1 / 4

RADIUS Vs. Criteria

RADIUS Vs. Criteria. Areas of compliance: 8.1. General protocol characteristics 8.1.1 RADIUS Compatibility 8.1.3. Attribute-Value Protocol Model 8.1.3.2. Minimum Set of Attributes 8.1.4.1. Mutual Authentication 8.1.4.2. Shared Secrets 8.2.2.1. PPP Authentication protocols

salvador-stanton
Download Presentation

RADIUS Vs. Criteria

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RADIUS Vs. Criteria Areas of compliance: • 8.1. General protocol characteristics • 8.1.1 RADIUS Compatibility • 8.1.3. Attribute-Value Protocol Model • 8.1.3.2. Minimum Set of Attributes • 8.1.4.1. Mutual Authentication • 8.1.4.2. Shared Secrets • 8.2.2.1. PPP Authentication protocols • 8.3.1. Authorization Protocol Requirements • 8.4.1.2. Real Time Accounting • 8.4.2. Accounting attribute requirements • 8.2.1.3. Multi-phase Authentication • 8.2.1.4. Extensible Authentication Types • 8.2.2.3. Authentication Credentials

  2. RADIUS Vs. Criteria Areas of partial compliance: • 8.2.2.2. User ID – problem w/CLID-only auth. • 8.4.1.4. Acctg Time Stamp - event-timestamp not required. • 8.4.1.5. Acctg Events - no acctg on re-authentication/re-authorization. • 8.1.3.3. Attrib Extensibility -- adding attribs is cumbersome, space is VERY limited. • 8.1.4.4. Encryption of Attribs -- minimal encryption scheme. • 8.1.3.1. Attrib Data Types -- no IPv6, cumbersome to add types. • 8.3.2.2. Authorization Attrib Req’s - no by-value filters, no standard OOB filter mechanism, no QoS. • 8.3.2.1. Authorization Attrib Req’s - Access Restrictions -- no location, event-timestamp not required. • 8.1.2.6. Support for Multiple Administrative Domains -- supports proxy only.

  3. RADIUS Vs. Criteria Areas of non-compliance: • 8.1.4.3 No public key security: only shared secrets • 8.2.1.1 No bi-directional authentication • 8.3.1.1 et al. No dynamic authentication, authorization, resource management • 8.4.1.1 No guaranteed delivery of acctg • 8.4.1.3 No support for batch acctg • 8.4.1.6 No on-demand accounting • 8.4.3.2 No non-repudiation • 8.2.3.1 et al. No end-to-end hiding of credentials/passwords • 8.1.2.4 Poor support for multiple AAA servers • 8.1.2.1 et al. No fast fail-over/flow control

  4. RADIUS Vs. Criteria Conclusion: RADIUS as currently specified does not meet the criteria for a next-generation NAS AAA protocol. The RADIUS protocol cannot be modified to meet those criteria without fundamentally rewriting the protocol specification.

More Related