AAA (Authentication, Authorization, Accounting) describes a framework for intelligently controlling access to network resources, enforcing policies, and providing the information necessary to bill for services. 

AAA and Network Security for Mobile Accessis an invaluable guide to the AAA concepts and framework, including its protocols Diameter and Radius.  The authors give an overview of established and emerging standards for the provision of secure network access for mobile users while providing the basic design concepts and motivations.

AAA and Network Security for Mobile Access:

• Covers trust, i.e., authentication and security key management for fixed and mobile users, and various approaches to trust establishment.
• Discusses public key infrastructures and provides practical tips on certificates management.
• Introduces Diameter, a state-of-the-art AAA protocol designed to meet today’s reliability, security and robustness requirements, and examines Diameter-Mobile IP interactions.
• Explains RADIUS (Remote Authentication Dial-In User Services) and its latest extensions.
• Details EAP (Extensible Authentication Protocol) in-depth, giving a protocol overview, and covering EAP-XXX authentication methods as well as use of EAP in 802 networks.
• Describes IP mobility protocols including IP level mobility management, its security and optimizations, and latest IETF seamless mobility protocols.
• Includes a chapter describing the details of Mobile IP and AAA interaction, illustrating Diameter Mobile IP applications and the process used in CDMA2000.
• Contains a section on security and AAA issues to support roaming, discussing a variety of options for operator co-existence, including an overview of Liberty Alliance.

This text will provide researchers in academia and industry, network security engineers, managers, developers and planners, as well as graduate students, with an accessible explanation of the standards fundamental to secure mobile access.

Authentication, authorization and accounting sums up this approach to controlling access to networks, enforcing policies and still providing the information necessary to bill for services in mobile access. The authors, both practitioners, describe the concepts behind the catchy acronym, showing how authentication affects clients as well as messages, how authorization differs form authentication, and how in accounting, structure, security and reliability is important even in the lowest-risk situations. They cover key management methods, Internet security and key exchange basics, Internet mobility protocols, diameters, security for mobile IP, public key infrastructure, limited IP authentication mechanisms, and the world of operator co-existence, including building trust at a non- technological level.
Annotation ©2005 Book News, Inc., Portland, OR (booknews.com)

Authentication, authorization and accounting sums up this approach to controlling access to networks, enforcing policies and still providing the information necessary to bill for services in mobile access. The authors, both practitioners, describe the concepts behind the catchy acronym, showing how authentication affects clients as well as messages, how authorization differs form authentication, and how in accounting, structure, security and reliability is important even in the lowest-risk situations. They cover key management methods, Internet security and key exchange basics, Internet mobility protocols, diameters, security for mobile IP, public key infrastructure, limited IP authentication mechanisms, and the world of operator co-existence, including building trust at a non- technological level. Annotation ©2005 Book News, Inc., Portland, OR (booknews.com)

"…serves to provide planners and researchers in both academic and professional capacities a way in which to completely access pertinent data in a logical and clearly defined manner." (Electric Review, September/October 2006)

Madjid Nakhjiriis currently a researcher and network architect with Motorola Labs. He has been involved in the wireless communications industry since 1994. Over the years, Madjid has participated in the development of many cellular and public safety mission-critical projects, ranging from cellular location detection receiver design and voice modeling simulations to the design of architecture and protocols for QoS-based admission, call control, mobile VPN access and AAA procedures for emergency response networks. Madjid has been active in the standardization of mobility and security procedures in IETF, 3G and IEEE since 2000 and is a coauthor of a few IETF RFCs. Madjid has also coauthored many IEEE papers, chaired several IEEE conference session and has many patent applications in process.

Mahsa Nakhjiriis currently a systems engineer with Motorola Personal Devices and is involved in future cellular technology planning. Mahsa holds degrees in Mathematics and Electrical Engineering and has specialized in mathematical signal processing for antenna arrays. She has been involved in research on cellular capacity planning and modeling, design and simulation of radio and link layer protocols and their interaction with transport protocols in wireless environments. Mahsa has also worked with cellular operators on mobility and AAA issues from an operator perspective.

Foreword.

Preface.

About the Author.

Chapter 1: The 3 “A”s: Authentication, Authorization, Accounting.

1.1 Authentication Concepts.

1.2 Authorization.

1.3 Accounting.

1.4 Generic AAA Architecture.

1.5 Conclusions and Further Resources.

1.6 References.

Chapter 2: Authentication.

2.1 Examples of Authentication Mechanisms.

2.2 Classes of Authentication Mechanisms.

2.3 Further Resources.

2.4 References.

Chapter 3: Key Management Methods.

3.1 Key Management Taxonomy.

3.2 Management of Symmetric Keys.

3.3 Management of Public Keys and PKIs.

3.4 Further Resources.

3.5 References.

Chapter 4: Internet Security and Key Exchange Basics.

4.1 Introduction: Issues with Link Layer-Only Security.

4.2 Internet Protocol Security.

4.3 Internet Key Exchange for IPsec.

4.4 Transport Layer Security.

4.5 Further Resources.

4.6 References.

Chapter 5: Introduction on Internet Mobility Protocols.

5.1 Mobile IP.

5.2 Shortcomings of Mobile IP Base Specification.

5.3 Seamless Mobility Procedures.

5.4 Further Resources.

5.5 References.

Chapter 6: Remote Access Dial-In User Service (RADIUS).

6.1 RADIUS Basics.

6.2 RADIUS Messaging.

6.3 RADIUS Operation Examples.

6.4 RADIUS Support for Roaming and Mobility.

6.5 RADIUS Issues.

6.6 Further Resources.

6.7 References.

Chapter 7: Diameter: Twice the RADIUS?

7.1 Election for the Next AAA Protocol.

7.2 Diameter Protocol.

7.3 Details of Diameter Applications.

7.4 Diameter Versus RADIUS: A Factor 2?

7.5 Further Resources.

7.6 References.

Chapter 8: AAA and Security for Mobile IP.

8.1 Architecture and Trust Model.

8.2 Mobile IPv4 Extensions for Interaction with AAA.

8.3 AAA Extensions for Interaction with Mobile IP.

8.4 Conclusion and Further Resources.

8.5 References.

Chapter 9: PKI: Public Key Infrastructure: Fundamentals and Support for IPsec and Mobility.

9.1 Public Key Infrastructures: Concepts and Elements.

9.2 PKI for Mobility Support.

9.3 Using Certificates in IKE.

9.4 Further Resources.

9.5 References.

9.6 Appendix A PKCS Documents.

Chapter 10: Latest Authentication Mechanisms, EAP Flavors.

10.1 Introduction.

10.2 Protocol Overview.

10.3 EAP-XXX.

10.4 Use of EAP in 802 Networks.

10.5 Further Resources.

10.6 References.

Chapter 11: AAA and Identity Management for Mobile Access: The World of Operator Co-Existence.

11.1 Operator Co-existence and Agreements.

11.2 A Practical Example: Liberty Alliance.

11.3 IETF Procedures.

11.4 Further Resources.

11.5 References.

Index.