AAA protocol

	Email		Print
	Bookmark		Link

AAA protocol

In computer security

Computer security

Computer security is a branch of technology known as information security as applied to computers. The objective of computer security can include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy....
, AAA stands for “authentication, authorization and accounting”. The AAA is sometimes combined with auditing and accordingly becomes AAAA.

Authentication : Authentication

Authentication

Authentication is the act of establishing or confirming something as authentic, that is, that claims made by or about the subject are true....
refers to the process of establishing the digital identity

Digital identity

Digital identity refers to the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things....
of one entity to another entity. Commonly one entity is a client (a user, a client computer, etc.) and the other entity is a server (computer). Authentication is accomplished via the presentation of an identity and its corresponding credentials.

Discussion

Ask a question about 'AAA protocol'

Start a new discussion about 'AAA protocol'

Answer questions from other users

Full Discussion Forum

Encyclopedia

In computer security

Computer security

Authentication

Digital identity

Password

A password is a secret word or string of Character that is used for authentication, to prove identity or gain access to a resource . The password must be kept Secrecy from those not allowed access....
s, one-time tokens, digital certificates, and phone numbers (calling/called).

Authorization : Authorization

Authorization

Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular....
refers to the granting of specific types of privileges (including "no privilege") to an entity or a user, based on their authentication, what privileges they are requesting, and the current system state. Authorization may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple login

Logging (computer security)

In computer security, login is the process by which individual access to a computer system is controlled by identification of the User using credentials provided by the user....
s by the same user. Most of the time the granting of a privilege constitutes the ability to use a certain type of service. Examples of types of service include, but are not limited to: IP address

IP address

An Internet Protocol address is a numerical identification that is assigned to devices participating in a computer network utilizing the Internet Protocol for communication between its nodes....
filtering, address assignment, route assignment

Route assignment

Route assignment, route choice, or traffic assignment concerns the selection of routes between origins and destinations in transport networks....
, QoS

QOS

The abbreviation QOS could refer to one of several things:* Quality of service , a measure of the reliability of a computer network or telephone service...
/differential services, bandwidth control/traffic management

Bandwidth management

bandwidth management is the process of measuring and controlling the communications on a network link, to avoid filling the link to capacity or overfilling the link, which would result in network congestion and poor performance....
, compulsory tunneling

Tunneling protocol

The term tunneling protocol is used to describe when one network protocol called the payload protocol is encapsulation within a different delivery protocol....
to a specific endpoint

Endpoint

An endpoint or end point is a mark of termination or completion.* Endpoint , the conclusion of a chemical reaction, particularly for titration...
, and encryption

Encryption

In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key ....
.

Accounting : Accounting refers to the tracking of the consumption of network resource

Resource (computer science)

A resource, or system resource, is any physical or virtual component of limited availability within a computer system. Every device connected to a computer system is a resource....
s by users. This information may be used for management, planning, billing

Billing

Billing may mean:*The process of sending Accounts receivable to customers for goods or services is called billing. The document used is called an invoice....
, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended.

Requirements

RFC 2194 Review of Roaming Implementations
RFC 2477 Criteria for Evaluating Roaming Protocols
RFC 2881 Network Access Server Requirements Next Generation (NASREQNG) NAS Model
RFC 2903 Generic AAA Architecture
RFC 2904 AAA Authorization Framework
RFC 2905 AAA Authorization Application Examples
RFC 2906 AAA Authorization Requirements
RFC 3169 Criteria for Evaluating Network Access Server Protocols
RFC 3539 AAA Transport Profile
RFC 1234 AAA Transport Profile

List of AAA Protocols

RADIUS
RADIUS

Remote Authentication Dial In User Service is a networking protocol that provides centralized access, authorization and accounting management for people or computers to connect and use a network service....
Diameter
TACACS
TACACS

Terminal Access Controller Access-Control System is a remote authentication Protocol that is used to communicate with an authentication server commonly used in Unix networks....
TACACS+
TACACS+

In computer network, TACACS+ is a protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers....

Other protocols used in combination with the above:

PPP
Point-to-Point Protocol

In Computer network, the Point-to-Point Protocol, or PPP, is a Data Link Layer Protocol commonly used to establish a direct connection between two Node ....
EAP
Extensible Authentication Protocol

Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless LAN and Point-to-Point Protocol....
HIP
Host Identity Protocol

The Host Identity Protocol provides a method of separating the end-point identifier and locator roles of IP addresses. It introduces a new Host Identity name space, based on public keys....
PEAP
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol, Protected EAP, or simply PEAP , is a method to securely transmit authentication information, including passwords, over wired or wireless LANs....
LEAP
Lightweight Extensible Authentication Protocol

The Lightweight Extensible Authentication Protocol is a proprietary wireless LAN authentication method developed by Cisco Systems. Important features of LEAP are dynamic Wired Equivalent Privacy keys and mutual authentication ....
LDAP
Lightweight Directory Access Protocol

The Lightweight Directory Access Protocol, or LDAP , is an application protocol for querying and modifying directory services running over Internet protocol suite....

Usage of AAA servers in CDMA data networks

AAA servers in CDMA

Code division multiple access

Code division multiple access is a channel access method utilized by various radio communication technologies. It should not be confused with the List of mobile phone standards called IS-95 and CDMA2000 , this uses CDMA as an underlying channel access method....
data networks are entities that provide Internet Protocol

Internet protocol

Internet protocol may refer to:*The Internet Protocol, a specific protocol implementation in the Internet protocol suite*The Internet protocol suite, a set of communications protocols that are used for the Internet...
(IP) functionality to support the functions of authentication, authorization and accounting. The AAA server in the CDMA wireless data network architecture is similar to the HLR

HLR

HLR may refer to:* Hoffmann-La Roche, a Switzerland global health-care company* GSM core network#Home Location Register , a central database that contains details of each mobile phone subscriber that is authorized to use the GSM and or WCDMA core network...
in the CDMA wireless voice network architecture.

Types of AAA servers include the following:

Access Network AAA (AN-AAA) – Communicates with the RNC
Radio Network Controller

The Radio Network Controller is a governing element in the UMTS radio access network and is responsible for control the Node Bs that are connected to it....
in the Access Network (AN) to enable authentication and authorization functions to be performed at the AN. The interface between AN and AN-AAA is known as the A12
A12 Authentication

A12 Authentication is a CHAP-based mechanism used by a CDMA2000 Access Network to authenticate a 1xEV-DO Access Terminal . A12 authentication occurs when an AT first attempts to access the AN and is repeated after some authentication timeout period....
interface.
Broker AAA (B-AAA) – Acts as an intermediary to proxy AAA traffic between roaming partner networks (i.e., between the H-AAA server in the home network and V-AAA server in the serving network). B-AAA servers are used in CRX networks to enable CRX providers to offer billing settlement functions.
Home AAA (H-AAA) – The AAA server in the roamer's home network. The H-AAA is similar to the HLR in voice. The H-AAA stores user profile information, responds to authentication requests, and collects accounting information.
Visited AAA (V-AAA) – The AAA server in the visited network from which a roamer is receiving service. The V-AAA in the serving network communicates with the H-AAA in a roamer's home network. Authentication requests and accounting information are forwarded by the V-AAA to the H-AAA, either directly or through a B-AAA.

Current AAA servers communicate using the RADIUS

RADIUS

Remote Authentication Dial In User Service is a networking protocol that provides centralized access, authorization and accounting management for people or computers to connect and use a network service....
protocol. As such, TIA

Telecommunications Industry Association

The Telecommunications Industry Association is a global trade association headquartered in the United States that represents about 600 telecommunications companies....
specifications refer to AAA servers as RADIUS servers. However, future AAA servers are expected to use a successor protocol to RADIUS known as Diameter.

The behavior of AAA servers (RADIUS servers) in the CDMA2000

CDMA2000

CDMA2000 is a hybrid 2.5G / 3G technology of mobile telecommunications Standardizations that use CDMA, a multiple access scheme for digital radio, to send voice, data, and Signalling data between mobile phones and cell sites....
wireless IP network is specified in TIA-835.

AAA protocol

Requirements

List of AAA Protocols

Usage of AAA servers in CDMA data networks

External links