AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility (Hardcover)
In today’s world, where computer viruses and security threats are common themes in
anything from Hollywood movies and TV advertisements to political discussions, it seems
unthinkable to ignore security considerations in the design and implementation of any
network. However, it is only in the past 4–5 years that talkative security experts have been
invited to the design table from the start. The common thinking only 5 years ago was either:
this is somebody else’s problem or let us design the major functionalities first, then bring in a
cryptographer to secure it! This treatment of security as an add-on feature typically led either
to design delays, overheads and extra costs when the “feature” had to be included, or to
ignored security provisioning when the “feature” was not a must. The problem, of course,
stemmed from the fact that security “features” have rarely been revenue-makers. As we all
know, many political, social and economic events in the last half decade have forced the
designers, regulators and businessmen to adjust their attitudes towards security considerations.
People realized that although security measures are not revenue-makers, their lack is
indeed a deal breaker, to say the least, or has catastrophic aftermaths, at worst.
The Internet Engineering Task Force (IETF) has also played an important role in establishing
the aforementioned trend by making a few bold moves. The rejection of some very
high profile specifications due to the lack of proper security considerations was a message to
the industry that security is not to be taken lightly. This was done in a dot.com era where the
Internet and its applications seemed to have no boundaries and security provisioning seemed
to be only a barrier rather than an enabler.
