AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility

Description:

AAA (Authentication, Authorization, Accounting) describes a framework for intelligently controlling access to network resources, enforcing policies, and providing the information necessary to bill for services. 

AAA and Network Security for Mobile Access is an invaluable guide to the AAA concepts and framework, including its protocols Diameter and Radius.  The authors give an overview of established and emerging standards for the provision of secure network access for mobile users while providing the basic design concepts and motivations.

AAA and Network Security for Mobile Access:

• Covers trust, i.e., authentication and security key management for fixed and mobile users, and various approaches to trust establishment.
• Discusses public key infrastructures and provides practical tips on certificates management.
• Introduces Diameter, a state-of-the-art AAA protocol designed to meet today’s reliability, security and robustness requirements, and examines Diameter-Mobile IP interactions.
• Explains RADIUS (Remote Authentication Dial-In User Services) and its latest extensions.
• Details EAP (Extensible Authentication Protocol) in-depth, giving a protocol overview, and covering EAP-XXX authentication methods as well as use of EAP in 802 networks.
• Describes IP mobility protocols including IP level mobility management, its security and optimizations, and latest IETF seamless mobility protocols.
• Includes a chapter describing the details of Mobile IP and AAA interaction, illustrating Diameter Mobile IP applications and the process used in CDMA2000.
• Contains a section on security and AAA issues to support roaming, discussing a variety of options for operator co-existence, including an overview of Liberty Alliance.

This text will provide researchers in academia and industry, network security engineers, managers, developers and planners, as well as graduate students, with an accessible explanation of the standards fundamental to secure mobile access.

 

Foreword.

Preface.

About the author.

Chapter 1: The 3 "A"s: Authentication, Authorization, Accounting.

1.1 Authentication.

1.2 Authorization.

1.3 Accounting.

1.4 Generic AAA architecture.

1.5 Conclusion and further resources.

1.6 Reference.

Chapter 2: Authentication.

2.1 Examples of authentication mechanisms.

2.2 Classes of authentication mechanisms.

2.3 Other resources.

2.4 Reference.

Chapter 3: Key Management Methods.

3.1 Key management Taxonomy.

3.2 Management of symmetric keys.

3.3 Management of public keys & PKIs.

3.4 Further resources.

3.5 Reference.

Chapter 4: Internet Security and Key Exchange Basics.

4.1 Introduction: Issues with link layer-only security.

4.2 Internet Protocol security (IPsec).

4.3 Internet Key Exchange (IKE) for IPsec.

4.4 Transport Layer Security (TLS).

4.5 Additional resources.

4.6 Reference.

Chapter 5: Introduction on Internet Mobility Protocols.

5.1 Mobile IP.

5.2 Shortcomings of Mobile IP base specification.

5.3 Seamless Mobility procedures.

5.4 Further resources.

5.5 References.

Chapter 6: Remote Access Dial-In User Service (RADIUS).

6.1 RADIUS basics.

6.2 RADIUS Messaging.

6.3 RADIUS operation examples.

6.4 RADIUS support for roaming and mobility.

6.5 RADIUS Issues.

6.6 Other resources.

6.7 Reference.

Chapter 7: Diameter: Twice the RADIUS?

7.1 Election for the next AAA protocol.

7.2 Diameter protocol.

7.3 Details of Diameter applications.

7.4 Diameter versus RADIUS: a factor 2?

7.5 Other resources.

7.6 Reference.

Chapter 8: AAA and Security for Mobile IP.

8.1 Architecture and trust model.

8.2 Mobile IPv4 extensions for interaction with AAA.

8.3 AAA extensions for interaction with Mobile IP.

8.4 Conclusion and other resources.

8.5 References.

Chapter 9: PKI: Public Key Infrastructure.

Fundamentals and support for IPsec and mobility.

9.1 Public Key infrastructures: Concepts and elements.

9.2 PKI for mobility support.

9.3 Using certificates in IKE.

9.4 Other resources.

9.5 Reference.

9.6 Appendix A PKCS documents.

Chapter 10: Latest Authentication Mechanisms, EAP Flavors.

10.1 Introduction.

10.2 Protocol overview.

10.3 EAP-XXX.

10.4 Use of EAP in 802 networks.

10.5 Other resources.

10.6 Reference.

Chapter 11: AAA and Identity Management for Mobile Access.

The world of Operator co-existence.

11.1 Operator co-existence and agreements.

11.2 A Practical Example: The Liberty Alliance.

11.3 IETF procedures.

11.4 Further resources.

11.5 Reference.

Index.

描述：
AAA（身份验证、授权、计费）描述了一种智能控制对网络资源的访问、执行策略并提供计费所需信息的框架。

《AAA和移动访问的网络安全》是关于AAA概念和框架的宝贵指南，包括其协议Diameter和Radius。作者概述了为移动用户提供安全网络访问的已建立和新兴标准，并提供基本的设计概念和动机。

《AAA和移动访问的网络安全》包括以下内容：
- 讨论信任，即固定和移动用户的身份验证和安全密钥管理，以及各种建立信任的方法。
- 讨论公钥基础设施，并提供有关证书管理的实用技巧。
- 介绍Diameter，这是一种满足当今可靠性、安全性和稳健性要求的先进AAA协议，并研究Diameter-Mobile IP的交互。
- 解释RADIUS（远程身份验证拨入用户服务）及其最新扩展。
- 详细介绍EAP（可扩展身份验证协议），包括协议概述，以及在802网络中使用的EAP-XXX身份验证方法。
- 描述IP移动性协议，包括IP级移动性管理、其安全性和优化，以及最新的IETF无缝移动性协议。
- 包括一章描述Mobile IP和AAA交互的细节，说明Diameter Mobile IP应用程序和在CDMA2000中使用的过程。
- 包含一个关于支持漫游的安全性和AAA问题的部分，讨论运营商共存的各种选项，包括对Liberty Alliance的概述。

这本书将为学术界和工业界的研究人员、网络安全工程师、管理者、开发人员和规划者以及研究生提供对安全移动访问基本标准的易于理解的解释。

目录：
前言。
前言。
关于作者。
第1章：三个“A”：身份验证、授权、计费。
1.1 身份验证。
1.2 授权。
1.3 计费。
1.4 通用AAA架构。
1.5 结论和进一步资源。
1.6 参考文献。