A multi-domain access control infrastructure based on Diameter and EAP

Souheil Ben Ayed, Fumio Teraoka

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

The evolution of Internet, the growth of Internet users and the new enabled technological capabilities place new requirements to form the Future Internet. Many features improvements and challenges were imposed to build a better Internet, including securing roaming of data and services over multiple administrative domains. In this research, we propose a multi-domain access control infrastructure to authenticate and authorize roaming users through the use of the Diameter protocol and EAP. The Diameter Protocol is a AAA protocol that solves the problems of previous AAA protocols such as RADIUS. The Diameter EAP Application is one of Diameter applications that extends the Diameter Base Protocol to support authentication using EAP. The contributions in this paper are: 1) first implementation of Diameter EAP Application, called DiamEAP, capable of practical authentication and authorization services in a multi-domain environment, 2) extensibility design capable of adding any new EAP methods, as loadable plugins, without modifying the main part, and 3) provision of EAP-TLS plugin as one of the most secure EAP methods. DiamEAP Server basic performances were evaluated and tested in a real multi-domain environment where 200 users attempted to access network using the EAP-TLS method during an event of 4 days. As evaluation results, the processing time of DiamEAP using the EAP-TLS plugin for authentication of 10 requests is about 20 ms while that for 400 requests/second is about 1.9 second. Evaluation and operation results show that DiamEAP is scalable and stable with the ability to handle more than 6 hundreds of authentication requests per second without any crashes. DiamEAP is supported by the AAA working group of the WIDE Project.

Original languageEnglish
Pages (from-to)503-513
Number of pages11
JournalIEICE Transactions on Information and Systems
VolumeE95-D
Issue number2
DOIs
Publication statusPublished - 2012 Feb

Fingerprint

Access control
Authentication
Network protocols
Internet
Servers
Processing

Keywords

  • Authentication and authorization infrastructure
  • Diameter EAP application
  • Multi-domain access control
  • Roaming service

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Software
  • Artificial Intelligence
  • Hardware and Architecture
  • Computer Vision and Pattern Recognition

Cite this

A multi-domain access control infrastructure based on Diameter and EAP. / Ben Ayed, Souheil; Teraoka, Fumio.

In: IEICE Transactions on Information and Systems, Vol. E95-D, No. 2, 02.2012, p. 503-513.

Research output: Contribution to journalArticle

@article{90fe4cdcf56446e8a47f557bb2c6115a,
title = "A multi-domain access control infrastructure based on Diameter and EAP",
abstract = "The evolution of Internet, the growth of Internet users and the new enabled technological capabilities place new requirements to form the Future Internet. Many features improvements and challenges were imposed to build a better Internet, including securing roaming of data and services over multiple administrative domains. In this research, we propose a multi-domain access control infrastructure to authenticate and authorize roaming users through the use of the Diameter protocol and EAP. The Diameter Protocol is a AAA protocol that solves the problems of previous AAA protocols such as RADIUS. The Diameter EAP Application is one of Diameter applications that extends the Diameter Base Protocol to support authentication using EAP. The contributions in this paper are: 1) first implementation of Diameter EAP Application, called DiamEAP, capable of practical authentication and authorization services in a multi-domain environment, 2) extensibility design capable of adding any new EAP methods, as loadable plugins, without modifying the main part, and 3) provision of EAP-TLS plugin as one of the most secure EAP methods. DiamEAP Server basic performances were evaluated and tested in a real multi-domain environment where 200 users attempted to access network using the EAP-TLS method during an event of 4 days. As evaluation results, the processing time of DiamEAP using the EAP-TLS plugin for authentication of 10 requests is about 20 ms while that for 400 requests/second is about 1.9 second. Evaluation and operation results show that DiamEAP is scalable and stable with the ability to handle more than 6 hundreds of authentication requests per second without any crashes. DiamEAP is supported by the AAA working group of the WIDE Project.",
keywords = "Authentication and authorization infrastructure, Diameter EAP application, Multi-domain access control, Roaming service",
author = "{Ben Ayed}, Souheil and Fumio Teraoka",
year = "2012",
month = "2",
doi = "10.1587/transinf.E95.D.503",
language = "English",
volume = "E95-D",
pages = "503--513",
journal = "IEICE Transactions on Information and Systems",
issn = "0916-8532",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "2",

}

TY - JOUR

T1 - A multi-domain access control infrastructure based on Diameter and EAP

AU - Ben Ayed, Souheil

AU - Teraoka, Fumio

PY - 2012/2

Y1 - 2012/2

N2 - The evolution of Internet, the growth of Internet users and the new enabled technological capabilities place new requirements to form the Future Internet. Many features improvements and challenges were imposed to build a better Internet, including securing roaming of data and services over multiple administrative domains. In this research, we propose a multi-domain access control infrastructure to authenticate and authorize roaming users through the use of the Diameter protocol and EAP. The Diameter Protocol is a AAA protocol that solves the problems of previous AAA protocols such as RADIUS. The Diameter EAP Application is one of Diameter applications that extends the Diameter Base Protocol to support authentication using EAP. The contributions in this paper are: 1) first implementation of Diameter EAP Application, called DiamEAP, capable of practical authentication and authorization services in a multi-domain environment, 2) extensibility design capable of adding any new EAP methods, as loadable plugins, without modifying the main part, and 3) provision of EAP-TLS plugin as one of the most secure EAP methods. DiamEAP Server basic performances were evaluated and tested in a real multi-domain environment where 200 users attempted to access network using the EAP-TLS method during an event of 4 days. As evaluation results, the processing time of DiamEAP using the EAP-TLS plugin for authentication of 10 requests is about 20 ms while that for 400 requests/second is about 1.9 second. Evaluation and operation results show that DiamEAP is scalable and stable with the ability to handle more than 6 hundreds of authentication requests per second without any crashes. DiamEAP is supported by the AAA working group of the WIDE Project.

AB - The evolution of Internet, the growth of Internet users and the new enabled technological capabilities place new requirements to form the Future Internet. Many features improvements and challenges were imposed to build a better Internet, including securing roaming of data and services over multiple administrative domains. In this research, we propose a multi-domain access control infrastructure to authenticate and authorize roaming users through the use of the Diameter protocol and EAP. The Diameter Protocol is a AAA protocol that solves the problems of previous AAA protocols such as RADIUS. The Diameter EAP Application is one of Diameter applications that extends the Diameter Base Protocol to support authentication using EAP. The contributions in this paper are: 1) first implementation of Diameter EAP Application, called DiamEAP, capable of practical authentication and authorization services in a multi-domain environment, 2) extensibility design capable of adding any new EAP methods, as loadable plugins, without modifying the main part, and 3) provision of EAP-TLS plugin as one of the most secure EAP methods. DiamEAP Server basic performances were evaluated and tested in a real multi-domain environment where 200 users attempted to access network using the EAP-TLS method during an event of 4 days. As evaluation results, the processing time of DiamEAP using the EAP-TLS plugin for authentication of 10 requests is about 20 ms while that for 400 requests/second is about 1.9 second. Evaluation and operation results show that DiamEAP is scalable and stable with the ability to handle more than 6 hundreds of authentication requests per second without any crashes. DiamEAP is supported by the AAA working group of the WIDE Project.

KW - Authentication and authorization infrastructure

KW - Diameter EAP application

KW - Multi-domain access control

KW - Roaming service

UR - http://www.scopus.com/inward/record.url?scp=84856405894&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84856405894&partnerID=8YFLogxK

U2 - 10.1587/transinf.E95.D.503

DO - 10.1587/transinf.E95.D.503

M3 - Article

AN - SCOPUS:84856405894

VL - E95-D

SP - 503

EP - 513

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

SN - 0916-8532

IS - 2

ER -