The AAA advantage

In 2020, around 22 billion internet of things (IoT) connected devices were in use around the globe, a number that’s expected to reach 50 billion by 2030, according to Statista. As networks become more complex and vast, configuring and controlling access to guarantee security without Authentication, Authorization, and Accounting (AAA) is virtually impossible. Put simply, AAA is one of the gatekeepers of the modern telecommunications network.

Device use continues to surge as 5G and the IoT ecosystem become more widespread. Plus, operators now offer more granular and contextual plans for different customers, as well as advanced billing and charging plans for an ever-increasing array of services. As the number of devices connected to a network as well as the services available to them proliferate, networks are more susceptible not only to accounting errors but also to security breaches and threats such as identity theft. AAA assumes a significant role in providing security for these changing network needs.

Authentication, authorization, and accounting are business-critical functions within Service Provider networks. They’re key to improving the subscriber experience and essential to supporting data services growth and new opportunities in fixed-mobile convergence and LTE. Service providers need a flexible underlying access control infrastructure that provides carrier-grade performance and scalability, enabling them to take full advantage of these opportunities — across multiple networks simultaneously.

AAA is often is implemented as a dedicated server. This term is also referred to as the AAA Protocol. The AAA server does just as its name suggests: it authenticates or validates subscribers and their credentials, verifies what services and QoS each subscriber is authorized to access, and provides proper accounting so that customers are accurately billed for the services they use.

The first step in AAA security is Authentication. Authentication refers to unique identifying information from each system user, generally in the form of a username and password. System administrators monitor and add or delete authorized users from the system. It serves as the first line of defense in protecting network resources against fraud and identity theft, employing multimodal authentication methods. Whenever anyone tries to access the network, the job of the Authentication function is identifying whether they are meant to be granted access, and also making sure that the user is in fact who they claim to be.

Once authenticated, the next step is determining what policies apply to the user. These policies will govern the user’s authorization levels, defining what resources, services, and QoS the user can access. Users may be given different authorization levels that limit their access to the network and associated resources. AAA policies can be defined on a host of parameters, such as the time or day, the user’s location, how often they’ve logged in, how much bandwidth they’ve consumed, and fair usage. Other associated types of authorization service include IP address filtering, bandwidth traffic management and encryption.

The final step for the AAA server is to take stock of the network resources accessed by the user, such as data consumption and duration of their session. These usage details serve two purposes. One, they make sure the user is accurately invoiced for their consumption. Another important aspect of accounting is to enable administrators to access audit logs to review how and by whom the network was accessed. This may include, but is not limited to, real-time accounting of time spent accessing the network, the network services employed or accessed, capacity analysis, network cost allocations, billing data, login data for user authentication and authorization, and the data or data amount accessed or transferred.

As cases of data breaches such as identity theft continue to increase, telecom AAA assumes a vital role in strengthening a telco’s data assets by enabling sound practices in identity and access management. With AAA, controlling access does not require a statically configured network, pre-defined connectivity modes, fixed or immovable systems, or even fixed IP addresses by enabling operators to secure the network using more granular techniques such as integrating user directories to provide access to specific groups of users.

The NFV- and 5G-compliant AAA overcomes the previous limitations of physical hardware. With its evolved architecture, the future-proof virtualized AAA helps operators optimize infrastructural resources and makes sure the network remains secure even when traffic increases. The stateless AAA stores sessions and application states in a centralized database, distributing the transaction load for faster response times while guaranteeing security.

AAA is a crucial network function and the AAA server is at the heart of operations for some of the largest telcos, with millions of subscribers benefiting from its capabilities. The cutting-edge solution is high-performance, self-healing, open (via REST and API gateway), and highly configurable, serving diverse use cases. AAA transformation enables even large operators to seamlessly replace the core network functionality without impacting existing systems.