AAA and Network Security for Mobile Access

Nakhjiri, Madjid; Nakhjiri, Mahsa

doi:10.1002/0470017465

Cited by 33 publications

(9 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Network security refers to the term AAA (Authentication, Authorization and Accounting) to define the access control architectures. The AAA architectures normally consist of three entities: the user requesting the access, an Access Server at the network edge controlling access to the network and an AAA server that grants or denies the access based on the access credentials provided by the user [25]. The AAA architectures require a standardized protocol between the access server and the user information repository in the AAA server in order to exchange the access control related information.…”

Section: Access Controlmentioning

confidence: 99%

“…The DIAMETER server is responsible for processing the request message, authentication of the user and returning the access parameters necessary for the DIAMETER client to deliver the services. Upon receiving the access request, the DIAMETER server carries the verification process locally and responds with: access denial, access granted with authorization parameters, or throws additional authentication queries to the user requesting the access [25]. Figure 2.6 presents a DIAMETER based access control setup, where the remote client Host-A requests a service in the private network and is being authenticated by the Network Access Server (NAS) and the Diameter Server, using the DIAMETER protocol.…”

Section: Diamater Protocolmentioning

confidence: 99%

See 1 more Smart Citation

Security Mechanisms for a Cooperative Firewall

Kabir

Kantola

Santos

2014

2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security

View full text Add to dashboard Cite

A solution is proposed at COMNET department of Aalto University, which is called Customer Edge Switching and it has resulted in a prototype called Customer Edge Switches (CES). While it addresses many of the current Internet issues i.e. reachability problem, IPv4 address space depletion, so far security has generally been considered out of scope.This thesis aims at identifying the security vulnerabilities present within the CES architecture.The architecture is secured against various network attacks by presenting a set of security models. The evaluation and performance analysis of these security models proves that the CES architecture is secured against various network attacks only by introducing minimal delay in connection establishment. The delay introduced does not affect the normal communication pattern and the sending host does not notice a difference compared to the current situation.For legacy interworking a CES can have the Private Realm Gateway (PRGW) function. The security mechanisms for PRGW also generate promising results in terms of security. The thesis further contributes towards security by discussing a set of deployment models for PRGW and CES-to-CES communication.

show abstract

Section: Access Controlmentioning

confidence: 99%

Section: Diamater Protocolmentioning

confidence: 99%

Security Mechanisms for a Cooperative Firewall

Kabir

Kantola

Santos

2014

2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security

View full text Add to dashboard Cite

show abstract

“…The Diameter protocol was specified in 2003 to address the issues of previous AAA protocols such as TACACS+ or RADIUS 1 [18]. Although it was not designed as a generic AAA protocol, it possesses many of its properties [20], allowing extensions that go beyond the scope of network access such as bootstrapping [14].…”

Section: Introductionmentioning

confidence: 99%

Towards a Global AAA Framework for Internet

Decugis¹

2009

2009 Ninth Annual International Symposium on Applications and the Internet

View full text Add to dashboard Cite

A common Authentication, Authorization and Accounting (AAA) framework enables communication between control structures across several interconnected organizations. It is a requirement to allow users mobility or emergence of new distributed services. The path leading to a global framework contains many obstacles, technical and political, that must be overcome to achieve new generation network features such as pervasive computing. While creating a new framework implementation focused on extensibility, we have found some issues in Diameter, the state-of-the-art AAA framework in Internet. This paper summarizes the fundamentals of a AAA architecture, then presents our implementation waaad and our findings on Diameter limitations. It shows that Diameter is suitable for AAA in the future, but some problems must be addressed first. The next phase in our evaluation of the Diameter framework is the deployment of our implementation in a multi-realm environment, one step closer to a global AAA framework.

show abstract

“…IMS [3], [4], [17] is a standardized framework typically used by telecom operators to provide mobile and fixed multimedia services in an all IP environment. In order to Figure 1 Examples of multi-domain services provide authentication, authorization and accounting (AAA) services in IMS networks typically the AAA architecture and framework is used [5], [6]. The main challenge related to the use of the AAA architecture for multi-domain services, which is not previously described in literature, is the fact that the scenario where one user has several accounting relationships for one service that crosses multiple domains is not taken into account.…”

Section: Introductionmentioning

confidence: 99%

AAA architectures applied in multi-domain IMS (IP Multimedia Subsystem)

Ooms

Karagiannis

Deventer

et al. 2007

2007 IEEE Globecom Workshops

View full text Add to dashboard Cite

Abstract-There is a group of communication services that use resources from multiple domains in order to deliver their service. Authorization of the end-user is important for such services, because several domains are involved. There are no current solutions for delivering authentication, authorization and accounting (AAA) to multi-domain services. In our study we present two architectures for the delivery of AAA to such services. The architectures are analyzed on their qualitative aspects. A result of this analysis is that direct interconnection of AAA servers is an effective architectural solution. In current multi-domain IP Multimedia Subsystem (IMS) architectures, direct interconnection of AAA servers, such as the Home Subscriber Servers (HSS), is not yet possible. In this paper we argue and recommend to extend the IMS specification by adding a new interface to HSS in order to support the direct interconnection of HSS/AAA servers located in different IMS administrative domains.

show abstract

AAA and Network Security for Mobile Access

Cited by 33 publications

References 0 publications

Security Mechanisms for a Cooperative Firewall

Security Mechanisms for a Cooperative Firewall

Towards a Global AAA Framework for Internet

AAA architectures applied in multi-domain IMS (IP Multimedia Subsystem)

Contact Info

Product

Resources

About