAA Authorization Framework. RFC 2904, IETF (August. 2000)Google Scholar
  27. 27.
    Hamer, L.-N., Gage, B., Shieh, H.: Session Authorization Policy Element. RFC3521, IETF (April 2003)Google Scholar
  28. 28.
    Durham, D.: The COPS (Common Open Policy Service) Protocol. RFC2748, IETF (January 2000)Google Scholar
  29. 29.
    Boyle, J., et al.: COPS usage for RSVP. RFC2749, IETF (January 2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Carlos Rabadão
    • 1
    • 2
  • Edmundo Monteiro
    • 2
  1. 1.Superior School of Technology and Management Polytechnic Institute of LeiriaLeiriaPortugal
  2. 2.Laboratory of Communications and Telematics CISUC / DEIUniversity of CoimbraCoimbraPortugal

Personalised recommendations