Protected extensible authentication protocol is a two-phase authentication like EAP-TLS. In the first phase the authentication server is authenticated to the supplicant using an X.509 certificate. Using TLS, a secure channel is established through which any other EAP-Type can be used to authenticate the supplicant to the authentication server during the second phase. A certificate is only required at the authentication server. EAP-PEAP also supports identity hiding where the authenticator is only aware of the anonymous username used to establish the TLS channel during the first phase but not the individual user authenticated during the second phase.
Published in Chapter:
Security and Privacy Approaches for Wireless Local and Metropolitan Area Networks (LANs & MANs)
Giorgos Kostopoulos (University of Patras, Greece), Nicolas Sklavos (Technological Educational Institute of Mesolonghi, Greece), and Odysseas Koufopavlou (University of Patras, Greece)
Copyright: © 2008
|Pages: 15
DOI: 10.4018/978-1-59904-899-4.ch046
Abstract
Wireless communications are becoming ubiquitous in homes, offices, and enterprises with the popular IEEE 802.11 wireless local area network (LAN) technology and the up-and-coming IEEE 802.16 wireless metropolitan area networks (MAN) technology. The wireless nature of communications defined in these standards makes it possible for an attacker to snoop on confidential communications or modify them to gain access to home or enterprise networks much more easily than with wired networks. Wireless devices generally try to reduce computation overhead to conserve power and communication overhead to conserve spectrum and battery power. Due to these considerations, the original security designs in wireless LANs and MANs used smaller keys, weak message integrity protocols, weak or one-way authentication protocols, and so forth. As wireless networks became popular, the security threats were also highlighted to caution users. A security protocol redesign followed first in wireless LANs and then in wireless MANs. This chapter discusses the security threats and requirements in wireless LANs and wireless MANs, with a discussion on what the original designs missed and how they were corrected in the new protocols. It highlights the features of the current wireless LAN and MAN security protocols and explains the caveats and discusses open issues. Our aim is to provide the reader with a single source of information on security threats and requirements, authentication technologies, security encapsulation, and key management protocols relevant to wireless LANs and MANs.