uRADIUS Toolkit
December 03, 2018
Blog
The Cypherbridge uRADIUS Toolkit is a compact software library designed for small and medium memory models where resources are carefully managed and balanced.
The Cypherbridge uRADIUS Toolkit is a compact software library designed for small and medium memory models where resources are carefully managed and balanced. The uRADIUS toolkit is a fully integrated client solution including PAP, CHAP, and TLS protected RADIUS over TCP. Integrated at system level, it is compatible with standards based servers including FreeRADIUS.
RADIUS OVERVIEW
RADIUS, an RFC network protocol, provides central Authentication, Authorization, and Accounting (AAA) management for credential based authentication. Authentication tokens such as username and password are transmitted by the RADIUS client in an Access-Request message to the designated RADIUS server. The server searches a database to authenticate the user, then returns the Access-Accept authentication response including authorization level. Authorization can determine access level for the client operations, such as Admin, Technician or User. Unauthorized users trigger an Access-Reject response message. The RADIUS client operates within a security domain, such that the server can process Access-Request from known client IP address.
uRADIUS TOOLKIT
uRADIUS implements RADIUS client authentication and authorization, providing a solution to the management of embedded credentials and access level controls. Embedded credentials may be compiled in the device firmware, and left in default state by the system installer or end user. Devices containing default username password combinations are vulnerable to exploits including well known Botnets deployed into products such as IP Cameras, routers, and baby monitors.
RADIUS can be used for device and user authentication, and interfaced to device level services, such as HTTP, SSH and SMNP. This can be integrated with products in vertical markets including SCADA, industrial control, network and telecom, and wherever authorization and access controls are used.
uRADIUS is integrated with the Cypherbridge uSSL TLS SDK. Authorization tokens are securely transmitted over TCP/TLS, which protects PAP and CHAP MD5 based tokens.
uRADIUS API
The uRADIUS Toolkit provides a well-defined API that containing the authorization request information including username, password, shared secret, designated server and port. uRADIUS processes the request and returns the response including access accept/reject result, and authorization level data.
PLATFORM KIT
The uRADIUS toolkit uses well-defined chip, board, RTOS and network porting interfaces. Tasks and timers can be implemented in a non-threaded or RTOS based design. The toolkit is delivered pre-built and tested on a standard target evaluation kit, and including the integrated platform kit, along with toolchain workspace project files.
SYSTEM INTEGRATION
uRADIUS Toolkit is fully documented. The User Guide includes step-by-step installation and configuration of FreeRADIUS server. TLS based X.509 certificates can be generated with the included offline script and compiling utilities.
TOOLKIT FEATURES
- RFC6613 RADIUS over TCP and RFC6614 RADIUS TCP/TLS
- Scalable centralized administration with IT systems
- Portable ANSI-C source code library
- Toolchain support includes GCC, Keil uVision, and IAR EWARM