RadSec
Encyclopedia
RadSec is a protocol for transporting RADIUS
datagram
s over TCP
and TLS
.
The RADIUS protocol is a widely deployed authentication and authorization protocol. The supplementary RADIUS Accounting specification also provides accounting mechanisms, thus delivering a full AAA protocol
solution. However, RADIUS is experiencing two major shortcomings as time passes since its initial design: its dependency on the unreliable transport protocol UDP
and the lack of security for large parts of its packet payload. Specifically, for the latter, RADIUS security is based on the MD5
algorithm, which has been proven to be insecure.
The main focus of RadSec is to provide a means to secure the communication between RADIUS/TCP peers on the transport layer
. The most important use of RadSec lies in roaming environments where RADIUS packets need to be transferred through different administrative domains and untrusted, potentially hostile networks. An example for a world-wide roaming environment that uses RadSec to secure communication is eduroam
.
RadSec is currently being standardized in the "RADIUS Extensions" working group of the Internet Engineering Task Force
(IETF).
RADIUS
Remote Authentication Dial In User Service is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network service...
datagram
Datagram
A datagram is a basic transfer unit associated with a packet-switched network in which the delivery, arrival time, and order are not guaranteed....
s over TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
and TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
.
The RADIUS protocol is a widely deployed authentication and authorization protocol. The supplementary RADIUS Accounting specification also provides accounting mechanisms, thus delivering a full AAA protocol
AAA protocol
In computer security, AAA commonly stands for authentication, authorization and accounting.- Authentication :Authentication refers to the process where an entity's identity is authenticated, typically by providing evidence that it holds a specific digital identity such as an identifier and the...
solution. However, RADIUS is experiencing two major shortcomings as time passes since its initial design: its dependency on the unreliable transport protocol UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
and the lack of security for large parts of its packet payload. Specifically, for the latter, RADIUS security is based on the MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
algorithm, which has been proven to be insecure.
The main focus of RadSec is to provide a means to secure the communication between RADIUS/TCP peers on the transport layer
Transport layer
In computer networking, the transport layer or layer 4 provides end-to-end communication services for applications within a layered architecture of network components and protocols...
. The most important use of RadSec lies in roaming environments where RADIUS packets need to be transferred through different administrative domains and untrusted, potentially hostile networks. An example for a world-wide roaming environment that uses RadSec to secure communication is eduroam
Eduroam
eduroam is a secure international roaming service for users in Higher Education. The European eduroam confederation is based on a set of defined organisational and technical requirements that each member of the confederation must agree to and follow.- History...
.
RadSec is currently being standardized in the "RADIUS Extensions" working group of the Internet Engineering Task Force
Internet Engineering Task Force
The Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite...
(IETF).