The Research Of IPv6 AAA System Based On Diameter Protocol And RCUCON Model

IPv6 protocol was developed to solve the global problem of IPv4 address shortage, it will replace the IPv4 addresses in the future. Although many countries have dedicated to the research and construction of global IPv6 networks, building IPv6 networks and services is only in the research stage. There is a long way to achieve large-scale commercial application, and many technical problems need to be solved. Authentication, authorization, account (AAA) of Web services and the access control technology of resources are two very important aspects.AAA refers to Authentication, authorization and Accounting. It is essential for commercial application of Web services technical support, and is an important part of network security. The access control technology is a security mechanism control the access of subject to object by some way explicitly, which is an important part of the information security theory.Diameter protocol is the next generation of AAA protocol which is developed by the AAA working group of the IETF, it draws a lot of experience of RADIUS protocol and improve many defects of RADIUS, to make it meet the needs of today's AAA of networks further. However, the expansions of the current Diameter protocol applications are still concentrated in the parts of authentication and authorization of network access. How to combine the authentication of network access of user with the access control of resources is a hotspot.This study is about the AAA and access control of the VPN service which is running under in the IPv6 network environment. The design is based on the expansion applications of Diameter protocol, which provides the authentication, authorization and accounting for VPN services, at the same time achieving VPN fine-grained access control, and accounting information are used in access control.The specific task in this paper as follows:1. The research of Access control modelAccess control is usually called authority Management(Entitlement Management) can effectively prevent unauthorized use of system resources, and ensure the system resources can be controlled, safe to use. At present more commonly used access control model has DAC. MAC, RBAC etc,These models that are static, passive authorization model, can not adapt modem distributed.open network environment.Use the control model(UCON) is a new initiative proposed authorization model.contains a dynamic authorization thoughts.But the UCON model is just a conceptual model.but to UCON research at present most concentrated in the theoretical level,the specific application of research is insufficient.In this paper we will introduce the concept of Role and Class to the UCON model, put forward the specific RCUCON model, the logical process model was described by using the dynamic description logic language(DDL).2.The research of key technologies concerning that OpenVPN server using the Diameter server to provide AAA servicesOpenVPN is a new way of realizing the SSL VPN solutions, at present already can support IPv6 protocol.In this paper we use OpenVPN VPN server set up to provide users with network services.While in based on Diameter agreement AAA system, complete AAA processes usually requires at least three entities:the access terminal, Diameter client and Diameter server. Diameter client throughout the AAA system function is critical.it played the network access server(NAS) role, responsible for the user's network access, is also responsible for the access terminal and the Diameter AAA server forwards the message. And in OpenVPN system. VPN user is equivalent to the terminal of the above model, while the OpenVPN server is responsible for the user's network access, functional equivalent to diameter's client.it is the key that design can make OpenVPN Server and Diameter Server collaborative working plug-ins, make OpenVPN become AAA system of NAS when use Diameter Server system to provide for OpenVPN AAA service.3. The Research of Diameter extention applicationDiameter basic protocol can be used as a accounting protocol independently, but it need use with an application protocol to realize the Authentication and Authorization. In this article we use the freeDiameter as the Diameter basic protocol implementation, based on it implementing the Diameter extention application to realize the AAA function, simultaneously based on RCUCON model designing the frame construction of access control model. We need designs Action AVP and Resource AVP load the essential information of visit request and use the Diameter authorization application to realize for the fine-grain control resources access.