Term Paper on "Diameter vs. Radius Protocols Implications"

Term Paper 7 pages (2291 words) Sources: 12 Style: APA

[EXCERPT] . . . .

Diameter vs. RADIUS protocols

Implications of Diameter and RADIUS on Network Security

The Remote Authentication Dial-in Service (RADIUS) Server was primarily designed to accomplish three specific areas of network and Wide Area Local Area Network (WLAN) security process performance. These three areas the RADIUS protocol is based on are authentication, authorization, and accounting of WLAN traffic. Originally designed to enable WLANs to be more effectively managed (Wirbel, 2004) and secure (Hulme, 2002). The RADIUS protocol is specifically designed to bridge the security requirements between network-based security and user-based authentication (McFedries, 2004). As a result of these factors and the unique role of RADIUS servers based on this protocol, they are predominantly used by Internet Service Providers (ISPs). Having initially been created for providing authentication services throughout a WLAN, the RADIUS protocol progressed from their initial definition 1992 to in 1995 being substantive enough in December 1995 to have a working group established in the IETF. From this initial development, the RADIUS Server standard was issued an initial RFC in January 2007 (Curran, Canning, 2007) as RFC (2039) and upgraded RADIUS RFC (2865) was issued in June of 2000. The development of the RADIUS standard has since seen many vendors implement and tailor the standard to their individual requirements (Wangerien, 2006) including IBM, Lucent, Microsoft, Sun Microsystems, and many networking devices and software vendors. The intent of this paper is to explain the RADIUS protocol and how it accomplishes its three main objectives of providing authentication, authorization, and accounting throughout WLANs configurations, ensuring their security in the process.

Core Functions of the RADIUS Server

The RADIUS protocol is a client/server-based protocol that provides for secured connections across a network, based on the User Datagram Protocol (UDP) (Cox, 2004). The RADIUS server component functions as a connectionless service and is initiated through a daemon process running on a UNIX or Microsoft Windows Server-based operating system server. This daemon process functions independently of any application or other operating system function. The RADIUS protocol runs continuously, seeking out requests for connection requests, authentication sequences and configuration requests. The server then fulfills those that are authenticated, including accounting of the specific events, and then tracks usage over time. As a result of the client/server approach to defining connections using the UDP protocol, it can also function as a proxy server in larger network and Internet-based configurations (Ashley, 2004). Having originally begun as a connectionless service initiated over dial-up connections, the Radius server continues to rely on Point-to-Point (PPP) authentication through Network Access Server (NAS),

The progression of this standard from a security standpoint has quickly progressed from dial-up connections to being the default security standard for the IEEE 802.11i wireless network. The process workflow of the RADIUS protocol has progressed to include support for NAS prompts for logins and passwords, using the Password Authentication Protocol (PAP) to issues an encrypted user name and password back to the client. Based on the responses form the client, the RADIUS protocol either rejects, challenges or accepts the entry. Further, based on this response and the authentication of the user, the RADIUS server protocol also defines which resources and applications can be used by the account logging in. The uses of accounting functions also are initiated. These accounting functions of the RADIUS protocol are explained later in this paper under design objectives (Wangerien, 2006).

The MD5 security algorithm is based on a message digest approach to password management, which is complimentary to the structure of the RADIUS protocol and its extensive use of accounting and usage tracking. The RFC standard for the M5 security protocol is RFC 1321, and it has been defined in its structure for supporting variable length input, producing a 128-bit message digest or database of activity and passwords. As a result of the integration of the Diameter and RADIUS protocols and the MD5 security algorithm both by software and networking products providers, this specific strategy of defining security and accounting for ISPs. There are significant limitations in the RADIUS protocol however, and the Diameter protocol has been designed to better align with ISPs' and WLAN's needs in mind. The factors that are contributing to the growth of Diameter's use based on its design objectives addressing the shortcoming of the RADIUS protocol are defined later in this paper.

Diameter and RADIUS Server Design Objectives

The three main design objectives of both the Diameter and RADIUS protocols are authentication, authorization and accounting (AAA) (Molta, Kozup, 2005) and serve as the foundation of the functional areas of this standard. Each of these areas is briefly defined in this section.

First, authentication is accomplished in both server protocols using constraint-based logic to determine whether users are eligible for requested services (Karyotis, Papavassiliou, 2007). The RADIUS protocol is differentiated from other services by having authentication information stored in the database cache or the local user file. Microsoft's Windows XP and 2000 Series Server operating systems vary in their approach (Ashley, 2004), with these operating systems relying on the development of internal authentication mechanisms while UNIX operating systems rely on external authentication mechanisms throughout this phase of workflows based on both standards (Cox, 2004).

Authorization is a second design objective of the Diameter and RADIUS protocols and defines controls for accessing specific services on the network and also for staying connected to a network of a given period of time. This specific design objective has lead to the development of a series of functions within the RADIUS protocol that treat IP addresses as a perishable access privilege (Karyotis, Papavassiliou, 2007), working in much the same way as the Dynamic Host Configuration Protocol (DHCP) uses a series of leased IP addresses that are provided to individual logins for a specific period of time. The RADUIS protocol refers to this concept of leasing IP addresses as the definition of Access Points (Wangerien, 2006).

The third design objective of ensuring accounting which is a form of an audit trial of the users of a network is typically used by ISPs to manage their billing services. Once a user has been authenticated, their date and time logged on and duration of their use is cataloged and then recorded into an accounting log. Only after a stop record is created from the activity in the online session does the log file end. ISPs have begun to use databases to capture the usage information so it would be possible to automate this entire process as well.

There is also the development of a series of analytics applications that can develop trending analysis (Molta, 2005) to also show the full activity of the entire ISP, in addition to differentiating the class of service and also isolating the most active users of the network as well (Titmus, 2006). As a result of the increased demand for analytics and the development of auditing process workflows based on Business Process Management (BPM) software infrastructures, ISPs and companies running RADIUS protocol have also installed configurations where the actual RADIUS protocol runs independently of authentication and authorization (Hulme, 2002). This is done to allow greater use of analytics applications to manage and audit the start and end of sessions, in addition to the amount of resources including the time take, packets sent and received, bytes of data overall, and any additional billing or usage metrics the ISP has defined for use (Karyotis, Papavassiliou, 2007). As a result of the de-coupling of the RADIUS protocol itself from the accounting features, there has been a corresponding increase in the depth and complexity of the accounting, usage reporting and financial reporting functionality possible based on this standard. ISPs are also using this accounting data to specifically address the sale of add-on or incremental services, using the unique approach that the RADIUS protocol relies on for authentication, which is based on the shared-secret model. None of the shared-secret code or data sent over the network, instead there is a matching algorithm used on both client and server to authenticate the identity of a user. From this approach to authentication through a shared-secret model, ISPs are able to validate who specifically is charging incremental services to their account.

Diameter's Advantages over RADIUS protocol

There are several design shortcomings of the RADIUS protocol that the Diameter protocol has specifically designed to address. As the RADIUS protocol was created in the mid-1990s there have been exponential increases in the complexity and sophistication of security threats (Wirbel, 2004), in addition to the development of entirely new networking and Internet-enabled devices (Molta, 2005) that has forced the development of a more thorough and timely protocol. The following are the key areas that the Diameter protocol addresses that are shortcomings of the RADIUS protocol.

First the RADIUS protocol has a limited size to its attribute data to support a maximum value of 255 versus 16 million octets in a given field value (Wangerien, 2006). This has given ISPs and those implementing Diameter-based networks orders of magnitude more flexibility in terms of defining security and configuration. Second, the RADIUS protocol has a limitation in… READ MORE

How to Reference "Diameter vs. Radius Protocols Implications" Term Paper in a Bibliography

Related Term Papers:

Finding the Diameter Term Paper

Diameter Problem

In this experiment, measuring of the diameter of the sun relative to the average radius of the earth's orbit requires some basic geometric knowledge, particularly in the properties… read more

Term Paper 3 pages (899 words) Sources: 2 Style: MLA Topic: Mathematics / Statistics

---

Effectiveness of Therapist Driven Protocols Article Review

Therapist-Driven Protocols

THE BETTER OPTION

Effectiveness of Therapist-Driven Protocols

The traditional role and task of a respiratory therapist are dictated and thus limited by a physician's order. She may not… read more

Article Review 6 pages (1714 words) Sources: 2 Topic: Healthcare / Health / Obamacare

---

Private Run Prisons vs. Government Run Prisons Who Does a Better Job Research Paper

Privately Operated Prisons vs. Government-Operated Prisons: Who Does a Better Job?

Private prisons are becoming an increasingly popular alternative to government-operated prisons, but the question remains, "Are these private corporations… read more

Research Paper 9 pages (2638 words) Sources: 9 Topic: Crime / Police / Criminal Justice

---

School Retention vs. Social Promotion Term Paper

School Retention vs. Social Promotion

The data for this study will be collected using interviews conducted with key stakeholders such as parents, teachers, school administrators and students in four schools,… read more

Term Paper 3 pages (917 words) Sources: 4 Topic: Education / Teaching / Learning

---

Social Implications of the Animated Sitcoms Term Paper

Social Implications of the Animated Sitcoms

Cartoons have come a long way since Steamboat Willie, and animated sitcoms such as "The Jetsons" and "The Flintsones" rivaled some of the best… read more

Term Paper 4 pages (1312 words) Sources: 1+ Topic: Film / Movies / Television

---

View 100+ more related papers  >>