Diameter Security

In the design of Internet protocols, security is approached in a structured way by analyzing threats, which requires a high-level understanding of the protocol's communication architecture, and then deriving security requirements. These security requirements can then be addressed by various security services, such as data integrity and confidentiality protection, authentication, and authorization. In this chapter, the authors approach a description of Diameter security similarly to RFC 3552. Information conveyed in Diameter is sensitive. It consists of personal data, such as geographic location, user identifiers, and account balance. It also includes security relevant information, such as keying material, as well as authorization and service usage information. The authors present the security measures built into the Diameter protocol and how they address some of the threats. Subsequently, they discuss possible ways to mitigate generic security threats that are also applicable to Diameter deployments.