Lecture Notes: Authentication, Authorization, and Accounting (AAA)

Overview of Login Process

• Identification: Claim identity by providing a username.
• Authentication: Verification process using username, password, and additional authentication factors.
  • Confirms identity by checking known credentials.
• Authorization: Determines access level to resources.
  • Example: Shipping department accesses shipping resources, not finance.
• Accounting: Logs activities such as login time, data transfer, and logout.
• AAA Framework: Consists of Authentication, Authorization, and Accounting.

Practical Example of AAA Using VPN

• VPN Concentrator: Acts as a barrier needing AAA to access internal resources.
• Process:
  1. User accesses VPN concentrator.
  2. Provides username and password.
  3. VPN concentrator forwards credentials to a central AAA server.
  4. AAA server validates credentials and responds to the concentrator.
  5. Upon validation, access is granted to internal resources.

Ensuring Device Authorization

• Challenge: Verify authorized devices on a network.
• Solution: Use certificates for device authentication.
  • Certificate Authority (CA): Manages certificates.
  • Process:
    • Create a device certificate signed by CA.
    • Device uses certificate for authentication.
    • Verify certificate against CA.

Authorization Models

• Authorization Challenge: Scaling access rights for large numbers of users/resources.
• Role-Based Approach:
  • Users are added to groups with predefined access rights.
  • Example: Shipping & Receiving group has access to specific resources.
• Benefits:
  • Simplifies administration.
  • Scales easily with the number of users/resources.
• Implementation:
  • Create groups with necessary access.
  • Add users to relevant group to provide access.

Conclusion

• The AAA framework is critical for managing security and access in large systems.
• Effective use of certificates and role-based authorization models enhances security and scalability.