Change search
ReferencesLink to record
Permanent link

Direct link
Adding bandwidth specification to a AAA Sever
KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS. (CCSlab)
2008 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Authentication, authorization, and accounting (AAA) are key elements in network security. In many networks, clients can use resources only after they have been authenticated by an authentication server and authorized to use these resources. In some cases the server will also maintain accounting records in order for an operator (a provider of resources) to charge the account/subscriber for using the service. There are four main AAA protocols being used today. Of these RADIUS is the mostly widely used.

This thesis starts with an introduction to AAA protocols, and then goes in the details of RADIUS. In order to perform a practical evaluation of how the AAA could be improved, FreeRADIUS was selected as the base code for this project; because this implementation is one of the most widely used RADIUS servers. A proposal for how to improve AAA performance is introduced and the implementation steps needed to realize these improvements are shown. Additionally, some experiments have been conducted to show both the correct functioning of the resulting implementation and to examine if there is a performance improvement. Following this some conclusions are drawn based upon a comparison with a traditional AAA server.

A key element of the change in AAA which is proposed is the use of a non-binary IEEE 802.1x process. This new non-binary solution introduces a new type of AAA server and requires the re-thinking of a number of traditional AAA design decisions. It is expected that this change will have a significant impact, but will require some time for exposure, implementation by others, and a more extensive evaluation that was possible during the period of this thesis project.

One of the most important conclusions drawn during this thesis is the difficulty of making a change in authentication and authorization, because of the large amount of interaction between both the various protocols and the standards which have been developed for these protocols. Thus one of the difficult aspects of the task is how to introduce a change in a protocol while maintaining backward compatibility for others who have not adopted this change -- without requiring the addition of a protocol version field.

A second important conclusion is that doing this implementation in three separate parts with different students being responsible for the different parts revealed just how complex the interaction of protocol design decisions are. While a working version of the entire set of changes proved to be impossible, it was observed that the different parts could be decoupled more than initially expected.

Place, publisher, year, edition, pages
2008. , 104 p.
Trita-ICT-COS, ISSN 1653-6347 ; COS/CCS 2008-19
Keyword [en]
AAA, RADIUS, FreeRADIUS, authentication, non-binary authentication, IEEE 802.1x
National Category
Communication Systems
URN: urn:nbn:se:kth:diva-91684OAI: diva2:511017
Subject / course
Computer Communication
Educational program
Master of Science - Internetworking
2008-09-11, Seminar room Grimeton, Isafjordsgatan 22, Kista, 13:00 (English)
Available from: 2012-03-20 Created: 2012-03-19 Last updated: 2013-09-09Bibliographically approved

Open Access in DiVA

fulltext(713 kB)669 downloads
File information
File name FULLTEXT01.pdfFile size 713 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Zhou, Jia
By organisation
Communication Systems, CoS
Communication Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 669 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 98 hits
ReferencesLink to record
Permanent link

Direct link