Submitted by Reshmi Philip

RADIUS-An Overview
Internet, the network of networks holds its base firmly on the three As for securing its
communications. A- Authentication, A-Authorization and A-Accounting. The model based on
these three Aces of security and privacy in internet communications can be ideally be called
as AAA model.AAA model is a security architecture used for distributed systems, which
enables control over which users are allowed access to which services, and how much of the
resources they have used[1].
Remote Authentication Dial-in user service, abbreviated as RADIUS is a access control
networking protocol which provides the functionality of an AAA model and effectively
performs its services in a client server environment. This authentication protocol created by
Livingston ,if explained in detail, is used for implementing authentication, authorization,
and accounting information between a Network Access Server that would like to authenticate
its links and a shared authentication Server.
According to RFC 2865 and RFC 2866,
Some of the key Features Of RADIUS can be defined as

Uses UDP as a transport protocol
Uses a hop-by-hop Security model

Fig 1 A hop-by-hop Security model[2]
Is Stateless

Network security is ensured by authentication by a shared secret key which is never
sent over the network. User passwords are encrypted before sending through the
networks

Submitted by Reshmi Philip
It works like a client/server system which is in charge of the creation of the far-away
users that would access the network. Moreover it is the main protocol used by the
internet provider
Flexible Authentication Mechanisms[2]: The RADIUS server can support a variety of
methods to authenticate a user. When it is provided with the user name and original
password given by the user, it can support PPP PAP or CHAP, UNIX login, and other
authentication mechanisms.
Extensible Protocol[2][3]: All transactions are comprised of variable length
Attribute-Length-Value 3-tuples. New attribute values can be added without
disturbing existing implementations of the protocol.
RADIUS mainly uses a server known as the RADIUS server which will be linked to an
identication base and also a RADIUS client, known as NAS (Network Access
Server), an intermediary between the user and the server.


Fig 2 : The working of RADIUS [4]




Submitted by Reshmi Philip
The Main Limitation of RADI US
RADIUS is strictly a client-server protocol :
And hence there are many problems with the owner protocols when a server must kill a
hacker session on a client.

References
[1] http://en.wikipedia.org/wiki/AAA_protocol
[2] Jonathan Hassell Radius Oreilly 2002
[3] RFC 2865, RFC 2866
[4] http://support.novell.com/techcenter/articles/dnd19990504.html