BYOD: Extending and adaptation of behavior based profiling

OData support
Dr. Buttyán Levente
Department of Networked Systems and Services

Today’s development of Information Technology and changes in trends have not only a significant effect on end user devices but on networking equipment and the management of those as well. Nowadays more mobile devices are used than the number of people living on the Earth. Everyone can find the product that fits best one's needs due to the wide range of variety and more and more want to use them also at the workplace besides at home to improve productivity. Companies need to keep up with and be able to handle the challenge: how to act, if employees want to use not only the company approved and supervised devices but their own equipment of most diverse types as well?

In this paper I examine a variety of network access - authentication and authorization - methods.

I show the techniques the industry’s leading network user and device management system (Cisco Identity Services Engine, ISE) uses to identify devices connected to the network (Profiling) and other services it offers.

I give a detailed overview of the commonly used network authentication and authorization protocol (Remote Authentication Dial In User Service, RADIUS) and its extension (Change of Authorization, CoA).

I design and implement a system in Python language that can be used to analyze the following services:

- the Application Programming Interface of ISE. I use this interface to demonstrate the dynamic user and endpoint management.

- the Profiling service of ISE. This feature provides dynamic endpoint classification that I test by generating network telemetry.

- the operation of the RADIUS and CoA protocols at IP packet level. To test these protocols I simulate authentication events from the application and manage incoming authorization modification requests.


Please sign in to download the files of this thesis.