PERFORMANCE ANALYSIS OF RADIUS AND DIAMETER AUTHENTICATION SYSTEMS IN 802.1X BASED SECURED NETWORKS

Abstract: There is increasing attention to the security challenges of IT-OT networks. Mitigating these challenges needs sophisticated methods to secure such networks, especially by securing access to the network. One valuable strategy that provides security to the network access level is Port-Based Authentication. Any authentication method within the IEEE 802.1x that can be adapted to current network complexity to minimize the attack surface related to the network access level is an area of interest. RADIUS has been a well-known leading protocol for a few decades while Diameter is newly developed from RADIUS as an unknown protocol; there is a lack of resources on the practical level. This thesis analyzes and evaluates RADIUS & Diameter protocols regarding authentication timeand their functionalities. The hardware used for the implementation phase consists of two Raspberry Pi as a server and supplicant, one IEEE 8021.x supporting switch (Ubiquity EdgeSwitch 24 Lite) and two Virtual Machinesalong with the software freeRADIUS & freeDiameter. Analyzing the fact for each protocol by literature study and the implementation result of this thesis, Diameter protocol requires more time to process the authentication than RADIUS. However, there were issues on the implementation that have affected the measurement of authentication time for Diameter. Based on the results, Diameter provides reliability, scalability, and more security than RADIUS. RADIUS shows a stable authentication time as promised. The RADIUS protocol is easy to implement and provides stable authentication, while Diameter still needs more software and documentation improvements.