5.1 Introduction

In the design of Internet protocols, security is approached in a structured way by analyzing threats, which requires a high‐level understanding of the protocol's communication architecture 1 and has been described in earlier chapters, and then deriving security requirements. These security requirements can then be addressed by various security services, such as data integrity and confidentiality protection, authentication, authorization, etc. The IETF has developed building blocks offering such security services and offers guidance to specification authors on how to engineer security into protocols with RFC 3552 2. Guidance for considering privacy in protocol design is captured in RFC 6973 3.

We approach a description of Diameter security in this book similarly to RFC 3552, in addition we provide background information about information security in Section 5.2. We discuss threats in Section 5.3, followed by a description of security services applied to the Diameter protocol in Section 5.4, and conclude with an example in Section 5.5.

Recall that historically a user would connect to a network by contacting a Network Access Server (NAS) over a land line via a modem, then had to authenticate, probably using a login and password, before being granted access to the Internet or a company network. The NAS then communicated with a back‐end server and the AAA process took place. Since phone lines were not shared, the security of the network access was mainly ...