The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Access control is a crucial component to networked systems. An approach to providing access control for services on a network is to provide access control servers, which authenticate and authorize supplicants, and network devices, which broker communication between supplicants and the access control servers as well as between supplicants and the other servers or services in the network. One type of access control server is provided using an Authentication, Authorization, and Accounting (AAA) server. An AAA server may implement any number of protocols including Remote Authentication Dial In User Service (RADIUS), Diameter, Terminal Access Controller Access Control System (TACACS+), Extensible Authentication Protocol (EAP), Protected Extensible Authentication Protocol (PEAP), Extensible Authentication Protocol/Transport Level Security Protocol (EAP-TLS), Lightweight Extensible Authentication Protocol (LEAP), and Extensible Authentication Protocol-Subscriber Identity Module Protocol (EAP-SIM).
For each of these protocols, one or more “access messages” must be sent between the supplicant and the access control server in order to authenticate and authorize the supplicant. If a supplicant sends a message that is incorrectly formatted (“poorly formed”), the access control server may simply reject the message, possibly sending a response to inform the supplicant that the message is poorly formed. If the supplicant sends a well-formed message, that is, a message that conforms to the format of the appropriate protocol(s), then the access control server acts on the content of the message.
In some cases, however, and particularly when a supplicant is misconfigured, the supplicant may send a well-formed message, the content of which is inappropriate. Processing these inappropriate messages can cause undue load on the access control server, especially if the message is repeatedly sent from the supplicant to the access control server. This can result in legitimate, but improperly configured, devices generating substantial erroneous traffic that can downgrade or suspend the ability of the access control server to service appropriate requests.
These considerations are particularly important with the introduction of EAP over RADIUS as EAP provides an EAP communication “channel”, from the server to the supplicants, “bridged” over the RADIUS client. In such an instance, the EAP/RADIUS supplicants (end clients attempting access such as laptops (EAP-TLS), cellular phones (EAP-SIM), or personal data assistants (LEAP)) have a direct logical communication channel to the access control server for the authentication process. The use of the EAP protocols increases the risks for both deliberate denial-of-service (“DOS”) attacks by rogue EAP supplicants as well as unintended server request flooding by legitimate users with misconfigured supplicant software.
Consider, for example, a Wireless Local Area Network (WLAN) scenario in which a misconfigured supplicant attempts to make several network connections to several adjacent WLAN access points within the same second. Each of these connections will generate a new access message to the access control server, causing unnecessary load on the access control server. Even a relatively small number of such misconfigured supplicants can degrade AAA server performance and a larger number can generate enough traffic to significantly impair the performance of the AAA server. The degradation of server performance caused by such misconfigured devices or malicious attacks reduces the load of legitimate access control messages that a particular access control server is able to service, and thereby reduces the scalability and increases the cost of the system as a whole.
Based on the foregoing, there is clearly a need for an approach to reduce the impact of erroneous messages from misconfigured supplicants and purposefully malicious entities.