the diameter protocol
play

the Diameter Protocol Ahana Mallik Department of Informatics - PowerPoint PPT Presentation

Feb 05, 2024 •1.26k likes •1.7k views

AAA Support by the RADIUS and the Diameter Protocol Ahana Mallik Department of Informatics University of Zurich May 26, 2016 Overview 1. Authentication, Authorization and Accounting (AAA). 2. AAA Services, Protocols and Architecture. 3.

  1. AAA Support by the RADIUS and the Diameter Protocol Ahana Mallik Department of Informatics – University of Zurich May 26, 2016

  2. Overview 1. Authentication, Authorization and Accounting (AAA). 2. AAA Services, Protocols and Architecture. 3. RADIUS Protocol. 4. Diameter Protocol. 5. Comparison of RADIUS and Diameter Protocol. 6. Applications of RADIUS and Diameter Protocol. 7. Summary. 8. Discussion Topic.

  3. Importance of Authentication, Authorization and Accounting (AAA)

  4. Authentication  Control user Identity  Credentials provided by the user to prove his/her Id  Examples of credentials: 1.passwords. 2.one-time token. 3.digital certificates, 4.Or any other information related to the identity (e.g. biometric parameters.) Source Url: https://www.ietf.org/edu/tutorials/IETF89-Tutorial-AAA.pdf

  5. Authorization  The process of verifying whether a particular user is allowed to access network resources.  Only allows legitimate users to access the network  The malicious users are denied from accessing network resources.  Examples : 1. IP address filtering. 2. IP address assignment. 3. Route assignment. 4. Encryption. Source Url: https://www.ietf.org/edu/tutorials/IETF89-Tutorial-AAA.pdf

  6. Accounting  Tracking of the consumption of network resources by users  Typical information gathered in accounting report: 1. User Id. 2. Service description. 3. Session duration.  Useful for management, planning, billing. Source Url: https://www.ietf.org/edu/tutorials/IETF89-Tutorial-AAA.pdf

  7. Authentication in Proxy Appliance 1. The User sends request (eg: www.yahoo.com) to Proxy Appliance. 2. The Proxy appliance (ProxySG Product of BlueCoat) initiates the process of Authentication. The ProxySG appliance sends a credential challenge response to the user. 3. The user then sends the credential information. 4. The user data is sent to the Authentication Server for the purpose of verification. 5. After the verification process is successful, the user is then identified in the network. 6. The user request for the required website from internet. 7. The user gets response from the internet. 8. The gets the response and is able to access the desired resource.

  8. Authentication in Proxy Appliance contd…… Source Url: https://www.bluecoat.com/sites/default/files/documents/files/Authentication,_ Authorization,_and_Accounting.4.pdf

  9. AAA Mechanism  Authentication-based mechanisms : The user authentication information is used as precondition for the authorization process  Credential-based mechanisms: This method uses credential information which is a important and trustworthy information for the purpose of authorization.  The Accounting system performs the following essential tasks: 1. The system gathers or aggregates all data or information from metering systems. 2. The system then stores this data in accounting system.

  10. AAA Protocols  RADIUS : The protocol carries AAA Information which helps to determine a RADIUS Server and a RADIUS Client. This protocol is based on Client/Server Model and supports a wide range of users.  Diameter: This peer to peer protocol carries AAA information in a reliable manner. This is more secured and reliable than Radius. This is a successor of Radius protocol and overcomes many limitations of Radius.  COPS: This stands for The Common Open Policy Service. This protocol deals with policy information.  SNMP: This stands for Simple Network Management Protocol. The accounting information or records are all transferred to MIB (Management Information Base) and it is sorted or classified there and finally stored.

  11. AAA Services  In the context of AAA services we have AAA server which is located in an administrative domain.  Distributed Servers: 1. The goal of distributed servers is to provide authentication, authorization and accounting. 2.The server provides the authorization service by deciding whether to grant or deny a request sent by the user 3. In case it grants access to the user, then it sets up a authorization session and logs the session data.

  12. AAA Architecture The Architectural Components and their roles  There is an ASM (Application Specific Module) present in the architectural framework of AAA.  The primary task of ASM is to enforce the policy actions.  The ASM accordingly configure the SE (Service Equipment) in order to provide the necessary service .  The goal of the AAA server is to evaluate and determine the user requests based on the set of policies.  The policies which are used by the AAA server are all stored in the PR (Policy Repository).

  13. AAA Architecture contd…  In order to determine the policy condition the AAA server sometimes need to consult the other AAA servers.  This can be achieved by either sending requests to other AAA servers or with the help of ASM.  Depending on different predefined policies a server can accordingly act as an agent.

  14. AAA Architecture contd…

  15. Remote Authentication Dial-in-User Service (RADIUS)  It is a well know protocol and is widely practiced.  It is based on client/server model.  Some of the important functions of RADIUS are 1. centralized management 2. security.  The process of authentication is based on Server and Client concept.  The users send request to the server and the server authenticates the user against a central database.  If the authentication is successful then the user is granted access to the network else the user is denied.

  16. RADIUS contd…. Source Url: https://www.rivier.edu/journal/ROAJ-Fall-2009/J286-RADIUS- Sood.pdf

  17. RADIUS Client/Server Architecture  The RADIUS protocol is based on Client/Server architecture.  There are two different RADIUS servers available. 1. RADIUS Authentication server 2. RADIUS Accounting server.  The RADIUS Authentication server is responsible for necessary security and it stores security data.  The RADIUS Accounting server takes care of statistical data.

  18. RADIUS Client/Server Architecture Contd….  The Network Access Server (NAS) which resides inside the RADIUS client.  The NAS helps the remote users to access the desired network resources.  The NAS has the facility to access a local RADIUS server as well as a remote RADIUS server with the help of WAN.  The RADIUS clients at times uses alternate servers to avoid redundancy and fault tolerance.

  19. RADIUS Client/Server Architecture Contd…. Source Url: https://www.bluecoat.com/sites/default/files/documents/files/Authentication,_ Authorization,_and_Accounting.4.pdf

  20. RADIUS Services  The RADIUS supports multiple authentication protocols 1. Password Authentication Protocol (PAP) 2. Challenge Handshake Authentication Protocol (CHAP).  The user initially establishes a connection with the Network Access Server (NAS). Step 1 in the figure in slide no: 23.  The NAS wants to authenticate the user on the network so it requests for user id or username and password. Step 2 in the figure in slide no: 23 .  The user provides his/her credential information (User id or username and password). Step 3 in the figure in slide no: 23.  The NAS then sends a Authentication Request Packet to the RADIUS Server for the purpose of authentication. Step 4 in the figure in slide no: 23.

  21. RADIUS Services Contd.  The Server then validates the user and sends a Authentication Acknowledgement. Step 5 in the figure in slide no: 23.  The Server can either allow the user to access the desired network resource or deny the user from accessing the network resource.  Authorization: The RADIUS server is responsible for providing services and privileges to only legitimate users. Protocols which help in authorization. 1. PPP 2. Telnet

  22. RADIUS Services Contd.  Accounting: This process is concerned with aggregating and storing statistical information. The Accounting data consists of 1.time duration. 2. packet and bytes send and received.  The Radius Clients sends request to Accounting Server and accordingly the server responds with statistic data.

  23. RADIUS Services Contd. Source Url: https://www.bluecoat.com/sites/default/files/documents/files/Authentication,_ Authorization,_and_Accounting.4.pdf

  24. RADIUS Standards  RADIUS initially came into picture in January 1997 by the Lucent Technologies.  It is one of the IETF (Internet Engineering Task Force) standard.  The second generation of RADIUS standard (Standards – RFC2138 and RFC 2139) was developed in the year April 1997.  In June 2000 the third generation of RADIUS came into the market (standards- RFC2865 and RFC2866)

  25. RADIUS Security  The user identification and passwords which are sent during the authentication process from the NAS to the RADIUS Server are always encrypted. This encryption is achieved by using several hashing algorithms like MD5  It is very important to have security else confidential information about users will be revealed and malicious users will be able to access the network resources by extracting these confidential information.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

diameter. Since the diameter is twice the radius, circumference can be calculated by the formula

diameter. Since the diameter is twice the radius, circumference can be calculated by the formula

D AY 142 A PPLICATIONS OF CIRCUMFERENCE I NTRODUCTION We encounter circular objects in real life such as cakes, rings, tires, and pizzas. The distance between them depends on their diameter. Other objects such as satellites and planes

307 views • 11 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
The diameter of permutation groups permutation groups H. A. Helfgott February 2017 The

The diameter of permutation groups permutation groups H. A. Helfgott February 2017 The

The diameter of permutation groups H. A. Helfgott Introduction Diameter bounds New work on The diameter of permutation groups permutation groups H. A. Helfgott February 2017 The diameter of Cayley graphs permutation groups H. A.

751 views • 64 slides
Diameter Group Signaling Thursday, March 6 th , 2014 draft-ietf-diameter-group-signaling-03 Mark

Diameter Group Signaling Thursday, March 6 th , 2014 draft-ietf-diameter-group-signaling-03 Mark

Diameter Group Signaling Thursday, March 6 th , 2014 draft-ietf-diameter-group-signaling-03 Mark Jones, Marco Liebsch, Lionel Morand IETF 89 London, U.K Two Problem Aspects 1. Managing group assignments How to add or remove sessions from

149 views • 12 slides
Mesh Models (Chapter 8) 1. Overview of Mesh and Related models. a. Diameter: The linear

Mesh Models (Chapter 8) 1. Overview of Mesh and Related models. a. Diameter: The linear

Mesh Models (Chapter 8) 1. Overview of Mesh and Related models. a. Diameter: The linear array is O n , which is large. The mesh as diameter O n , which is significantly smaller. b. The size of the diameter is

601 views • 27 slides
Device for In-Situ Coating of Long, Small Diameter Tubes Diameter Tubes Project Summary Award

Device for In-Situ Coating of Long, Small Diameter Tubes Diameter Tubes Project Summary Award

Device for In-Situ Coating of Long, Small Diameter Tubes Diameter Tubes Project Summary Award No DE-SC0001571 Award No. DE SC0001571 H J H. Joe Poole, President P l P id t PVI System Technology Oxnard, California October 1, 2012

245 views • 20 slides
Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
Capsulophimosis Small diameter CCC 1. 2. Weak zonules x 360 3. Capsulotomy - sphincter CTR after

Capsulophimosis Small diameter CCC 1. 2. Weak zonules x 360 3. Capsulotomy - sphincter CTR after

12/3/2016 Use CTR if any zonulopathy 1. If no CTR, use 3-pc acrylic 2. Larger CCC diameter or radial cuts 3. David F. Chang, MD 3-pc IOL in sulcus + CCC capture 4. Clinical Professor UCSF Cionni or Malyugin ring/Ahmed CTS 5. AMO

340 views • 4 slides
The diameter of permutation groups kos Seress May 2012 Cayley graphs The diameter of

The diameter of permutation groups kos Seress May 2012 Cayley graphs The diameter of

The diameter of permutation groups kos Seress The diameter of permutation groups kos Seress May 2012 Cayley graphs The diameter of permutation groups kos Seress Definition G = S is a group. The Cayley graph ( G , S ) has

531 views • 19 slides
An ancient problem: finding l Ratio of a circle s circumference to its diameter =

An ancient problem: finding l Ratio of a circle s circumference to its diameter =

Starting chapter 2 An ancient problem: finding l Ratio of a circle s circumference to its diameter = circumference / diameter # for any circle l Irrational number: an infinite series of non-repeating digits So it can never be

380 views • 12 slides
On sub-determinants and the diameter of polyhedra Martin Niemeier, EPF Lausanne Joint work with:

On sub-determinants and the diameter of polyhedra Martin Niemeier, EPF Lausanne Joint work with:

On sub-determinants and the diameter of polyhedra Martin Niemeier, EPF Lausanne Joint work with: Nicolas Bonifas, Marco Di Summa, Friedrich Eisenbrand, Nicolai H ahnle January 9-13, 2012 1 / 16 Diameter of Polyhedra We consider polyhedra

616 views • 16 slides
Phase II Shaun Alsum 1 What Is Phase II? 500+ kg LXe detector 2m diameter outer vessel,

Phase II Shaun Alsum 1 What Is Phase II? 500+ kg LXe detector 2m diameter outer vessel,

Phase II Shaun Alsum 1 What Is Phase II? 500+ kg LXe detector 2m diameter outer vessel, 1.6m inner Looks like Hamburger = 2 What is it for? Testing full-sized LZ grids (1.5m diameter!) Preproduction grids: study grid

623 views • 20 slides
Mitchell Anderson Fortunate Son , 2017 Acrylic on canvas 200cm diameter 78 3/4in diameter

Mitchell Anderson Fortunate Son , 2017 Acrylic on canvas 200cm diameter 78 3/4in diameter

Mitchell Anderson Fortunate Son , 2017 Acrylic on canvas 200cm diameter 78 3/4in diameter (ANDER00066) Mitchell Anderson Fortunate Son , 2017 Acrylic on canvas 200cm diameter 78 3/4in diameter (ANDER00068) Mitchell Anderson Fortunate Son ,

408 views • 3 slides
Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and Objectives Goals and Objectives CAR adopted the Forest Protocols in 2005 CAR Board directed staff in 2007 to: Initiate a stakeholder process

532 views • 25 slides
MLK CONNECTOR Presented by LARGE DIAMETER PILE REPAIR Brad Hessing & Heather Shoup Midwest

MLK CONNECTOR Presented by LARGE DIAMETER PILE REPAIR Brad Hessing & Heather Shoup Midwest

MLK CONNECTOR Presented by LARGE DIAMETER PILE REPAIR Brad Hessing & Heather Shoup Midwest Geotechnical Conference, September 17-19, 2019 1 PRESENTATION OVERVIEW Installation of Large Diameter Open-Ended Pipe Piles (LDOEP) at the Piers

1.03k views • 72 slides
Lower Bounds for Geometric Diameter Problems Herv e Fournier University of Versailles

Lower Bounds for Geometric Diameter Problems Herv e Fournier University of Versailles

Lower Bounds for Geometric Diameter Problems Herv e Fournier University of Versailles St-Quentin en Yvelines Antoine Vigneron INRA Jouy-en-Josas Lower Bounds for Geometric Diameter Problems p.1/40 Outline Review of previous work on

563 views • 40 slides
VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private

VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private

VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private network that encompasses links across shared or public networks like the Internet. Enable to send data between two computers across a shared or

942 views • 19 slides
PPP The point-to-point protocol 2005/03/11 (C) Herbert Haas PPP versus SLIP PPP Where

PPP The point-to-point protocol 2005/03/11 (C) Herbert Haas PPP versus SLIP PPP Where

PPP The point-to-point protocol 2005/03/11 (C) Herbert Haas PPP versus SLIP PPP Where is PPP used What is the task of LCP What is the task of NCP SLIP Serial Line IP Predecessor of PPP We don't even think of it

519 views • 10 slides
AAA 1 Authentication uthentication : who is actually the person (computer) we are talking to

AAA 1 Authentication uthentication : who is actually the person (computer) we are talking to

AAA 1 Authentication uthentication : who is actually the person (computer) we are talking to Authorization uthorization : does the person (computer) we are talking to have the necessary privileges to the source / use of service / ...

1.32k views • 71 slides
PROTOCOLS ETI 2506 Telecommunication Systems Monday, 7 November 2016 TELECOMMUNICATION

PROTOCOLS ETI 2506 Telecommunication Systems Monday, 7 November 2016 TELECOMMUNICATION

POINT TO POINT DATALINK PROTOCOLS ETI 2506 Telecommunication Systems Monday, 7 November 2016 TELECOMMUNICATION SYLLABUS Principles of Telecom (IP Telephony and IP TV) - Key Issues to remember PPP Frame and Phases Password Authentication

825 views • 15 slides
Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da

Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da

WNP-MPR-Sec 1 Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da Universidade do Porto WNP-MPR-Sec 2 Topics Scheduled for Today Authentication and access control Security basic

775 views • 49 slides
Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists

Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists

Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists of individual systems that are connected to each other. SLIP and PPP Basically, it is wide are network that is built up from point-to-point

412 views • 4 slides
Authentication and Secure Communication Jeff Chase Duke University technology people Where

Authentication and Secure Communication Jeff Chase Duke University technology people Where

Authentication and Secure Communication Jeff Chase Duke University technology people Where are the boundaries of the system that you would like to secure? Where is the weakest link? What happens when the weakest link fails? The First

1.19k views • 60 slides
SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and IPsec 1 What are we trying to accomplish? Alice, Bob want to talk to each other But theyre worried about attack How do you know

1k views • 56 slides

More recommend