japaneseenglish

News/Event

Press Release

Toshiba Corporation and Keio University, in cooperation with WIDE project, have succeeded in implementation and interoperability testing of PANA and Diameter, two essential protocols for providing network access authentication in the next-generation Internet authentication infrastructure.

Toshiba Corporation(hereinafter "Toshiba"; President and CEO, Atsutoshi Nishida) and Keio University (President: Yuichiro Anzai) in collaboration with WIDE Project (hereinafter "WIDE"; Representative: Jun Murai, Vice President and Prof., Faculty of Environmental Information, Keio University) have succeeded in completing the implementation and interoperability testing of PANA and Diameter, a network access authentication protocol and AAA (Authentication, Authorization and Accounting) protocol, respectively. The two protocols are an essential part of the next-generation Internet authentication infrastructure.

The combination of IEEE 802.1X and RADIUS has been used as a solution for providing network access authentication for the Internet. However, the existing solution has several drawbacks, such as lack of flexibility in expanding the usage of the Internet and dependency on specific link-layer technologies (e.g., Wireless LAN).

In order to overcome these drawbacks, IETF, the standards organization for the Internet, has been designing PANA (Protocol for carrying Authentication for Network Access) and Diameter to provide network access authentication in the next-generation authentication infrastructure. The advantages of PANA and Diameter are listed below.

  • As they do not depend on the specific link layer technologies (such as ADSL and wireless LAN), they can flexibly support new wireless technologies and new media types.
  • They are extensible enough to define additional features relating to network access authentication, such as ISP selection.
  • By using the above features, they can be applied to not only the (existing) single domain model, but also the multiple administrative domain model such that users can move between different ISPs, or from fixed network to mobile network, and so on.(See the figure below)

Toshiba, in particular Toshiba America Research Inc. (TARI), has been working towards the standardization of PANA protocol in IETF. TARI has contributed to seven Internet standardization documents (Internet-Draft) as an editor or a co-author. Some of these documents including the PANA base specification are at the final stage of gathering comments for Internet RFC at the coming Prague IETF meeting in March. World-wide network operators and vendors are participating in the standardization of PANA.


Figure: Constructing Multi-domain Authentication environment with PANA/Diameter

TARI has developed and released open-source implementation of PANA and Diameter under the Open Diameter Project (http://www.opendiameter.org/) as a reference implementation..
Toshiba R&D center has implemented CPANA, a proprietary compact implementation targeted for the wide application of PANA in embedded equipment. Toshiba used CPANA for interoperability tests with Keio University.

Keio University Teraoka-Lab has proposed the standard API for the wide deployment of PANA at IETF and developed the implementation based on this standard. The implementation of Diameter uses the WIDE Diameter library developed by WIDE Project and an environment is currently being constructed to enable reciprocal operation of the Keio PANA module. The results of developments have been released within WIDE project, and are will be used as key technologies for various mobile related projects.

In the interoperability test, the operation of each protocol phase of PANA has been confirmed using the two independent implementations by Toshiba and Keio University, where one's client module talks to the other's server module and vice versa. Individual authentication methods are also tested. No major error caused by miss-interpretation of the protocol specification was found. Most errors are caused by the errors in each implementation, which shows the completeness of the PANA specification. A paper on this work was presented at DPS-SIG of Information Processing Society Japan on March 1 and at the general conference of the Institute of Electronics, Information and Communication Engineers held at Meijo University from March 20 - 23. The research results will also be presented at the final report symposium of the JST Project (Analysis and sharing of security information) on March 20,


Terminology
WIDE project
URL: http://www.wide.ad.jp/
WIDE (Widely Integrated Distributed Environment) established in 1988 as a research consortium working on the practical research and development of Internet-related technologies. It has made significant contribution to the development of the Internet through collaborating with many other bodies including 133 companies and 11 universities to carry out joint research projects in a wide range of fields.
Press Contacts
WIDE Project
Keio Research Institute at SFC, Keio University
5322 Endo, Fujisawa-shi, Kanagawa
252-8520, Japan
Phone: +81-466-49-3618
Email: press@wide.ad.jp
Toshiba Corporation R&D Center
1 Komukai-Toshiba-Cho, Saiwai-ku, Kawasaki.
212-8582, JAPAN
Phone: +81-44-549-2056
Keio University, Teraoka-Lab.
Keio University, Yagami Campus
3-14-1 Hiyoshi, Kouhoku-ku, Yokohama
223-8522, Kanagawa, JAPAN
Phone: +81-45-563-1141
  • NSPIXPリンク
  • SOIリンク
  • AIIIリンク
WIDE Award