19-1©2007 Raj JainCSE571SWashington University in St. LouisPart IIPart IIRaj Jain Washington University in Saint LouisSaint Louis, MO [email protected]/Video recordings of this lecture are available at:http://www.cse.wustl.edu/~jain/cse571-07/19-2©2007 Raj JainCSE571SWashington University in St. LouisOverviewOverview TACACS, TACACS+ RADIUS, Packet Format, Accounting Problems with RADIUS Diameter Base Protocol AAA Transport Profile AAA Key Management Principles19-3©2007 Raj JainCSE571SWashington University in St. LouisTACACSTACACS Terminal Access Controller Access-Control System Routing nodes in ARPAnet were called IMPS. IMPs with dial up access were called TIPs. BBN developed TACACS for ARPANET AAA server is a process in a UNIX server - called TACACS daemon. Uses UDP port 49 Username and passwords were sent in clear for authentication⇒ No longer used Cisco adopted TACACS for terminal servers extended TACACS or XTACACS19-4©2007 Raj JainCSE571SWashington University in St. LouisTACACS+TACACS+ Terminal Access Controller Access-Control System Plus Cisco's further improved version of TACACS and XTACACS Not compatible with TACACS Payload is encrypted Described in draft-grant-tacacs-02.txt, Jan 1997. Uses TCP port 4919-5©2007 Raj JainCSE571SWashington University in St. LouisRADIUSRADIUS RFC 2138, June 2000 UDP port 1812 Why UDP?¾ In case of server failure, the request must be re-sent to backup ⇒ Application level retransmission required¾ TCP takes to long to indicate failure¾ Stateless protocol19-6©2007 Raj JainCSE571SWashington University in St. LouisRADIUS Packet FormatRADIUS Packet FormatCodes:1 = Access Request2 = Access Accept3 = Access Reject4 = Accounting request5 = Accounting Response11 = Access Challenge12 = Server Status (experimental)13 = Client Status (Experimental)255 = ReservedCode Identifier Length Authenticator Attributes1B 1B 2B 16B19-7©2007 Raj JainCSE571SWashington University in St. LouisRADIUS Packet Format (Cont)RADIUS Packet Format (Cont) 16B Authenticator is used to authenticate the reply from the RADIUS server In Access-request packets 16B random number is send as authenticator Password in packet = MD5(Shared secret | authenticator) ⊕ password Response Authenticator= MD5(Code|ID|Length|Request Auth|Attributes| Shared secret) All attributes are TLV encoded.19-8©2007 Raj JainCSE571SWashington University in St. LouisRADIUS AccountingRADIUS Accounting RFC 2866, June 2000 Client sends to the server:¾ Accounting Start Packet at service beginning¾ Accounting Stop Packet at end All packets are acked by the server Packet format same as in authentication19-9©2007 Raj JainCSE571SWashington University in St. LouisRADIUS Server ImplementationsRADIUS Server ImplementationsPublic domain software implementations: FreeRADIUS GNU RADIUS JRadius OpenRADIUS Cistron RADIUS BSDRadius TekRADIUS19-10©2007 Raj JainCSE571SWashington University in St. LouisProblems with RADIUSProblems with RADIUS Does not define standard failover mechanism ⇒ varying implementations Original RADIUS defines integrity only for response packets RADIUS extensions define integrity for EAP sessions Does not support per-packet confidentiality Billing replay protection is assumed in server. Not provided by protocol. IPsec is optional Runs on UDP ⇒ Reliability varies between implementation. Billing packet loss may result in revenue loss. RADIUS does not define expected behavior for proxies, redirects, and relays ⇒ No standard for proxy chaining19-11©2007 Raj JainCSE571SWashington University in St. LouisProblems with RADIUS (Cont)Problems with RADIUS (Cont) Does not allow server initiated messages ⇒ No On-demand authentication and unsolicited disconnect Does not define data object security mechanism ⇒ Untrusted proxies can modify attributes Does not support error messages Does not support capability negotiation No mandatory/non-mandatory flag for attributes Servers name/address should be manually configured in clients ⇒ Administrative burden ⇒ Temptation to reuse shared secrets19-12©2007 Raj JainCSE571SWashington University in St. LouisDiameter Base ProtocolDiameter Base Protocol RFC 3588, Sep 2003 Defines standard failover algorithm Runs over TCP and Stream Control Transmission Protocol (SCTP) PDU format incompatible with RADIUS Can co-exist with RADIUS in the same network Supports:¾ Delivery of attribute-value pairs (AVPs)¾ Capability negotiation¾ Error notification¾ Ability to add new commands and AVPs¾ Discovery of servers via DNS¾ Dynamic session key derivation via TLS19-13©2007 Raj JainCSE571SWashington University in St. LouisDiameter Base Protocol (Cont)Diameter Base Protocol (Cont) All data is delivered in the form of AVPs AVPs have mandatory/non-mandatory bit Peer-to-peer protocol ⇒ any node can initiate request. Documents: Base, transport profile, applications Applications: NAS, Mobile IP, Credit control (pre-paid, post-paid, credit-debit), 3G, EAP, SIP19-14©2007 Raj JainCSE571SWashington University in St. LouisAAA Transport ProfileAAA Transport Profile RFC 3539, June 2003 Network Access Identifier (NAI) = User ID Application driven vs. network driven: Network is not the bottleneck for AAA messages ⇒ Application driven. No congestion issues. Slow Failover: TCP time outs ⇒ slow Use of Nagle Algorithm: Many AAA messages are combined in one TCP message Multiple Connections: Max 256 requests in progress between a client and a server Duplicate Detection: Servers and clients recognize duplicate request or responses and discard them. ¾ A single request when duplicated can result in success and failure responses.19-15©2007 Raj JainCSE571SWashington University in St. LouisAAA Transport Profile (Cont)AAA Transport Profile (Cont) Invalidation of Transport Parameter Estimates: Timeouts should account for network congestion Inability to use fast re-transmit: most AAA protocols are always close to initial window set to 1 or 2 Congestion Avoidance: Delayed Acks: application driven ⇒ explicit acks Premature failover: some implementation switch to backup server prematurely Head of line blocking: TCP queue may build up after a packet loss ⇒ hold up other AAA requests on the same connection Connection load balancing:19-16©2007
View Full Document