🔒

Understanding Authentication and AAA Frameworks

Apr 23, 2025

View transcript

Lecture Notes: Authentication and AAA Framework

Introduction to Authentication

  • Common process: Username, password, and sometimes additional factors.
  • Behind the scenes: More complex processes.

AAA Framework

  • Identification: Information everyone has access to (e.g., username, email).
  • Authentication: Proving identity (typically with a password or other factors).
  • Authorization: Grants access to resources based on identity.
  • Accounting: Logs user activity (e.g., login, logout attempts).

Authentication Process Example

  • Logging into a VPN: Username, password communicated to AAA server.
  • AAA server verifies credentials and grants network access.
  • Single Sign-On (SSO): Authenticate once per day for access; limited by time (e.g., 24 hours).

Authentication Protocols

  • RADIUS (Remote Authentication Dial-In User Service):
    • Long-standing protocol for authentication across various systems.
    • Used for VPNs, servers, wireless networks, etc.
  • LDAP (Lightweight Directory Access Protocol):
    • Centralized directory for information management.
    • Adds context to users with attributes (e.g., organizational units, location).
    • Uses X.500 standard for creating directories.

SAML (Security Assertion Markup Language)

  • Open standard for authentication and authorization.
  • Not originally designed for mobile devices.
  • Involves resource server, client, and authorization server.
  • Uses tokens for user authentication access.

TACACS (Terminal Access Controller Access-Control System)

  • Originally for modem dial-up access in ARPANET.
  • TACACS+: Common with Cisco devices, now open standard.

Multi-Factor Authentication (MFA)

  • Adds security: Requires multiple factors (e.g., password, mobile app code, GPS location).
  • Factors:
    • Something you know (e.g., password).
    • Something you have (e.g., mobile device/app).
    • Something you are (e.g., biometrics).
    • Somewhere you are (e.g., GPS).
  • TOTP (Time-based One-Time Password Algorithm):
    • Integrates with mobile apps for dynamic codes.
    • Used by Google, Facebook, Microsoft, etc.

Full transcript