🔐

AAA Framework in Security 1.1

Sep 2, 2025

View transcript

Overview

This lecture explains the AAA framework (Authentication, Authorization, Accounting) in computer security, focusing on login procedures, device authentication using certificates, and scalable authorization models.

Login Process and AAA Framework

  • The login process starts with identification, where a user claims an identity (e.g., entering a username).
  • Authentication verifies the identity using passwords or additional factors.
  • Authorization determines the level of access a user has to resources.
  • Accounting tracks user activity, such as login times and data usage.
  • The combination of Authentication, Authorization, and Accounting is known as the AAA framework.

Practical AAA Example: VPN Access

  • Users log into a VPN by submitting their credentials to a VPN concentrator.
  • The VPN concentrator sends authentication requests to a central AAA server.
  • The AAA server checks the credentials against its database and approves or denies access.
  • Once authenticated, users gain access to internal systems based on their authorization.

Device Authentication with Certificates

  • Devices can be authenticated using digital certificates, not user passwords.
  • A certificate Authority (CA) manages and issues device certificates.
  • Certificates prove a device is trusted by verifying digital signatures from the CA.
  • Managing certificates allows secure authentication for devices remotely connecting to the network.

Authorization Models and Scalability

  • Authorization grants access to resources using models based on roles, attributes, or groups.
  • Manually assigning permissions to each user for each resource does not scale well.
  • Group-based authorization models, or abstractions, allow efficient management by assigning users to groups with pre-defined permissions.
  • Adding users to a group automatically grants appropriate access to necessary resources.

Key Terms & Definitions

  • Authentication — The process of verifying an individual's identity (e.g., password check).
  • Authorization — The process of granting access rights to resources.
  • Accounting — Tracking user actions and resource usage.
  • AAA Framework — The combined process of Authentication, Authorization, and Accounting.
  • Certificate Authority (CA) — An entity that issues and manages digital certificates.
  • Abstraction (in authorization) — Separating users from resource permissions via roles or groups.

Action Items / Next Steps

  • Review section 4.6 for more details on different authorization models.

Full transcript