Next Steps in Signaling
End-to-end Quality of Service (QoS) is needed for voice over IP and many other applications using the global Internet. The current signalling solution is RSVP, defined in [40]. The security extensions of [209,26,36] define the Protocol RSVP-sec (7). For a discussion of the security properties of the protocol, see also [188].
Protocol RSVP-sec should provide Authentication (G1,2).
For end-to-end QoS, needed in many applications, it is likely that several administrative domains are traversed, but this may be problematic if the domains deploy different QoS solutions. Thus a protocol must signal the QoS parameters from one domain to the other. The NSIS WG is currently discussing the framework for a new simple protocol for signaling QoS, which would allow users to obtain QoS-aware services irrespective of the underlying mechanisms used. Compatibility with authentication and authorization mechanisms is also considered.
NSIS has not yet defined a protocol that will be interesting for our purposes. Perhaps the WG will not define a specific protocol. Nevertheless, Siemens is strongly involved in the activities of the group and may provide to AVISPA a version of Protocol NSIS-acc (8), a next generation QoS signalling protocol that includes accounting and that could be proposed eventually at the IETF or elsewhere. In AVISPA, we intend to model and verify such a protocol.
The property that this protocol has to possess is easily posed as a temporal logic property: the user should not pay if he obtains no service, or in other words: if he pays, then he has obtained the service.
Protocol NSIS-acc should provide Authentication, Secrecy, Identity Protection (Eavesdropper and Peer) and a property that may be expressed as a Temporal Formula (G1,2,12-14,20).
For the framework and related drafts, see [42], [79], [192], [188], [187], and [189].