AAA RADIUS Software, AAA Server, RADIUS servers
AAA RADIUS Server, RADIUS Software
AAA RADIUS Server AAA RADIUS Software AAA RADIUS Authentication AAA RADIUS Protocol AAA Server, AAA Software Linux RADIUS Server AAA RADIUS Servers

RAD-Series RADIUS Server Secures KT's NESPOT, the World's Largest WiFi Hotspot

WiFi Hotspot Project Overview

The world’s largest wireless LAN (WiFi) hotspot spans the entire country of South Korea, and is centralized in Seoul.  Launched in January 2002, NESPOT has over 800,000 wireless access points throughout the city of Seoul and surrounding areas, with over 1.2 million wireless users. The RAD-Series RADIUS Server secures the entire application including WiFi and wireline access to the network through 13 RADIUS servers.

AAA RADIUS Server for WiFi Hotspot

KT’s high-speed Internet service called NESPOT enables easy Internet and content service access through a notebook computer or PDA equipped with a wireless LAN card.  The WiFi service can be used anywhere within designated zones such as hotels, university campuses, cafes, exhibition halls, airports, and on the subway while moving.

Initial development on the project began in October of 2000.  The WiFi service was rolled-out in January 2002. With a subscriber base of over 6,500,000 users, KT integrated the Wi-Fi portion of their network into a common RADIUS server infrastructure that secures all wireline & wireless users over ADSL, ISDN, PSTN, and Wi-Fi.

The Challenge

As standard WiFi deployments are vulnerable to security breaches, KT needed a security-enhanced authentication method to verify user credentials for secure network access and data communication during the session. 

KT wanted to integrate the services through a common AAA (Authentication, Authorization, and Accounting) RADIUS Server with their wireless users for ADSL, ISDN and PTSN services.  The solution required customized authentication and accounting capabilities to support KT’s business model, needed to interface with various user databases, and run on HP-UX.

The Solution

KT chose Interlink Networks’ RAD-Series RADIUS Server over Microsoft and Cisco RADIUS servers to authenticate user access for both wired and wireless user access.  The architecture deploys 13 RADIUS servers for authentication and accounting services including two local back-up and three remote back-up RADIUS servers.  The system delivers over 2300 authentication and accounting transactions per second on eight relatively slow 750 MHz processors. The RADIUS server supports both prepaid and flat rate billing services with user authentication through LDAP supporting Microsoft Active Directory and Oracle 9i database servers. 

Each user is authenticated to the NESPOT Wi-Fi network through 802.1X security using EAP-TTLS.  This provides both full authentication and accounting capabilities and also delivers a highly secure connection.  With 802.1X, each user is securely authenticated to the network, and unique session keys are used to encrypt the wireless traffic.

Why Interlink's RADIUS Server was Selected

KT selected Interlink Networks RADIUS Server software over Microsoft and Cisco solutions for this project because of its four key advantages:

  • Broad RADIUS Server OS Support: No other independent software vendor offers a solution that supports HP-UX.  In addition, KT can count on Interlink Networks for other projects that involve OS support on Red Hat Linux and Solaris.
  • RADIUS Server Customization: KT had customized needs to fit the solution into their existing infrastructure.  The RAD-Series servers offer a rich set of functions, interfaces, SDKs and extensions, as opposed to a “one-size-fits-all” shrink-wrapped model.  The servers are easy to customize, easy to implement, and are user-friendly.
  • RADIUS Performance and Reliability:  The product had to provide carrier-class performance and reliability.  Interlink’s RADIUS Server delivers high performance transaction rates used by thousands of ISPs worldwide is testimony of its superior solution.  The reliability has been proven over the last 4 years on 13 servers without a failure.
  • RADIUS Support for 802.1x Wireless Authentication:  The RAD-Series RADIUS Server supports a broad set of 802.1x wireless authentication standards, including EAP-MD5, EAP-TLS, EAP-TTLS, Cisco LEAP, and PEAP.  KT was able to choose the best authentication method for their application, and integrate it with their wireline authentication and accounting functions.

System Integrator Played a Key Role

The local systems integrator played the major role in customizing the entire wireless solution and the RAD-Series RADIUS Server to address KT’s needs.

Customization is a key advantage of the RAD-Series RADIUS Server software, one that clearly differentiates Interlink Networks from its competitors.  The integrator used the Software Developer's Kit (SDK) to modify the authentication and authorization processes, change authentication requests and attributes, and interface with external systems in order to conform to the carrier’s strict security requirements.

They used the SDK to develop four custom software modules that plug into the RAD-Series RADIUS Server finite state machine.  These modules accomplish the following functions:

  • Perform wireless authentication, by retrieving user information stored in the carrier’s database.
  • Perform device authentication, by referencing the same database.
  • Track user sessions for accounting and billing purposes.
  • Report statistical data, such as the number of authentication attempts and failures, the average length of sessions, the number of authentications per day, etc.

They leveraged the RADIUS Server accounting capabilities to develop a real-time billing module that provides usage-based billing for prepaid service and flat-rate based billing for regular users.  Both billings are based on the call duration and packets/volume of data transferred.

The RAD-Series RADIUS Server Key Functions for This Project:

Authenticates Wireless LAN Users.  The RADIUS Server software with WLAN module provides layer 2 strong 802.1x user authentication to verify the credentials of WiFi users accessing the network via multiple authentication methods. 

Enhances Security.  Reduces unauthorized network access by centralizing the management of all remote and WiFi users, and provides the encryption capability for all Wi-Fi access to the network.

Manages Wireless Access Point Policies.  Besides giving a standard accept/reject reply to an access request, the RADIUS server also provides information on the wireless access point to enforce access policies and ensure more secure connections.  Policy features such as time-dependent access and location-dependent services can be implemented where necessary.

Provides Option to Use Session Controls.  The RADIUS server allows session configuration enhancements for WiFi access control and data security.  This includes setting user, group, or custom limits for simultaneous sessions.  This capability was enhanced by developing a custom RADIUS session control module that allows the viewing of number of concurrent sessions per user, deleting sessions, retrieving information about a session by the user ID, access point, or RADIUS server, and inserting new sessions.

Records All Activities.  The RADIUS server logs all network access activities, providing a security audit trail.  Records accounting data for billing purposes, and important information for network diagnostics.

The Final Result

The result is a solution that offers high-performance authentication and authorization of WiFi users accessing KT ’s hotspot network.  Now, secure high-speed wireless Internet access is provided to 1.2 million subscribers as they move about Seoul conducting business and enjoying the benefits of WiFi technology.  Another 5.3 million wireline users are secured through the same RADIUS server infrastructure.

Copyright 2006-2008 Interlink Networks, LLC. All Rights Reserved.
Site Design by Five Sparrows, LLC
Powered by Online Tech Dedicated Servers