AAA and Network Security for Mobile Access
Radius, Diameter, EAP, PKI and IP Mobility

The problem of providing secure network access for remote mobile users is becoming more and more complicated. Therefore the IETF have developed several standards (RADIUS, DIAMETER) to systematize the security mechanisms.

It also: describes IP mobility protocols including IP level mobility management, its security and optimizations, and latest IETF seamless mobility protocols; includes a chapter describing the details of Mobile IP and AAA interaction, illustrating Diameter Mobile IP applications and the process used in CDMA2000; and contains a section on security and AAA issues to support roaming, discussing a variety of options for operator co-existence, including an overview of Liberty Alliance. This text will provide researchers in academia and industry, network security engineers, managers, developers and planners, as well as graduate students, with an accessible explanation of the standards fundamental to secure mobile access.

Foreword.

Preface.

About the Author.

Chapter 1: The 3 "A"s: Authentication, Authorization, Accounting.

1.1 Authentication Concepts.

1.2 Authorization.

1.3 Accounting.

1.4 Generic AAA Architecture.

1.5 Conclusions and Further Resources.

1.6 References.

Chapter 2: Authentication.

2.1 Examples of Authentication Mechanisms.

2.2 Classes of Authentication Mechanisms.

2.3 Further Resources.

2.4 References.

Chapter 3: Key Management Methods.

3.1 Key Management Taxonomy.

3.2 Management of Symmetric Keys.

3.3 Management of Public Keys and PKIs.

3.4 Further Resources.

3.5 References.

Chapter 4: Internet Security and Key Exchange Basics.

4.1 Introduction: Issues with Link Layer-Only Security.

4.2 Internet Protocol Security.

4.3 Internet Key Exchange for IPsec.

4.4 Transport Layer Security.

4.5 Further Resources.

4.6 References.

Chapter 5: Introduction on Internet Mobility Protocols.

5.1 Mobile IP.

5.2 Shortcomings of Mobile IP Base Specification.

5.3 Seamless Mobility Procedures.

5.4 Further Resources.

5.5 References.

Chapter 6: Remote Access Dial-In User Service (RADIUS).

6.1 RADIUS Basics.

6.2 RADIUS Messaging.

6.3 RADIUS Operation Examples.

6.4 RADIUS Support for Roaming and Mobility.

6.5 RADIUS Issues.

6.6 Further Resources.

6.7 References.

Chapter 7: Diameter: Twice the RADIUS?

7.1 Election for the Next AAA Protocol.

7.2 Diameter Protocol.

7.3 Details of Diameter Applications.

7.4 Diameter Versus RADIUS: A Factor 2?

7.5 Further Resources.

7.6 References.

Chapter 8: AAA and Security for Mobile IP.

8.1 Architecture and Trust Model.

8.2 Mobile IPv4 Extensions for Interaction with AAA.

8.3 AAA Extensions for Interaction with Mobile IP.

8.4 Conclusion and Further Resources.

8.5 References.

Chapter 9: PKI: Public Key Infrastructure: Fundamentals and Support for IPsec and Mobility.

9.1 Public Key Infrastructures: Concepts and Elements.

9.2 PKI for Mobility Support.

9.3 Using Certificates in IKE.

9.4 Further Resources.

9.5 References.

9.6 Appendix A PKCS Documents.

Chapter 10: Latest Authentication Mechanisms, EAP Flavors.

10.1 Introduction.

10.2 Protocol Overview.

10.3 EAP-XXX.

10.4 Use of EAP in 802 Networks.

10.5 Further Resources.

10.6 References.

Chapter 11: AAA and Identity Management for Mobile Access: The World of Operator Co-Existence.

11.1 Operator Co-existence and Agreements.

11.2 A Practical Example: Liberty Alliance.

11.3 IETF Procedures.

11.4 Further Resources.

11.5 References.

Index.