An Extensible AAA Infrastructure for IPv6

AAA (Authentication, Authorization, and Accounting) is an effective component in IP network to control and manage network entities. It has been widely used in IPv4 network and will continuously play an important role in IPv6 network. This paper proposes a new extensible AAA infrastructure which is performed within the CNGI (China Next Generation Internet) project and has the following merits: (1) provide a uniform AAA mechanism; (2) support user roaming in global IPv6 network; (3) introduce for the first time the concepts of both PDN (Personal Domain Name) and DDN (Device Domain Name), to assign and manage the lengthy and complex IPv6 addresses. We discuss and implement the concrete procedures of this infrastructure, and then point out it is a suitable solution for IPv6 network to obtain enhanced level of security.

[1]  Sean Convery IPv6 and IPv4 Threat Comparison and Best- Practice Evaluation (v1.0) , 2004 .

[2]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[3]  Anand R. Prasad,et al.  Security architecture for wireless LANs: corporate and public environment , 2000, VTC2000-Spring. 2000 IEEE 51st Vehicular Technology Conference Proceedings (Cat. No.00CH37026).

[4]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[5]  Joshua Hill,et al.  An Analysis of the RADIUS Authentication Protocol , 2006 .

[6]  Jalel Ben-Othman,et al.  A new approach to manage roaming in IPv6 , 2005, The 3rd ACS/IEEE International Conference onComputer Systems and Applications, 2005..

[7]  Matthew S. Gast,et al.  802.11 Wireless Networks: The Definitive Guide , 2002 .

[8]  Rolf Oppliger Security at the Internet Layer , 1998, Computer.

[9]  Dan Simon,et al.  PPP EAP TLS Authentication Protocol , 1999, RFC.

[10]  Antonio F. Gómez-Skarmeta,et al.  Implementing RADIUS and diameter AAA systems in IPv6-based scenarios , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[11]  Luca Veltri,et al.  Access control in IPv6-based roaming scenarios , 2003, IEEE International Conference on Communications, 2003. ICC '03..