1st International ICST Workshop on Security and QoS in Communication Networks

Research Article

Advanced authentication and authorization for quality of service signaling

  • @INPROCEEDINGS{10.1109/SECCMW.2005.1588317,
        author={Tseno Tsenov and Xiaoming  Fu and Eckhart   K\o{}rner},
        title={Advanced authentication and authorization for quality of service signaling},
        proceedings={1st International ICST Workshop on Security and QoS in Communication Networks},
        publisher={IEEE},
        proceedings_a={SECQOS},
        year={2006},
        month={2},
        keywords={},
        doi={10.1109/SECCMW.2005.1588317}
    }
    
  • Tseno Tsenov
    Xiaoming Fu
    Eckhart Körner
    Year: 2006
    Advanced authentication and authorization for quality of service signaling
    SECQOS
    IEEE
    DOI: 10.1109/SECCMW.2005.1588317
Tseno Tsenov1,*, Xiaoming Fu2, Eckhart Körner3
  • 1: Siemens AG, Hannes Tschofenig, Siemens AG
  • 2: University of Göttingen, Institute for Informatics
  • 3: University of Applied Sciences Mannheim
*Contact email: tseno.tsenov@mytum.de

Abstract

One of the key requirements of today's and future network infrastructures is to provide Quality of Service (QoS) support for end-to-end applications, by distinguishing the application flows and properly handling them in network nodes. As an important component to achieve Internet QoS, explicit signaling schemes for resource reservation have been proposed, which deal with admission, installation and refreshment of QoS reservation state information. To be useful, any QoS signaling protocol should provide a capability for authentication and authorization of the QoS requests, especially in environments where the end points are not trusted by the network nodes. However, existing protocols for QoS signaling encounter a number of authentication and authorization issues, which limit their application scenarios. The advent of NSIS QoS Signaling Layer Protocol (QoS-NSLP) offers the prospect to overcome some of these issues. After describing the overall design of QoS-NSLP, we present an approach to support advanced authentication and authorization capabilities by using the Extensible Authentication Protocol (EAP). In comparison with existing approaches, this approach, combined with the support for effective interaction with the Authentication, Authorization and Accounting (AAA) infrastructure, provides flexible and extensible authentication and authorization methods for the QoS signaling.